I looked at the information for my computer in Disk Management. It shows my
hard disk has three partitions (Iâve included a screen shot.) The first is
unnamed and is 39 MB Healthy (OEM); the second is Recovery with 14.65 GB; and
the third is OS (C:) at 283.40 GB.
- What is the 39 MB partition?
- Does it contain some kind of read information about the hard drive itself?
Seems too small to serve any kind of operational function. - What keeps a virus or other malware from âjumpingâ from one partition to
another? - Is it a valid concern that the recovery partition might itself become
infected? If the bad guys are so adept at creating malware whatâs to prevent
them from installing something that corrupts everything, leading the
unsuspecting user to reinstall the malware via the recovery partition or the
system image?
What youâre seeing is common for machines from many of the major
manufacturers â as hard disks have grown in size theyâve begun setting aside
portions of the drive for recovery purposes.
Exactly what each partition contains is up to the specific manufacturer â
thereâs no standard. In your case, Iâll take a guess to what Dell is up to. Iâll
also explain why I ignore these partitions, and then remove them should I ever
reformat a machine containing them.
And while Iâve addressed the malware and
partitions question before, itâs an important one worth revisiting as it
actually relates somewhat to why I typically remove the partition.
]]>
<![CDATA[
Become a Patron of Ask Leo! and go ad-free!
The Partitions and Recovery
Hereâs the hard disk display in the Windows disk management tool (used with
the permission of my reader):
The big one at the right end is easy â itâs your C: drive, the drive you see
when you boot your computer normally. Of your approximately 300 gigabyte drive
283 gigabytes are available for use in this partition. And, as I said when you
boot normally, itâs the only partition you would see outside of any disk
management tools, and itâs the only partition that the rest of the software on
your machine would typically know about.
As I said, thereâs no standard as to what the other partitions installed by
your computerâs manufacturer might hold. Some put a bare minimum of
information, some put an entire backup of your original install on it. A quick
search on the Dell site also didnât turn up a definition, but looking at the
sizes Iâm guessing youâve got the later.
common problem scenarios.â
Hence, Iâll make an educated guess about whatâs what.
Both the OEM and Recovery partitions are used at recovery time. And by
ârecovery timeâ I mean that time as outlined by Dell support documents where on
boot before Windows begins loading you press F8 to get additional boot
options and choose recovery.
I believe (and I could be wrong on this) that the OEM partition is
a small boot partition thatâs used at that time. The larger Recovery partition
is probably a backup image of your machine as it was on the day it was
delivered. So a ârestore to factory settingsâ in this case consists of a couple
of simple steps:
- Booting from that OEM partition (done by the F8 selection youâve made on
boot) - A utility in that partition that then simply a) erases your C: drive and b)
copies the âRecovery Partitionâ contents over to the C: drive restoring it to
itâs initial factory-delivered condition.
Remember, this is an educated guess, and different computers â particularly
computers from different manufacturers â may well do things very, very
differently.
Cross Contamination
The issue you raise about malware somehow getting onto the recovery
partition is a good one. In your case, I wouldnât expect it to happen for
a couple of reasons:
- While the recovery partitions are visible in disk management, theyâre not
typically visible during normal system operation, making it harder â though of
course not impossible â for malware to âseeâ and infect the partition. - As Iâve pointed out, the layout and technique varies from manufacturer to
manufacturer. Malware writers tend to choose the biggest targets and typically
choose things that are on most machines, not just machines from, say, Dell.
Again, itâs possible, just not as likely.
I have seen machines where the recovery partitions are visible as an
additional drive, often drive âD:â. In this case the recovery partition is
very vulnerable to infection. In this, case in particular your concerns
are very valid and represent a serious risk. Fortunately if the drive is
visible your anti-malware tools are also able to scan and protect it for some
amount of security.
So in short: if the recovery partition is hidden, as yours is, the
likelihood of cross contamination or infection is low. If the partition is
visible when your machine is booted normally as an additional drive, then the
risk is high.
Itâs Still A Single Drive
I need to point out one more thing about this configuration: partitioned or
not, itâs all on the same single physical drive.
That means that the recovery partition can be used only for certain types of
recovery; specifically it can only be used for recovery where the drive is
still functional. Should the drive ever fail (and they do, more
often than you might think), then all partitions on the drive are lost,
including the recovery partitions.
Itâs important to remember that a Recovery Partition:
- Does not backup your data.
- Does not stay current with installed updates or applications installed after
purchase. - Cannot recover from a hard drive failure.
Basically I see it as being useful in only one case: where the software
(Windows, applications, whatever) has become so unstable that a reinstall is
required. A recovery partition is used to effectively do this by containing a
copy of the installed or installable system at the time it was delivered. After
you recover you still need to bring it up to date, install all your
applications and retrieve your data from backups.
Why I Delete It, And What I Do Instead
I find recovery partitions next to useless for most common problem
scenarios. They may make a few steps easier for your computer manufacturerâs
support engineers (they do often seem eager to have you restore the machine to
factory settings), but in practice I donât believe that theyâre worth the space
and effort compared to other more comprehensive approaches. And as weâve seen
in some cases, they can be another location to get infected, further
invalidating their usability.
When I get a new machine, Iâll typically leave the recovery partition alone.
Iâll completely ignore it and act as if it wasnât there. Then, the first time
I need to reformat the machine Iâll remove all those partitions and recover the
space theyâre using by re-creating or resizing the primary partition to use the
entire hard disk.
Instead of relying on a recovery partition I:
- Insist on getting Windows Installation CDs or DVDs when I purchase the
machine. When I need to reformat/reinstall, I can use these. - Take a complete image backup of the new machineâs primary partition (C:) as
soon as practical after receiving it. This creates my own snapshot of the
âfactory originalâ state that I can safely store off-line and use as needed.
Restoring to this is typically faster than a reformat/reinstall, and can often
be the only option if installation media was not originally provided. - Take complete image backups periodically to have âmore recentâ images to
restore to that are more up to date than that âfactory originalâ. Solutions
frequently donât require that you go back to that initial state, just back âfar
enoughâ prior to whatever problem Iâm dealing with. These images would also
contain any data I have on the system in addition to the system itself.
You may recognize that last step as part of a regular backup strategy, if
itâs taken frequently enough.
Should you ever have an actual hard drive failure and lose your recover partition,
then only one of those types of options will allow you to recover. Since you should
really have these off-machine backups or reinstall media anyway, why have a
recovery partition at all?
That first partition is the boot manager â the one that allows you to choose between the normal boot and the Recovery partition. On Dells itâs an older implementation of LILO.
Hi Leo, Thanks for the great newsletter service.
I set up new computers for our company and one thing I do is to place all the system documentation, system recovery and other software discs into a labeled 6Ă9 envelope and place that inside the computer case â usually on the side behind the motherboard, making sure not to interfere with any wiring, or air flow for cooling. Then I place a label on the outside of the case that says âSystem Info & Recovery CDâs behind this panelâ. That way, maybe years later, after the machine has moved around some, the original CDâs can always be found if they are needed for service.
In the case of Dell, pressing F8 to get to the recover options gives you more than just the ability to restore to factory image. It also gives you a command prompt. I use that command prompt to run chkdsk /f on the data drive (which is not C: in this scenario). You can also go back to prior system restore points and a few other things. (I would have to reboot my computer to remember all of them.) Thatâs on a Win7 Pro machine, by the way.
Leo, and others, keep recommending you insist on getting a install CD/DVD with the purchase of a new machine. However, for many of us who buy their machine at a âboxâ store, that seems to be next to impossible. We are stuck with the next two options. 1)Create a set of ârecovery discsâ, and 2) order a set from the manufacturer (at a cost). Both of those have the advantage of having the specific drivers for that machine, and the disadvantage of having the clutter the manufacturer installed at the onset.
Purchasing a âbuiltâ machine from smaller retailers gives you more options, but at a financial burden. There are two more options I use. If itâs new, after I have it configured/cleaned up the way I want, I clone it. Bingo, a recovery disc you can use to clone back to your machine after the âdisasterâ.
Also, I was fortunate enough to have access to a âOriginalâ windows disc which I copied. The key I did not worry about because the machines I fix have their own âvalidâ key. This should be a perfectly legal option as you are restoring the âoriginalâ OS to a legal âoriginally keyedâ machine.
As a relatively new reader, I find a lot of helpful information. The questions may seem a bit naive, but your expanded answers either confirm what I thought I knew, or give me very good extended insight as to the workings of these little beasts called computers. This whole area of hidden partions, backups, and restoring has been a source of confusion. Of all the rescue disks I have made, none have worked. Now I understand. Thank you very much for sharing your extensive knowledge.
je
Though these ârecoveryâ partitions (they ought to be called âreinstallâ partitions as you canât recover anything with them) are a bit of a nuisance, they do have their uses. Itâs well known that secondhand computers can have a lot of information left on the hard drive. and itâs not impossible for it to be infected, so a complete âfactory-freshâ reinstall clears everything â at least as far as the average user is concerned. Yes it takes time to do all the updates, but at least you know you have a clean machine. Iâve done this several times for family members and friends who have acquired computers in the secondhand market.
I donât know if the ârecovery disksâ you are urged to create are any good â Iâve never had to use them â but one Packard Bell I set up wouldnât let me create another set (despite it nagging me to do soâŠ) so if he original owner made them and didnât pass them on to you, you may have a problemâŠ
However, as you suggest, thereâs no real alternative to proper backups for total security.
I agree you should leave it alone unless absolutely necessary⊠I believe in redundancy to the point to stupidity and the âstupidityâ mentioned is usually executed by my own hand. If you have multiple backups usually the initial one made of a system is on an âolderâ drive⊠what if that one is damaged, dropped (stupidity again.) And you canât get back â then if you truly want a âcleanâ state the recovery will get you there. Or, if you want to eventually give that computer to charity of somebody you know â it gives them the choice as maybe they would prefer a recovery drive. There are many scenarios â too many, so you are right to say leave it alone unless absolutely necessaryâŠ
I have fixed too many computers to count without having to reinstall the OS. I have also reinstalled the OS or a more recent one on countless machines when âfixingâ them proved impossible or way too time consumingâŠ. and I have just used the recovery partition on a dell for the very first time. The Dell inspiron would start Vista, get to the desktop and then within 30 seconds to a minute you could not click on anythingâthe cursor moved but clicking had no resultâeven Safe Mode wouldnât work. Normally I would have reformatted it and put Windows 7 on it but my friend didnât want to spend the money, I could have reformatted and put Vista back on but having nothing to lose I tried F8 on system start and reinstalled using the recovery partition. It worked just fineâdidnât even have to reenter the product key. So maybe worth trying before manually reformatting and reinstalling.
I did backup files using Ubuntu 10 (Ubuntu is another OSâif you donât know about it, not really important to this conversation) and I used Winkey finder (google it) to recover the product keys for Microsoft Office 2007 and Vista before I did the recoveryâWinkey Finder is BLAZINGLY FASTâin 1 or 2 seconds it had both keysâit was just as fast on my other computer where it had to show the keys for multiple Adobe products as well as Microsoft productsâtry it, itâs free.
The staement that when you reinstall the OS using the recovery partition you lose all data is not always true. On my Gateway laptop the recovery choices include the option to save data, which after recovery can be found at C:windowsBACKUP. It saves ALL of my data in this directory â of course I must still reinstall all my programs but it is easier when you at least have your original program files to refer to. Anyone who has a recovery partition should check into this to see if this option applies to your system.