First, to make this article understandable, I’ll need to define some terms.
The terms “cloning”, “imaging”, and “backing up” have become so bastardized and arbitrary that to have any meaning they need to be defined for the content of the article. Otherwise, each person will take those terms to mean what a piece of software says they mean. For that software, you should use the definition that it uses, but for a general discussion independent of software titles, the concepts need to be defined.
For example, some titles use all the terms interchangeably. Furthermore, some manuals use the term “clone”, and then later use the term “image” for the same thing. Then if you read an article, the author may use the term “image” to mean something entirely different than “clone”. The result is confusion, especially for someone new to the issues. As an example, take a look at this thread: http://www.realgeek.com/forums/how-to-use-acronis-to-backup-o-s-473908.html – its ten pages long!
So, for the purposes of this article, a “backup” means making copies of data files ONLY.
An “image” is a compressed binary file (and for most titles, the compression format is proprietary…not like a simple .zip file) of the OPERATING SYSTEM ONLY, which can then be restored as a fully bootable OS.
A “clone” is a fully bootable UNCOMPRESSED copy of the OS ONLY, which doesn’t need to be restored but rather is on a Hard Disk that can be swapped with a failed or infected Hard Disk.
These definitions can be, and probably are, in conflict with some titles, but before anybody says “No, that’s not what a clone is”, let me reiterate: These ARE the definitions for the purposes of this article. But more than definitions, they are concepts.
So I don’t care what a particular title calls something…I’m talking about the concepts here.
Now with that housekeeping out of the way, let me address why you would want to use these things.
There are two primary reasons why you want to have these things available. 1. If the hard drive fails, and 2. If the hard disk becomes infected.
Now the first reason is pretty straightforward. A hard disk is either failed (or in the process of failing, which is essentially failed since your OS files and data files are at risk), or NOT failed/failing. It’s as simple as that.
But infections can complicate the issue. Rather than use a clone, an image, or a backup right away, the first inclination can be to try to remove the infection. There are many industrial strength tools out there, like ComboFix, SmitFraudFix, and others. Typically, one first performs a HiJackThis scan to identify the infected files if possible (this assumes that your antivirus program cannot remove the infection), and then visits and posts the HJT scan results on many forums dedicated to Malware removal (like Aumha, Bleeping Computer. Major Geeks, and others), where there are professionals that can guide you through the removal process.
Infections, however, can be so deeply rooted in your machine (like Rootkits, for example) that they often require more than one removal tool to do the job. It’s not unusual to see a thread in a Malware removal forum with repeated requests by the professional remover to post a HJT log, and they frequently ask “Your HJT log looks fine now, do you have any more symptoms?”
That question gets to the heart of the matter, because you will never be sure the infection is completely removed. Your HJT log can be clean and you may not notice any more symptoms, until…DISASTER STRIKES AGAIN. These things can remain dormant, hiding in your registry, and then become active at either a certain date or under certain circumstances. The Conficker virus was a good example of this.
This is where clones, images, and to a lesser extent, backups come into the picture.
These infection removal procedures can not only be “iffy”, they can be tedious and time consuming, especially with the back-and-forth posting of HJT scans (not to mention the availability of the professional helper…sometimes they respond quickly, sometimes NOT).
To avoid all this, if you have a clone or an image available, it may take you 20 minutes or so to get back up and running and avoid all the headaches and time consumption of removal processes and still not be sure if you got it all. A clone or an image is guaranteed clean (more on that in a bit).
There is, however, one circumstance that you MAY want to try a removal process and the other circumstance where you will definitely want to try a removal process.
The circumstance where you MAY want to try a removal process is if you don’t have a clone or image and DO NOT want to go through a clean install. But depending on how complicated the removal process is, and it may end up in a recommendation to do a clean install anyway, you may find yourself saying “If I had done a clean install to begin with, I could have saved a lot of headaches and time”
The circumstance where you will definitely want to try a removal process is if you DON’T have a data backup. A clean install will likely wipe out all the data you have stored on the HDD. And with no data backup, all your data is GONE! The only chance you have to save the data on the HDD is a removal effort. And sometimes, these removal efforts result in the loss of data anyway.
So, the moral of the story is to have your data backed up on removable media, and have a clone or image ready to go.
There are nuanced differences between images and clones, and each has pros and cons, but if you have one or the other on hand, your recovery from either a HDD failure or an infection will be quick and relatively painless.
To close, I had mentioned earlier that a clone or an image is “guaranteed clean”. If you don’t have one, the best time to begin creating one is immediately after you’ve done a clean install. That way you know you’re building on “guaranteed clean”.
