When I wrote this week's blog "wiping an infected computer is best for any OS", I could have almost predicted some of the "you're chicken" type of responses. Richard Stiennon posted "Microsoft recommends throwing in the towel on Desktop cleanup" and one reader even compared my method of system recovery hiding in the basement. The problem with this attitude is that it's based on ignorance and misguided ego that wiping a hard drive is giving up when nothing could be further from the truth. As I mentioned in my earlier blog, cleaning any compromised operating system is impossible without a thorough and complex forensic analysis of the file system and it's foolish to think that anything less would suffice. Help desks shouldn't have to waste time backing up data just to do a system recovery. On the other hand, re-imaging a computer with a clean image is a guaranteed way fix a computer like new with 100% assurance that the system is clean. As an added bonus, the computer runs fast without the gunk that may have built up. PC repair isn't about ego that "I can beat this thing by repairing the damage", it's about what takes the least time with the least pain that gets the best results and it's needs to be a simple calculation of ROI. Some people might say it's cowardly and foolish to get a new car every time there was a flat tire but if GM or BMW told you that they would give you a new car replacement for free, would you really complain? Sure you couldn't do this with cars but you sure can do it with bits and bytes.
Since my college days in the 90s as a part time PC repair man, I've learned over and over again the hard way that repairing a computer problem doesn't work for anything but the simplest problems. Then every once in a while I'll get arrogant and attempt an OS repair and end up wasting half a day and be no better off than I started. I'll even get to the point where I think I've beat the problem and give the computer back to the owner only to have them come back one day or one week later with the same problem as before.
As recent as 2 years ago after faithfully abiding by my own rule of never attempting repairs for 6 years, I got the urge to attempt a fix on a spyware infected computer. I ended up wasting 4 hours cleaning it to the point that I thought it was fixed only to have the same problem show up the next day. I ended up rebuilding that friend's computer from scratch and spent another 4 hours building it the right way with the data separated and the OS/Application partition image backed up so that I could make a recovery DVD. I also set up all the user accounts with user-level privileges so that they can't corrupt the operating system again and since then it hasn't had any problems for 2 years.
Even with more recent advancements in computer disk imaging technology like Symantec LiveState Recovery for Desktop or Servers, having the data and profile information live in a separate logical partition is still critical. LiveState allows hot full/incremental backups of the system state and bare-metal recovery using a WinPE environment. It allows you to recover to multiple points in time so that you can roll back to a point before the system was compromised. But as with any image partition recovery technique before it, it's all or nothing on a partition level. If user data is located on the same partition as the OS, it too is forced to roll back along with the OS and that means all recent work will be lost unless it was backed up and recovered by some other means before the image recovery. Having the data separate means you won't need to perform a backup/recovery option before invoking the system re-image option. While that doesn't mean you get to skip data backups, it does mean it won't hinder the system recovery process.
The bottom line is that user data and profile information should never be mixed with the Operating System storage volume. I manually do this now by painstakingly relocating the My Documents folder and manually configuring Outlook to store all its data in My Documents. The problem with this approach is that it still requires me to manually copy certain things like the desktop folder among other things and it's way too complex for the vast majority of people to adopt this method. I've been trying to talk with Microsoft about this issue but so far I haven't gotten very far and that's unfortunate because Microsoft users really want this feature and it doesn't take but a few simple configuration changes for Microsoft to give it to them. I personally know people who have taken their computers to the PC repair shop and given the choice between paying more labor or forgetting about their data, they will often choose to lose the data and just tell the repair tech to blow it all away. My point is that people shouldn't have to make this painful choice and help desks shouldn't have to waste time backing up data just to do a system recovery. Microsoft has finally gotten around to implementing an awesome permissions model in Windows Vista to separate browser permissions from user and system permissions and that took a lot more work that what I'm proposing here, so it makes perfect sense to implement data separation in Windows Vista as well.