What is the best way to remove 100% of a software that is not yet installed?

windows uninstall

13,336

Solution 1

No extra hardware required:

The "probably good enough" approach would be to make a System Restore point before installing the software and rollback to it later. Some configuration and temporary files etc. can remain after this, as System Restore is preserving user files and only restoring executables to the earlier state, but without anything to make use of them these files will be harmless. They can take up a (probably insignificant) amount of disk space, but they won't make a difference security- and privacy-wise.

Extra disk required:

You can take a full disk image (or OS partition image) to an external drive before installing software in question and restore the image later. This will undo everything that happened on that disk in the meantime, including changes in user files, so if you're using a password manager etc. make sure you have an independent copy on another media.
If you have a second internal disk of at least the same size and without anything important on it, you can clone the system disk to that one, swap them and install the software on the cloned disk. Once you're done just repartition & format the clone. Your original disk stays untouched the entire time.

Some extra disk space required:

The ultimate approach would be to install a throwaway OS just for this purpose. The advantage of this method is that it will protect all your data from being accessed by potentially rogue software, assuming that you're using a separate/clean disk or other partitions are not mounted. Combine this with a full disk image and you can do without actually swapping any hardware and without a spare disk (except for an external disk for the image).

USB flash drive or external drive required:

A variant of the "throwaway OS" approach is to use a live system on a USB flash drive/external drive, namely the Windows To Go feature. You could use Rufus to create a Windows To Go flash drive from an official ISO downloaded from Microsoft (also possible with Rufus). You can then boot from that USB media to a clean Windows install without affecting your main OS. Make sure that your disk partitions are not mounted for privacy. (Thanks to @MechMK1 and @Akeo for suggesting this in the comments!)

Possible alternatives:

There's also software that makes sure the disk is restored to a previous snapshot on each boot. I've never used it though, so I don't know how effective it would be for your use case.

Solution 2

There's several solutions to this, both social and technical.

Technical Solutions

It's usually technically impossible to remove windows software after it's been run or installed. You can remove the superficial parts, but deeper modifications to the operating system will remain.

Please check the "social solutions" section of this answer for ways to prevent the software from being installed in the first place.

Make the software not able to run on your computer in a way that is provably the fault of the software vendor.

The simplest way to do this is to run a Linux live CD like Mint. Examity and ProctorU run only on Windows and Mac. You could also get a loaned a chromebook from someone, perhaps.

This makes no changes to your computer at all, and allows you to plausibly claim that the software doesn't work on your computer. If the school needs you to have a windows computer, they can provide one to you.

Clone your whole hard drive, aka fulldisk image, before the install. This is possibly to do with free open-source tools like clonezilla. You'll need a second hard drive of at least the same size.

This is impossible to detect, and you can restore the image after the exam. This is technically hard, and might require a lot of reading, but should be 100% safe if done correctly.

Use a system modification detector to revert changes.

Software like Total Uninstaller can detect changes made to your system and revert them. You'll need to scan your computer before and after the installation of the malware.

Make a system restore point if no other option works, then restore it after you don't need the software anymore. This is the least safe option, as the software might delete or tamper the restore point.

Do a factory reset. This will erase all the data in the computer, so you'll have to backup everything to do that. This should be relatively safe, although it won't protect against the nastiest varieties of software, depending on your computer.

Social solutions

Social solutions are the safest option, since it prevents any infection from happening in the first place. They will also have the most long-lasting effects, since you're helping everyone around you.

It might be hard to achieve a social solution. This depends on your colleagues' values and attitude, your social circle and how comfortable you are reaching out to strangers for help.

Raise awareness of the problems and organize together with other students

Having this software is not in any students interest, so you simply shouldn't install it. To prevent repercussion, you'll need to do this as a group.

Your teacher won't fail the whole class. And if they try, you raise the issue to the school board. And if the school board doesn't do anything, you raise the problem to the school supervisory authority.

Ask for help and educate others around you.

You're not alone in this. See this article for example. You can try to reach out to people that are researching the problems, they'll probably have better guidance for you than superuser.

A local computer expert group would understand the problem and could potentially help explain the issues to your teachers and school.

Research the problem and find a solution

You can search for articles like this one, that show how this software exposes your name, address and passwords to hackers. Or this one about how students are watched live on camera remotely by people from random countries and can't move away even in extremely embarrassing situations.

Compile a list of the problems, and explain it to people around you. Try to understand what other students (and perhaps their families) care about the most. Talk with your teachers. Then research some more.

It's important that you don't just focus on the problem, but actually provide a solution that is better for everyone, students, teachers and schools.

Software like this does not prevent cheating. Students have managed to successfully cheat for centuries, even under close surveillance from their teachers and huge penalties.

The only way to reliably prevent cheating is to design the tests in a way that having access to material (including books, notes and the internet) is not sufficient to pass without having learned the material. That is your teachers responsibility. It is also the only way to check that you actually learned anything, instead of just memorizing.

If your teachers are concerned about students copying from each other, this can be reliably detected manually if the answers are long-form, or statistically if they're multiple choice. It's some extra work for teachers, for sure, but tests can be changed and that is their job.

Solution 3

This might not be the best option but it was not mentioned yet so consider this more a 'nice to know'.

Windows has support for FBWF (file based write filter) or its successor UWF (unified write filter).

Unified Write Filter (UWF) is an optional Windows 10 feature that helps to protect your drives by intercepting and redirecting any writes to the drive (app installations, settings changes, saved data) to a virtual overlay. The virtual overlay is a temporary location that is usually cleared during a reboot or when a guest user logs off.

https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/unified-write-filter

Basically when you turn it on, it will write ANY file changes to a shadow copy of the disk. When you reboot, the shadow copy gets deleted, and the original state gets reinstated.

This means you could enable UWF, install the software etc, then turn it off when you're done and reboot again. After that it's like you did not even install the software at all.

At a company I work for we use this on machines to prevent viruses or on-site staff fiddling with configurations. We've actually had a big case of virus in the network that took down a bunch of machines (all interlinked) and our big save was that we could just reboot and the virus was gone. That being said machines from other vendors were still infected and would promptly reinstall the virus, but we could simply unlink the machine and reboot again. It was a life-saver, so i'm promoting this feature where I can.

I did not find it a very easy tool to use, there are some slight nuances you must know if you're gonna run this for a longer period, but for a case like this I would recommend it as an alternative.

BE AWARE of the requirements and limitations, see the link.

Windows 10 Enterprise, Windows 10 IoT Core, or Windows 10 IoT Enterprise.

Solution 4

Once you have given an invasive piece of software complete access to your machine then it is difficult to ever fully excise it. You might be able to uninstall it and that may even completely get rid of it, but there could well be configuration changes and movement of other items that you can never fully undo.

The best thing you can do if you want absolutely no trace whatsoever is to take a full image backup using Clonezilla.

What you would do is boot from a Clonezilla USB or DVD/CD, create a full disk backup to a suitably large USB hard disk, and then when you are done restore that backup image and in so doing erase everything that is currently there.

You would want to backup everything from while the software was installed as well, in case there were documents you worked on that you need to restore as well. Cloud services or another full disk image would help here.

Solution 5

Windows Sandbox

Recent versions of Windows 10 (Professional and Enterprise) have built-in support for a feature called Windows Sandbox, which is a lightweight virtualized instance of Windows 10. The sandbox is isolated from the host system through container mechanisms and all changes applied to the sandbox will be lost upon closing the sandbox window. The main motivation behind sandbox was to provide means for safely running untrusted software, without the overhead of having to fire up a virtual machine.

The sandbox allows selective data sharing with the host system, e.g. by configuring shared folders on the hard disk, which allows for fine-grained control of which parts of the data are shared.

You mentioned that "virtual machines are not allowed", which is a fuzzy constraint which may or may not be violated by using the Windows sandbox, which is more of a container than a virtual machine. In Windows 10, when virtualization support is activated in the operating system, all instances are virtualized, so the sandbox is technically no different from your normal Windows 10 session. It's just another instance running under the same hypervisor. But you might want to double-check with the authorities when in doubt.

View more solutions

13,336

Anne Maier

Updated on September 18, 2022

Comments

Anne Maier almost 2 years

We will have proctored online exams because of COVID-19 for which we must install proctoring software (spyware) that will download and run additional software after installation and monitor everything on the computer.

I know that I have to install the software and that virtual machines are not allowed. However, I would like to 100% uninstall the software and everything that the software has installed after my exam, how could this best be achieved?

I have not yet installed the proctoring software.
- Tetsujin over 3 years
  
  You would be better off asking either the company who make the (undisclosed) software, or your education authority.
- Anne Maier over 3 years
  
  Thank you. The software is from Examity, but I think it would be great if there is a solution for all students, regardless of whether they must install software from Examity, ProctorU, Proctorio, etc.
- Phone over 3 years
  
  @Tetsujin Neither the education authority nor the software maker have an incentive to tell you how to actually remove the low-level OS integration it performs, as opposed to just pretend that the software can simply be uninstalled by disappearing the pretty UI.
- Flying Thunder over 3 years
  
  By "virtual machines are not allowed", do you mean that the software scans if there are virtual machines on the OS its running on, or that the software scans if itself is running in a VM? Im curious on how good the software is at detecting if its running in a VM
- Anne Maier over 3 years
  
  The software scans whether it is running in a virtual machine.
- twiz over 3 years
  
  Your school is going to lose their minds when they learn people can own more than one device. 🤦‍♂️ If your school is run by intelligent people, you could point out that the software is useless and you'd prefer to not install it. In my experience, the odds of that are very low though.
- Hagen von Eitzen over 3 years
  
  What is the software supposed to prevent?
- 41686d6564 stands w. Palestine over 3 years
  
  @twiz I never used that software myself but since it's used for exams, I would imagine that it records both you (using a webcam) and your activity (on the computer). It's not very easy to use another device without being detected by the webcam. The problem with a VM is that the software would only be able to record what's happening on the VM. One could be doing everything they need on the host OS without moving their eyes from the monitor.
- Hagen von Eitzen over 3 years
  
  @41686d6564 Two immediate simple ideas a) Using semitransparent mirrors, one could bring another computer display or simply a cheat sheet into view without the webcam noticing. b) A webcam that is not built-in could look in a different direction and record the student acting as if they participate while another person goes through the actual exam.
- Kyslik over 3 years
  
  I fail to understand; if one doesn't own Windows machine; what happens? Just pretend that dog ate the Windows machine. On a serious note, raising awareness is number one action as described in answer below. You are going to install a software which "99/100" security experts would advised against.
- Gerrit Brink over 3 years
  
  You could check out Deep Freeze, it will automatically remove anything you install on the PC after it restarts. This was used at my University back in the day.
- Konrad Rudolph over 3 years
  
  @FlyingThunder Detecting whether you’re running inside a VM is trivial for most/all consumer VM software: VMs generally don’t attempt to hide the fact that they’re a VM, and there are many documented (and undocumented) ways of finding this information. Maybe virus researchers have access to software that does hide this fact but regular VMs won’t do this.
- Robin Thoni over 3 years
  
  The best (not cheaper) cheat method here would be to MITM the monitor (assuming desktop computer or external laptop monitor): your buddy can view the test and can answer by writing back on top of it. It's completely impossible for the software to notice as it only happens in the monitor, and your eyes won't leave the screen neither. Your partner doesn't even have to be next to you if your gadget has internet access... That kind of software is just useless...
- Paddy Landau over 3 years
  
  They'd have a problem if it were me, as I don't have a Windows machine — I have Linux Ubuntu. My one and only Windows machine runs in a VM inside LInux.
- Mason Wheeler over 3 years
  
  If classes are supposed to teach you competence in a subject in preparation for a real job, and in the real job you would have access to the Internet to look up things you don't know, but would be expected to have enough competence to know what to search for and how to apply that knowledge, then is the concept of "cheating" by having access to the Internet even meaningful in any way in an academic setting? What they call "cheating" is precisely what you're supposed to do in the real world.
Mokubai over 3 years

I hadn't considered Deep Freeze like software, but I wonder if that would be seen as "working around" in a similar way that a VM would...
jaskij over 3 years

For PCs with multiple hard drives instead of backing every single one of them, disconnecting the ones which are not necessary for the exam might be a better option.
MechMK1 over 3 years

Honestly, a live OS would probably be best if it is possible. A throwaway OS is probably second in terms of success rate.
Phone over 3 years

I'd think this type of uninstall would often leave behind some deep system modifications and registry entries?
harrymc over 3 years

@goncalopp: Not necessarily. This software seems to be non-profit and ethically written, even advising of where are potentially left-over files.
MechMK1 over 3 years

@gronostaj You can run Windows 10 live from a USB stick. It's a bit of a hassle, but it works. Besides, Linux support isn't that uncommon anymore.
Dan M. over 3 years

@gronostaj I really doubt that the software in question requires Windows 10 2004 or newer.
Akeo over 3 years

@grosnotaj, Windows To Go was NOT removed from Windows 20H1 or 20H2. It's just no longer officially supported by Microsoft, which is very different. Basically, what they removed was the obsolete WTG creation tool, that they hadn't updated since Windows 8, and then stated that they wouldn't work on the WTG feature any longer. But WTG still works absolutely fine with these versions. Source: I am the author of Rufus, and I test every new Windows release for WTG. So can you please amend your answer? OP should be able to download 20H2 (which can be done through Rufus btw) and create a WTG drive.
DRF over 3 years

+1 This should be upvoted much further. While I realize it's not completely practical, raising awareness is absolutely crucial. The approach of schools and more importantly the states/nations sanctioning or forcing this is extremely invasive and in my opinion utterly indefensible. The fact that so many people just rollover "because pandemic and it's hard" is scary.
gronostaj over 3 years

@Akeo Answer updated and I've cleaned up my comments, thanks!
JS Lavertu over 3 years

I don't know if it's the case for OP, but some schools can and will fail you as you must sign an agreement to the terms of the semester when registering for classes. That doesn't make it right, but it's a very real concern when your grades are on the line.
Frank Hopkins over 3 years

@DRF I would get the pandemic and suddenly we need something argument. However, even so, raising awareness to make sure this practice is a terrible compromise and needs to be rolled back/discarded as soon as the emergency is over (even if schools/universities by then have learned that remote can have its advantages) is as important when you accept it as a compromise.
41686d6564 stands w. Palestine over 3 years

I think this is a good option but it's unlikely that the OP would be running Windows 10 Enterprise on his/her personal computer (and obviously, not Windows 10 IoT).
41686d6564 stands w. Palestine over 3 years

@Mokubai I don't know about Deep Freeze now but it was widely used in internet cafes here (maybe 10 years ago) and it was very easy to break (by malware, etc.). That being said, I don't think it would be seen as "working around" in this case. I think their problem with a VM is that it allows you to have unmonitored activity (on the host OS). You can't do that with Deep Freeze (or the like).
mckenzm over 3 years

This should be the accepted answer. The other solution is just to do a fresh OS install or a side-by side install of another OS and boot to it.
Joshua over 3 years

@StianYttervik: It's time to bring down the house on these browsers that demand admin rights anyway.
Máté Juhász over 3 years

-1 for "Raise awareness of the problems to other students, organize and refuse to install the software as a group." - school doesn't ask you to use the program because they want bad to you. It's also your interest that exams happen exactly the same way for everybody. Instead of protesting, help the school looking for better options.
Mawg says reinstate Monica over 3 years

I have had good experience with Revo Unistaller, even with those "deep system modifications and registry entries".
Phone over 3 years

@MátéJuhász I've added a section on what the what the schools can do to actually prevent cheating (which monitoring students has never achieved, as virtually any student can tell you). It's very easy to implement, cheaper and students will actually appreciate it. Feel free to share it.
gronostaj over 3 years

There are dozens of free tools that do the same thing as a duplicator, but without the need to purchase extra hardware you'll use only once. What are the advantages of a physical duplicator?
Anne Maier over 3 years

Thank you. As far as I know, the software works in a VM, but using a VM is prohibited by the software provider. And if you try to hide the VM and if the software still notices that it is running in a VM, you will fail the exam.
Máté Juhász over 3 years

Cheating is not only looking for solution on the Internet, it also includes asking others to help (being physically present, over phone), checking notes... Being in an exam in the school students are also watched in order to prevent cheating. I accept its not comfortable, unfortunately I'm not aware of any better way.
Máté Juhász over 3 years

"how this software exposes your name..." that's unfortunately not unique for proctoring software
Phone over 3 years

@MátéJuhász I've edited my answer to cover those as well just now. I've also included a link that thoroughly explains a "better way", from a very reputable university. Adapting this method to high school or possibly even middle school should be within the abilities of a teacher that knows the material they teach well.
Phone over 3 years

Let us continue this discussion in chat.
Andrei over 3 years

@gronostaj you mean, like the free tool I suggested in the answer, or something completely different?
gronostaj over 3 years

dd, while unefficient compared to other tools, would be fine. So what would be the advantage of buying a hardware duplicator?
Andrei over 3 years

@gronostaj how am I supposed to say what are the advantages of a HDD duplicator when compared to these other tools that you have in mind, but won't let anyone know about? I guessed dd (which is only not as efficient as a HDD duplicator), but obviously I am not a mind reader.
gronostaj over 3 years

Ok, let's simplify the question. What's the advantage of hardware duplicator over dd?
Andrei over 3 years

@gronostaj I thought it was obvious from the answer, but I'll edit my answer accordingly, as I see it's not obvious for everyone. The advantage of using a hardware duplicator is that everyone knows how to plug something in and push on a button with a clear clone label. Not everyone knows, or has the background to understand what dd if=/dev/sda of=/dev/sdb does, and unrecoverable mistakes can easily happen, but I included it as an option for those more technically inclined.
Samin yeasir over 3 years

Yes. In theory VM should work if you make it complete enough but it's high-stakes to test and you may not have access to test in advance. That's why I suggest using a throwaway windows install on removable media instead.
gronostaj over 3 years

Interesting answer, I think this approach is worth looking into. "On Windows 10 all instances are virtualized" - if you have Hyper-V platform enabled. Otherwise no, it's still just bare metal Windows.
ComicSansMS over 3 years

@gronostaj Good point about Hyper-V, thanks. I adapted the answer.
Marc.2377 over 3 years

Was going to propose Sandboxie, and saw this. Native process sandboxing in Windows? Nice!
Phone over 3 years

@harrymc As far as I can tell PSI Secure Browser (note that OP doesn't limit their question to a specific software or vendor) is written by a for profit firm, PSI Services LLC. I'm not sure how you define "ethically written", but the software prevents "taking screen captures, using instant messaging programmes, accessing other applications, or accessing other websites"
harrymc over 3 years

@goncalopp: Software that is handed out by a university, article published on .org, are reasons enough. These permissions sound logical for avoiding cheating.
Giacomo1968 over 3 years

The “Social Solutions” here are well intended but way too long. I don’t even realize there was a “Technical Solutions” area. My suggestion? This is a technical site so put the technical stuff up top. Then for the social solutions section, I wold recommend just making that whole area smaller. Perhaps just a simple bullet list of items. The reality is making other students aware of this stuff is noble and just, but the chances of changes happening immediately are fairly slim.
Konrad Rudolph over 3 years

@harrymc I find “ethically written” a pretty questionable statement, considering that what the software does is deemed by many (including yours truly) to be fundamentally unethical: proctoring software fundamentally doesn’t work since it’s trivial to circumvent. So it makes claims it cannot fulfil of solving a problem: in other words, it’s snake oil. That’s unethical. It’s also deeply invasive, privacy-violating spyware. That’s extremely unethical.
harrymc over 3 years

@KonradRudolph: It's a tool for a university to ensure the ethical behavior of its students. Circumventing it will take a knowledgeable hacker, so it's certainly not snake oil (in addition, snake oil does have medicinal properties).
Konrad Rudolph over 3 years

@harrymc Nonsense, it takes a second laptop positioned behind the first one, nothing more. Not even a computer, a mounted stand with written notes will do.
David Mårtensson over 3 years

A bit late possibly, but you might also check with a lawyer, what the school is asking for could count as illegal since if more than one person is using the computer, this will invade their privacy.