Yesterday I somehow found myself on this website -> http://www.thinstall.com

It's really interesting.

I want to know if anyone here has tried it?
What are your experiences with it?
Do you know of another software that can do the same thing?

From my understanding, here is what thinstall does: You can create a standalone executable file of any program/software that can be used ony any PC without ever installing the program. Plus it runs the application in a virtualized sandbox so no modification to the system/registry occurs on the PC you run it on.

Basically, it can make a "Portable" version of any software that can be used on any PC without leaving a trace that the software ever existed. No installation is needed either.

I've been looking for something like this for a long time. Has anyone here used it? Does it really do what it claims? Is there any other software like this out there?

;D ;D ;D

-{ Quote: "']Do you know of another software that can do the same thing?" }-
I was just taking a closer look at the free Altiris Software Virtualization Solution (http://www.altiris.com/Products/SoftwareVirtualizationSolution.aspx).
It can create packages to install/uninstall applications with a single mouse click.
Really fascinating...

Also:
http://www.softricity.com/
and...
http://www.appstream.com/

wilbertnl! Altiris Software Virtualization Solution is really cool!

Thanks for linking me to it!

I played around with it for a few minutes and it seems really solid. I wonder if there is a way to make the *.vsa file (application layer) run on a different PC without needing to install anything. I'm going to dig deeper and see if I can figure it out.

For now, it looks like it is the same thing as Thinstall (maybe even better with some extra features) but doesn't have the ability to run virtualized software on a PC that doesn't have Altiris SVS installed on it.

I could be wrong though, I'll read the manual later tonight and see if it says anything about that. These are all a bunch of really cool software ;D ;D

Did you check their forum (http://forums.altiris.com/categories.aspx?catid=28&entercat=y) yet?

I'm also getting more excited about this software...

By the way, I'm quite sure that Thinstall needs to be installed too, before it can import and launch a packaged application.

-{ Quote: "Did you check their forum (http://forums.altiris.com/categories.aspx?catid=28&entercat=y) yet?

I'm also getting more excited about this software..." }-
Wow, I didn't even notice they had a forum! That makes it even better!

-{ Quote: "By the way, I'm quite sure that Thinstall needs to be installed too, before it can import and launch a packaged application." }-
Yeah but what I meant was that the actual "packaged application" (once it is created) can be launched on any PC even if that PC doesn't have Thinstall on it.

Check this link: http://www.thinstall.com/sales/demo.php

You can see a video of exactly how it works, plus you can download a "thinstalled" Firefox and OpenOffice2.04.

From what I understand (and I could be wrong), Altiris SVS creates the virtualized software in a *.vsa file which can only be launched on a PC that has Altiris SVS on it. Whereas Thinstall creates the virtualized software in a *.exe file (and includes the thinstall software within it) letting it run as a standalone on any PC no matter if it has thinstall installed on it or not.

Did you see the thinstall price? Over four grand!

http://www.pcmag.com/article2/0,1895,1941368,00.asp

-{ Quote: "I was just taking a closer look at the free Altiris Software Virtualization Solution (http://www.altiris.com/Products/SoftwareVirtualizationSolution.aspx).
It can create packages to install/uninstall applications with a single mouse click.
Really fascinating...

" }-

Download
Welcome to the Altiris Download Center. Please enter your e-mail and select your product below.

Note: Unless specified otherwise, all products listed below have a 30-day evaluation license.

Did someone say free? Didn't have time to survey the whole site for a freeware version, so if you want to clarify the facts again, thanks.

Yeah there is a "free for personal use" version.

-{ Quote: "...To demonstrate the power and elegant simplicity of SVS, Altiris has also made a free for personal use only license available for download from www.tucows.com and www.download.com...

Source: http://www.altiris.com/Company/PressReleases/2006/03232006.aspx
" }-
Download Link (http://www.download.com/Software-Virtualization-Solution/3000-2651_4-10549873.html?tag=lst-0-1)

Thanks wilbertnl for finding out about the free version :thumb:

-{ Quote: "Did you see the thinstall price? Over four grand!" }-

On their website it says:
"Pricing starts at $4,995 for the Thinstall Virtualization Suite and $39 per desktop for unlimited number of virtualized applications."

I don't know what the $39 deal is, but if the price really is 5 thousand bucks then that's the biggest rip off I've ever seen. :blink:

I looked at the websites, and I haven't figured out what I'd do with it.

Wilbertnl, how would a single user make use of this. I understand with Virtual Machines, but didn't really see what this sites products would do for me.

Pete

-{ Quote: "Did someone say free?" }-
Yes Sir,
I'm accountable for using that word.

http://www.geocities.com/wilbertnl/images/altiris.png

Peter, please download and watch the amazing demo (http://juice.altiris.com/article/470/the-worlds-greatest-svs-demo):
Make sure that your jaw is supported, it will drop.

-{ Quote: "Yes Sir,
I'm accountable for using that word.

http://www.geocities.com/wilbertnl/images/altiris.png

Peter, please download and watch the amazing demo (http://juice.altiris.com/article/470/the-worlds-greatest-svs-demo):
Make sure that your jaw is supported, it will drop." }-

Hi Wilbertnl,

I have watch the video demo but I am not certain to clearly understand what it is suppose to do/work (kind of newbie)... What is the purpose of Altiris? Is it a security software, a recovery software, a cleaning software, etc.?

Does Altiris conflict with Rollback Rx or any other software for that matter?

Thank you for your explanation,
Atomas31

-{ Quote: "What is the purpose of Altiris?" }-
This is my understanding:
Altiris Software Virtualization Solution functions almost similar to Firstdefense-ISR or eax-FIX/Rollback RX.
The difference is that it creates snapshots on application level as opposed to OS level.

In Firstdefense-ISR/eaz-FIX/Rollback RX you switch to a different snapshot and experience a different setup,
with Altiris SVS you switch almost any application, including it's settings, on or off with a mouse click (no reboot required).

So, you might have installed ms Office 2000, ms Office 2003 and ms Office 2007, and Altiris enables you to activate/deactivate any of the applications in less than no time.

-{ Quote: "This is my understanding:
Altiris Software Virtualization Solution functions almost similar to Firstdefense-ISR or eax-FIX/Rollback RX.
The difference is that it creates snapshots on application level as opposed to OS level.

In Firstdefense-ISR/eaz-FIX/Rollback RX you switch to a different snapshot and experience a different setup,
with Altiris SVS you switch almost any application, including it's settings, on or off with a mouse click (no reboot required).

So, you might have installed ms Office 2000, ms Office 2003 and ms Office 2007, and Altiris enables you to activate/deactivate any of the applications in less than no time." }-

So, if I have Rollback Rx on my system can I use or need a software like Altiris ? Is there any conflict between Rollback Rx and Altiris? Will it procure some layer recovery system?

Thanks,
Atomas31

It´s more for testing software than a rollback solution
You can have various versions of the same app
Think of it as a virtualized Total Uninstall

Hi Wilbertnl

You are right it was a fascinating demo. Couple of thoughts.

1. Probably easier to set up then a virtual machine as you aren't dealing with hardware type issues.

2. I wonder what happens if you install an app in a vsa layer and it crashes the system on reboot. With a VM you may lose the vm but your machine stays up. Wonder what happens here.

3. Other than play, I am not sure I see a practical application in my particular setup. I have 3 machines, with an identical setup business software wise. True the vsa concept would make deploying easier, but for me the real critical issue was data. I only use one machine actively at any one time, but at the end of the day, I sychronize to a mobile drive. Then the next day if I chose I can switch to another machine. This has saved me with hardware issues.

This software does look very interesting though, and I may have a play.

Pete

Peter,

I have used Firstdefense-ISR or eaz-FIX for purpose of evaluating and beta testing software.
Both solutions provide me with a solid uninstall or rollback function.

Altiris SVS might offer similar functionality, I install software in a layer and delete the layer when I'm finished.
Also data can be layered, so you could have a layer containing ms Office 2007 with it's documents.
I vision a system in which I "change to a different snapshot by disabling/enabling sets of layers".
Only tests will tell if that approach is feasible.

The developers are working on a concept where layers are user based: you login and your own layer of applications/data is presented to you.
You wife logs in and she is presented with a different setup.
Fascinating!

-{ Quote: "Peter,

I have used Firstdefense-ISR or eaz-FIX for purpose of evaluating and beta testing software.
Both solutions provide me with a solid uninstall or rollback function.

Altiris SVS might offer similar functionality, I install software in a layer and delete the layer when I'm finished.
Also data can be layered, so you could have a layer containing ms Office 2007 with it's documents.
I vision a system in which I "change to a different snapshot by disabling/enabling sets of layers".
Only tests will tell if that approach is feasible.

The developers are working on a concept where layers are user based: you login and your own layer of applications/data is presented to you.
You wife logs in and she is presented with a different setup.
Fascinating!" }-

I agree. I have a new machine coming which means uninstalling one machine, doing a swap and setting up a new machine. Once all that is done, I am going to give this and VM a play. It is without a doubt an interesting concept. Between it and the rollback type programs, one could have a ball.

-{ Quote: "I was just taking a closer look at the free Altiris Software Virtualization Solution (http://www.altiris.com/Products/SoftwareVirtualizationSolution.aspx).
It can create packages to install/uninstall applications with a single mouse click.
Really fascinating..." }-

Hello Wilbert,
Thanks for another great free programme.
I've been playing around with the software for the last few hours and just love it. :)
Installed numerous programmes creating a new layer for each one. I can run the new programmes individually, or just activate the whole lot and run them as if the software is permanently installed. Deleting is easy, I deactivate then click on delete, all done within seconds. The installation of a layer is child's play with the programme running you though each step in an easy to understand manner.
At this stage I haven't tried creating a Data or Empty layer but can't see it being any more difficult than just making a new layer.
I'll keep playing for a few days but at this stage I'm convinced it's a keeper.

John.

-{ Quote: "Thanks for another great free programme." }-
John, you make me feel like Santa Clause... ;)

I'm very excited, but haven't had the time yet to acquaint myself with SVS. Your report sounds very promising.
There seems to be quite a community of users offering in depth resources:
http://wiki.altiris.com/index.php/SVS_Application_Best_Practices

I wouldn't be surprised if Altiris SVS has the potential to replace both Firstdefense-ISR and eax-FIX/Rollback RX. (are you reading, ErikAlbert?)
If I understand correctly, then any disk imaging solution would support SVS flawlessly.

Hi, I am also having an interesting time experimenting with this software. Looks really excellent and easy-ish to comprehend.

I use Opera 9, but just installed Firefox 2.0 (inc extensions and themes) and Spyware Terminator and all working great. Gonna try something a bit more adventureous, Office 2003 next.

Thanks for the inital link and comments!

I just installed Trinket for use with Altiris SVS. It makes activating/deactivating layers really easy (from a system tray icon).

Thinstall is cool and all because you don't ever have to install anything on the host PC, but for the extra features that Altiris SVS gives you, I think it is worth the installation so it's a better choice (plus it's FREE :) )

It's like having hot-swappable software that you only use when you need it. And uninstalling the software is a breeze. Like the software never existed. I love it.

I'm going to set up a clean windows installation for creating vsa files from all the software I use. Then import them to my main machine. I think that's the best way to do it. I don't need the SVSAdmin application, I can comfortably manage the software through the command line. Or I might install Trinket on the main PC as well to make life easier. :)

As for Thinstall, I still think its awesome, but I hope the price really isn't five-thousand bucks.

One thing I like about Thinstall is that when you run the "thinstalled" software, it is vitualized and isolated/sandboxed from the rest of the system so no changes are made. I don't know if Altiris SVS also does that ???

And here ( http://thinstall.com/downloads/firefox_autoplay.exe ) you can download a thinstalled firefox. Notice how you can run it on any system (even though thinstall isn't installed on the PC). That's what I like about it. I can make my own software packages that can be run on any PC and leave no traces behind :)

And here is a thinstalled OpenOffice: http://thinstall.com/examples/OpenOffice.2.0.4.zip (100MB)

-{ Quote: "If I understand correctly, then any disk imaging solution would support SVS flawlessly." }-

At this stage I haven't restored a TI backup, but can't see why there should be a problem.

I've noticed that there are certain software programmes that are not recommended to be used by Altiris but these are clearly marked within the great manual that comes with the software.

For general information if you haven't installed yet, the programme makes a folder on the C:\ drive fsirdr, this folder holds the information on each programme installed in a layer and each layer has two folders named numerically (?) 1 and 2 3 and 4 and so on. I've noticed that when a layer is deleted, depending on the order of installation those numbers are removed, so the order of the folders could become 1 and 2 5 and 6 with the folders 3 and 4 missing because of the deletion. (hope that's clear enough).

Another thing I've noticed, if a layer is still activated on a reboot, the layer is deactivated on load up. This means the programmes need to be reactivated to be used, for me this is a plus as normally I wouldn't want these test programmes activated until I wanted them loaded.

Major benefit as far as I'm concerned is the programme doesn't change the MBR so any problems associated with a image programme will be a thing of the past. (That should please everyone :) )

John.

-{ Quote: "Another thing I've noticed, if a layer is still activated on a reboot, the layer is deactivated on load up. This means the programmes need to be reactivated to be used, for me this is a plus as normally I wouldn't want these test programmes activated until I wanted them loaded." }-
Thank you for your information, actually all posters provide great readings here!
-> If desired, it's possible to auto activate a layer at boot time.

-{ Quote: "-> If desired, it's possible to auto activate a layer at boot time." }-

Thanks for the information Wilbert - "Start Layer Automatically"

I've continued to play and find I can export a layer to an archive which can be placed onto an additional hard drive, or burnt to a CD\DVD. I can then delete the layer and if wanted in the future it can be imported back from the HD or CD\DVD. This means I can keep any tested software indefinitely without it cluttering up the hard drive.

Not sure about this but it would appear that the free version can't be updated.

John.

I started playing, here are some of my conceptual ideas.

First I restored an OEM image, and updated the MS hotfixes. I saved the updated image.
Then I added some applications that I need anyway or that are not supported well by layers, like Antivirus and Perfectdisk 7.
I created a differential image, which results in a very small file size.

I restored the OEM image, because the documentation advices to create VSA files in a lean system.
So, there I installed SVS, and created layers of ms Office 2000, I updated the layer with the Office hotfixes. A layer of softmaker Office 2006, also with hotfixes. And a layer of ms Money 2004.
I exported all the layers to VSA files and copied these files to another computer.

Now, this is what I think: reinstalling the system is going to be a breeze: restore the appropriate differential image (why not have several differential images, each of which has a unique setup, for example different antivirus?) and after that import the desired layers.
This sounds to me like modular system administration. Put some software components together and you get your customized software setup.

It's like Firefox with all the extensions available to your desire, but now applied to Windows. :o

What do you all think?

-{ Quote: "
The developers are working on a concept where layers are user based: you login and your own layer of applications/data is presented to you.
You wife logs in and she is presented with a different setup.
Fascinating!" }-

Even a simple profile system within the current setup (removed from login profile) would be nice, and relatively simple to implement I think, given the current ability to do this manually. A set of created profiles within Atiris, with associated applications for each profile that are activated , that deactiavtes virtually installed applications not in current selected Altiris profile.

On another point, I've notice that if I get it to monitor all changes made by an application, sandboxie style, it slows my system significantly - this is why I still prefer sandboxie for certain applications.

OK
I'm just trying to wrap my little brain around this :blink: Looks very interesting: help

So;
1)Create a "base" install of OS and a couple of critical apps say AV, BOClean, Perfect Disc and Defence Wall.?

2)Then install each utility in a new "layer" and activate each layer as required.?

What about browser, firewall?

I see someone has set up a Firefox Layer. Cool. where do any dl'd files end up?

If I have a layer with Word installed and write documents where do those documents go when the layer is closed or deleted?

Did I read correctly that each soft/group of softs installed in a layer can be exported to external HD and imported as required?

How much space does each layer take?

Having installed some soft into a layer used the tool/layer and then deleted that layer is every change rolled back?
IE: have Firefox layer active and install some malware: where does it go?
Does deleting the layer remove the malware?

This may require some a lot of paradigm changes: :o
I suspect I have only a very primitive grasp of this at this point ???

Regards.

Hi Longboard,

I can't answer all of your questions because I am still learning it myself (so perhaps someone more knowledgeable will answer them for you)

I'll answer what I can.

You create the base install with all your "everyday use" software (AV, FW and things like that). Then you can install Altiris and use it to install software that you would rather use on-demand (like browser, MS Word, P2P). Then you can just switch them on/off as you need them.

I'm not sure if the following is true (so someone please correct me if I am wrong): All changes done to the system/registry from a "layered" application stays within the layer. So if you install some malware from your layered firefox, once you deactivate the layer the maleware is gone. But when you re-activate the layer the malware comes back unless you RESET the layer first. Same thing goes for downloaded files and saved documents. If you want to permanently save the files to the system, you can copy them to a folder via explorer before deactivating or resetting the layer.

I think the best way to learn this software is to just use it in a test machine until you get the hang of it.

And yes, layers can be imported/exported between different PCs. So it is easy to install something on one PC and transfer it to another if you need to.

I've been using Altiris for a couple of weeks now, and I love it. It works great with ISR, as I can keep a very clean frozen snapshot, and just import and activate layers to use other programs. One thing to keep in mind, however, is that you cannot install a system driver into a layer. That rules out AV programs, most firewalls, etc. Supposedly the next version will include support for drivers.

As far as what happens to data that you create from a layered application:

You can exclude directories (and subdirectories of the directory if you choose) from being part of the layer, so when a layered application creates data in that folder, it is actually created in the base filesystem. For example:

I have an OpenOffice layer, and I have excluded My Documents from the layer. If I save a file to My Documents from an OpenOffice application, then deactivate the layer (and even delete it if I so chose) the document remains. If I use that OO layer and create a document in any other folder, then deactivate the layer, those documents will disappear. If I then reactivate the layer, the documents reappear.

I use it for everything from graphics programs that I use only rarely, to media codecs, to the horribly buggy Sony software that I have to use to put music on my MiniDisc player. I'm not sure if someone has posted this link yet, but it's a great place to find a bunch of example layers to import. I've tried all of them and they all seem to work wonderfully:
http://www.svsdownloads.com/

Excellent info cthorpe :thumb:

Quick question: How do you get to that "Layer Exclude Entry" dialog? ???

P.S: That's a good link. I checked it out the other day and found a lot of useful info. I noticed they have an Internet Explorer VSA that auto-resets on close. I need to figure out how they do that. I was just going to create a batch file that will reset the layer before activating it. But I never knew there was a "reset on close" option built in... ???

To open the layer options, just double click on a deactivated layer in the main SVS window.

If you haven't seen this site: http://juice.altiris.com/, you should check it out. Tons of useful information and utilities that make using SVS even easier.

C

I’ve found that some programme layers can’t be deactivated until the process that is currently running in the Task Manager is stopped. However, it gives the option to forcibly stop the process. If you agree, another message states that forcing the closure could cause problems. I’ve used this way to end a process that is currently running without any problems but I never liked the idea of closing a process without knowing what I’m closing. Reading the error message, and also the manual, I noticed that the error message also gives the process ID number, so to close the process from the Task Manager is a simple matter of comparing the ID number and ending the running process from the Task Manager.
Just a little more information that might be useful to other new users.

John.

A friend pointed out this thread to me claiming it would be an interesting read. He was correct. Now that I'm caught up I have a few questions that I hope the graciously intelligent members of this forum will help clear up.

As I understand it, there are two softwares being discussed here, Thinstall and Altiris’ product Software Virtualization Solution (SVS), with most of the attention being given to the latter. The first thing that I am struggling to understand is the tendency to prefer SVS over Thinstall, so would it be possible for a list of advantages / disadvantages of one over the other to be compiled?

Second, I am concerned about copyright / licensing issues. Can anyone tell me how installing Office in a portable VM .EXE to be used on various machines does not violate license agreements and/or copyright laws (this rhetorical question may or may not apply only to Thinstall and is not intended to be answered, but rather considered).

Third, is anyone aware of any other similar solutions that are not being discussed in this thread that should be considered? My opinion is that this is a very interesting concept that deserves thorough consideration and I propose that this thread be used to create an exhaustive list of comparable “layered virtualization,” “modular virtualization,” or any other term that gets assigned to this type of solution.

Finally, Longboard stated that this is going to shift some paradigms and Peter2150, wonders how he would use this kind of technology. I agree with Longboard while I am with Peter2150 in saying, “This is cool, but what can it do for me that I can’t already do with what I already have?” My last request is that people keep posting ideas about how they are using these tools and continue discussing ways of utilizing this technology along with any potential problems (i.e. could this be used to create hidden layers masking malicious software that automatically resets itself upon reboot?)

Ok going to start learning this.
Thanks guys.
There are some sophisticated users at their forum!
I liked that post about using svs from USB stick: WOW: :o if that works: woo hoo.

Any info about size of the layers and implications about space on HD.?
Any limitations on layer size: say FF with 20 tabs open.?
Opening big spread sheets in layers?
What about memuse and cpu use?

I have e-mailed thinstall re sme pricing options and might be able to give some info soon: they seem to already have options for running some tools from USB.


If I might make a suggestion to the mods: this thread will prolly take up a life of it's own as the "wilders" latch on to it, with respect to [Suave], how about a title change or migrate the posts about SVS to a new thread with new title?

regards.

@DAllen :thumb: ..wavelength....:)
-{ Quote: "“This is cool, but what can it do for me that I can’t already do with what I already have?” " }-
yes

-{ Quote: "The first thing that I am struggling to understand is the tendency to prefer SVS over Thinstall, so would it be possible for a list of advantages / disadvantages of one over the other to be compiled?" }-
Thinstall may be better developed but ? no free or desktop version obvious to me on their site??

-{ Quote: "If I might make a suggestion to the mods: this thread will prolly take up a life of it's own as the "wilders" latch on to it, with respect to [Suave], how about a title change or migrate the posts about SVS to a new thread with new title?" }-

I was thinking the same thing. When I first started this topic I was mainly trying to get more info on Thinstall (I still don't know how I found it but boy am I glad I did). I didn't know if it was the only software of its kind but thanks to wilbertnl we found out about ASVS. So I'm even happier to have started this topic here at Wilders because of the positive outcome.

Longboard, like I said, as a result of where this discussion is going, I also thought to myself today that this topic should be "RE-Named". I was thinking "Software Virtualization" would be a more suitable title. If you can think of anything better, PM me. If not, any Mod reading this, feel free to rename the topic if you agree or feel the need to :)

Here (http://www.wilderssecurity.com/showthread.php?t=141630&highlight=altiris) is a thread from earlier. I think Notok gives a good explanation of what it does. I would like to add that you be careful when thinking of installing security apps, like HIPS or advanced firewalls in a layer. I tried and ended up with a BSOD. I cant now remember which app it was and it might have been a glitch in that software rather than Altiris, but just for your info.
If I recall right Altiris creates a folder named "fslrdr" on each drive and keeps the settings there. When uninstalling the Altiris software it leaves the folders behind, atleast it did on my machine.

-{ Quote: "Second, I am concerned about copyright / licensing issues. Can anyone tell me how installing Office in a portable VM .EXE to be used on various machines does not violate license agreements and/or copyright laws (this rhetorical question may or may not apply only to Thinstall and is not intended to be answered, but rather considered)." }-

Well, my reason for using ASVS or Thinstall would be to keep my system clean. Sure, you can create an avs of Office and use it on two PCs, but you can also just as easily install Office on both PCs using the CD. So it's not like this software gives you any special abilities that you can't normally do without it.

Like I said, I would install Office in a "layer" for use only on my own PC because it is not a program that I use daily. I'd like to have it only when I need it (maybe once every two weeks) and for the rest of the time it will be like it is not even installed on my PC. This way my PC will stay clean and free from software installation clutter problems if I keep everything in layers and only use them when I need them.

Another reason for ASVS is like this: My little brother likes to go on some website that lets him play some wierd game (but it requires JAVA). I always hated JAVA for some reason so I never allowed him to install it on my computer. He needs to use his own crappy PC if he wants to play those games. Now I can let him play on my PC by installing java in a layer and letting him play his heart out. When he is done, it's like JAVA was never there :)

Beautiful ;D

-{ Quote: "As I understand it, there are two softwares being discussed here, Thinstall and Altiris’ product Software Virtualization Solution (SVS), with most of the attention being given to the latter. The first thing that I am struggling to understand is the tendency to prefer SVS over Thinstall, so would it be possible for a list of advantages / disadvantages of one over the other to be compiled?" }-

Thinstall can create virtual software packages in standalone EXE files that can be run on any PC (even off a USB) without needing the Thinstall software installed on the PC to run.

With Thinstall, it is a simple double click and the program starts as if it is installed (but it really isn't). Furthermore, all changes made to the PC from the "Thinstalled" software are gone after you close the program. So it is virtiualized and isolated from the PC and it is as if the program was never there once you close it.

With ASVS, the software can be saved as VSA files that can be read on any PC (as long as you install the ASVS software on it first).

A big difference (and keep in mind I'm not entirely sure that I am correct here) between ASVS and Thinstall is that with ASVS you can save settings within the program even after it is virtualized and with thinstall this is not possible. So lets say you create a thinstalled firefox and you set it up the way you like. Once you are done you are left with an EXE file that contains your thinstalled firefox. Once you make that EXE file, you can't "permanently" change any of the settings within it. So lets say you run that thinstalled firefox and install some extension. That extension will be gone once you close firefox. With ASVS, you can install the extension and make it a permanent part of the layer or reset it back to the way it was if you choose.

Again, this is all new to me so I may be wrong, but this is what I have been lead to believe after my research these past few days. So feel free to correct me anyone. And I'm sure there are a many more differences between Thinstall and ASVS that I don't know about.

-{ Quote: "...is anyone aware of any other similar solutions that are not being discussed in this thread that should be considered?..." }-
I second that ;)

Thanks [suave]. I will be keeping up with this thread and over the next few weeks I plan on researching these two softwares in more detail. Until then. I hope everyone posts away. Personally, my initial impressiong has me leaning towards Thinstall.

@sukarof:
So you have had this since August?
How does it go?
What did you end up doing with it?
The PCMag review is interesting Altiris (http://www.pcmag.com/article2/0,1895,1941377,00.asp)

Yes, not really thinking of it as security app.
More about getting some of the "bloat" off my box!
Heh: I seem to have accumulated an awful lot of "pending" tools that might be good to run inside this.

The noted problems with driver installs may rule out a lot of testing of security apps and some others but as it is free there may be some good uses for testing and keeping other softwares 'in the pocket' rather than endlessly manipulating startup lists and services. The ability to keep changes is a killer function.

@Suave:Saw your comments re thinstall and 'standalone exe' there are lots of portable USB apps available elsewhere I think, not keeping any changes; maybe more useful as sandbox utility.

there may be a role for both?

ADD: having e-mailed thinstall sales enquiry: they have sent me a firefox.exe to trial free
Go for it guys.
http://www.thinstall.com/company/contact.php

-{ Quote: "ADD: having e-mailed thinstall sales enquiry: they have sent me a firefox.exe to trial free
Go for it guys.
http://www.thinstall.com/company/contact.php " }-
Longboard, I have posted the thinstalled firefox here:
http://www.wilderssecurity.com/showpost.php?p=890545&postcount=23

Also available is a thinstalled OpenOffice ;D

-{ Quote: "@Suave:Saw your comments re thinstall and 'standalone exe' there are lots of portable USB apps available elsewhere I think, not keeping any changes; maybe more useful as sandbox utility." }-
Well, you see, I am attached to all my installed software and when it comes time to find a portable application, I always have a hard time finding one that matches my favorite installed software that I am so used to using. Well, with thinstall I can make almost all of my favorite software portable ;D

I'd rather use the software I like than settle for an alternative. Thinstall would give me that option.

-{ Quote: "...I would like to add that you be careful when thinking of installing security apps, like HIPS or advanced firewalls in a layer..." }-
Yep, I'd also recommend that. Any security software or software that you constantly use on a daily basis should be installed to the base system. The layered installations would be for software that you need once in a while, but don't want to install permanently and at the same time have them ready for the times when you need them. Keeping the system clean from software installation conflicts and un-needed clutter would be the main goal for me.

As a side note, I was just thinking how ASVS or Thinstall would have been useful to me a couple of weeks ago when Firefox 2.0 came out. I was still using 1.5 and I was hesitant to install 2.0 because 1.5 was working beautifully for me and I didn't want to screw it up. I could have just installed FF2.0 into its own layer and been able to switch back and forth between both versions until I felt comfortable upgrading to 2.0.

Instead, I used my beloved imaging software to ease my transition between the two versions. But it would have been nice to be able to use both of them interchangeably on the same setup with the click of a button. So it definitely does have its benefits.

-{ Quote: "@sukarof:
So you have had this since August?
How does it go?
What did you end up doing with it?
" }-

It is a nice app that does do what it claims. Great for testing software you know you wont keep. It worked great all the time (except the mishap with a security software) I used it for a while, but realized then that I didn't need to have programs in a layer and I primarily use FDISR for testing software (ie I rarely used it) But reading for example suave´s reasoning makes me rethink my decision.

-{ Quote: "To open the layer options, just double click on a deactivated layer in the main SVS window." }-
I've done exactly as you've instructed but I can't seem to get to the screenshot you posted > here < (http://www.wilderssecurity.com/showpost.php?p=891266&postcount=31) ???

I've been using Altiris for a few months now, its great I really like it.
Great for security, corruption by resetting an app, very flexable and instant.
Just go here http://juice.altiris.com/ as cthorpe mentioned earlier for tips.

-{ Quote: "']I've done exactly as you've instructed but I can't seem to get to the screenshot you posted > here < (http://www.wilderssecurity.com/showpost.php?p=891266&postcount=31) ???" }-

Open the main SVS program -> double click on an installed layer -> select the "Exclude Entries" tab -> double click in the empty box under "Type" and "Value." That should let you add exclusions (if you use ISR, think of exclusions kind of like anchored data)

As for what to do with the program, like I said I use it for programs that I use only occasionally that I don't want to bloat my system with. I can activate a large layer (100+ MB) in a few seconds rather than a couple minutes booting into a separate ISR snapshot. A prime example of a bloated application that I have layered is the software I need to put music on my minidisc player. Sony uses DRM, and the software that can encode and transfer is buggy, a huge resource hog, and prone to sticking its fingers into places it doesn't belong. With SVS, I just activate the layer, transfer music, then deactivate the layer and go about my business.

Here is a list of applications that have been successfully put into layers, as well as some apps that work but are "unsupported" by Altiris. Most of the apps have information in case there are special settings, etc. http://wiki.altiris.com/index.php/SVS_Application_Best_Practices

C

-{ Quote: "If I have a layer with Word installed and write documents where do those documents go when the layer is closed or deleted?" }-
Like Suave, I'm still gathering information and learning too.
Data can be layered in data layers, independent from application layers. So when you reset or delete the Word layer, the documents are save when you layer My Documents.

Any file that belongs to a layer (DLL's) are contained in the layer, but visible in the original location when the layer is activated.
This means that some DLL is visible in windows\sys32, but physical the location of the file is maintained by SVS.
Conflicting DLL's can coexist.

Concerning Firefox and malware, Suave is correct: reset the layer and the status is identical to when you created the layer.

Altiris offers rollback features that work like a light switch.
But don't confuse this with security, it's not security software!

This is really getting pretty darn interesting. I've thought of some really good uses. Things like Microsofts Streets and Trips. It's big and I don't use it often. Also would be a neat way to add it to new machine.

This thread is one of the really neat neat things about Wilders.


Pete

I would like to add a point of clarification. I must have misinterpreted Thinstall’s pricing and I am beginning to see why Thinstall has all but dropped out of this discussion. There is no way to use Thinstall without spending at least $4,995. The mention of the $39 per desktop is merely for the application and is useless without the $4,995 client. Their website is confusing and I suggested they modify it to avoid being misleading. They seemed to think I’m an idiot for having misunderstood it. So if you misunderstood it as well, Thinstall thinks you are an idiot.

-{ Quote: "This is really getting pretty darn interesting. I've thought of some really good uses. Things like Microsofts Streets and Trips. It's big and I don't use it often. Also would be a neat way to add it to new machine." }-That's the main thing I use Altiris for, all those apps that I hate installing because I'll use them approximately once per format. This way I can export them and not have to worry about actually installing them ever again. Some tools have caused driver conflicts as well, so this minimizes the chance of that happening since the driver will be gone after deactivating the layer.

wilbertnl :
-{ Quote: "But don't confuse this with security, it's not security software" }-
correct wilbertnl, I mentioned it was great for security, maybe bad choice of words, but I was thinking of recovering from certain situations.:)

Today I started beta testing Arovax Smarthide 1.0.226 on 2 boxes.

Read about altiris here. So installed a took a chance on the second machine to see if Smarthide would run in that environment. All seems same as machine 1 without altiris.:thumb:

Today has been fun :)

-{ Quote: "']As a side note, I was just thinking how ASVS or Thinstall would have been useful to me a couple of weeks ago when Firefox 2.0 came out. I was still using 1.5 and I was hesitant to install 2.0 because 1.5 was working beautifully for me and I didn't want to screw it up. I could have just installed FF2.0 into its own layer and been able to switch back and forth between both versions until I felt comfortable upgrading to 2.0.

Instead, I used my beloved imaging software to ease my transition between the two versions. But it would have been nice to be able to use both of them interchangeably on the same setup with the click of a button. So it definitely does have its benefits." }-
This is exactly a comprehensive comparison between snapshot/disk imaging solutions and software virtualization.
Thank you, Suave.

-{ Quote: "This is exactly a comprehensive comparison between snapshot/disk imaging solutions and software virtualization.
Thank you, Suave." }-

Exactly. Now does anyone know how to make a 100 hour day so I can play with all this immediately;D

Pete

-{ Quote: "This is really getting pretty darn interesting." }-
:thumb:
-{ Quote: "Things like Microsofts Streets and Trips." }-
Peter,
I remember that you were evaluating ms Office 2007 beta.
It's probably easy to accomplish these test sets in SVS, and as opposed to rebooting into different snapshots, you would simply switch between ms Office current and ms Office beta. As easy as switching a cable channel. ;D
If you had time, you could experiment with this same project
-{ Quote: "Now does anyone know how to make a 100 hour day so I can play with all this immediately;D" }-
Let's try to get a 4-layered day of 24 hours. :blink:

-{ Quote: "Open the main SVS program -> double click on an installed layer -> select the "Exclude Entries" tab -> double click in the empty box under "Type" and "Value." That should let you add exclusions (if you use ISR, think of exclusions kind of like anchored data)..." }-
Thanks cthorpe :thumb:

@dallen: Thinstall are the idiots. Not us. And IMO, the real idiots are the ones who pay 5 thousand bucks for their software without even getting to try it out. It's a shame though because from what I've been reading, Thinstall seems great. But there is no way I am willing to part with that kind of money.

According to the Thinstall website, their customers include GE (General Electric), the US Department of Defense, Qualcomm, Lucent, Northrop Grumman, Morgan Stanley, T-Systems, and Abbott Labs. So maybe they are not marketing this software towards the average home user. Too bad :(

Can Altiris be use in conjuction with an instant recovery software like Rollback Rx?

Thanks,
Atomas31

-{ Quote: "']So maybe they are not marketing this software towards the average home user. Too bad :(" }-
Actually, Altiris isn't either... And they don't expect a growing home user base.

-{ Quote: "Exactly. Now does anyone know how to make a 100 hour day so I can play with all this immediately;D

Pete" }-

Know the feeling - Just received the first newsletter from Altiris with more goodies to play with. :)

http://juice.altiris.com/node/156

John.

-{ Quote: ":thumb:

Peter,
I remember that you were evaluating ms Office 2007 beta.
It's probably easy to accomplish these test sets in SVS, and as opposed to rebooting into different snapshots, you would simply switch between ms Office current and ms Office beta. As easy as switching a cable channel. ;D
If you had time, you could experiment with this same project

Let's try to get a 4-layered day of 24 hours. :blink:" }-

Ah darn it. I already had enought to fool with. Forgot about the Office beta, and you had to go and remind me.;D

-{ Quote: "Actually, Altiris isn't either... And they don't expect a growing home user base." }-

There is a later build of Altiris SVS out 2.0.2027 but I can't find anywhere to download.

Also out is "Altiris SVS for personal use" beta 2.1 download here:

http://juice.altiris.com/download/870/svs-2-1-beta-1-for-personal-use

On the forum there is mention that 2.1 will be available early next year, hopefully they will release a full 2.1 version for personal use as well. ;)

I like this software so much I would gladly pay for a personal version that could be updated.

John

-{ Quote: "I like this software so much I would gladly pay for a personal version that could be updated." }-
Thank you for the update, concerning beta 2.1.
I signed up for the beta program, I guess that helped with making this release available for home users. 8) ;D

Hi Wilbertnl and gang

Okay, I've downloaded the files for SVS and have actually been reading the documentation. (Yeah, I know, strange). What I was going to do is install the SVS stuff on my system as is, and then add some new stuff in a layer. Is that what you all are doing. The manual says you should have virtuallly nothing running in the background or it will be captured. In fact they recommend using a virtual machine.

Just curious what you are doing.

Pete

Hey Peter2150,

It will only capture background operations if you set it for a "Global Capture". Instead, you should do an "installation capture" or "program capture" (I forgot what it is called exactly) which will only record the changes made by the actual setup file and the files launched by the setup file.

I think the best way is to do it on a clean bare system (that's what I do).

Right now I am in the process of making VSA's of the software I plan on using in fresh install of XP on my other computer. Once I have them all ready I will import them to my main PC.

I even wrote some autoit scripts for some of the software that will allow me to click a shortcut on my desktop and the layer will automatically activate itself and launch the program for me. Then when I close the program, the layer deactivates itself and resets itself. There is a another way to do it by using a VB script. See here: http://juice.altiris.com/download/712/activate-and-launch-in-a-single-step

Hi Suave

I guess what I am wrapping my mind about is doing it in a clean system, but running it with everything. I do have a early image of my system which just has a couple of security programs, I could uninstall.

Two other questions.

1) Am I correct I can do a program install, and then have the program search and update itself and then complete the capture.

2) One program I want to install you just download a small app, and then does the complete download and install. Do you see any problems with that.

Thanks, Pete

-{ Quote: "1) Am I correct I can do a program install, and then have the program search and update itself and then complete the capture.

2) One program I want to install you just download a small app, and then does the complete download and install. Do you see any problems with that." }-

1) You can create a layer using the installation method, and if the installation program starts the program, then you can do updates, etc that will all be captured in the layer. If the installation program and any child processes it starts close, then the capture will end. You can do an update of an exisiting layer at a later time if you want.

2) I think that should be fine, as the small installer spawns the download processes and then completes the installation.

Hey Peter2150,

Sorry, I don't think I understand what you are asking in the first question.

But regarding question #2, I don't believe it will be a problem. When you do the program capture on that small downloader app it will redirect all changes made by that downloader into the layer and it will also redirect the changes made by any files the downloader launches. So after that downloader app finishes downloading the full installer, it will most likely launch the installer. And therefore, the changes that installer makes will also be redirected to the layer.

You will know everything is OK if you see the thunderbolt icon blinking in the systemtray during a capture. As long as it is still blinking, it is still capturing. It should automatically stop the capture once the whole setup process is complete. And incase something goes wrong, you can always do a global capture.

Edit: sorry cthorpe, I didn't see that you already answered him when I made this post :)

Edit2: btw, just to add to what cthorpe mentioned in #1. You can trick ASVS into thinking the capture isn't complete while you manually launch the newly created program in order to update it/change settings (incase the installer doesn't do it for you or if you want to install more than one program in a single layer). You can do this by setting the "program install" to C:\WINDOWS\system32\cmd.exe and manually launching the installer and whatever else you need via the command line. The capture wont stop until you close cmd.exe (allowing you to launch the application as many times as you need until you decide to finalize the capture). I read about this somewhere yesterday. If I find the link I'll post it (I think it will explain it better)

Edit3: Found the links:

Different methods of doing what I've described above: http://juice.altiris.com/node/22
GUI available for those who don't like the command line: http://juice.altiris.com/download/165/program-launcher

Thanks guys. This thing is so cool it's almost painful. I play tomorrow.

Again thanks,

Pete

-{ Quote: "Can Altiris be use in conjuction with an instant recovery software like Rollback Rx?

Thanks,
Atomas31" }-
I don't know much about Rollback Rx but I don't see why they can't work together.

Read this: http://juice.altiris.com/node/480

They say that imaging software can work with ASVS without any problems.

I don't know if that applies to Rollback Rx (as it is not like the average imaging software) but if you're feeling adventurous you might as well give it a try ;)

By the way, I was wondering if defragmenting the hard drive would have any affect on ASVS and I found the answer at the juice. Here is the link if anyone else was wondering: http://juice.altiris.com/question/765/defragmentation-and-svs

-{ Quote: "Can Altiris be use in conjuction with an instant recovery software like Rollback Rx?

Thanks,
Atomas31" }-

It runs perfectly with FDISR and I can not see any reason why it shouldnt run fine with Rollback Rx or its clones.
I believe the only software that can be a bit tricky with FDISR or Rollback is the ones that modify the MBR and some imaging software. When I had Rollback installed it played well with all the software I threw at it, so does FDISR.

-{ Quote: "Okay, I've downloaded the files for SVS and have actually been reading the documentation. (Yeah, I know, strange)." }-
This software invites to read the docs, the options and procedures are not exactly 'click and play'
-{ Quote: "The manual says you should have virtuallly nothing running in the background or it will be captured. In fact they recommend using a virtual machine." }-
I think it's okay to install it in a complete system and get the feeling with some layers.
But when you think of a few office layers simultanuously, you practically need to start with a OEM Windows.

When you want to archive the layers, they suggest to prepare that in a lean system. So what I did was restoring a OEM Windows and build the layers for archiving there. To update ms Office, I select update layer and launch Internet Explorer: office.microsoft.com and download/install the updates.

I'm not sure how I update a layer with customized settings, though.

-{ Quote: "']You can trick ASVS into thinking the capture isn't complete while you manually launch the newly created program in order to update it/change settings (incase the installer doesn't do it for you or if you want to install more than one program in a single layer). You can do this by setting the "program install" to C:\WINDOWS\system32\cmd.exe and manually launching the installer and whatever else you need via the command line. The capture wont stop until you close cmd.exe (allowing you to launch the application as many times as you need until you decide to finalize the capture)." }-
Very valuable tip. Thank you for sharing this, Suave!
That answers my question.

Check this web site it's cool with vsa apps.http://www.svsdownloads.com/

Hi Wilbertnl

I think I am going to leave office alone for now. It's too much my bread and butter. But I've got some good candidates. Got another fever last night and I am installing XP right now in a virtual machine. When done ASVS.

Pete

-{ Quote: "Got another fever last night and I am installing XP right now in a virtual machine. When done ASVS." }-
Peter,

It sounds like you got a decent idea of how to setup conflicting software on one system with SVS, so that you switch between them like you switch cable channels.

I'm still trying to understand how to manage the data that is produced in these layers.
I created a layer containing Free Download Manager (http://www.freedownloadmanager.org/) and now I watch downloaded files disappear/reappear at deactivate/activate of the layer.

Another example:
I downloaded feedreader.sva (http://www.svsdownloads.com/download.php?filename=archives/FeedReader 2.90.vsa) and installed the layer.
In the activated layer I checked for updates, and bookmarked the page with release information.
After I deactivate the layer, that bookmark is gone.

Hey wilbertnl,

cthorpe helped me with this issue before and now I shall pass on the knowledge to you :)

If you want the downloaded files to "stick" (get written to the base), you must exclude your download directory.

If you go into SVSAdmin and doubleclick the layer it will bring you to the advanced options. From there go to excluded entries (tab). There you can right click the empty space and select "create new" or something like that and add directories that when written to by the software will be sent to the base and not redirected to the layer.

You can also exclude only certain filetypes if you'd prefer, but in my opinion it is better to just exclude one directory that the files are allowed to be permanently written to. (Unless it's possilbe to do both, I'll test it later)

Another way is to download the files and then move the files with explorer to another folder. This is because since explorer is part of the base, anything it writes is written to the base as well.

Wilbertnl,

Think about the excluded directories like anchored folders in ISR.

-{ Quote: "
Another example:
I downloaded feedreader.sva and installed the layer.
In the activated layer I checked for updates, and bookmarked the page with release information.
After I deactivate the layer, that bookmark is gone.
" }-

Try excluding the bookmark.html, favorites folder, etc that your browser uses.

C

Thank you both of you suave and cthorpe.

I notice the behaviour of data that is created in an application layer, and I'm not sure yet what suits me best.
Although I have a structure of download folders, sometimes I pick a different location, like the desktop.

And like in the example of feedreader, that checks for updates and opens a browser, one would not think that a bookmark/favourite created in that browser session ends up in the layer... No user is prepared for that with exclusions.

What I try to say is: SVS is really powerful and the user needs to understand the concept and behaviour of executable and data really well.
No matter how well prepared the sva or layer is.

I'm mostly just giving my observations sound here. ;)

-{ Quote: "
And like in the example of feedreader, that checks for updates and opens a browser, one would not think that a bookmark/favourite created in that browser session ends up in the layer... No user is prepared for that with exclusions.
" }-

I think the issue is that the browser may be a child process of the feedreader process. If that's the case, then I think any actions by the browser are redirected to the layer. If you launched the browser on it's own while the feedreader layer was active, then the browser would be able to write to the base filesystem.

-{ Quote: "Peter,

It sounds like you got a decent idea of how to setup conflicting software on one system with SVS, so that you switch between them like you switch cable channels.

" }-

I am about to start playing with SVS. I know I could uninstall OFfice 2003, and then put 2003 in one layer and 2007 in another. I am not going to do that at this point as Office is one of my bread and butter programs for my business. I am not quite ready to experiment that stuff, but am going to experiment with certain things.

Pete

-{ Quote: "I think the issue is that the browser may be a child process of the feedreader process." }-
You are correct with that, cthorpe.
I could easily open another browser and copy the URL. The SVS user needs to understand the impact of the layers. :thumb:

Yeah I agree with both of you, it is powerful. Here is what I have realized so far:

If you open a layered application, anything that application writes/modifies stays within its layer. Furthermore, any changes made by opening an application that was written to a layer by a layered application, stays within that layer as well.

So what you need to keep in mind is that if it is in the layer, it stays in the layer (no matter how it got there).

Here is an example to illustrate this:

You have a layered firefox that you activate and open firefox from. You browse the web and download some software you wish to install (lets say, PhotoFiltre for example). So you download pf-setup-en.exe from photofiltre.com with your layered firefox. Since firefox is the process that is writing pf-setup-en.exe, that file gets redirected to the firefox layer and becomes a part of it.

Now lets say you launch pf-setup-en.exe in order to install it. Since pf-setup-en.exe is already a part of your firefox layer, any changes it makes to the system get redirected and stay within the firefox layer. So after you install it, and deactivate your firefox layer, photofiltre will be gone as well. When you reactivate the firefox layer, you will see that photofiltre appears to be installed again. Furthermore, if you open photofiltre and draw some picture and save it, that picture will also be redirected to the firfox layer (because the process that created the picture photofiltre.exe is a part of the firefox layer which means it can only write to the firefox layer)

Now here is the tricky part. Lets say when you downloaded the photofiltre setup it came in a zip file. Lets call it pfsetup.zip. So after you download pfsetup.zip, the zip file becomes a part of your firefox layer. So now you extract pfsetup.zip to get pf-setup-en.exe. This time pf-setup-en.exe is NOT a part of the firefox layer. This is because when you extract the zip file, the process that creates pf-setup-en.exe is now your archiver application (Winzip, Winrar, 7Zip, etc..)

So pf-setup-en.exe becomes a part of whatever your archiver is installed in. If your archiver is installed in the base, then pf-setup-en.exe is written to the base and any changes it makes when you launch it are written to the base. If you have your archiver in its own layer, then pf-setup-en.exe is written to that layer and any changes it makes when you launch it are written to that layer.

It gets confusing, but with proper exclusions this can all be taken care of. I agree it is important to understand how ASVS works before actually using it in a real system. That's why I am playing around with it for now on my test machine while I learn ;)

-

In addition to all that, what cthorpe pointed out is that any changes made by a process that is launched by a layered application will be redirected to that layer as well. I will test this out. I am pretty sure he is correct about that though.

Edit: Yep, seems like wilbertnl has confirmed this in the post right above this one :)

Excellent examples, suave!
Thank you.

Cool!

And I just had another thought right now. If what cthorpe says is true, then this might mean we can use ASVS as a temporary sandbox to run untrusted programs randomly without creating layers for them.

Here are my thoughts, what if you create a layer for cmd.exe. Nothing else, just cmd.exe.

Then when you activate this cmd.exe layer and launch cmd.exe from it, any system changes made by a child process of the layered cmd.exe will be redirected to the cmd.exe layer.

So you can easily launch and test software, or run untrusted programs in a virtualized environment. Reset your cmd.exe layer and all changes are rolled back.

I will test this out as well when I have time! I hope it works! ;D

Thank you Suave and Sukarof for your answers ;-)

Also, is there an email from someone at Altiris to who we can ask questions and also a Tutorial of Altiris SVS?

Thanks,
Atomas31

-{ Quote: "Also, is there an email from someone at Altiris to who we can ask questions and also a Tutorial of Altiris SVS?" }-
There is a whole living community: http://juice.altiris.com/svs
Forum: http://forums.altiris.com/
Knowlegde base: http://kb.altiris.com/

btw, I had a chance to test out my theory (2 posts above) and it worked!

So just incase anyone is interested, here is what you need to do in order to make your own on-demand virtualizer built into ASVS:

1) Open up notepad.

2) Type: xcopy C:\Windows\system32\cmd.exe "C:\Program Files\VirtualCMD\"
*NOTE* You can replace C:\Program Files\VirtualCMD\ with whatever folder you want to install the virtual cmd.exe file to.

3) Save the file as vcmd.bat

4) Open SVSAdmin and create a new installation capture. Call it VirtualCMD (or anything you want really)

5) You need to select the vcmd.bat file that you created.
*NOTE* SVSAdmin only allows you to select exe/msi files. That's ok, just type the location to vcmd.bat manually.

6) Start the capture. SVSAdmin should launch vcmd.bat and save the newly created cmd.exe as a layer.
*NOTE* This step should only take like one second to complete.

7) You are done.

Now you can activate/deactivate the layer at will.

When the layer is active, you can load up C:\Program Files\VirtualCMD\cmd.exe (or where ever you installed it to in step 2)

Any changes made to the filesystem/registry by anything you run from this virtual cmd.exe will be redirected into your VirtualCMD layer.

Reset the layer and all changes are gone.

Now you can use ASVS as a sort of "on-demand virtualizer" that will allow you to test software installations and run untrusted programs in a way that wont make any permanent changes to your system without the hassle of having to create new layer every time :)

Pretty cool ;)

What about using one of the GUIs available at Atiris Juice instead of cmd.exe?

http://juice.altiris.com/download/165/program-launcher

That might make it easier to do whatever you want in the quick virtual layer.

Yep it will definitely work with the program launcher as well. It's a matter of preference really ;D :thumb:

The title of this thread really needs to be updated.

-{ Quote: "The title of this thread really needs to be updated." }-Indeed, I'll bet there's some people that would be interested in Altiris that are missing out

-{ Quote: "The title of this thread really needs to be updated." }-
I asked for the title to be changed to "Software Virtualization" over > here < (http://www.wilderssecurity.com/showpost.php?p=891322&postcount=38)

So maybe when the Mods have some free time they will do it for us :)

Re :Altiris Software Virtualization Admin.
You may like to try this ? (A Temp Layer)
Open the Altiris Software Virtualization Admin window
select file>create new layer.
then select Data layer. hit next
select Directory then browse & select drive "c" hit next.
then finish.
Now activate this layer.
good now you can add apps surf the net & what ever files
are added or changed on drive "c" will vanish when you
deactivate this layer. coooool.:dry: :D

That is a cool use for data layers.

Have a question. If you create a layer and install a program that needs a reboot to function, I would assume it's necessary to set up auto activate so the program runs okay? Any thoughts.

My first shot was a little less then sucessful. I tried creating a layer and installing Microsofts train simulator. it does need a reboot, and I didn't set auto activate. It seemed to have the come and go characteristics, but the simulator wouldn't run.

The other thing I tried was to export the layer, (worked fine), and then deleted the layer (worked fine). Then tried importing the layer back in. Was unsuccessful.

May try again in an empty snapshot, so I can try a global create.

Pete

-{ Quote: "it does need a reboot, and I didn't set auto activate." }-
Maybe you find some info about rebooting installations here: Application Best Practices (http://wiki.altiris.com/index.php/SVS_Application_Best_Practices)
Search for reboot.

And this: Virtualizing Applications that Require a Reboot During Install (http://juice.altiris.com/node/115)

-{ Quote: "Have a question. If you create a layer and install a program that needs a reboot to function, I would assume it's necessary to set up auto activate so the program runs okay? Any thoughts." }-
I was thinking the exact same thing yesterday, but haven't gotten around to testing it out.

But now that I think about it, I don't believe you would need to set it to auto-activate. The reason is simply because, there would be no difference if you auto-activate it or manually activate it. The same thing would happen upon activation no matter when you activate it.

So with a "reboot required installation" I would just reboot the PC, then activate the layer manually and save the changes. You could set it to auto-activate if you wanted to, but the more important thing to do would be to save the changes.

If it is an install that at the end tells you that you need to reboot, but doesn't force you to do it right then, just deactivate the layer then reactivate it. When you reactivate it, it should perform whatever tasks would be done after a real reboot.

C

-{ Quote: "Re :Altiris Software Virtualization Admin.
You may like to try this ? (A Temp Layer)
Open the Altiris Software Virtualization Admin window
select file>create new layer.
then select Data layer. hit next
select Directory then browse & select drive "c" hit next.
then finish.
Now activate this layer.
good now you can add apps surf the net & what ever files
are added or changed on drive "c" will vanish when you
deactivate this layer. coooool.:dry: :D" }-
I'll admit, at first this sounded to me like a cool thing to do but believe me it's not. I just tested that out and I wouldn't recommend doing it at all for the following reasons:

1) It only redirects data written to the filesystem (not the registry). So upon deactivation only the new/modified files will be cleared, but your registry will be a mess.

2) Any files that are modified get removed from the base and placed in the layer. So if you update any software or something you run modifies any critical system files, those files will be gone after you deactivate the layer! Huge problems will result.

Eventually, you will inadvertently corrupt the software on your PC as well as your OS and registry! :gack:

-{ Quote: "Maybe you find some info about rebooting installations here: Application Best Practices (http://wiki.altiris.com/index.php/SVS_Application_Best_Practices)
Search for reboot.

And this: Virtualizing Applications that Require a Reboot During Install (http://juice.altiris.com/node/115)" }-

Hi Wilbert

Thanks. That 2nd article kind of suggests what I was suspecting. I'd be better off going into a snapshot, that is really stripped down, and doing the capture in global mode. Thats the next shot. Then to fool with the export,delete, import sequence. That's crucial to what I want to do.

Pete

I found a possible bug in ASVS.

If someone can confirm it, I'll let them know at the Altiris forums.

Bug: Files that are deleted from the base through a virtualized application are REALLY deleted from the base!

Expected bahavior: The thing that is supposed to happen when a virtualized app deletes a file from the base is that file becomes hidden wihile the layer is active and a "Delete Entry" is stored for the deleted file in the "advanced layer properties".

Steps to reproduce:
1) Deactivate all layers.
2) Open up notepad and save a random txt file to C:\test.txt
3) Activate any layer that has a "File" -> "Save As" dialog (like firefox for example) or if you have a cmd.exe layer you can use that.
4) Load up your layered (virtual) application.
5) From within the layered application, choose File->Save As and from that dialog delete the C:\test.txt file that you created in step 2. (Or if you are using cmd.exe just delete C:\test.txt from the command line)
6) The file should disappear from windows explorer.
7) Deactivate the layer.
8) Once the layer is deactivated, the file should re-appear. But is DOESN'T.

The file has been permanently deleted from the base and no "Delete Entry" was stored for the deleted file in the "advanced layer properties". This means that any virtualized application has the ability to delete any file it wants to from your base.

This is definitely a bug. I even read in the manual that this is not supposed to happen. So if someone else can confirm this I will report it to them right away.

I'm using version 2.1 Beta 1 available > here< (http://juice.altiris.com/download/870/svs-2-1-beta-1-for-personal-use)

-{ Quote: "'So if someone else can confirm this I will report it to them right away." }-
I activate a ms-Money 2004 layer and starte ms-Money.
Then I open a file, browse to my desktop and delete the test document DELETE.TXT.
I close ms-Money and deactivate the layer.
DELETE.TXT is gone.

Tested with same release.

Thanks for confirming that for me wilbertnl.

Then it is indeed a bug. I will report it to them right away.

-{ Quote: "']I'll admit, at first this sounded to me like a cool thing to do but believe me it's not. I just tested that out and I wouldn't recommend doing it at all for the following reasons:

1) It only redirects data written to the filesystem (not the registry). So upon deactivation only the new/modified files will be cleared, but your registry will be a mess.

2) Any files that are modified get removed from the base and placed in the layer. So if you update any software or something you run modifies any critical system files, those files will be gone after you deactivate the layer! Huge problems will result.

Eventually, you will inadvertently corrupt the software on your PC as well as your OS and registry! :gack:" }-


suave i like your post it was quick,accurate & Concise !!!

yes you can screw your system up with this method. It is just a test to see what
will happen. if you do this or try that. & the feed back is good. We all like to push
software to the limit.
I must say i do some crazy things with software as we all do.
Sometimes just to see the effect it has on the system. Most of us in this Forum
test software in all mannor of ways & revert back to a good woking system
when need be. I am interested to know what apps you use to track,monitor &
observe the Behavior of software you are testing Thankyou.

software-tester

Hi software-tester, glad I could help with that :)

As far as your question regarding my methods. I have a seperate PC that I use only for testing software, malware, and all that fun stuff. I use Acronis True Image with Secure Zone and have 2 pristine XP images, one with network access, the other without (each used for different types of tests). I can screw around all I want as reverting back to my pristine image is a breeze with ATI (Although some people have reported problems with ATI, I've personally never encountered any).

Applications I like to use for monitoring system changes are MultiMon, SilentNight Inspector, and most of the sysinternals monitoring tools found here (http://www.microsoft.com/technet/sysinternals/utilitiesindex.mspx). Port Explorer, CurrPorts and AdapterWatch are good for certain things as well. I also sometimes use any firewall with logging capabilities to log network activity and using a HIPS is always a good way to know what is going on in realtime. If you have any other tools/ideas let me know. But otherwise I'd like to keep this thread on the topic of "Software Vitualization".

-{ Quote: "']btw, I had a chance to test out my theory (2 posts above) and it worked!

So just incase anyone is interested, here is what you need to do in order to make your own on-demand virtualizer built into ASVS:

1) Open up notepad.

2) Type: xcopy C:\Windows\system32\cmd.exe "C:\Program Files\VirtualCMD\"
*NOTE* You can replace C:\Program Files\VirtualCMD\ with whatever folder you want to install the virtual cmd.exe file to.

3) Save the file as vcmd.bat

4) Open SVSAdmin and create a new installation capture. Call it VirtualCMD (or anything you want really)

5) You need to select the vcmd.bat file that you created.
*NOTE* SVSAdmin only allows you to select exe/msi files. That's ok, just type the location to vcmd.bat manually.

6) Start the capture. SVSAdmin should launch vcmd.bat and save the newly created cmd.exe as a layer.
*NOTE* This step should only take like one second to complete.

7) You are done.

Now you can activate/deactivate the layer at will.

When the layer is active, you can load up C:\Program Files\VirtualCMD\cmd.exe (or where ever you installed it to in step 2)

Any changes made to the filesystem/registry by anything you run from this virtual cmd.exe will be redirected into your VirtualCMD layer.

Reset the layer and all changes are gone.

Now you can use ASVS as a sort of "on-demand virtualizer" that will allow you to test software installations and run untrusted programs in a way that wont make any permanent changes to your system without the hassle of having to create new layer every time :)

Pretty cool ;)" }-

After further testing/researching, I've figured out a new way to do this (which I like better). Here's how:

1) Open SVSAdmin and create a New "Empty" Layer. Call it "VirtualCMD" (Or whatever you want).

2) Open RegEdit (Start Menu -> Run -> regedit)

3) Navigate to [HKEY_LOCAL_MACHINE\System\Altiris\FSL\1] (Replace 1 with the number of your layer. You will have different numbered keys in HKEY_LOCAL_MACHINE\System\Altiris\FSL\. Each number represents a layer. You will have to click on each one to find the one that contains the name of your layer ("VirtualCMD", or whatever you named it in Step 1 [see screenshot])

4) Once you find the right number, and you are in that key, do Edit->New->Multi-String Value. Give it the name "OnPostActivate".

5) Right-click it, choose modify and enter: "C:\Program Files\Altiris\Software Virtualization Agent\SVSCmd.exe" 04efbef0-da4e-48c0-994e-04e3c81a9b4c exec -path C:\Windows\system32\cmd.exe (Replace the string in bold with the GUID of your layer. You can find it in the registry under "ID" [see screenshot] or by right-clicking the layer in SVSAdmin and going to properties)

6) Press OK and close regedit.

Now you are done. When you activate your VirtualCMD layer, a virtualized cmd.exe will automatically launch and you can take it from there ;)

-{ Quote: "']Thanks for confirming that for me wilbertnl." }-
I repeated this test in release 2.0.1393 and the result is the same. DELETE.TXT is gone forever.

Hey wilbertnl,

That's insane. According to the manual this is NOT supposed to happen. And one would expect it not to happen as well (since virtualized software is supposedly unable to modify the system).

I let them know at the Altiris forum:
http://forums.altiris.com/messageview.aspx?catid=43&threadid=37296&enterthread=y

You can sign up too and post your thoughts in that forum if you want to. ;)

They haven't gotten back to me yet but it looks like they reply quickly judging by the other topics there. :)

Thinstall looks better all the time. (IF you inherited a lot of money from that long lost Aunt.) It really is too bad that Thinstall is so ridiculously expensive.

Hey Genady Prishnikov,

I also like Thinstall and hate the price, but the more I use ASVS the more I seem to like it.

What do you like about Thinstall? I want to hear some opinions from other Thinstall fans like you :D

I want to know what makes you like it better.

Well, I just read through this thread and thought I'd post a couple of thoughts.

Thininstall - this application is clearly targeted toward the Enterprise/Corporate space and is priced that way. As for price, we do not know how much it cost to develop it so at $5k it may still take them quite a while to get their ROI. The support required for home users would also be very cost prohibitive to a company.

Altiris SVS as some sort of malware/sandbox. It's not designed for that. This is another Enterprise/Corporate application but the company has been gracious (or maybe in their grand plan) allowed it free for personal use. I use sandboxie when I want everything contained as that is what it is designed for. I checked the juice forums and it sounds like SVS is behaving as intended. There are differences between a bug and possibly a design decision that leads to a negative impact (and I think anyone who has done real software development will agree). As for the docs, they might not be accurate - the technical writers who do these docs are not developers and close to the code.

And here is a little review of some of the sandbox apps and what they are capable of: http://www.techsupportalert.com/security_virtualization.htm

-{ Quote: "Altiris SVS as some sort of malware/sandbox. It's not designed for that. This is another Enterprise/Corporate application but the company has been gracious (or maybe in their grand plan) allowed it free for personal use. I use sandboxie when I want everything contained as that is what it is designed for. I checked the juice forums and it sounds like SVS is behaving as intended.

And here is a little review of some of the sandbox apps and what they are capable of: http://www.techsupportalert.com/security_virtualization.htm" }-
I agree with you that ASVS isn't designed as a sandbox, but it does handle the virtualizing part well. If you run malware in a real sandbox, the malware wouldn't be able to access any info from other apps/files on your hard drive and under most circumstances that would render the malware useless.

With ASVS, if you run malware inside a layer, then the malware is actually active on your system for the time the layer is active. Once you deactivate the layer or delete it, it is as if the malware was never there. So yeah, it's not bulletproof solution against threats, but it does do what it's designed to do and that's getting your system back its original state.

That link you posted is not such a good test. I don't think ASVS and ShadowUser should have been a part of that test. They are comparing products that are totally different from each other and testing them against things they aren't supposed to handle in the first place.

Anyways, Altiris even states on their website that ASVS is NOT a security software. But nevertheless, due to the nature of the software it does provide a minimal level of security, just like ShadowUser does. That's how I look at it. :)

-{ Quote: "There are differences between a bug and possibly a design decision that leads to a negative impact (and I think anyone who has done real software development will agree). As for the docs, they might not be accurate - the technical writers who do these docs are not developers and close to the code." }-
Just to be sure, are you talking about the ability to permanently delete files through a virtualized application? If so, then yes I do strongly feel that this is a bug or at least an unexpected behavior that should be fixed. There is no reason for a virtualized application to be able to make permanent system changes. That goes against everything ASVS stands for. Once you deactivate a layer the system should be back to its original state without any modifications to the filesystem/registry.

There have been a couple of reports about this problem at their forum, but it doesn't seem like they are acknowledging the fact that this indeed is a problem. It's even worse now that I know this is an ongoing problem since the previous versions. :(

-{ Quote: "']I agree with you that ASVS isn't designed as a sandbox, but it does handle the virtualizing part well. If you run malware in a real sandbox, the malware wouldn't be able to access any info from other apps/files on your hard drive and under most circumstances that would render the malware useless.

With ASVS, if you run malware inside a layer, then the malware is actually active on your system for the time the layer is active. Once you deactivate the layer or delete it, it is as if the malware was never there. So yeah, it's not bulletproof solution against threats, but it does do what it's designed to do and that's getting your system back its original state.

That link you posted is not such a good test. I don't think ASVS and ShadowUser should have been a part of that test. They are comparing products that are totally different from each other and testing them against things they aren't supposed to handle in the first place.

Anyways, Altiris even states on their website that ASVS is NOT a security software. But nevertheless, due to the nature of the software it does provide a minimal level of security, just like ShadowUser does. That's how I look at it. :)" }-

If you look at they type of products that Altiris sells, I think you'll have a better understanding at where this fits in. My previous company used some of their software for software deployment and Sarb-Ox compliance. They are not creating products to work in the scope that you would like. It would be cool if there was such an option, and maybe there is since you apparently have the option of making the base layer read-only - it just doesn't work that way by default.

The reason I posted that link is that it does demonstrate people trying to use a couple of non-sandbox applications as sandboxes. ASVS is close to it but definitely not one.

How about as a different example, we go with something closer to how ASVS is more likely to be used. I have an Enterprise and I use this to deploy VSA's out to my users. I use it to "install" something like CCleaner or Tune-Up Utilities which are run to clean/fix things with the base layer. Should all that be put back when that layer is deactivated? I would hope not.


-{ Quote: "']Just to be sure, are you talking about the ability to permanently delete files through a virtualized application? If so, then yes I do strongly feel that this is a bug or at least an unexpected behavior that should be fixed. There is no reason for a virtualized application to be able to make permanent system changes. That goes against everything ASVS stands for. Once you deactivate a layer the system should be back to its original state without any modifications to the filesystem/registry.

There have been a couple of reports about this problem at their forum, but it doesn't seem like they are acknowledging the fact that this indeed is a problem. It's even worse now that I know this is an ongoing problem since the previous versions. :(" }-

Yeah we are talking about the same thing. I'll stand by my above example as the way I think ASVS is supposed to perform. Just because people think it is a problem, doesn't mean that it really is :-)

For arguments sake, let's say it really is a bug, and even an acknowledged one. There are no guarantees that it will or can get fixed. I don't know your background and don't mean to be perceived as insulting but as someone who has worked in the software/hardware/security/network industry in silicon valley for about 15 years, there are many factors to these things. Priority is probably the highest but that is influenced by things like how many customers are hitting it? how does it impact them? how much revenue do they bring in? can they work-around it or live with it? Then you have to look at do we have the resources to fix it? can it be fixed? how long will it take? what has to be dropped in order to fix it ? That's just off the top of my head, there are more I'm sure. These are things I've had to answer/question on the products I've worked with.

So can't you make the base layer read-only from that particular layer? I'd be more pissed if I had to install something in the base layer because I would undo everything from a software layer.

-{ Quote: "How about as a different example, we go with something closer to how ASVS is more likely to be used. I have an Enterprise and I use this to deploy VSA's out to my users. I use it to "install" something like CCleaner or Tune-Up Utilities which are run to clean/fix things with the base layer. Should all that be put back when that layer is deactivated? I would hope not." }-
That's a good example, I haven't thought of that. I also haven't been using ASVS long enough to have encountered a situation like that.

Although, if you virtualize all your software, you shouldn't need apps like CCleaner as your base would already be clean. But it is also not likely that one would virtualize every software anyways. So lets say you did need to run CCleaner or another app that requires the ability to make permanent base changes. Then so it seems that some virtualized applications do infact need to be able to make those permanent changes to the base in order to be effective at what they do. But that still doesn't justify the need to let ALL your virtualized software have this ability. This is what the exculsions are for. For CCleaner I would just allow permanent base changes for that layer only to whatever folders it needs to delete files from, or even just add the whole C:\ to the exclusions and not worry about it as it is an application I trust.

I'd rather have the ability to decide which layer gets to modify my system and which layer doesn't, rather than ASVS give all my virtual software the right to make changes without any way to disable that. That's why we have the exculsions. So that we can set permissions for certain apps. If I want I can give CCleaner (and only CCleaner) the ability to delete files from the base. But am supposed to be forced to give all my virtual software this ability?

And besides, these permanent changes we are talking about are only for deleting files from the base. Everything else is working perfectly according to the manual which is why this must be a bug.

Here are the things that ASVS currently does while you use a virtualized app:

1) Any files you modify/create are NOT permanent.
2) Any registry keys you modify/create/delete are NOT permanent.

When if fact it should be:

1) Any files you modify/create/delete are NOT permanent.
2) Any registry keys you modify/create/delete are NOT permanent.

It says this on their website, and also in the manual. As a matter of fact, the manual even goes through all the trouble of illustrating the example. They tell you to open up MSWord (or some other software that you have virtualized) and do a File -> Save AS. Then delete files from that save as dialog and then deactivate the layer and watch how the files come back. Well, they don't come back :)

It's clearly a bug (at least in my opinion) and I don't think it will be possible for anyone to convince me otherwise.

With that said, I want to ask you something. CCleaner cleans the registry by deleting certain keys. When you run CCleaner and clean the registry, once you deactivate the layer those registry settings come back (like they are supposed to). So how do you overcome this?

I agree with you that some virtualized apps do need to make permanent base changes. But those particular apps don't only need filesystem "delete" access. They also need filesystem write/modify access and also registry write/modify/delete access.

This is one of the main reasons why I think this is has to be a bug in ASVS. I mean, why give all virtualized apps the ability to delete files but not modify/write them. Why even give us an exculsions list when files can be deleted whether the directory is allowed or not. Why give false examples in the manual and make untrue statements on the website?

Most of the threads at the ASVS forums have answers from the ASVS staff, but the threads about this particular problem seem to be ignored and I don't know why. At the least, they should explain why ASVS behaves this way. But maybe there is no explanation? Maybe this is something that they cannot fix, and at the same time don't want people to know about? I don't know. What else would be a reason for not giving us answers? By giving us answers, they will be admiting it is a problem and at the same time falsify their statements about ASVS and how it works. And the only reason that I could see for them not fixing this problem is because they can't. Maybe by fixing this it will cause ASVS to not function properly or something? Who knows?

Anyways, here is a quote from the ASVS website:

"Software Virtualization Solution allows you to instantly activate, deactivate or reset applications and to completely avoid conflicts between applications, without altering the base Windows installation."

"Software Virtualization Solution ensures applications use correct files and registry settings, without modifying the OS and without interfering with other applications. This software management solution allows you to host multiple versions of an application on the same system without conflicts between older and newer files."

That's not very true since virtual software does have the ability to delete files and therefore can modify the base which means that it is possilbe to introduce system conflicts as well as interfere with other applications on the system.

No matter how much I read the manual, no matter how much I read the forums, no matter how much I read the website, no matter how much I think about it, I always come to the conclusion that this is a bug in the software and real unexpected behavior. Even the guy who wrote the manual thinks this way as well. And I'm sure the developers have read the manual as well. They know what it says. Why they aren't fixing it is the real question :P

Edit: I'm so sorry for the long post. I didn't realize how much I was typing ::)

Another Edit: It seems this bug has finally been acknowledged only 3 days ago. See AngelD's posts >HERE< (http://forums.altiris.com/messageview.aspx?catid=28&threadid=36696&enterthread=y). Now that it has been reported to the developers I am eager to see what happens :)

First excited, now calmed down:D , but i am curious. Is the issue resolved?
It's a big no-no. If it isn't resolved, SVS is not worth trying, since it's possible to mess up what cannot be messed.
If it is, it's one of those excellent applications. Close to VM in fantasticability!
But, it really has to perform perfectly. Programs running good in layers or not is another issue, but it has to be able not to mess the base.

So, what's new in SVS's world?
Suave, Wilbertnl, cthorpe, Notok?!

-{ Quote: "Security software vendor Symantec announced Monday it has agreed to acquire Altiris, a maker of asset management software, in a cash deal valued at about $830 million. Altiris counts Dell, IBM and Microsoft as partners who sell its products to businesses." }-
Link (http://www.betanews.com/article/Symantec_to_Acquire_Altiris_for_830m/1170098136)
>:( >:( :thumbd:

-{ Quote: "So, what's new in SVS's world?" }-
Just announced: SVS 2.1 Beta 1.6, for Personal Use (http://juice.altiris.com/node/870).

Thank you wilbertnl:thumb: :thumb:
Did they solve the problem?

Lucas just gave me a slap in tha face:ouch:
Symantec seems like Microsoft. Buying companys left and right. How can anyone manage this? Sure, they'll make tones, but what about the product... (i'm talking to the air for nothing, i know)

Well, I can only hope that Altiris doesn´t become the next Sygate.

-{ Quote: "Did they solve the problem?" }-
Which problem are you talking about?

Altiris SVS isn't another sandbox solution, it is packaging software installations which you are able to activate/deactivate with a single click.
When activated the software does interact with the core system.

If you understand this concept, then Altiris will work like a charm for you.

:thumb:
:thumb:
:thumb:Post 114, by Suave ; not behaving the way it should. I suppose it depends on the program we use. If it's Word alike, it should write to the base. Maybe they all should, but as he said:

-{ Quote: "This is one of the main reasons why I think this is has to be a bug in ASVS. I mean, why give all virtualized apps the ability to delete files but not modify/write them. Why even give us an exculsions list when files can be deleted whether the directory is allowed or not. Why give false examples in the manual and make untrue statements on the website?" }-
:-\

Disclaimer: I work for Altiris on SVS.

What a great thread. Made my day.

Just a comment on the file delete issue... Currently our primary customers for SVS are enterprise customers. Because of this, change in behavior must be taken very seriously and done at the proper major/minor release even if we think it is a bug. I do think that the current behavior is probably wrong and we will likely change it. (But I reserve the right to back-pedal if we get into our design and I remember why we did it this way in the first place ;)

The reason I developed this software was for people like you and me. We got lucky in that Altiris doesn't have a channel to the end user and Scott and I were able to convince Altiris that it would be valuable to have power users out there using the stuff. So I don't see the "free for personal use" going away any time soon.

I'll post some thoughts on Thinstall vs SVS a bit later.

-{ Quote: "So I don't see the "free for personal use" going away any time soon." }-
Very good news :thumb:

-{ Quote: "
The reason I developed this software was for people like you and me. We got lucky in that Altiris doesn't have a channel to the end user and Scott and I were able to convince Altiris that it would be valuable to have power users out there using the stuff. So I don't see the "free for personal use" going away any time soon.

I'll post some thoughts on Thinstall vs SVS a bit later." }-

I understand, and appreciate the effort:thumb:

Doe anyone have ths Serial. I can't find it>

I'm not too familiar with Thinstall so please correct me if some of my assumptions are wrong.

As I understand it, Thinstall works by hooking all of the relevant usermode APIs in the particular process where it is running. This is nice because it can be done on the fly with no install needed. It is also secure because it can only inject into and deal with processes where it has privileges. For a lot of applications this is great. Where this runs into rough spots is when an app's file/registry data need to be visible outside of the one process. For example, services, COM/DCOM, file extension registration, etc.

SVS's goal is to make the file/registry data appear as if it is installed to the whole system. This gives you greater application compatibility. But it currently requires an install, and that the users that are doing imports, activates, etc. must be admins. Because SVS virtualizes for the entire system it can virtualize other things like data (today) and possibly OS patches (maybe later). It can also do stuff like what Protect (SVS's sibling product) does.

Basically, the approaches are quite different and each will have its place depending on the need.

-{ Quote: "Doe anyone have ths Serial. I can't find it>" }-
Click on the "Get it free" link during the install.

-{ Quote: "Disclaimer: I work for Altiris on SVS.

What a great thread. Made my day.

Just a comment on the file delete issue... Currently our primary customers for SVS are enterprise customers. Because of this, change in behavior must be taken very seriously and done at the proper major/minor release even if we think it is a bug. I do think that the current behavior is probably wrong and we will likely change it. (But I reserve the right to back-pedal if we get into our design and I remember why we did it this way in the first place ;)

The reason I developed this software was for people like you and me. We got lucky in that Altiris doesn't have a channel to the end user and Scott and I were able to convince Altiris that it would be valuable to have power users out there using the stuff. So I don't see the "free for personal use" going away any time soon.

I'll post some thoughts on Thinstall vs SVS a bit later." }-

HI Randycoder

Welcome to Wilders. This is the home of folks who love to push software past the breaking point, and find uses the designers never imagined. You will enjoy yourself here. Again Welcome.

Pete

-{ Quote: "
...and find uses the designers never imagined.
" }-
I can imagine a lot ;)

-{ Quote: "
Again Welcome.
" }-

Thanks Pete.

I sure have tried the Get it Free Link but it will not appear. I guess none of my browsers will open the link. I am taken to a page with some writing on it but that it. I can't understand why installing Free Software is so hard. If I want to use this software I will have to look somewhere else on the internet. Thats really crazy. either that or its really not free & is a "ComeOn".