What is the best way to remove 100% of a software that is not yet installed?

windows uninstall

We will have proctored online exams because of COVID-19 for which we must install proctoring software (spyware) that will download and run additional software after installation and monitor everything on the computer.

I know that I have to install the software and that virtual machines are not allowed. However, I would like to 100% uninstall the software and everything that the software has installed after my exam, how could this best be achieved?

I have not yet installed the proctoring software.


Solution 1:

No extra hardware required:

  • The "probably good enough" approach would be to make a System Restore point before installing the software and rollback to it later. Some configuration and temporary files etc. can remain after this, as System Restore is preserving user files and only restoring executables to the earlier state, but without anything to make use of them these files will be harmless. They can take up a (probably insignificant) amount of disk space, but they won't make a difference security- and privacy-wise.

Extra disk required:

  • You can take a full disk image (or OS partition image) to an external drive before installing software in question and restore the image later. This will undo everything that happened on that disk in the meantime, including changes in user files, so if you're using a password manager etc. make sure you have an independent copy on another media.

  • If you have a second internal disk of at least the same size and without anything important on it, you can clone the system disk to that one, swap them and install the software on the cloned disk. Once you're done just repartition & format the clone. Your original disk stays untouched the entire time.

Some extra disk space required:

  • The ultimate approach would be to install a throwaway OS just for this purpose. The advantage of this method is that it will protect all your data from being accessed by potentially rogue software, assuming that you're using a separate/clean disk or other partitions are not mounted. Combine this with a full disk image and you can do without actually swapping any hardware and without a spare disk (except for an external disk for the image).

USB flash drive or external drive required:

  • A variant of the "throwaway OS" approach is to use a live system on a USB flash drive/external drive, namely the Windows To Go feature. You could use Rufus to create a Windows To Go flash drive from an official ISO downloaded from Microsoft (also possible with Rufus). You can then boot from that USB media to a clean Windows install without affecting your main OS. Make sure that your disk partitions are not mounted for privacy. (Thanks to @MechMK1 and @Akeo for suggesting this in the comments!)

Possible alternatives:

  • There's also software that makes sure the disk is restored to a previous snapshot on each boot. I've never used it though, so I don't know how effective it would be for your use case.

Solution 2:

There's several solutions to this, both social and technical.

Technical Solutions

It's usually technically impossible to remove windows software after it's been run or installed. You can remove the superficial parts, but deeper modifications to the operating system will remain.

Please check the "social solutions" section of this answer for ways to prevent the software from being installed in the first place.

Make the software not able to run on your computer in a way that is provably the fault of the software vendor.

The simplest way to do this is to run a Linux live CD like Mint. Examity and ProctorU run only on Windows and Mac. You could also get a loaned a chromebook from someone, perhaps.

This makes no changes to your computer at all, and allows you to plausibly claim that the software doesn't work on your computer. If the school needs you to have a windows computer, they can provide one to you.

Clone your whole hard drive, aka fulldisk image, before the install. This is possibly to do with free open-source tools like clonezilla. You'll need a second hard drive of at least the same size.

This is impossible to detect, and you can restore the image after the exam. This is technically hard, and might require a lot of reading, but should be 100% safe if done correctly.

Use a system modification detector to revert changes.

Software like Total Uninstaller can detect changes made to your system and revert them. You'll need to scan your computer before and after the installation of the malware.

Make a system restore point if no other option works, then restore it after you don't need the software anymore. This is the least safe option, as the software might delete or tamper the restore point.

Do a factory reset. This will erase all the data in the computer, so you'll have to backup everything to do that. This should be relatively safe, although it won't protect against the nastiest varieties of software, depending on your computer.

 

Social solutions

Social solutions are the safest option, since it prevents any infection from happening in the first place. They will also have the most long-lasting effects, since you're helping everyone around you.

It might be hard to achieve a social solution. This depends on your colleagues' values and attitude, your social circle and how comfortable you are reaching out to strangers for help.

Raise awareness of the problems and organize together with other students

Having this software is not in any students interest, so you simply shouldn't install it. To prevent repercussion, you'll need to do this as a group.

Your teacher won't fail the whole class. And if they try, you raise the issue to the school board. And if the school board doesn't do anything, you raise the problem to the school supervisory authority.

Ask for help and educate others around you.

You're not alone in this. See this article for example. You can try to reach out to people that are researching the problems, they'll probably have better guidance for you than superuser.

A local computer expert group would understand the problem and could potentially help explain the issues to your teachers and school.

Research the problem and find a solution

You can search for articles like this one, that show how this software exposes your name, address and passwords to hackers. Or this one about how students are watched live on camera remotely by people from random countries and can't move away even in extremely embarrassing situations.

Compile a list of the problems, and explain it to people around you. Try to understand what other students (and perhaps their families) care about the most. Talk with your teachers. Then research some more.

It's important that you don't just focus on the problem, but actually provide a solution that is better for everyone, students, teachers and schools.

Software like this does not prevent cheating. Students have managed to successfully cheat for centuries, even under close surveillance from their teachers and huge penalties.

The only way to reliably prevent cheating is to design the tests in a way that having access to material (including books, notes and the internet) is not sufficient to pass without having learned the material. That is your teachers responsibility. It is also the only way to check that you actually learned anything, instead of just memorizing.

If your teachers are concerned about students copying from each other, this can be reliably detected manually if the answers are long-form, or statistically if they're multiple choice. It's some extra work for teachers, for sure, but tests can be changed and that is their job.

Solution 3:

This might not be the best option but it was not mentioned yet so consider this more a 'nice to know'.

Windows has support for FBWF (file based write filter) or its successor UWF (unified write filter).

Unified Write Filter (UWF) is an optional Windows 10 feature that helps to protect your drives by intercepting and redirecting any writes to the drive (app installations, settings changes, saved data) to a virtual overlay. The virtual overlay is a temporary location that is usually cleared during a reboot or when a guest user logs off.

https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/unified-write-filter

Basically when you turn it on, it will write ANY file changes to a shadow copy of the disk. When you reboot, the shadow copy gets deleted, and the original state gets reinstated.

This means you could enable UWF, install the software etc, then turn it off when you're done and reboot again. After that it's like you did not even install the software at all.

At a company I work for we use this on machines to prevent viruses or on-site staff fiddling with configurations. We've actually had a big case of virus in the network that took down a bunch of machines (all interlinked) and our big save was that we could just reboot and the virus was gone. That being said machines from other vendors were still infected and would promptly reinstall the virus, but we could simply unlink the machine and reboot again. It was a life-saver, so i'm promoting this feature where I can.

I did not find it a very easy tool to use, there are some slight nuances you must know if you're gonna run this for a longer period, but for a case like this I would recommend it as an alternative.

BE AWARE of the requirements and limitations, see the link.

Windows 10 Enterprise, Windows 10 IoT Core, or Windows 10 IoT Enterprise.

Related

Can I get split screen in Notepad++ like Emacs?
What is the difference between Symbolic Link and Shortcut?
What is Git Bash for Windows anyway?
How do I delete the "Apps" bookmark in my bookmark bar?
Why does Windows use backslashes for paths and Unix forward slashes?
Google Chrome Auto-Close Download Bar
Virtual Box - not filling entire screen
'less' command clearing screen upon exit - how to switch it off?
Can HandBrake flip/rotate a video?
What is the Windows equivalent of "wc -l"?
What is the equivalent of Linux's "~" (tilde) in Windows?
Why are special characters such as "carriage return" represented as "^M"?