Light virtualization: Returnil/PowerShadow/ShadowDefender/ShadowUser Pro

[BlueZannetti]

Quote:

Originally Posted by demoneye

after check this amazing EAZ FIX ... its actuley can be used for what we all were missing long time for now and its "continue shadow mode after restart" . can than test program np and ROLLBACK if something went wrong.

By that logic, I guess one could say the same of any disk imaging solution. However, before embarking on this road, it's worthwhile understanding precisely what the program does, how it realizes that behavior, and what that may mean over the longer haul - which depends on the other software installed on your system.

Blue

[trjam]

Quote:

Originally Posted by MikeNAS

Is there any point to use Heidi's Eraser with Sandboxie if I reboot computer every morning and I use Shadow Defender too?

The one advantage that all trapped in Sandboxie is erased as soon as you close your browser instead of waiting for the sun to come up. And it is 2 layers of virtualization.

[demoneye]

Quote:

Originally Posted by BlueZannetti

By that logic, I guess one could say the same of any disk imaging solution. However, before embarking on this road, it's worthwhile understanding precisely what the program does, how it realizes that behavior, and what that may mean over the longer haul - which depends on the other software installed on your system.

Blue

lo blue... u got basic mistake in what u say...EAZ and snapshots taken are not using any imaging technique to do that. disk imaging is another isue so mixing it is a big misunderstod in what EAZ is doing when take snapshot...its actually write the new data in RAW sectores according to EAZ support

cheers

[BlueZannetti]

Quote:

Originally Posted by demoneye

lo blue... u got basic mistake in what u say...EAZ and snapshots taken are not using any imaging technique to do that. disk imaging is another isue so mixing it is a big misunderstod in what EAZ is doing when take snapshot...its actually write the new data in RAW sectores according to EAZ support

demoneye,

I know how those applications work, I was focusing on the end result, which is basically the same, not how it's accomplished. I realize there are minor differences with respect to jumping back and forth and so on. I'm ignoring that as well.

Blue

[demoneye]

Quote:

Originally Posted by BlueZannetti

demoneye,

I know how those applications work, I was focusing on the end result, which is basically the same, not how it's accomplished. I realize there are minor differences with respect to jumping back and forth and so on. I'm ignoring that as well.

Blue

i am sure u know this mate.. but a according to your reply its seems different.

eventually this EAZ from my point of view may be more usefull then DF and SD... anyway its run on my sec pc for testing applications.

cheers

[MikeNAS]

Quote:

Originally Posted by trjam

The one advantage that all trapped in Sandboxie is erased as soon as you close your browser instead of waiting for the sun to come up. And it is 2 layers of virtualization.

Sandbox erased it immediatelly after program was closed.

[BlueZannetti]

Quote:

Originally Posted by demoneye

i am sure u know this mate.. but a according to your reply its seems different.

Then you're missing the point.

Quote:

eventually this EAZ from my point of view may be more usefull then DF and SD... anyway its run on my sec pc for testing applications.

EAZ is obviously more appropriate if application testing is the goal. Neither DF nor SD currently support state retention across a restart, DF by design, SD since this capability has yet to be implemented.

Blue

[trjam]

Quote:

Originally Posted by MikeNAS

Sandbox erased it immediatelly after program was closed.

yours is a good setup Mike. It is what I am using on one and it works fine.

[reco]

What firewall and/or whitelisting HIPS best compliment the two layers of virtualization most-recently mentioned (assuming additional security is actually needed)? Possibly Comodo firewall?

Considering, for personal use on an XP machine:

1) Returnil (system protection).
+
2) Sandboxie (for new apps & everyday apps with connectivity).
+
3) Realtime firewall/HIPS *****Please recommend specific product
&
4) Traditional AV/AS on case-by-case bases only.

[demoneye]

Quote:

Originally Posted by reco

What firewall and/or whitelisting HIPS best compliment the two layers of virtualization most-recently mentioned (assuming additional security is actually needed)? Possibly Comodo firewall?

Considering, for personal use on an XP machine:

1) Returnil (system protection).
+
2) Sandboxie (for new apps & everyday apps with connectivity).
+
3) Realtime firewall/HIPS *****Please recommend specific product
&
4) Traditional AV/AS on case-by-case bases only.

my vote will go to Sandboxie + Eaz Fix... no AV is needed and system running fast.

cheers

[Peter2150]

Quote:

Originally Posted by reco

What firewall and/or whitelisting HIPS best compliment the two layers of virtualization most-recently mentioned (assuming additional security is actually needed)? Possibly Comodo firewall?

Considering, for personal use on an XP machine:

1) Returnil (system protection).
+
2) Sandboxie (for new apps & everyday apps with connectivity).
+
3) Realtime firewall/HIPS *****Please recommend specific product
&
4) Traditional AV/AS on case-by-case bases only.

1 Returnil is great
2 Sandboxie is also great.
3 Online Armor paid. Gives you HIPS, Firewall, and ability to run browsers at lower rights.
4. For me personally I skip this one.

Pete

[demoneye]

Quote:

Originally Posted by Peter2150

1 Returnil is great
2 Sandboxie is also great.
3 Online Armor paid. Gives you HIPS, Firewall, and ability to run browsers at lower rights.
4. For me personally I skip this one.

Pete

returnil is great program along with DF ,SD and so on.
but as far as i try , eaz fix can act 100% like returnil and much much more , so now i test and use eaz fix + sandboxie

cheers

[Peter2150]

Quote:

Originally Posted by demoneye

returnil is great program along with DF ,SD and so on.
but as far as i try , eaz fix can act 100% like returnil and much much more , so now i test and use eaz fix + sandboxie

cheers

Yes, it can "act" the same, but it works very very differently, and that can have impacts on your system. For example, using Returnil/SD, when protection is off, imaging my system is totally routine. With EazFix, it is not.

Pete

[demoneye]

Quote:

Originally Posted by Peter2150

Yes, it can "act" the same, but it works very very differently, and that can have impacts on your system. For example, using Returnil/SD, when protection is off, imaging my system is totally routine. With EazFix, it is not.

Pete

u got the same option in Eaz Fix to full imaging of your selected hd or partition mate

cheers

[whatup2008]

Hi
I just downloaded and installed Returnil, having used Shadowsurfer for a while I thought it would be easy enough to figure out but I have a few problems I wonder if someone could help with. Both these programs are super, Returnil is free which is great, I'm trying out Shadowsurfer for another week to two weeks in trial. It looks as though they are pretty much the same, not being tech whiz like most people on this forum, it's hard for me to really compare the two.
Here is what I'm having trouble with....I can't shut down the Returnil, even though I've tried, in order to get the newly installed firewall (PC Tools) to remember applications. It keeps asking for approval again even when the Returnil has been shut off and PC Tools will ask for approval, then Returnil is back up and PC T. will again ask for the same programs.
'Session lock is greyed out, no function on it. Can you tell me if Returnil and Shadowsurfer are pretty much the same, if I keep Returnil and let the SS go, would this be a good move? I have read where there seems to be some differences but not really understanding what they are, I do believe I have only one partition, I also have created the virtual partition which is a 'z' drive but supposedly this is to save anything I want to keep it permanently, I don't see where that is possible even with the virtual partition up. Icon at top indicates Returnil on, middle is to dismount virtual partition, and last is the same as the first saying Returnil is on.
Sorry if this post sounds like rambling, hopefully it makes sense enough for someone to give a few pointers. Thanks in advance...

[Coldmoon]

Hi whatup2008,
Please see the following thread at our support forums and let me know if this solved the issue:

http://www.castlecops.com/t211853-He...rotection.html

Mike

[connect4]

Quote:

Originally Posted by lucas1985

I replace regular on-demand scannings with integrity checking. It isn't a solution for the average user, but it's much more powerful than blacklist scanners.

...
- On-demand scanning ("weak"), integrity checking/forensic analysis: is my strategy really working?

Hi Lucas1985.

You said that integrity checking is much more powerful that than regular AVG checking. And this statement is intriguing.

Can you elaborate on how exactly would you use an integrity checker to protect your PC?

For example, If I used a program like runscanner, could I use that program as the only integrity checker for my main administration files %program files%, %windows% and %registry%

And how exactly would I use the program to help protect myself from malware?

[twl845]

Quote:

Returnil V 2.0 (beta):

• Currently supports system partition shadowing only.
• Creates a virtual partition to provide a shadow session repository of information to be retained - useful on single partition systems
• Provide specified folder and file commit, as well as full session save.
• Has a free personal version. With the upcoming release of a paid premium version for personal use, the free version will possess a subset of the features of the paid variant.
• Protection of non-system partitions has been mentioned as a future feature target
• Protects against low level direct disk accesses (same for PowerShadow and Shadow Defender)
• Has a good support presence here through ColdMoon and a forum just started at CastleCops, see here
• The price for the paid premium version of Returnil 2008 is listed as $25/year, although it's unclear whether this is finalized pricing or brought over from the paid business product. I assume that the cost covers the initial license plus maintenance support with a renewal being charged for yearly maintenance support (i.e. any product assistance and/or upgrade); it's unclear whether a renewal would be at somewhat lower cost - I've not seen definitive information on this point. These details will be clear by release time.
• Licensing/activation is via a vendor provided serial key code, with a 30 day trial also available
• Supported OS's are Windows XP/2003 Server/Vista 32 bit.

Blue

Just a note. Returnil v2.0.0.5007 is a released premium version, as is RVS 2008 v2.0.0.5011.