I looked at the information for my computer in Disk Management. It shows my
hard disk has three partitions (I’ve included a screen shot.) The first is
unnamed and is 39 MB Healthy (OEM); the second is Recovery with 14.65 GB; and
the third is OS (C:) at 283.40 GB.
- What is the 39 MB partition?
- Does it contain some kind of read information about the hard drive itself?
Seems too small to serve any kind of operational function.
- What keeps a virus or other malware from “jumping” from one partition to
- Is it a valid concern that the recovery partition might itself become
infected? If the bad guys are so adept at creating malware what’s to prevent
them from installing something that corrupts everything, leading the
unsuspecting user to reinstall the malware via the recovery partition or the
What you’re seeing is common for machines from many of the major
manufacturers – as hard disks have grown in size they’ve begun setting aside
portions of the drive for recovery purposes.
Exactly what each partition contains is up to the specific manufacturer –
there’s no standard. In your case, I’ll take a guess to what Dell is up to. I’ll
also explain why I ignore these partitions, and then remove them should I ever
reformat a machine containing them.
And while I’ve addressed the malware and
partitions question before, it’s an important one worth revisiting as it
actually relates somewhat to why I typically remove the partition.
Become a Patron of Ask Leo! and go ad-free!
The Partitions and Recovery
Here’s the hard disk display in the Windows disk management tool (used with
the permission of my reader):
The big one at the right end is easy – it’s your C: drive, the drive you see
when you boot your computer normally. Of your approximately 300 gigabyte drive
283 gigabytes are available for use in this partition. And, as I said when you
boot normally, it’s the only partition you would see outside of any disk
management tools, and it’s the only partition that the rest of the software on
your machine would typically know about.
As I said, there’s no standard as to what the other partitions installed by
your computer’s manufacturer might hold. Some put a bare minimum of
information, some put an entire backup of your original install on it. A quick
search on the Dell site also didn’t turn up a definition, but looking at the
sizes I’m guessing you’ve got the later.
common problem scenarios.”
Hence, I’ll make an educated guess about what’s what.
Both the OEM and Recovery partitions are used at recovery time. And by
“recovery time” I mean that time as outlined by Dell support documents where on
boot before Windows begins loading you press F8 to get additional boot
options and choose recovery.
I believe (and I could be wrong on this) that the OEM partition is
a small boot partition that’s used at that time. The larger Recovery partition
is probably a backup image of your machine as it was on the day it was
delivered. So a “restore to factory settings” in this case consists of a couple
of simple steps:
- Booting from that OEM partition (done by the F8 selection you’ve made on
- A utility in that partition that then simply a) erases your C: drive and b)
copies the “Recovery Partition” contents over to the C: drive restoring it to
it’s initial factory-delivered condition.
Remember, this is an educated guess, and different computers – particularly
computers from different manufacturers – may well do things very, very
The issue you raise about malware somehow getting onto the recovery
partition is a good one. In your case, I wouldn’t expect it to happen for
a couple of reasons:
- While the recovery partitions are visible in disk management, they’re not
typically visible during normal system operation, making it harder – though of
course not impossible – for malware to “see” and infect the partition.
- As I’ve pointed out, the layout and technique varies from manufacturer to
manufacturer. Malware writers tend to choose the biggest targets and typically
choose things that are on most machines, not just machines from, say, Dell.
Again, it’s possible, just not as likely.
I have seen machines where the recovery partitions are visible as an
additional drive, often drive “D:”. In this case the recovery partition is
very vulnerable to infection. In this, case in particular your concerns
are very valid and represent a serious risk. Fortunately if the drive is
visible your anti-malware tools are also able to scan and protect it for some
amount of security.
So in short: if the recovery partition is hidden, as yours is, the
likelihood of cross contamination or infection is low. If the partition is
visible when your machine is booted normally as an additional drive, then the
risk is high.
It’s Still A Single Drive
I need to point out one more thing about this configuration: partitioned or
not, it’s all on the same single physical drive.
That means that the recovery partition can be used only for certain types of
recovery; specifically it can only be used for recovery where the drive is
still functional. Should the drive ever fail (and they do, more
often than you might think), then all partitions on the drive are lost,
including the recovery partitions.
It’s important to remember that a Recovery Partition:
- Does not backup your data.
- Does not stay current with installed updates or applications installed after
- Cannot recover from a hard drive failure.
Basically I see it as being useful in only one case: where the software
(Windows, applications, whatever) has become so unstable that a reinstall is
required. A recovery partition is used to effectively do this by containing a
copy of the installed or installable system at the time it was delivered. After
you recover you still need to bring it up to date, install all your
applications and retrieve your data from backups.
Why I Delete It, And What I Do Instead
I find recovery partitions next to useless for most common problem
scenarios. They may make a few steps easier for your computer manufacturer’s
support engineers (they do often seem eager to have you restore the machine to
factory settings), but in practice I don’t believe that they’re worth the space
and effort compared to other more comprehensive approaches. And as we’ve seen
in some cases, they can be another location to get infected, further
invalidating their usability.
When I get a new machine, I’ll typically leave the recovery partition alone.
I’ll completely ignore it and act as if it wasn’t there. Then, the first time
I need to reformat the machine I’ll remove all those partitions and recover the
space they’re using by re-creating or resizing the primary partition to use the
entire hard disk.
Instead of relying on a recovery partition I:
- Insist on getting Windows Installation CDs or DVDs when I purchase the
machine. When I need to reformat/reinstall, I can use these.
- Take a complete image backup of the new machine’s primary partition (C:) as
soon as practical after receiving it. This creates my own snapshot of the
“factory original” state that I can safely store off-line and use as needed.
Restoring to this is typically faster than a reformat/reinstall, and can often
be the only option if installation media was not originally provided.
- Take complete image backups periodically to have “more recent” images to
restore to that are more up to date than that “factory original”. Solutions
frequently don’t require that you go back to that initial state, just back “far
enough” prior to whatever problem I’m dealing with. These images would also
contain any data I have on the system in addition to the system itself.
You may recognize that last step as part of a regular backup strategy, if
it’s taken frequently enough.
Should you ever have an actual hard drive failure and lose your recover partition,
then only one of those types of options will allow you to recover. Since you should
really have these off-machine backups or reinstall media anyway, why have a
recovery partition at all?