Ask yourself. In the last 3 years, just how many times did you get infected. Not you hard core folks but just everyday users. For me, it is once. One time and I have spent hundreds of dollars on products to detect one trojan.:-\

Something just doesnt make sense. I have spent the last week really trying to read into threads posted here about malware and detection and protection. I really dont think it is as prevalent as some want you to think. And a lot of it is basically harmless. Yes there are some nasties that can take you down, but really, the chance of popping one is like being struck by lightning.

AVs are really only half protection, that is the truth. And for most, that half may keep you so called secure for years. Why? Because the product was soooo good, or, because you did not go somewhere that allowed you to get infected. When was it your fault?

I dont know. But I feel products like Returnil and ShadowDefender are really all you need. I like Returnil and hope to see it further developed. But I honestly feel all the other security products are nothing more then hysteria hype. Do as you feel but I am finsihed wasting money for protection I dont need based on my habits. A simple reboot and I am fine. Malware hysteria. Malware hysteria. Malware hysteria. Got to have a job, dont you.;)

Yeah i think virtualization is the way to go. I use Shadow Defender in my old pc and it runs fine with no slowndows at all * fell secure* like you said a reboot and all is gone. No antivirus can protect us in this way.

OffTopic
trjam , maybe Avira tomorrow or Eset , maybe Shadow Defender or it could be Prevx Edge ? :argh:

maybe Returnil and that is it. Going take a vacation from here for awhile. Bye.

I expect your return to Wilders good vacation ... I was not criticizing you ,it was just a joke I know you Jeff a long time ago here in Wilders. Someday i expect to only use Shadow Defender and enjoy my computer with peace of mind:thumb:

I still like to have something that is good at detecting when you have caught something. Cleanup doesn't matter to me as a simple reboot takes care of that.

Returnil is fantastic at ensuring you start up each time with a clean,malware-free slate.However it offers no protection against malware infection during a single session,so keyloggers or password/data harvesting ,etc. are the risks you run.

-{ Quote: "Ask yourself. In the last 3 years, just how many times did you get infected. Not you hard core folks but just everyday users. For me, it is once. One time and I have spent hundreds of dollars on products to detect one trojan.:-\

Something just doesnt make sense. I have spent the last week really trying to read into threads posted here about malware and detection and protection. I really dont think it is as prevalent as some want you to think. And a lot of it is basically harmless. Yes there are some nasties that can take you down, but really, the chance of popping one is like being struck by lightning.

AVs are really only half protection, that is the truth. And for most, that half may keep you so called secure for years. Why? Because the product was soooo good, or, because you did not go somewhere that allowed you to get infected. When was it your fault?

I dont know. But I feel products like Returnil and ShadowDefender are really all you need. I like Returnil and hope to see it further developed. But I honestly feel all the other security products are nothing more then hysteria hype. Do as you feel but I am finsihed wasting money for protection I dont need based on my habits. A simple reboot and I am fine. Malware hysteria. Malware hysteria. Malware hysteria. Got to have a job, dont you.;)" }-

I couldn't agree more, and have adopted this strategy for a few years now(ShadowUser on my XP laptop, ShadowDefender on Vista). In my experience what has been a real waste of time was the energy I have invested in HIPS and trying to rationalize their function/usefulness: A good tool for people interested in controlling the inner processes of their computer. I personally will never use them again.

A virtualizer + a reliable imaging program is all one needs. I do have an AV at the moment to test flashdrives plugged into my computer, and I must admit it adds to my peace of mind.

I use Returnil to protect my system drive (C:) and SandboxIE to protect all my other drives...

So, for me, it's Returnil+SandboxIE and nothing else...

Well, okay, F-Prot has always been there (organization policy requires it, but it's so light I barely notice it) and DRWeb CureIt occasionally just to make myself feel better... and nothing else... really... :)

What happens if you get a PW stealing nasty and log into you bank account before killing your currect returnil session?

-{ Quote: "What happens if you get a PW stealing nasty and log into you bank account before killing your currect returnil session?" }-
That's where a hardened sandbox where nothing can run and or connect out from within a sandboxed session except what's allowed compliments Returnil nicely.

From what i've read its possible that a piece of malware could bypass returnil. I've seen it done with other virtualization software however i reckon it would definitely be a rare event that this would happen in the wild.
But if you enable returnil's anti-execute and driver protection then i'd say you're fairly well covered.

-{ Quote: "What happens if you get a PW stealing nasty and log into you bank account before killing your currect returnil session?" }-
Thats where common sense comes into play. If you want to log into your bank do it first thing after a reboot not after surfing the dark side of the web.

Returnil or Shadow Defender, plus sandboxie to prevent anything staying/lurking on your system between re-boots, plus a free AV such as Avira or Avast to scan the files you want to keep.

Returnil, sandboxie, Avira/Avast!
or
Shadow Defender, sandboxie, Avira/Avast!

= :)

...and a good imaging software... :)

You have been there before,about 5 times mate..Do not ask me about the hundrends of $ u spent,i see no sense in that,taking into consideration that the top notch are free(including the one you use here).I'm good with just LUA+SRP(OS built in)+OA(free version)+sandboxie(free also) and i get the protection that not even 200$ can give me.I just come here to keep myself informed so i can remove-add-change combos ONLY when something more convenient comes out that better fits my online personality(habits,behaviour,morality e.t.c) and looks like ur beggining to get an online identity too.well done(but if you ask me you didn't have to post it in here)..
Security is more about sense..uhm..more like the opposite of american defence systems :D "last year 10 man died of terrorism actions and 2 million from heart deseases.good so next year we will build another 10 gazillion worth military bases".

P.S if you are gonna play more bare bone,try updating your router firmware more often,maintenance is more essencial with less layers

-{ Quote: "That's where a hardened sandbox where nothing can run and or connect out from within a sandboxed session except what's allowed compliments Returnil nicely." }-

That was the point to my question. :) I just didn't phrase the question too well...


-{ Quote: "Thats where common sense comes into play. If you want to log into your bank do it first thing after a reboot not after surfing the dark side of the web." }-

This method may be fine for my personal laptop but, the family computer would be getting ALOT of reboot action. ;D I think adding sandboxie or defensewall to a returnil or shadow defender setup would be the way to go.

-{ Quote: "Ask yourself. In the last 3 years, just how many times did you get infected. Not you hard core folks but just everyday users. For me, it is once. One time and I have spent hundreds of dollars on products to detect one trojan.:-\

Something just doesnt make sense. I have spent the last week really trying to read into threads posted here about malware and detection and protection. I really dont think it is as prevalent as some want you to think. And a lot of it is basically harmless. Yes there are some nasties that can take you down, but really, the chance of popping one is like being struck by lightning.

AVs are really only half protection, that is the truth. And for most, that half may keep you so called secure for years. Why? Because the product was soooo good, or, because you did not go somewhere that allowed you to get infected. When was it your fault?

I dont know. But I feel products like Returnil and ShadowDefender are really all you need. I like Returnil and hope to see it further developed. But I honestly feel all the other security products are nothing more then hysteria hype. Do as you feel but I am finsihed wasting money for protection I dont need based on my habits. A simple reboot and I am fine. Malware hysteria. Malware hysteria. Malware hysteria. Got to have a job, dont you.;)" }-


Trjam, The guy who changes his security products like a drunk wise man changes his stories, i do however find him funny, and also believe virtualization is good.

So do I get in trouble for saying the same thing for the last few years ? I have almost forgotten what AV/AS firewall software and HIP programs look like.

My preference is for shadow defender but otherwise I agree with trjam or he agrees with me ?

I look at this way. Returnil,Shadow Defender will hypothetically keep you clean 100 percent if nothing defeats either program.Keeping in mind everthing you do theretically is on your machine until rebooted,Hence if you pickup any variants along the way they remain there prior to a reboot is performed,So lets say your system is up for days running while something of a more seroius nature lurks on your machine,would you trust this entirely,How would you know its there.Then there is committing changes to a system,How to verify files are clean even if a simple window updates was tainted though not likely, How does one keep these changes not known if there clean or not.IMO its better to at least keep a OD scan handy for files in question to keep or not and besides all the top tier Antivirus would produce much better results RT or OD then a 5o percent.If your never going to update or download or No purchase transactions or banking and the like and reboot often, I would say perhaps returnil or SD all is needed.Just something to consider and think about.

-{ Quote: "Thats where common sense comes into play. If you want to log into your bank do it first thing after a reboot not after surfing the dark side of the web." }-good idea;) very simple and secure:thumb:

-{ Quote: "I look at this way. Returnil,Shadow Defender will hypothetically keep you clean 100 percent if nothing defeats either program.Keeping in mind everthing you do theretically is on your machine until rebooted,Hence if you pickup any variants along the way they remain there prior to a reboot is performed,So lets say your system is up for days running while something of a more seroius nature lurks on your machine,would you trust this entirely,How would you know its there.Then there is committing changes to a system,How to verify files are clean even if a simple window updates was tainted though not likely, How does one keep these changes not known if there clean or not.IMO its better to at least keep a OD scan handy for files in question to keep or not and besides all the top tier Antivirus would produce much better results RT or OD then a 5o percent.If your never going to update or download or No purchase transactions or banking and the like and reboot often, I would say perhaps returnil or SD all is needed.Just something to consider and think about." }-

I haven't had an AV installed on my main computer for about a month now. Currently, I'm running a shadowdefender/sandboxie setup. After surfing various sites I kill my web browser and delete the sandbox before I start a session for banking, etc. For me, this seemed as a more viable solution than rebooting my computer before each banking session. I tend to leave my computer on for days... When I download programs from the internet I usually use cureit or an online scanner to check if the file is ok, if i am not sure myself.

-{ Quote: "So do I get in trouble for saying the same thing for the last few years ? I have almost forgotten what AV/AS firewall software and HIP programs look like.

Long View, My preference is for shadow defender but otherwise I agree with trjam or he agrees with me ?" }-
Would you say that Returnil and Shadow Defender are basically doing the same thing the same way? I am now using Returnil home version, and just checked out the Shadow Defender home page. It seems to be simple enough to navigate. Why did you choose SD over Returnil? Thanks for your response in advance. :)

I'm so disillusioned... :(

-{ Quote: "I haven't had an AV installed on my main computer for about a month now. Currently, I'm running a shadowdefender/sandboxie setup. After surfing various sites I kill my web browser and delete the sandbox before I start a session for banking, etc. For me, this seemed as a more viable solution than rebooting my computer before each banking session. I tend to leave my computer on for days... When I download programs from the internet I usually use cureit or an online scanner to check if the file is ok, if i am not sure myself." }-
Your soultion is perfect IMO,Especially sandboxie that does not require a reboot to trash is contents,with strict internet access and shadow defender just to back it up and the scans if unsure cover all the bases.:thumb:

There's one reason I prefer storage craft's shadow server over all other virtualization apps - the ability to continue a shadow session after reboot, ending it only when you want to (with the option to commit changes upon exiting):thumb:

204763

-{ Quote: "I'm so disillusioned... :(" }-
LOL,why so disillusioned,may I ask.???

-{ Quote: "LOL,why so disillusioned,may I ask.???" }-


indeed, why? ;D

-{ Quote: "indeed, why? ;D" }-

Indeed i also want to know why. :P

Just looked at shadow defender - not much info there on how it works.

-{ Quote: "After reboot, your system will be restored to the original state, as if nothing happened. And meanwhile you can save the selected files and folders to the real environment." }-

Am I right in assuming that it protects from unintended malware downloads (drive-by) but cannot protect you if you save files intentionally? How about email? What is the advantage over sandboxie?

-{ Quote: "Just looked at shadow defender - not much info there on how it works.



Am I right in assuming that it protects from unintended malware downloads (drive-by) but cannot protect you if you save files intentionally? How about email? What is the advantage over sandboxie?" }-


none, really - returnil virtualizes on the system level, whereas sandboxie's virtualization is application specific. sandboxie is actually quite a bit more powerful*puppy*

-{ Quote: "Just looked at shadow defender - not much info there on how it works.



Am I right in assuming that it protects from unintended malware downloads (drive-by) but cannot protect you if you save files intentionally? How about email? What is the advantage over sandboxie?" }-


Apples and oranges. A combo of sandboxie and returnil/SD is solid. If you have SD set up with exclusions, and you download a file to that folder, then yes...it is committed to the hard drive. Defensewall untrusting downloads from untrusted sources fixes that problem.

-{ Quote: "Would you say that Returnil and Shadow Defender are basically doing the same thing the same way? I am now using Returnil home version, and just checked out the Shadow Defender home page. It seems to be simple enough to navigate. Why did you choose SD over Returnil? Thanks for your response in advance. :)" }-

Originally I ran Deep Freeze 6 then I tried the free version of Returnil. I didn't go for the paid version as I don't like the idea of paying every year and I think the program requires activation ? Anyway Returnil was fine with me ocassionaly feeling that it was causing slow downs. Then I tried shadow Defender and have had zero problems. Most of the time I run with no protection. Then when I want to surf to places unknown I turn on the protection with reboot back to normal. while I'm protected I can always use the commit function to save any download. As to any nasty things trying to steal passwords I use Roboform and in any event am not convinced that things are as dangerous as many believe. Did try sandboxie and just never got on with it. My security set up is as per my sig i.e nothing really. The main benefit for me of Returnil, shadow defender is that I can play with programs, make changes, do dumb things and then re-boot. The security aspect is just a bonus - a hardware firewall and firefox plus a few
add ons is more than enough for my way of operating.

-{ Quote: "Then when I want to surf to places unknown I turn on the protection with reboot back to normal." }-

why not just use sandboxie and save yourself a reboot?

I use Sanboxie then just Erase the nasties when I am finished with online banking or surfing on the dark side.

-{ Quote: "LOL,why so disillusioned,may I ask.???" }-

Sorry for the suspense! Maybe 'exhausted' is the better word. Check my post:
Adding Firewall, Real-time Protect Against Vundo, Look N See, Do I need HIPS? (http://www.wilderssecurity.com/showthread.php?t=227418).

To sum it up, I had a Vundo infection and spent a good week on clearing the infection and learning about security. I thought I did my due diligence and was almost done. Just one more piece to the puzzle and I can get back to my life. Then I see this post. What's frustrating is that nobody else is talking about this. I guess I was just looking in the wrong places. Most tech websites will tell you that you need the following for real-time protection:

1 real-time anti-virus
1 real-time anti-spyware
Spybot - using SDhelper and Immunize
SpywareBlaster
1 hardware firewall
1 software firewall - for outbound protection

I had this up and running. Now I read this post and it's clear that I have lots of work still ahead. This sandbox concept is totally new to me. Same with imaging software.

So nobody around here said (or didn't say) anything objectionable. In fact, I'm sure in the long run, I'll be glad I came across this post. Thanks for opening my eyes! Well, back to the drawing board.

IB

you still yet just dont get it do you?

Coupla years ago there was a zero day attack of a malware with over 200 or so variants.

Not a single AV protected against all variants whereas Sandboxie and Defensewall easily contained/protected against all of em.

Shadow Defender and Returnil wouldn't have protected realtime but the malware would be gone on reboot.

I would say that this same scenario of a massive zero day attack could happen again and you just won't be safe if using blacklist scanners?

-{ Quote: "why not just use sandboxie and save yourself a reboot?" }-

A good reason is the very difference between the two; that is, application and system level virtualization. While SandboxIE is sandboxing your current app or apps, it is not able to protect the system from other vectors. What happens if something gets outside of the sandbox in other words...

RVS adds that additional layer to ensure you can get back up and running with a simple reboot that takes you back to the time you turned RVS protection on. Restoring an image is a slower process and outside of the regular posters here and in other security communities ;) , is from a much earlier time so may not have been updated...

This is mitigated by using replication to restore current data, but this also adds additional time to the restore when it may not have been neccessary to go to that extreme.

Mike

-{ Quote: "Shadow Defender and Returnil wouldn't have protected realtime but the malware would be gone on reboot." }-
say the user didnt have a software firewall - had they been doing financial transactions for instance, their personal info wouldve been uploaded to wherever in hell, long before that reboot would save them

-{ Quote: "Sorry for the suspense! Maybe 'exhausted' is the better word. Check my post:
Adding Firewall, Real-time Protect Against Vundo, Look N See, Do I need HIPS? (http://www.wilderssecurity.com/showthread.php?t=227418).

To sum it up, I had a Vundo infection and spent a good week on clearing the infection and learning about security. I thought I did my due diligence and was almost done. Just one more piece to the puzzle and I can get back to my life. Then I see this post. What's frustrating is that nobody else is talking about this. I guess I was just looking in the wrong places. Most tech websites will tell you that you need the following for real-time protection:

1 real-time anti-virus
1 real-time anti-spyware
Spybot - using SDhelper and Immunize
SpywareBlaster
1 hardware firewall
1 software firewall - for outbound protection

I had this up and running. Now I read this post and it's clear that I have lots of work still ahead. This sandbox concept is totally new to me. Same with imaging software.

So nobody around here said (or didn't say) anything objectionable. In fact, I'm sure in the long run, I'll be glad I came across this post. Thanks for opening my eyes! Well, back to the drawing board.

IB" }-
Ok I see,I read that post sorry to here,I my self been infected before but nothing that was hard to remove,Yes do your self the favor learn about sandboxie,Hips,Returnil shadow Defender and the like. Don't got crazy with numerous security apps this could actual lead to conflick,overlap or a bloated machine.learn programs of returnil or shadow defender same concept and sandboxie.you just might find your never infected any more and before you know you might be testing real variants and come up clean when done.

-{ Quote: "Don't got crazy with numerous security apps" }-

;D ;D

just a note

Returnil doesn't run on Windows 2000
Shadow Defender runs on Windows 2000


....................................
Sandboxie
If you designate a "quick recovery" folder within Sandboxie you do not have to "quick recover" straight away, you can run a virus/trojan checker on your sandbox first.
I use Sandboxie within Shadow Defender...just supposing something could jump the sandbox during a Shadow Defender "session" (which, as I understand it, it can't) all you would have to do was re-boot and all is gone.

-{ Quote: "A good reason is the very difference between the two; that is, application and system level virtualization. While SandboxIE is sandboxing your current app or apps, it is not able to protect the system from other vectors. What happens if something gets outside of the sandbox in other words...

RVS adds that additional layer to ensure you can get back up and running with a simple reboot that takes you back to the time you turned RVS protection on. Restoring an image is a slower process and outside of the regular posters here and in other security communities ;) , is from a much earlier time so may not have been updated...

This is mitigated by using replication to restore current data, but this also adds additional time to the restore when it may not have been neccessary to go to that extreme.

Mike" }-
To add to mikes comments, again I say I am No expert tester but just about through the kitchen sink at returnil and SD and I have always came back with a clean bill of health after a simple reboot.IMO compliment it with something as sandboxie and you have jack to worry about.

again I say I am No expert tester

dave, you've earned yourself a reputation on these boards, why not enjoy your success?:blink: :blink: :blink:

Thank you sir,I think I hope my reputation is not a A hole.;D

-{ Quote: "Thank you sir,I think I hope my reputation is not a A hole.;D" }-


hey, we try, don't we?

Returnil and Sandboxie FTW!!!!!!

-{ Quote: "Most tech websites will tell you that you need the following for real-time protection:

1 real-time anti-virus
1 real-time anti-spyware
Spybot - using SDhelper and Immunize
SpywareBlaster
...
" }-Much of the tech media receives advertising support from AV companies. There may or may not be a correlation...

In a recent widely-respected on-line newsletter, an article included this astounding statement,

-{ Quote: "Truth be told, there is no single way to reliably protect yourself from Sinowal/Mebroot, short of disconnecting your computer from the Internet and not opening any files." }-This is a natural reaction from those locked into the "Anti-Virus is the way" syndrome. The newsletter article warns,

-{ Quote: "Your antivirus program may help, for a while. Time and time again, however, Sinowal/Mebroot's creators have modified the program well enough to escape detection. AV vendors scramble to catch the latest versions, but with one or two new Sinowal/Mebroot iterations being released every month, the vendors are trying to hit a very fleet - and intelligent - target." }-Anti-Virus has many uses, but in preventing this type of attack, it is not reliable.

The attack vector uses remote code execution (drive-by) exploits, so that any number of products mentioned in this forum would easily block the execution of the trojan.

Which brings me to some comments made in this thread,

-{ Quote: "I use Sanboxie then just Erase the nasties when I am finished with online banking or surfing on the dark side.
....
What happens if you get a PW stealing nasty and log into you bank account before killing your currect returnil session?
....
Returnil or Shadow Defender, plus sandboxie to prevent anything staying/lurking on your system between re-boots,
" }-I'm curious as to why anyone would let a "nasty" to get onto the computer in the first place. It strikes me as saying, Well, I don't need rat traps by my door because I've caged off an area which will contain them if they get inside, and I'll just wisk them away by removing the cage each night.

The topic of preventing the malware from executing came up in this forum earlier this year, and I asked those who were able, to test to see if their product would prevent the malware from executing in the first place. Setting a trap to prevent the malware from running, if you will.

I don't remember the specific thread, but I collected all of the screen shots and put them on my web site some time ago. I'm sure there are other solutions besides those that aigle and others tested:

http://www.urs2.net/rsj/computing/tests/remote/

While reboot-to-restore products are wonderful, when I set up security for a home system I want to insure that nothing like Mebroot/Sinowal can penetrate the perimeter. I don't want to take the chance that the family computer can have "nasties" lingering until the next reboot. I realize that theoretically, nothing is supposed to do permanent damage, but I'm just overly cautious on this point. I want there to be an alert that something unauthorized is attempting to execute.

That's my take on this. Otherwise, interesting discussions and very enlightening as to different approaches to security.


----
rich

@ Rmus agree,Thats why I like a combination Antivirus for what it can handle and for what it can't the hips to stop what AV does not see as a threat and something may try to execute,then either a lockdown from the execution in the first place or least to prompt something is trying to execute and deny it terminate it and so fourth. shadow mode for the extra blanket just in case.IMO pretty steep hop for anything unwanted to get through if It did would be really sad.

-{ Quote: "Originally I ran Deep Freeze 6 then I tried the free version of Returnil. I didn't go for the paid version as I don't like the idea of paying every year and I think the program requires activation ? Anyway Returnil was fine with me ocassionaly feeling that it was causing slow downs. Then I tried shadow Defender and have had zero problems. Most of the time I run with no protection. Then when I want to surf to places unknown I turn on the protection with reboot back to normal. while I'm protected I can always use the commit function to save any download. As to any nasty things trying to steal passwords I use Roboform and in any event am not convinced that things are as dangerous as many believe. Did try sandboxie and just never got on with it. My security set up is as per my sig i.e nothing really. The main benefit for me of Returnil, shadow defender is that I can play with programs, make changes, do dumb things and then re-boot. The security aspect is just a bonus - a hardware firewall and firefox plus a few
add ons is more than enough for my way of operating." }- I notice that SD requires 256Mb of memory, and Returnil requires 128Mb memory. Can you comment on why SD needs that much more?

-{ Quote: "There's one reason I prefer storage craft's shadow server over all other virtualization apps - the ability to continue a shadow session after reboot, ending it only when you want to (with the option to commit changes upon exiting):thumb:

204763" }-

The problem is that they haven't updated it for Vista, and I doubt they will ever do it (I'm obviously referring to ShadowUser).

I love Returnil Virtual System! Its great, but if you become infected with whatever then you could have already compromised your data before a system reboot. If you don't have anything on your computer worth protecting then don't worry about it, but if you have personal info or work info / etc.. then it may still leak out before you reboot. Lets say you are making an online purchase or a transaction with your bank. You are filling out some sort of an application etc.. There's a window of opportunity that you could be compromised. Of course after you reboot you will no longer be infected, but the damage could have already been done. Again.. i believe Returnil Virtual System is an excellent product! You still need a good anti-virus, firewall, and protection against malware unless you don't do transactions on the web that require giving your information away.

-{ Quote: "Ask yourself. In the last 3 years, just how many times did you get infected. Not you hard core folks but just everyday users. For me, it is once. One time and I have spent hundreds of dollars on products to detect one trojan.:-\

Something just doesnt make sense. I have spent the last week really trying to read into threads posted here about malware and detection and protection. I really dont think it is as prevalent as some want you to think. And a lot of it is basically harmless. Yes there are some nasties that can take you down, but really, the chance of popping one is like being struck by lightning.

AVs are really only half protection, that is the truth. And for most, that half may keep you so called secure for years. Why? Because the product was soooo good, or, because you did not go somewhere that allowed you to get infected. When was it your fault?

I dont know. But I feel products like Returnil and ShadowDefender are really all you need. I like Returnil and hope to see it further developed. But I honestly feel all the other security products are nothing more then hysteria hype. Do as you feel but I am finsihed wasting money for protection I dont need based on my habits. A simple reboot and I am fine. Malware hysteria. Malware hysteria. Malware hysteria. Got to have a job, dont you.;)" }-


Excellent post :thumb:

I'll say it til the last day I ever need a computer,that if you need a ton of security programs,and there's a bunch of you here,then please,if your that risky of a user,please shut down the computer til your ready to be a "normal" person who uses their computer as a tool,not some sort of defense phobia :argh:

-{ Quote: "I love Returnil Virtual System! Its great, but if you become infected with whatever then you could have already compromised your data before a system reboot. If you don't have anything on your computer worth protecting then don't worry about it, but if you have personal info or work info / etc.. then it may still leak out before you reboot. Lets say you are making an online purchase or a transaction with your bank. You are filling out some sort of an application etc.. There's a window of opportunity that you could be compromised. Of course after you reboot you will no longer be infected, but the damage could have already been done. Again.. i believe Returnil Virtual System is an excellent product! You still need a good anti-virus, firewall, and protection against malware unless you don't do transactions on the web that require giving your information away." }-
And what are you going to use to protect you during that bank transaction? Lets say you use Avira to protect you. In the last test by IBK it did great, but still missed 8708 pieces of malware. And anyone of those missed, might have been the perverbial keylogger that ruins your finances.

I mean in the end, you do what you can, use what you feel will work, use some common sense, and pray for the best. So that is why I just feel that a combo of anything in my sig just makes sense. If it is going tyo hit you, it will and a simple reboot is nice to flush the toilet clean.

Trjam, la peine perdue, the vain and they have a mask on the eyes and plugged ears. Is it their new religion?..
They like to go into dangerous places, they like the danger. The REAL MEN, what ...
Thanks for opening our eyes?..

Maybe Returnil? Maybe Sandboxie? Maybe Prevx?
Maybe Returnil? Maybe ... defense phobia ...

Bravo Boost, congrats TRJAM!

Excellent, excellent, excellent ...

PS. Chrome sturmen: have you Free edition of ShadowServer? For me?:argh:
And for your Yahoo! look to: http://forum.ytkpro.com/viewtopic.php?t=5601

Steve, Hugger, help me! Help me! They want to kill me !!!



*puppy*

Maybe I am the only guy here, but I use Windows SteadyState (http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx). Apart from implementing policy restriction on users, it also can do Disk Virtualization.
Which can be set to revert all changes after restart, fixed time interval or manually.

Best of all, its free for home and commercial use. And it supports Vista :thumb:

Don't see why I should move to Returnil Free ....

... and: http://www.wilderssecurity.com/showthread.php?t=215839&highlight=windows+steadystate

Is there any reason to run multiple System level virtualizations software? I don't think there is a difference between running one or running multiple simultaneously. What's the point? Are there any benefits?

-{ Quote: "And what are you going to use to protect you during that bank transaction? Lets say you use Avira to protect you. In the last test by IBK it did great, but still missed 8708 pieces of malware. And anyone of those missed, might have been the perverbial keylogger that ruins your finances. " }-

What is protecting while you are doing your bank transaction if you have no protection at all? I'd at least like to have some kind of protection running while working. Sure it might not protect me from everything, but it's sure as hell better than nothing.

A reboot doesn't really help if the same threats keep coming back at you when you want to continue doing your bank transaction.

Basically Geswall. I mean if you are going to do a lot of banking on line then no matter what you use, you are still at risk.

-{ Quote: "Basically Geswall. I mean if you are going to do a lot of banking on line then no matter what you use, you are still at risk." }-

That's true, but what I mean to say is, wouldn't it be better to use a combination of protection rather than sticking to one type of protection? You won't get hit as hard if you had extra lines of defense. It just makes sense to me that way.

Also you haven't answered my questions.

I'm new to these system level virtualizations softwares. Do you think should I just stick to one or would I benefit from using multiple? Don't they all basically do the same thing? Is there any reason to run multiple System level virtualizations software? What's the point having more than one if they do the same job? But I guess some may be more flexible than others. But still, if their primary job is clearing the nasty after a reboot which I'm sure they all do, why bother having different ones?

And thank you, I will have a go at GeSWall.

Yes and no. I know that Geswall and Returnil can have memory issues over time. Sandboxie and Returnil dont. So yes, to many are a bad thing. But it is all in how you set it up.

also keep in mind Geswall will detect malicious attacks. So it is more then just a virtualization software.

-{ Quote: "
What is protecting while you are doing your bank transaction if you have no protection at all? I'd at least like to have some kind of protection running while working. Sure it might not protect me from everything, but it's sure as hell better than nothing.

A reboot doesn't really help if the same threats keep coming back at you when you want to continue doing your bank transaction." }-

Farmerlee at post #12 has already answered: You start your computer in shadow mode (virtual mode), do your business as fast as you can, and then reboot as soon as you're done. I can assure you nobody is going to get you, unless the hacker is stalking you presumably because he knows you have a fat account online.

I used to do banking online, not anymore, and it would be foolish to have an account with a great deal of money online anyway.

-{ Quote: "A reboot doesn't really help if the same threats keep coming back at you when you want to continue doing your bank transaction." }- If your are talking about virtual volumes, you are wrong: A reboot will delete anything that has been done on a previous session.

-{ Quote: "Farmerlee at post #12 has already answered: You start your computer in shadow mode (virtual mode), do your business as fast as you can, and then reboot as soon as you're done. I can assure you nobody is going to get you, unless the hacker is stalking you presumably because he knows you have a fat account online.

I used to do banking online, not anymore, and it would be foolish to have an account with a great deal of money online anyway.

If your are talking about virtual volumes, you are wrong: A reboot will delete anything that has been done on a previous session." }-what i do is i got a prepaid crdit card,so load it when i need to buy something ofcourse no more than 20 to 50 bucks;D so a hacker is going to have a hard time for just 20 bucks;D

-{ Quote: "why not just use sandboxie and save yourself a reboot?" }-

old habits die hard - I tend to reboot quite frequently - e.g when I go to get another coffee or beer. Rebooting is of no concern.

I didn't like the way sandboxie was slow to operate the first time used. Just find sandboxie annoying - not to my taste.

As I have never seen any malware I don't real see Sandboxie as doing anything of value for me, wheras I can do all sorts of test with ahdow defender, make mistakes and then reboot. sandboxie would be of no help for this sort of thing.

-{ Quote: "I notice that SD requires 256Mb of memory, and Returnil requires 128Mb memory. Can you comment on why SD needs that much more?" }-

sorry - no idea. I have 4 gb so I guess I can live with it. according to Windows Task Manager I was using 245 mb and when I turned SD on it jumped to 246 mb. Perhaps the 256 relates to the amount of memory that can be used before using the hard drive ?

I am not using Returnil yet but read a lot of good things about this little tool.

What I'm wondering about is whenever protection is on does it mean that when you reboot EVERYTHING changed is gone? (even the good things?)

For some reason I think I would be better off using Sandboxie while browsing and when opening "untrusted" programs. (With Anti-virus / Spyware in the back).

I tend to download alot of things, like images from several websites and I tend to forget even the obvious things... so even with the desktop toolbar on I would forget everything will be gone after reboot.


Can anybody tell me if I should use Returnil because I am not sure

I've been using Norton since March and I was infected 0 times.

I like Sandboxie running inside a Shadow Defender session
you can designate your folders or files to keep in both programs.
Sandboxie needs a bit of advance planning/forethought as to which folders you want to use, I find that trying to choose a "quick recovery" folder mid-session doesn't work...you think you've downloaded something, recover it and then it is not there. If you designate your recovery folders in advance then no problems.
I run a virus checker and malwarebytes over my sandbox before I "commit" anything to my "real" drive

I run limewire installation file sandboxed (it doesn't require a re-boot then delete it "delete contents" after each (limewire) session, keeping things nice and "clean", even within a Shadowdefender session.

-{ Quote: "I've been using Norton since March and I was infected 0 times." }-

I've not been using Norton since March and have been infected 0 times. Not sure what point you are trying to make ? are you suggesting that somehow Norton protected you in a way that Returnil would have not ?

Good question...

-{ Quote: "I've been using Norton since March and I was infected 0 times." }-

What about this post? "I tested it and it is dangerous; partially evaded Norton -.- required manual removal -.-" from here:http://www.wilderssecurity.com/showthread.php?t=228529&page=4?

You're kind of confusing me. First you have malware that gets past sandboxIE/virtual systems, which (so far) is proven not to be the case. Then claim you've never been infected with anything, yet the quoted post above and a couple of others by you show you have. I'm not so much personally on the attack as I am trying to get the straight scoop. If you have malware that is getting past all this stuff, you NEED to report it so it can be dealt with.

Edit: I may very well have jumped too quick and might owe an apology depending on the answer to:http://www.wilderssecurity.com/showthread.php?t=228812&page=2.

-{ Quote: "
What I'm wondering about is whenever protection is on does it mean that when you reboot EVERYTHING changed is gone? (even the good things?)
" }-

Everything in the partition with Windows will be unchanged after reboot. However, files in other partitions, or in a Returnil virtual partition, will remain after a reboot. Other options for saving files: use USB thumbdrive, upload to Internet, burn to DVD, etc. The Premium edition also has a feature called 'Selective File and Folder Saving'.