and uninstalled it quickly as it made my cpu usage around 100% :blink: I've used Returnil 2008 with no issues what-so-ever,so I dont understand what the issue is here.

Anyone else have this issue? Tried it out on a XP home computer.

{QUOTE-> Anyone else have this issue? Tried it out on a XP home computer. <-QUOTE}No. I have two separate installations running it. One that is a KAV 2010/RVS 2010 combination (Admin level account), the other is just RVS 2010 under LUA/SuRun. Both working fine.

Based on your sig...., perhaps a conflict with Deep Freeze? Did you run any of the 2010 betas without incident?

Blue

the av Caused，I would also like you ，uninstalled it quickly 。

{QUOTE-> No. I have two separate installations running it. One that is a KAV 2010/RVS 2010 combination (Admin level account), the other is just RVS 2010 under LUA/SuRun. Both working fine.

Based on your sig...., perhaps a conflict with Deep Freeze? Did you run any of the 2010 betas without incident?

Blue <-QUOTE}

Nope,I uninstalled Deepfreeze first before trying Returnil 2010.

I've since downloaded and installed Returnil 2008,with no issues. So,it's something with the 2010 version that causes the 100% CPU usage.

{QUOTE-> Nope,I uninstalled Deepfreeze first before trying Returnil 2010.

I've since downloaded and installed Returnil 2008,with no issues. So,it's something with the 2010 version that causes the 100% CPU usage. <-QUOTE}Well, it looks like one of those things that needs a challenge/response approach (try to see which processes are pulling for CPU time when 100% strikes - which can be difficult to assess depending on the situation, do the brute force serial uninstall of the likely candidates, or if possible, the serial disabling of likely candidates to eliminate the need for a formal uninstall).

I hadn't seen AV contention issues in the betas. I did see the KAV application control measures create a couple of bumps in the road and simply opted to exclude from within KAV and that solved those issues promptly. Not being an Avira user, not sure if similar functionality exists in that product.

Blue

I personally do not like the new one. To me the GUI is hard to understand compared to the last one. Now the product itself may be better but the older GUI to me was more user friendly.

{QUOTE-> I personally do not like the new one. To me the GUI is hard to understand compared to the last one. Now the product itself may be better but the older GUI to me was more user friendly. <-QUOTE}

I'll agree 100%

That was the first thing I noticed that I didnt like myself. The 2008 version,is alot easier to navigate and understand compared to the 2010 version.

Then again,it doesnt matter,if its gonna use 100% of CPU,then the rest simply doesnt matter anyways ;D

{QUOTE-> I personally do not like the new one. To me the GUI is hard to understand compared to the last one. Now the product itself may be better but the older GUI to me was more user friendly. <-QUOTE}I had a similar reaction when I installed the first betas. I knew where everything was and how it worked..., and that had changed. Work with it a week or two and it becomes as transparent as 2008.

On the whole, I tend to like the 2010 version more: I might be alone here, but I believe the anti-execute functionality in 2010 is a much better implementation than in 2008. Yes, it doesn't apply to non-virtualized mode, but that can become intrusive. The 2008 AE functionality really needed a "whitelist current machine state" option to work really well, and then you're starting to deal with massive feature creep.
I like being able to set Advanced options under System Safe while System Safe is inactive. In 2008, you needed to be enabled to set those options. It's not something one typically does frequently, but it's a more intelligent implementation.
GUI navigation is fairly neutral once you get accustomed to the new setup and terms.Overall, I think it's a very powerful solution for those desiring a light simple protection without going overboard, particularly if implemented as RVS/LUA/SuRun.

Blue

Hello Boost and welcome to the forums :)

1. Deactivate the Virus Guard - does CPU return to normal?
2. Reactivate Virus Guard but then open preferences > Virus Guard tab and set the data collection option to "Do not collect and report...". Does the CPU issue remain?

If #1 has relevance, exclude RVS files and folders in your current AV as suggested by Blue. If #2 has relevance, please check your firewall and/or HIPS to make sure RVS is not being blocked.

Mike

Hi Boost,
Some additional information. The team indicates that they have identified the cause of the slowdown related to using RVS 2010 with Avira. The fix is a simple under-the-hood improvement that will clear this up but needs some additional testing time to make sure it works as advertised.

We will be releasing an update that removes the RC text in the software to the download mirrors first and then will have a new hotfix update following the testing later this week or early next week that should resolve your CPU use issue.

Mike

my cpu also usage around 25-50% , i dont use any AV and i have Virus Guard and update disable and data collection option to is set to Do not collect and report, win7 x64

{QUOTE-> Hi Boost,
Some additional information. The team indicates that they have identified the cause of the slowdown related to using RVS 2010 with Avira. The fix is a simple under-the-hood improvement that will clear this up but needs some additional testing time to make sure it works as advertised.

We will be releasing an update that removes the RC text in the software to the download mirrors first and then will have a new hotfix update following the testing later this week or early next week that should resolve your CPU use issue.

Mike <-QUOTE}
Good news thanks! I'll give it a try again in a couple weeks to see how it runs with the hotfix.

{QUOTE-> my cpu also usage around 25-50% , i dont use any AV and i have Virus Guard and update disable and data collection option to is set to Do not collect and report, win7 x64 <-QUOTE}

Hi mata7,
I have alerted the team to your report. Can you please send us the following to support (dash) tech (at) returnil (dot) com?

* C:\Windows\ rvs3.log
* C:\Windows\rvs3inst.log
* MSINFO32 or MSINFO64 report**

**Click START > RUN > Type MSINFO32 or MSINFO64 as appropriate. On the System Information screen click FILE > Export and then save the file where you can find it to attach to your reply.

Mike

{QUOTE-> Anyone else have this issue? Tried it out on a XP home computer. <-QUOTE}

Yeah, same here on WinXP, Server2008 and Vista x64 ...

Even left the WinXP running overnight (7 hours) to return to 100% CPU usage again ... it happens with no other AV and independant of whether the antivirus is enabled or disabled ...

7ek

{QUOTE-> and uninstalled it quickly as it made my cpu usage around 100%
Anyone else have this issue? Tried it out on a XP home computer. <-QUOTE}
{QUOTE-> Yeah, same here on WinXP, Server2008 and Vista x64 ...

Even left the WinXP running overnight (7 hours) to return to 100% CPU usage again ... it happens with no other AV and independant of whether the antivirus is enabled or disabled ...

7ek <-QUOTE}
Same here - Win XP Pro SP3 (validated & fully 'updated') 2.8ghz Intel P4 CPU, 1.5gig RAM - no av product installed while using 2010.

Not only did my CPU using often go to 100% (usually around 50% - 67%)

but my core temperatures spiked dramatically - I'm talking hit 70C before I ordered a shutdown.

Process Explorer verified it was 2010 that was the CPU hog.

Un-installed 2010 & walla temp back down to 45 - 47C

Installed 2008 personal (free) - CPU still sits around 47C

Process Explorer shows CPU running at around 90% idle now as well & that is with Avira Antivirus free running in conjunction with 2008.

Until the CPU hog/temp issues are fixed &, (for me),

Why no 'save entire folder contents' option?
http://www.wilderssecurity.com/showthread.php?t=254648

there are big issues with what is essentially a superb product.

I'm glad to see this is an isssue for others as well. IMO,there should not have been an adding of antivirus with this program,period. This was a program written specifically for a reboot / restoration and now it's bundled with an antivirus,which causes nothing but "bloat" to an already solid ,stable program.

{QUOTE-> IMO,there should not have been an adding of antivirus with this program,period. This was a program written specifically for a reboot / restoration and now it's bundled with an antivirus,which causes nothing but "bloat" to an already solid ,stable program. <-QUOTE}
I completely agree. I noticed that memory usage has increased substantially with the latest version, presumably at least in part due to the addition of antivirus. Until the antivirus component gets tested by the independent antivirus testing organisations, we don't know how effective RVS Virus Guard will be when compared with the top standalone antivirus programs. I can't understand why Returnil didn't stick to what they do best, i.e. reboot / restoration technology and leave antivirus to others who specialise in that field.

For me personally, Returnil is going in the wrong direction. It seems to be trying to become a full-blown antimalware, rather than extend the reboot / restoration concept. Apart from the antivirus, a new GUI, and some consolidation of existing functionality, there appears to be very little that is genuinely new in this latest release. Examples of the kind of developments I would have like to have seen are:
Solve the problem of continuing a virtual session across a reboot in order to enable software to be tested that requires a reboot during installation.
Extend virtualisation (selectively) to non-system partitions.
Extend file and folder exclusion to the registry to enable selected registry changes to be comitted to the real disk during a virtual session.
Any of these would have represented real improvements. This is where I would have preferred to see the R&D effort go, not in developing an antivirus; but this is of course just my opinion, others may disagree.

Have to agree with Boost and pegr. I have no desire to be thought of as an old Luddite but an increase in size from 2.65Mb to 9.52Mb is some bloat.

I am a great fan of RVS and have used it since its early days but trying to be all things to all men seems wrong to me. I have no use for an extra AV or antimalware, I am more than happy with what I have. I'll stick with v2, at least for now.

{QUOTE-> Hi mata7,
I have alerted the team to your report. Can you please send us the following to support (dash) tech (at) returnil (dot) com?

* C:\Windows\ rvs3.log
* C:\Windows\rvs3inst.log
* MSINFO32 or MSINFO64 report**

**Click START > RUN > Type MSINFO32 or MSINFO64 as appropriate. On the System Information screen click FILE > Export and then save the file where you can find it to attach to your reply.

Mike <-QUOTE}

sorry i was busy at work, i just uninstalled it a few days back so i cant send you the files, im just gone way if you guys release Returnil without AV

New Vista VM.

CPU sits at zero till I hit update or scan then goes to 100% and stays there even when exiting RN.

Killing rvsmon.exe brings the cpu back down to zero.

Tried this a few times and rsvmon.exe unloaded itself on one occassion after exiting but all other times seemed stuck there keeping the cpu at 100%

My opinion of the new version is I really don't like it but I'm a bit anti blacklists here as they're really not needed and only get in my way.

At this stage I'm gonna run the old version and I would have liked to see that version developed further in the way of using as much memory caching before it disk caches, sorta like a full on ramdrive.

{QUOTE-> At this stage I'm gonna run the old version and I would have liked to see that version developed further in the way of using as much memory caching before it disk caches, sorta like a full on ramdrive. <-QUOTE}While it doesn't address all of your points, you might try the Returnil Labs 2008 version (available at Returnil Home>Products>Beta & Other Releases>Returnil Labs (http://www.returnilvirtualsystem.com/returnil-labs)).

Blue

Thanks Blue, I actually didn't know RVS Labs - v. 2.1.5.3077 existed.

Tried to install it in the new Vista VM after uninstalling the latest but the installer doesn't seem to do anything and the same for the older version?

Late here, will try again in the morn.

Does System Safe was turned on?
What version of RVS you have used?
What process was the most harmfull? (RVS 2010 runs both Service and GUI as independent processes)




{QUOTE-> and uninstalled it quickly as it made my cpu usage around 100% :blink: I've used Returnil 2008 with no issues what-so-ever,so I dont understand what the issue is here.

Anyone else have this issue? Tried it out on a XP home computer. <-QUOTE}

You don't like its structure or view?



{QUOTE-> I personally do not like the new one. To me the GUI is hard to understand compared to the last one. Now the product itself may be better but the older GUI to me was more user friendly. <-QUOTE}

+100
If we are here - than it would be better :)


{QUOTE-> I had a similar reaction when I installed the first betas. I knew where everything was and how it worked..., and that had changed. Work with it a week or two and it becomes as transparent as 2008.

On the whole, I tend to like the 2010 version more: I might be alone here, but I believe the anti-execute functionality in 2010 is a much better implementation than in 2008. Yes, it doesn't apply to non-virtualized mode, but that can become intrusive. The 2008 AE functionality really needed a "whitelist current machine state" option to work really well, and then you're starting to deal with massive feature creep.
I like being able to set Advanced options under System Safe while System Safe is inactive. In 2008, you needed to be enabled to set those options. It's not something one typically does frequently, but it's a more intelligent implementation.
GUI navigation is fairly neutral once you get accustomed to the new setup and terms.Overall, I think it's a very powerful solution for those desiring a light simple protection without going overboard, particularly if implemented as RVS/LUA/SuRun.

Blue <-QUOTE}

{QUOTE-> Yeah, same here on WinXP, Server2008 and Vista x64 ...

Even left the WinXP running overnight (7 hours) to return to 100% CPU usage again ... it happens with no other AV and independant of whether the antivirus is enabled or disabled ...

7ek <-QUOTE}

For example, what options was turned on? And on what version?

The reason of temperature is the CPU itself it is probably Prescott based processor on NetBurst architecture. I had such one and on the load it getting hot up to 97 (degrees Celsium).



{QUOTE-> Same here - Win XP Pro SP3 (validated & fully 'updated') 2.8ghz Intel P4 CPU, 1.5gig RAM - no av product installed while using 2010.

Not only did my CPU using often go to 100% (usually around 50% - 67%)

but my core temperatures spiked dramatically - I'm talking hit 70C before I ordered a shutdown.

Process Explorer verified it was 2010 that was the CPU hog.

Un-installed 2010 & walla temp back down to 45 - 47C

Installed 2008 personal (free) - CPU still sits around 47C

Process Explorer shows CPU running at around 90% idle now as well & that is with Avira Antivirus free running in conjunction with 2008.

Until the CPU hog/temp issues are fixed &, (for me),

Why no 'save entire folder contents' option?
http://www.wilderssecurity.com/showthread.php?t=254648

there are big issues with what is essentially a superb product. <-QUOTE}

Integrated antivirus is probably only the feature for betatesters, they must have the reasons to use RVS. This AV have found viruses in the situations whan Kaspersky failed.
I have read the documentation and want to tell you next info. This AV is designed as "second" AV, only for increase protection level. Thats meant that AV is only BONUS 4 betatesters.



{QUOTE-> I completely agree. I noticed that memory usage has increased substantially with the latest version, presumably at least in part due to the addition of antivirus. Until the antivirus component gets tested by the independent antivirus testing organisations, we don't know how effective RVS Virus Guard will be when compared with the top standalone antivirus programs. I can't understand why Returnil didn't stick to what they do best, i.e. reboot / restoration technology and leave antivirus to others who specialise in that field.

For me personally, Returnil is going in the wrong direction. It seems to be trying to become a full-blown antimalware, rather than extend the reboot / restoration concept. Apart from the antivirus, a new GUI, and some consolidation of existing functionality, there appears to be very little that is genuinely new in this latest release. Examples of the kind of developments I would have like to have seen are:
Solve the problem of continuing a virtual session across a reboot in order to enable software to be tested that requires a reboot during installation.
Extend virtualisation (selectively) to non-system partitions.
Extend file and folder exclusion to the registry to enable selected registry changes to be comitted to the real disk during a virtual session.
Any of these would have represented real improvements. This is where I would have preferred to see the R&D effort go, not in developing an antivirus; but this is of course just my opinion, others may disagree. <-QUOTE}

Log files are not deleting from WIN directory after RVS uninstallation.

{QUOTE-> sorry i was busy at work, i just uninstalled it a few days back so i cant send you the files, im just gone way if you guys release Returnil without AV <-QUOTE}

"CPU sits at zero till I hit update or scan then goes to 100% and stays there even when exiting RN." - Are you update under SS turned on?


{QUOTE-> New Vista VM.

CPU sits at zero till I hit update or scan then goes to 100% and stays there even when exiting RN.

Killing rvsmon.exe brings the cpu back down to zero.

Tried this a few times and rsvmon.exe unloaded itself on one occassion after exiting but all other times seemed stuck there keeping the cpu at 100%

My opinion of the new version is I really don't like it but I'm a bit anti blacklists here as they're really not needed and only get in my way.

At this stage I'm gonna run the old version and I would have liked to see that version developed further in the way of using as much memory caching before it disk caches, sorta like a full on ramdrive. <-QUOTE}

{QUOTE-> "CPU sits at zero till I hit update or scan then goes to 100% and stays there even when exiting RN." - Are you update under SS turned on? <-QUOTE}I can answer that as it pertains to one of my machines - you really don't need to update or scan for CPU saturation to occur. Simply boot the system and it occurs on a simple P4. On a hyperthreaded or multicore CPU, it dominates the activity of a single virtual or physical core. The only evaluation I performed was with System Safe off.

Blue

{QUOTE-> Thats meant that AV is only BONUS 4 betatesters. <-QUOTE}I'm not quote sure what you mean here. The AV appears to be an integral component of the 2010 release version.

Blue

{QUOTE-> For example, what options was turned on? And on what version? <-QUOTE}As one example, Home Lux, default install, so whatever options are selected by default. I've also examined with the both settings of the AE module, it doesn't matter. Virus guard set to only proven detection rules. Report anonymous information selected. Generally select "Wipe all changes" under System Safe. Nothing set under File Manager.

Blue

Yes it will be integrated after final release. I meaned that AV is not the thing what shold be understanded by betatesters as the main feature. New betatesters should understand it.


{QUOTE-> I'm not quote sure what you mean here. The AV appears to be an integral component of the 2010 release version.

Blue <-QUOTE}

Thanks.
I have created such VM and around 1 hour runs such system. Hope that in next 6 hours I'll see such issue but now "system iddle" is approximately 98%.

P.S. Config of my PC includes P4 3.0 Ghz processor (with turned on HT).


{QUOTE-> As one example, Home Lux, default install, so whatever options are selected by default. I've also examined with the both settings of the AE module, it doesn't matter. Virus guard set to only proven detection rules. Report anonymous information selected. Generally select "Wipe all changes" under System Safe. Nothing set under File Manager.

Blue <-QUOTE}

{QUOTE-> For me personally, Returnil is going in the wrong direction.
Examples of the kind of developments I would have like to have seen are:
Solve the problem of continuing a virtual session across a reboot in order to enable software to be tested that requires a reboot during installation.
Extend virtualisation (selectively) to non-system partitions.
Extend file and folder exclusion to the registry to enable selected registry changes to be comitted to the real disk during a virtual session.
Any of these would have represented real improvements. This is where I would have preferred to see the R&D effort go, not in developing an antivirus; but this is of course just my opinion, others may disagree. <-QUOTE}

+1

I understand the aim for "one stop all in one security shop", but there will always be better AV options, and AV options means dedicating resources to reading reports, checking files, making signatures, etc ...

I would have devoted resources to most of the ideas already mentioned because they would put Returnil head and shoulders above the rest ;)

Things like a toggle between off, a Sandbox and full blown virtualisation (green, orange/yellow, red pretty icons, etc) where the Sandbox could be invoked and revoked without a reboot, but only covered programs run from within the Sandbox (giving the advantage of no reboot, but trading the "full restore" feature of Virtualisation for "isolation for whatever you run next") ...

Tek

{QUOTE-> Thanks.
I have created such VM and around 1 hour runs such system. Hope that in next 6 hours I'll see such issue but now "system iddle" is approximately 98%.

P.S. Config of my PC includes P4 3.0 Ghz processor (with turned on HT). <-QUOTE}I reinstalled RVS Home Lux 3.0.6228.4929. This system runs KAV 2010 under LUA/SuRun, although neither cause this behavior as it is the same under an Admin account without SuRun or as the only security application at all installed on the machine.

212755

Both machines for which I observe this do have a standard install of a defrag at the moment (DiskKeeper on this machine, PerfectDisk on the other). Neither exhibited problems with the 2008 version. This is a screen shot from the HT P4 with 3 GB RAM after a default install, cancelled AV update, nothing active.

Blue

This is not clear machine :))))))))))))))))))))))))))))))))
In the processes I see KAV and ATI drivers as suspicious processes.
Please can you tell me what version of KAV/KIS you are using and at what options?
It looks like compatibility issue.


P.S. Sorry I didn't noticed that you writed it yourself (about KAV).


{QUOTE-> I reinstalled RVS Home Lux 3.0.6228.4929. This system runs KAV 2010 under LUA/SuRun, although neither cause this behavior as it is the same under an Admin account without SuRun or as the only security application at all installed on the machine.

212755

Both machines for which I observe this do have a standard install of a defrag at the moment (DiskKeeper on this machine, PerfectDisk on the other). Neither exhibited problems with the 2008 version. This is a screen shot from the HT P4 with 3 GB RAM after a default install, cancelled AV update, nothing active.

Blue <-QUOTE}

Hi Firemage, Blue, 7ekno, pegr, mata7, Franklin, Oremina, Boost, and Think-eDesign,

The team is aware of this and the other threads. Thank you to those who have sent in requested log files and descriptive reports. I will update the group here as soon as I know something concrete.

Thanks
Mike

{QUOTE-> This is not clear machine :))))))))))))))))))))))))))))))))
In the processes I see KAV and ATI drivers as suspicious processes.
Please can you tell me what version of KAV/KIS you are using and at what options?
It looks like compatibility issue.


P.S. Sorry I didn't noticed that you writed it yourself (about KAV). <-QUOTE}This machine uses KAV 2010. Don't lose sight of the fact that a second machine without KAV or anything else displays the same problem. The ATI is just the video card.

I can tell you one thing,I do not plan on installing Returnil 2010 ever again,especially seeing how many others are having similiar issues as what I had.The program just does not need an antivirus,period IMO. It was designed to be a reboot / restore program originally and that was an awsome,100% stable program.

So with that being said,I'll stay with what works and is 100% stable,and that is Returnil 2008 :thumb:

I agree.

PC Tools ThreatFire fell into the same misconception when they too added an AV into a Behavioral Blocker?

Pls keep RETURNIL authentic and stable and let the AV's remain a separate entity.

Less fuss, fewer issues.

Thank You!

Hi Easter,
The client is stable. The issue is actually at the server and you should see relief by tomorrow:

http://www.wilderssecurity.com/showthread.php?t=255040

Mike

Returnil 2010 review by Matt: http://www.youtube.com/watch?v=1ZHBY_q8Kfg

I find it funny that he's testing a virtualiser in a Virtual Machine. But that's how I do things too haha.

Mike, the problem is, the new beta changed just about all of our perception of Returnil. Come on, you know how long the other beta took. Now when this one comes out it is obvious that resources went into combining another vendors AV instead of back into Returnil itself. I wont use it just because of the AV issue. If I need to add one, there are plenty of freebies better then what Returnil adds. Heck, Hitman Pro is perfect for a clean, no-av Returnil. I would bash SD if Tony included one in his product. That is not what products like this are suppose to do. That is why their is a new market for scanners like Hitman Pro. Personally, Returnil sealed its own future, which is not good, with this version.

All you do is cheapen the product by doing this, and that, is really a shame.

{QUOTE-> ...Returnil sealed its own future, which is not good, with this version.

All you do is cheapen the product by doing this, and that, is really a shame. <-QUOTE}

The addition of antimalware is to specifically address a real weakness in virtualization only approaches like the one you refer to; they are incapable of detecting or blocking the activation of malware; especially the types that are designed to circumvent ISR. The AV we are using in 3.0 is well known and the team behind it have a great deal of expertise in dealing with these types of malicious/hacker programs and is included even in the registered Home Free version (Hint: Free).

The thing to remember however is that the AV component does not need to be used if you prefer a virtualization only approach; simply turn it off...

With kind regards
Mike

I am a big fan of RVS 2008. It has been utterly reliable and very easy to use. I have looked forward to the new version to see what improvements it would bring but I don't see the integrated AV as an improvement. I already have an AV. I would think that most people who are going to install and use virtualization software most likely already have protections in place against malware. I don't really want the added system load of another real time scanner either. Yes, you can turn off Returnil's AV but I would rather have seen the option in the installer to not even include it if you wish.

You can always continue to use RVS 2008 though and that's what i plan to do at least for now.

{QUOTE-> All you do is cheapen the product by doing this, and that, is really a shame. <-QUOTE}trjam,

Let me come back with a bit of a contrarian view.

I actually think that inclusion of an AV has appeal. I'd say mass market appeal, but I'm actually talking about myself here.

I try for simple. I know a cascade of specialized apps is a target of many. That's not me. I happen to think suites are a decent idea. One location, all controls. If there are issues, at least they shouldn't involve the various components of the suite - which eliminates what's usually examined first in problem debugging of security apps.

Until the minor bump in the road that many of us experienced, my primary machine was being run with LUA/SuRun/RVS 2010. That's it. I tend to think this is a very simple, decently powerful approach. Virtually anyone can run it. There's not a whole lot to understand or decide when surfing and it strikes me as achieving an excellent balance in overall security, low system impact, and robustness. The only difference between this configuration and what I've used for over the past year is the integration of the AV into the RVS package. The AV is different (I was running Dr Web), but the basic design ethic is the same. Obviously, I could run with a separate AV if desired, but I like to simplify where possible.

Blue

{QUOTE-> trjam,

Let me come back with a bit of a contrarian view.

I actually think that inclusion of an AV has appeal. I'd say mass market appeal, but I'm actually talking about myself here.

I try for simple. I know a cascade of specialized apps is a target of many. That's not me. I happen to think suites are a decent idea. One location, all controls. If there are issues, at least they shouldn't involve the various components of the suite - which eliminates what's usually examined first in problem debugging of security apps.

Until the minor bump in the road that many of us experienced, my primary machine was being run with LUA/SuRun/RVS 2010. That's it. I tend to think this is a very simple, decently powerful approach. Virtually anyone can run it. There's not a whole lot to understand or decide when surfing and it strikes me as achieving an excellent balance in overall security, low system impact, and robustness. The only difference between this configuration and what I've used for over the past year is the integration of the AV into the RVS package. The AV is different (I was running Dr Web), but the basic design ethic is the same. Obviously, I could run with a separate AV if desired, but I like to simplify where possible.

Blue <-QUOTE}

Those are really good points Blue.

I'd just like to add that LUA/SuRun/RVS 2010 is an amazing setup. I don't think you can get much simpler than this, and it basically provides nearly 100% protection. I'm guessing working in LUA would eliminate every bypass that Returnil has had right?

{QUOTE-> I don't think you can get much simpler than this, and it basically provides nearly 100% protection. I'm guessing working in LUA would eliminate every bypass that Returnil has had right? <-QUOTE}Think about this from a structural perspective.

OK, there may be something out there in principle waiting to blow by everything..., personally I'm not going to worry about me being the first hit by that (and if I am subject to that 1 in a billion chance - WHS allows a bare metal reset to virtually any point in time - remember - backup backup backup).

So..., LUA - the scope of action of anything that runs is limited. Problems can arise, but not propagate system-wide. In some respects, this is the most critical element of all.

SuRun, an essential patch-up for legacy apps that don't play nice in LUA and a bit of a convenience for performing any admin level functions. Renders LUA user friendly.

RVS 2010 - want to up the protection level dynamically (say surfing to unknown territory or check some link posted here)? Jump into a virtualized mode. LUA limited scope with respect to the system, this limits it with respect to time.

However, when not in virtualized mode and/or committing content to the real disk - an AV is present as an ever present backstop. There is some level of automated (assuming real time is active) expert system check that any downloaded file is OK. Yea, this is not foolproof, but it's certainly much more of an analysis than I'd do on the fly.

Also, I tend to have the AE functionality active in RVS 2010, and I personally think this is a bit of an unheralded and very useful additional. The more I think about this piece, the better I like it.

That's the logic. Layered in the sense that I believe is useful. Flat in terms of conceptual basics.

There are certainly some rough spots needing to be ironed out. That's par for the course on a major version upgrade whether we like it or not. The glitches here are performance based and that needs to be kept in mind. I have yet to experience anything untoward with any version of RVS.

Blue

BlueZannetti:

"I have yet to experience anything untoward with any version of RVS."

conceptual,performance,all the same if it will not work.

Constant CPU use of 50%-100%,plus the inability to register the
product do not amount to "untoward"?

{QUOTE-> I happen to think suites are a decent idea. One location, all controls. If there are issues, at least they shouldn't involve the various components of the suite - which eliminates what's usually examined first in problem debugging of security apps. <-QUOTE}
The logical extension to this is the addition of firewall and anti-spam in RVS 2011, then the suite will be complete. If part of the point of adding AV to Returnil is to increase the appeal to the mass market, I doubt it is likely to have the desired effect. The average person who uses a suite is not likely to have heard of, let alone be interested in, lightweight virtualisation applications.

On the other hand, the kind of people who do use applications such as Returnil will probably already have an AV as part of a layered defence, and are unlikely to want a second one embedded within an application deployed for an entirely different purpose. The anti-execute features within RVS on their own should be enough to prevent the virtual layer from being penetrated. I would have preferred to see further extensions and improvements to the core functionality of Returnil, rather than adding an AV with the consequent drain on resources of maintaining it with up-to-date signatures. This coupled with the fact that, from a preventative point of view, blacklisting is somewhat hit-and-miss when compared with the default deny of an anti-executable.

Comodo are going down the same road with the proposed inclusion of Comodo Time Machine in Comodo Internet Security. The difference though is that the design of CIS is modular, and the various components can be installed individually as required. Turning off the AV in RVS 2010 is an option, but will the AV component be unloaded from memory and the RAM it uses released? I suspect not.

Please don't take this as a criticism of your post, Blue. I'm merely stating an alternative point of view from a different perspective.

{QUOTE-> Constant CPU use of 50%-100%,plus the inability to register the product do not amount to "untoward"? <-QUOTE}This is easily dealt with via an uninstall or boot to a second partition. This is an inconvenience.

I have had new product issues blow away an OS installation. That is quite untoward. As would be items such as file corruption, being unable to gain internet access via Winsock corruption, and so on.

Blue

{QUOTE-> Please don't take this as a criticism of your post, Blue. I'm merely stating an alternative point of view from a different perspective. <-QUOTE}I understand that, and believe that we really need to get a sense of true performance dimensions of RVS 2010 first. That's still an open question.

I agree that a modular design which basically eliminates deselected product functionality from installation in the first place is the preferred way to go. However, this does present a somewhat more complicated design challenge.

I really wouldn't compare the inclusion of CMT into CIS in the same category. As I've noted elsewhere here in the discussions of CMT type solutions, there's a degree of inherent instability in the approach used by CMT that any user of that technology really needs to fully appreciate before pulling the trigger on use. Inclusion of that type of module into a general use product is fraught with issues.

Here we have a minor product feature set extension. I do think you can make a good case on either side of the argument. That itself says that either perspective needs to be served well. What this means is that you cannot have any conflicts emerge. There can be no significant performance or realtime resource consumption hits. The feel in use needs to be very similar to RVS 2008. In my testing with the early betas, on my machines (which are older P4's running XP Pro), at least that appeared realized.

RAM usage from what I've seen thus far is in the noise in a typical current configuration (~ 1-2% on a 1 GB - 512 MB system) and I tend to ignore that. I don't ignore system responsiveness at the keyboard. This really can't suffer a perceptible drag, and I hope it doesn't.

If the evolution were towards a complete suite (antispam, firewall, etc.) with light virtualization becoming one of many functionalities, I agree, that would not be a direction that I'd recommend.

Blue

Hi Blue,

Yes, I agree with the main thrust of your post. As always, your posts are constructive, helpful, and of a high quality.

The only reason I drew the parallel with Comodo was to illustrate how a modular design within a security suite can permit a choice of components during installation. I wasn't trying to imply that Returnil is in any way similar to CMT. Personally I would be nervous of trying CMT due to the potential for data corruption implicit in the approach used by CMT, as you correctly pointed out.

It's interesting that you found the increase in RAM to be insignificant. On my XP Pro system the RAM went from around 6-7 MB for RVS 2008 to over 20 MB for RVS 2010. RVS 2010 also conflicted horribly with AntiVir Premium, although I believe that Coldmoon has already said that a reason for the conflict has been identified, so maybe this won't be this won't be an issue for users of other antivirus solutions.

In the end, it does come down to a matter of user perspective. Some people will no doubt like the incorporation of an AV in RVS 2010, while others won't. I agree that what does matter is the quality of the implementation. For many users, RVS 2010 will be installed alongside an existing antivirus, so it is important that Returnil cooperates with other security software without conflicts or performance issues.

{QUOTE-> The logical extension to this is the addition of firewall and anti-spam in RVS 2011, then the suite will be complete. If part of the point of adding AV to Returnil is to increase the appeal to the mass market, I doubt it is likely to have the desired effect. The average person who uses a suite is not likely to have heard of, let alone be interested in, lightweight virtualisation applications... <-QUOTE}

Hi pegr,
Firewalls and anti-spam technologies are not target features. The next step in the evolution is simplification and optimization. There was a need for a slight increase in complexity for 3.0, but this is only due to a "first generation" situation.

Mike

{QUOTE-> It's interesting that you found the increase in RAM to be insignificant. On my XP Pro system the RAM went from around 6-7 MB for RVS 2008 to over 20 MB for RVS 2010. <-QUOTE}I see the same numbers, but on a 2 GB RAM system, a 13 MB piece of RAM is less than 1%, hence my qualifier of insignificant. In one sense, fluctuations of ~ 1% are lost in the noise (watch Firefox with a number of tabs active). I do realize that a bunch of increases among a collection of running processes, each individually "lost in the noise", can sum up to be an issue of net RAM utilization.

Blue

By the way...., at least from what I see on my machine, the CPU utilization issue appears resolved (at least for me).

Blue

{QUOTE-> Firewalls and anti-spam technologies are not target features. The next step in the evolution is simplification and optimization. There was a need for a slight increase in complexity for 3.0, but this is only due to a "first generation" situation. <-QUOTE}
Hi Mike,

I was being slightly ironic. I didn't really think you were trying to build a full-blown security suite. ;)

Seriously though, if you could manage to solve some of the key technical issues that make Returnil slightly inconvenient to use: e.g. extending virtual sessions across reboots, being able to exit virtual mode without a reboot, etc, IMHO that would be a big step forwards.

Regards

pegr

Hi pegr,
{QUOTE-> ...extending virtual sessions across reboots... <-QUOTE}

In internal testing - look for it at some point in the 3.1 series (tentative).

{QUOTE-> ...being able to exit virtual mode without a reboot,... <-QUOTE}

Still working on this, but may be a consequence of the virtual sessions across restarts. Don't hold me to that however as there is still a great deal of testing to do.

Mike

{QUOTE-> By the way...., at least from what I see on my machine, the CPU utilization issue appears resolved (at least for me).

Blue <-QUOTE}

Fantastic :)

There will be a new build available next week that should provide relief for others who may still be affected following the fixes from today. Stay tuned ;)

Mike

{QUOTE-> I see the same numbers, but on a 2 GB RAM system, a 13 MB piece of RAM is less than 1%, hence my qualifier of insignificant. <-QUOTE}
Apologies Blue, I misread your post. I thought you were saying that the increase in RAM usage on your system was only 1-2%. I didn't realise you meant the new version uses 1-2% of the total available RAM; so yes, we do indeed see the same numbers. :)

Regards

pegr

{QUOTE-> In internal testing - look for it at some point in the 3.1 series (tentative).

Still working on this, but may be a consequence of the virtual sessions across restarts. Don't hold me to that however as there is still a great deal of testing to do. <-QUOTE}
Hi Mike,

That's great news! Awaiting 3.1 with keen interest. :thumb:

Regards

pegr

What would be the difference between "extending virtual sessions across reboots" and the current option "on computer shutdown - save all changes"?

{QUOTE-> What would be the difference between "extending virtual sessions across reboots" and the current option "on computer shutdown - save all changes"? <-QUOTE}


Hi Robin,
The concept is basically allowing you to test a program that requires a restart of your computer to install for example and follow the results through the initial restart or over many restarts. Then when you are done with the "session", simply dump it and you return to the state your system was in when you first turned on the virtualization.

Saving content at shutdown commits the changes to the real disk immediately as though RVS were not installed without a similar means to return the real system to the same state as above.

HTH
Mike

Hi folks

It's quite a debate going on here. I'd like to add my side as a relatively novice user. The inclusion of an AV on RVS 2010 seems to me a good idea. I am currently running it alongside Avast with no issues. The excessive cpu usage and stalling updates seem to have passed. The AV has already picked up a number of malware/virus items that Avast missed so it would seem to have justified it's use already. Good realtime protection plus the security benefits of virtualisation provide a real boost to non tech-savvy users.

Thanks to all the folks here and at Returnil.

Uli

Where did you find such performance? :) On Vista SP0 ? :)



{QUOTE-> BlueZannetti:

"I have yet to experience anything untoward with any version of RVS."

conceptual,performance,all the same if it will not work.

Constant CPU use of 50%-100%,plus the inability to register the
product do not amount to "untoward"? <-QUOTE}

I think that to get full suite returnil must add such functionality:
- firewall
- antikeylogger

But why do you need Antispam? Do you really think that any user tries to have personal mail server on its PC? I think that antispam must to be privelegy of dedicated servers. If your mail provider do not protects you from spam than I don't see any reason to not use gmail as default...

But I'm really agrees with you that RVS installer must include options to do not install default AV.

But as for me - than I think thah RVS AV is must to have with any defferent AV's. Currently I using KAV + RVS



{QUOTE-> Hi Mike,

I was being slightly ironic. I didn't really think you were trying to build a full-blown security suite. ;)

Seriously though, if you could manage to solve some of the key technical issues that make Returnil slightly inconvenient to use: e.g. extending virtual sessions across reboots, being able to exit virtual mode without a reboot, etc, IMHO that would be a big step forwards.

Regards

pegr <-QUOTE}

{QUOTE-> I think that to get full suite returnil must add such functionality <-QUOTE}
I wasn't suggesting that RVS should develop into a full suite, but if it is the view of the developers at Returnil that adding an AV is beneficial to securing the main function of RVS as a partition virtualisation application, in order to help detect and prevent malware penetration, then so be it.

Personally, I would have preferred a different approach but the important thing is the quality of the implementation, which means that RVS Virus Guard needs to be compatible with other security software (including other vendor AVs) that the user may have installed without causing any conflicts or performance issues.