if only
it had a hardware write protect switch i would buy it in an instant.
Install windows , move documents and settings to the mecha drive (D).
install programs to mecha drive. Once machine is config'd with the programs i use daily flick the switch.
Then let all the crap out there try to infect the installation... it won't work.
Guaranteed clean boot every time.
Or : here is a different aproach : one 'golden' install on write protected flash. Option to 'nuke' the working flash disk from the golden install. Should be possible using a tool like norton ghost.
I always wondered why nobody implements such an approach.
It would require splitting the registry in 2 pieces that are logically glued together. The info pertaining to OS happyness would live in write protected flash. Application and user settigns reside on the second block on mecha drive.
Before you install new software or do system maintenance you need to clean boot : boot from flash without loading any 'addon' data from mecha drive. Userneeds to press a button on the computer to allow flash to unlock and enter 'root' mode'. Only the package installer (from flash) can run at this point. After install/maintenance is done the flash gets sealed again.
this is a simple flipflop in the drive. holding the data low during hard reset ( user button ) the flipflop clocks in a zero and unlocks the flash. other wise it clocks in a '1' and protects flash.
Leaving root mode does not require a reset. software can set flipflop to 1. ( software cannot clear flipflop. the bit would be set-only. it takes a hardware button to clear. that button only works for a boot operation)
That way you would always enter 'root mode' from a known clean system.
Any potential infections would live in 'userspace'. booting in 'root; mode does not load anything from userspace.
You could even nuke userspace addons by simply erasing the extended registry.
that way you can install a program first to userspace , play with it for a while. once you decide it's safe and a 'keeper' : Cleanboot and reinstall to flash space then switch back to userspace.
If a program messes up, behaves badly or turns out to contain a 'nasty' : cleanboot and nuke the extented registry.... byebye nasty.
You could even have aprtitioned flash drives. partiton 1 is cleanboot capable. Partition 2 is 'userland'
Since NTFS (or any modern file system) has mounting points it should be fairly easy to implemnt such a system. for windows : the run registry is the cleanboot registry + userland registry. Userland registry can override cleanboot registry. So you can override settings from userland. But you still retain the possibility to 'nuke' the userland portion ( erase it ) so on the next boot you have a clean registry again.
( when i talk about registry i also mean : config , autorun and other stuff )
This would not interfere daily stuff like downloading trialware, doing a quick install pay with it for a couple of days and then decide what you want to do. if it ends up being not what you wanted : cleanboot , nuke the registry , delete the directory where the thingie was installed and you are rid of it for good. If its a keeper : cleanboot and run the installer again.
it also would force the user to physically push a button to 'open up' the computer for maintenance. also software cannot bypass this. it is governed by hardware ( a simple fliplfop in the drive and a pushbutton on the case. ) a memory location allows reading of the fliplfop and setting it to '1'
( for the record : i have such a mechanism as described above in many of my embedded systems. To enter firmware update you need to force a button on the box. The system boots from a known good config , updates from the package file, then re-seals the flash Rom. you can try all you want to reflash or corrupt the flash. it will not work since you can't write to it. if the system crashes due to user installs : cleanboot , nuke userland and go.