This is a follow-up to the Smartware saga I published here yesterday. My 1st lengthy post describing what I did to get Smartware working can be found here.
Late last night Smartware finally reported it had finished a full backup on all five of my drives. The amount of the 2TB MyBook consumed by the backup was a LOT lower than what I know has been consumed on the backup system that I’m working to replace. I needed to understand what was really backed-up by WDC’s Smartware, and what wasn’t.
I pointed a folder comparator application that I use all the time at my “D” drive, where I keep mixed file types sorted by project/article/blog post/idea, etc., and where I keep my “Updates” folder that contains all of my software installers, MSoft updates, etc. – lots of executables here. And, for comparison, I pointed the comparator to the MyBook location where all of my “D” drive folders landed, and launched the comparator, and waited for the reports and details of what the differences were between the source and destination locations.
The simplest way to describe the result is to say, NOTHING WAS THE SAME! The comparator reported that all the files on the source drive WERE NOT on the MyBook, and NONE of the MyBook files were on the “D” Drive!! I admit that I was a bit startled by the report, and thought I’d made a mistake in the comparator setup, so I carefully selected source and destination for comparison, and lauched the app a second time. The same report, nothing on either source or destination matched the other side. Plus, I noted the fewer files on the MyBook destination was due mostly to Smartware NOT backing-up ANY executable or system file suffixed names by looking at the comparator list sorted by suffix. NO “SYSTEM,” executable, install or application FILES ARE BACKED-UP BY SMARTWARE! They aren’t counted as part of the “Other” category of files.
By looking at the comparator’s lists of non-matching file names (it reports for both sides the names matched/missing, older/newer, and stuff like that) I realized that when Smartware saves a file on the backup drive, it changes the file name adding it’s own reference code (hex, maybe) and name formatting to the file. What resides natively on the MyBook is a name that means something to Smartware, but is useless without Smartware.
BUT, why was I able to navigate the drive in Windows and see MY FILENAMES? The filenames in my comparator lists of the MyBook stored files, which are the destination drive filenames, AREN’T at all the same names on the comparator list for what’s on my “D” drive, the source drive.
Then the light came on when I remembered another post on this forum claiming that Smartware was a ROOTKIT. The post demanded that WDC admit they were installing a rootkit when Smartware was installed. The post didn’t describe why the author was making this claim, and I assumed their concern was over the Virtual CD drive (VCD) that WDC wanted on the MyBook for management of Smartware, and recovery purposes in the event of a disaster. Research disclosed this area is used for storing the Smarware app/drivers, and the SES (SCSI Enclosure …) interface related to drive temp, and other parameters. Being extra careful, I downloaded and ran the current MSoft SysInternals " RootKit Revealer" ," which didn’t disclose any evidence that WDC/Smartware had modified the boot sector or registry hive in a malicious manner.
What I realized is that Smartware is (probably) in part an “interpreter.” It intervenes when any access is made to the MyBook, though Smartware, or though Explorer/Windows Explorer, to “interpret” the real file name that is in Smartware format residing in the NTFS tables, INTO what the original filename is that the user expects to see, and that is what is displayed to the user! In this sense, it is like a rootkit in what it does, but is not a rootkit because it hasn’t modified the master boot record or registry hive to hide itself like the most famous rootkit, the Sony rootkit. That Smartware has an interpreter function may explain why the app appears to run so slowly, especially on a system like mine with a huge number of files requiring interpretation between the Windows/user naming convention and the Smartware naming convention.
My comparator application is FAST, the fastest app to return a result from a quantity of data I’ve ever used. I realize now that it’s fast because it is doesn’t make any calls to the Windows API and goes directly to the NTFS Master File Tables to perform the comparisons and then do what I tell it to do with moving and syncing files and folders. My comparator showed me the true construct of the NTFS tables, whereas, accessing a Smartware backup with Smart ware running, using Smartware or a Windows app will report the file name as it was before it was saved on the MyBook, and will translate the name to the original name during any Retrieves of a file/folder from the MyBook.
If my insight is correct, then if you backup using Smartware, you’re going to pay hell to recover any of the backed up files unless you’re doing so using Smartware! Note: I did not elect to encrypt the backups that were completed to MyBook, so what my comparator revealed is not singly due to an encryption strategy.
REMOVING SMARTWARE & CLEARING MYBOOK
Yes, I decided to abandon Smartware. Here’s what it took to accomplish that:
BEFORE UNINSTALLING SMARTWARE (trust me on this): Under Control Panel > Administrative Tools > Services, I disabled the three WDxxx apps running as services that are installed to run automatically, then rebooted my computer.
Returned to Control Panel > Administrative Tools > Services, setting WD Disk Manager service to Manual and starting the service, then going to Start > All Programs > Western Digital and starting Smartware.
On the Smartware Settings tab, I selected Drive Settings and erased the MyBook. The progress indicator first indicated 50 minutes, but quickly reduced the estimated time to 15 minutes, and the drive was clear in less than 10 minutes. NOTE: Erasing the drive removes everyting except the “System Volume Information” folder. The VCD area (apparently NOT a partition) is erased, and the Smartware installer/VCD apps on the VCD are gone. The drive is returned to its native 2TB size.
I un-installed Smartware from the Windows Control Panel Add or Remove Software, and followed-up by using JV16 to remove all traces of Smartware from the registry.
I’m keeping the MyBook, and am testing backup software today with an eye towards a purchase of an app that will provide security, painless install and operation, and that gives me complete control over what is and isn’t in a continuous backup, when/if it is to be deleted, and the level of versions. Any suggestions?
My third post after I found out that Smartware is the MyBook driver is here.