Applicability of ISR approaches (née PowerShadow vs Returnil)

Hello Rasheed187,
I do not understand your reasoning here. RVS is not meant to be a testing tool and we have consistently recommended using more appropriate solutions like VMWare, VPC, XEN, etc. The fact that any changes made are lost at reboot provides a bonus where a user could test those simple applications that do not require a reboot. This means that these same applications can be uninstalled without a reboot if desired then a reboot eliminates the remnants that were not removed with the application's uninstaller if required.

Further, if you use RVS in combination with those testing environments, you can enusre that any unintended "leak" of malicious content from within the virtual testing session does not present anything more than the slight inconvenience of a reboot to remove from your real System Partition.

RVS is there to fill the glaring hole that is left in your protection with traditional security strategies and solutions...

Mike

 

Rollback RX isn't an imaging tool, it more of a state preservation tool. For testing of software, you really need to have some sort of offline recovery mechanism (offline image, archive ISR snapshots, physical clone, or reinstallation sources).

Actually, My impression after using a number of these options for a while is that they could constitute a preferred approach - for myself that would specifically be something along the lines of a light AV/suite + (PowerShadow/Returnil/ShadowDefender/ShadowUser Pro/etc.). These applications are quite robust, have very broad applicability, and are very simple to implement. Yes, there's the reboot issue, but to me it's a non-issue, perhaps since I keep the boot process lean so it's quick.

Blue

 

Blue, you might want to add Sandboxie to your list Along with a good AV/Suite you are pretty well covered.

 

@ BlueZannetti

OK thanks for the tip, I´m a total noob when it comes to restore/imaging solutions. And lately I have cut back on testing software in VMware because it´s too HDD extensive (it can´t be good for my HDD), and VM´s are slower. Of course VM´s do have other advantages, like the ability to test multiple setups.

@ Coldmoon

Yes, I see, I didn´t mean that Returnil is a bad product or anything, I´m sure it does its job quite well, but tools like Returnil are not for me for the reasons I mentioned earlier. I personally try to avoid reboots as much as possible, but others don´t care. Btw, Windows SteadyState actually did what I wanted to, I could install apps (which require reboots) and test them, isn´t it possible to make Returnil act like this?

 

For myself, that would be an either/or proposition, not an addition, but the light virtualization apps such as PS/Returnil/etc. just seem better suited to my usage style. Both approaches work quite fine.

Blue

 

There is a valid reason and place for RVS as it is now which will be valid for a long time to come. This does not mean that we are not working on or planning more advanced solutions

Mike

 

Although rollback rx isn't primarily an imaging solution it does have a drive image feature built into it. I use RB to test out any new software, should windows crash i can easily boot to a previous snapshot. Should that fail i can use RB's imaging tool to restore a working image.

 

As mentioned at the very first reply, those other apps are designed to protect against malware, intrusions and not for testing software.

@Eric

That's more up FD-ISR's alley as you should know by now. Install anything that requires restart and if you get a lousy piece of a program that disappoints you, it's as simple as a Copy/Update from archive or secondary (duplicate) snapshot and it's all forgotten.

 

good point.