The much ballyhooed Windows 8, Microsoft's latest release of its flagship product, will allow users to restore their Windows 8 PC to its pristine factory state through the push of a single button. There are two distinct restore types: reset and refresh. A reset will restore a Windows 8 PC to its original factory state, consequently removing any personal data, apps, and settings. A refresh will reinstall Windows 8, but preserves any documents, wireless network connections, BitLocker settings, drive letter assignments, personalization settings, and installed Metro apps. Any file-type associations, display settings, and Windows firewall settings will not be retained after a refresh.
The reset/refresh options are different than the current system restore process found in Windows 7/Vista/XP in that Windows is completely re-installed (the current system restore reverts back to a "last known good state" therefore, not all current system settings or files are retained). Additionally, the system restore files are not immune from becoming infected with malware. I assume cybercriminals are already looking for any weaknesses in the new reset/refresh process. The time required to perform a refresh is approximately eight minutes, and six minutes for a quick reset. A thorough reset takes 23 minutes. The thorough option overwrites any existing data visible to the operating system.
Good news for support pros
From a security perspective, the reset/refresh options provide a great method for quickly restoring malware infested computers to a "safe" state. Before security companies rush to play the antitrust card, they should realize that this capability complements itself nicely to any endpoint security software. The purpose of endpoint security software is to prevent any malicious software from being run or installed in the first place. However, as any IT professional can attest, having such software does not equate to complete immunity. Scareware, rootkits, keyloggers, trojans and other nefarious items can still make their way onto a computer. The reset/refresh option allows for a quick recovery when the security software "fails". The security industry has yet to prove that their products are able to fully cover the entire prevent/detect/recover/remediate cycle.
Depending on the industry, anywhere between 40%-70% of IT support (or help desk) employee time is spent removing viruses and malware from company computers. Generally speaking, the time required for someone to run an antimalware removal tool and conduct further troubleshooting (if needed for particularly troublesome malware) can easily exceed an hour. This leads to productivity loss and subsequent frustration. Countless hours are spent attempting to either remove all traces of the malware from the computer or completely wiping out the machine, re-imaging it from scratch, and installing the latest patches. On top of that, time is needed to re-install any applications, copy over any files, and restore usability settings. Pretty soon an entire afternoon (or morning) is lost. This is crucial time taken away from IT support (and the employee whose laptop was infected) when they could have been working on more strategic projects that actually provide value to the company. When scaled by organization size, the productivity loss grows exponentially. The time that is spent cleaning up viruses and malware costs the company money and negatively affects the bottom line.
In a time where companies are cash strapped and desperate to find cost savings, reducing the time devoted to recovering from malware infections to mere minutes, will lead not only to reduced costs, but will translate into a competitive advantage. Making use of the reset/refresh one-click option in Windows 8 is a no-brainer. The security industry would be foolish to view it any other way.
Dominic Vogel is currently a security analyst for a financial institution in beautiful Vancouver, British Columbia.