Best virtualization/rollback software?

Hi bgoodman,
To use SD all the time with RBRx is like you say a pain because of necessary reboots, and committing stuff. I'd suggest to try Sandboxie which is for browsing more versatile than than SD, no reboots and IMO even tighter than SD as it can be configured to protect against keyloggers and identity theft, probably SD's Achilles's heel.
I use SD as well but only in special circumstances.

 

I'm curious as to those 'special circumstances' that prompt you to use SD (as opposed to, or in addition to, Sandboxie). Would you please elaborate on those circumstances.

 

My premise here is is not to compare programs but how to use RBRx + SD + Sandboxie in the most efficient way given their attributes.

I think for browsing RBrx + Sandboxie is enough, and probably better than SD as it can protect against keyloggers or anything trying to connect outside (one has to configure SB accordingly, it's not out of the box).

Adding to this mix SD for browsing, it would be overkill in addition to SD's known pains (reboots + Committing interesting stuff).

My 'special circumstances' are for example my work environment where I very often have to plug in flash drives from collaborators. The infection rate in third party flash drives is high and I feel SD is excellent as an an all around protection.

Sanboxie can be configured to 'sandbox' flashdrives as well but it is more fiddly than SD, one mistake and you are infected whereas SD is easier in that respect. It is almost impossible to make a mistake with SD, but one has to get used to committing files and reboots. I have in the past lost research work from the Internet because I forgot to commit it in the end....

Another special case would be testing something infected or malware (which I never do), I'd be inclined to think that it is easier and safer within SD.

 

Ummmm, I am a bit confused, I thought that SD virtualised the entire PC not just the browser. So if you surfed the net 5 times during the day you would have to re-boot 5 times or the work you did using aps other than the browser would be lost at final shut down for the day (unless of course you committed everything which seems to make SD not very useful). I have SD on my desktop, which I seldom use since I am on the road a lot and find it more convenient to just use my Tablet PC (Fujitsu Lifebook) which has Rx on it.

Perhaps I am mistaken about how to work with SD and should give it another chance. It has been quite some time since I installed it and I never really used it all that much.

 

I had tried Sandboxie and had problems with it. That was some time ago (2 years ago?) maybe I should try it again.

 

Nice procedure, thanks,,,,, if I can get SB to work on my PC I think your regime is an excellent one and will implement it myself.

 

SD virtualizes the whole HD (or a selected partition)

You can keep SD in shadow mode for the whole day if you wish, if you reboot/shutdown every change will be lost except what you might have committed in shadow mode.

RBRx + Sandboxie work very well together, Sanboxie filling in the few security holes that might affect RBRx and protecting your personal data from being stolen. SD is more suitable on its own (with an AV resident or scanner) for people who surf all the the time without making too many changes to the system and downloading few things. Anything new must be committed if you want it to survive a reboot, although you can reboot the system keeping all changes.

 

I found the best way to use SD is to have separate system and data partitions, with just the system partition in Shadow Mode for normal use not the whole PC. When extra security is needed, the data partition can be put in Shadow Mode as well. Unlike the system partition where a reboot is needed to exit Shadow Mode, the data partition can both enter and exit Shadow Mode without a reboot.

Most application data can be relocated to the data partition and for any that can't, the application's data folders can be added to the SD Exclusion List. In my case, the My Documents folder where all my work and personal files are held, and the Firefox and Thunderbird profiles are all stored on the data partition. I imagine other browsers and mail clients can probably also be set up to automatically save changes. The only folders I've added to the SD Exclusion List are for antivirus.

The only time I exit Shadow Mode is for PC maintenance to install software and apply updates. During normal use, I rarely reboot because there's no need. On the odd occasion when I want to save a file on the system partition (a change to the AppGuard policy file for example), I use the SD Commit Now feature, but it's rarely necessary.

I have a lifetime license for Sandboxie but I rarely use Sandboxie because it doesn't work well on my system. As soon as I play streaming video through the browser when sandboxed, all subsequent scrolling of web pages is slow and jerky. This isn't restricted to Sandboxie because the avast! sandbox exhibited the same behaviour when I trialled the Pro version of avast!. With SD I don't have this problem so it may be something to with the way application sandboxes work.

 

Thats what I thought, I will have to give Sandboxie another try. I can't remember what the problem was when I tested it on my system a while back but perhaps it will work well now.

 

That makes sense but I am using a laptop and have not set up separate partitions for data and system (would that work with SD or does it protect drives rather than partitions) and I don't think I would want to start moving things at this point. Perhaps when I get a new PC I can set it up for this. Thanks for the suggestion.

 

SD virtualizes partitions. I have one physical internal hard disk in my PC, split into three partitions: C: (system), D: (recovery), and E: (data). During normal use, C: and D: are in Shadow Mode, but E: is not virtualized.

 

Thanks for the info pegr, I will keep that in mind for when I get a new PC.

 

Is it better to only use SD with windows (c-drive) and not other partitions?
I mean if you did somehow get a virus wouldn't it mainly effect your windows partition?

 

You're right, most malware infect only your Windows disk/partition, this way they can autoload at system startup. There are some malware out there than will infect all disks/partitions attached to the system, but these are quite rare and usually require C: to be infected first - and with Shadow Mode enabled this is quite unilikely - unless of course the user chooses to preserve changes upon reboot!

For extra security I personally have my network adapter always disabled when I don't need to be online. I have placed a shortcut for it on my desktop and when I want to go online I activate Shadow Mode for C: first, then I just right-click on the adapter shorcut and enable it.

I have changed the paths for all my user folders to a different disk, this way any changes I make to my Favorites or Documents are saved regardless of C: being in Shadow Mode or not. There are some malware that add their own Favorites entries though; so if you're using a parttion other than C: for your user files it's always wise to look out for any entries that you haven't added yourself.

I also only use Windows Update in order to see what updates are available. Once I know their numbers I just google for them (with Shadow Mode on of course), and download them manually. Then I reboot into normal mode discarding any changes, and install the updates off-line.

I only put all my disks/partitions in Shadow Mode if I'm about to test a suspicious program, or before going to sites that may be dodgy - e.g. free pron sites

 

Looks like you take no chances at all!you have gave me some good tips and I shall keep them in mind definitely

 

I began the first thread here at Wilders about this type of software back in 2004. Back then I had everybody in a twit when I predicted that it would render most other third-party security software obsolete. That enraged most around here back then. However, now it's pretty much accepted that, properly configured, it's as close as anything to the "Silver Bullet" on a Windows PC.

I've used many of these programs, but always go back to Returnil, Deep Freeze and Drive Vaccine. I like them all as only thing I am interested in is boot-to-restore. I don't need snapshots or anything else. I just want to dump everything I have done on my computer and be back to a perfectly "fresh" system at reboot.

I keep all data on a separate partition. The only time I leave "shadow mode" or "virtual mode" is when I install new software, update the OS, etc. Really, pegr said it well and pretty much described the way I use the software.

The only other piece of "security" software I run with is AE. I have some privacy software - but that's a different animal.

 

I'm running Drive Vaccine along with AppGuard. I love DV. Just reboot and restore to a clean system. AppGuard keeps any nasties from running during a session.

 

Drive Vaccine is as good as it gets for simplicity. The only problem I have had is imaging. I won't use imaging programs that use Volume Shadow Copy and that pretty much left me with Paragon in original mode. It didn't play nice with DV. What do you use for imaging? Oh, never mind, I just looked at your sig and you use Macrium Reflect. Does it utilize VSC?

We have very similar ideas and setups. I use AE along with my light virtualizer and you use Drive Vaccine with Appguard (excellent program) and I use Paragon for imaging. That pretty much covers it. I do have my system encrypted.

I call all of this Hardened Simple Security. A lot with a little.