Returnil and nothing else

So for one week on one machine and just this product, I have visited the underside and back. Did reboot this morning, ran Kasperskys online scanner and nothing.

of course I did mess up one computer and had to reformat but that was my fault for some reason.

So email .pst restored and taking my AV off other computers and have decided to only use this.

I really dont think we get as infected as some might lead us to think. But having totally nothing slowing me down has been very nice. Good job to Returnil.

 

Ok, but just remember, even though a Trojan will be deleted upon reboot, while it is still on your system (before you reboot) it can still steal your passwords, credit card numbers, etc. Once the person who sunk the Trojan onto your system has your private info, he/she does not care if the Trojan gets deleted.

Acadia

 

I dont keep information like that on my computers.

 

Acadia

 

Don't you have any passwords on your pc?

 

none that make sense.

 

Hi, And....

The drives other than "C" are where you keep all the sensitive info. Be careful, be careful.

 

nearly 10 months now with "only" Returnil or deepfreeze. I do have a hardware firewall and use Firefox with the usual add ons. Roboform with a 1 minute window protects password account details - I don't even know the passwords.
I load and run various on demand programs every week or so just to check ( Nod 32. superantispy the usual suspects) and nothing has ever shown up. Oh yes always re-boot just before paying by credit card.

 

Acadia

 

I use Returnil and either Sandboxie, geswall, or Bufferzone depending on my mood and my browser is Kmeleon which I run in Altiris. I'm not quite brave enough to abandon my av/as although in the couple of weeks I've run my machine this way, both antivirus and antispyware have found nothing.

As a test, I set my av/as to on demand only and took my computer to some pretty dark places just to see, using only Returnil and, in this case IE7. I downloaded and opened some pretty grungy stuff. In one case only did I actually notice anything.

It was something I've never seen before. I have no idea what I picked up. My monitor screen began changing into what looked like a mosaic, just a series of little multicolored blocks and the hard drive was racing. I don't remember what site this was. I hit quite a few.

That scared the hell out of me and I immediately rebooted. When the reboot finished, the computer was back to normal. I ran my av and antispyware and it found nothing.

The only sensitive data I keep is my income tax data and it's on my second HD and is encrypted with Blowfish and a long, involved password.

Whatever weird thing I picked up, Returnil worked. Combined with geswall, sandboxie, or bufferzone, I'd have even more protection.

 

It's true that Returnil won't protect my second drive, which is why it is where I keep sensitive info, all encrypted. Of course if whatever gets through Returnil can destroy the second drive, all is lost. Considering computers and their 'ways,' and from learning the hard way I also have the info I need on a CD. I've had computers die unexpectedly.

I don't know of any free software like Returnil that will also cover my second HD, or I'd be taking a look at it. I'd still encrypt personal files and my current writing work though.

 

Yes thats it. But it wouldn´t be good if returnil would protect other drives because you could never store anything.

Pass protect this stuff and good is but before this use anti-keylogger that blocks all known spy methods.

That isn´t so dramatically because one push on reset button and every malware activity must restart
from the frozen point.

 

How would you know if you have a nasty sandboxed?
And what would happen if you did a file recovery from the sandbox to your desktop, for instance?
Would the nasty escape then?

 

Good question. I'd say that unless the thing opened in Sandboxie or one of the others, yes - if you downloaded the file and opened it on your desktop your computer would be at risk. If you had Returnil running, a reboot would get rid of it. If it turns out to be okay, move it to your other HD or onto CD.

 

I was hoping you'd return and tell us about your using "another product."

 

Since Peter proved, that PC Security didn't protect my second HDD as I expected, I use Sandboxie to protect it.
I still find "locking" my second HDD better in theory with more possibilities, but it doesn't work in practice, because malware can still "write" to my second HDD.

If I could lock my second HDD, I still would be able to test softwares and what happens in my system partition doesn't matter, because my boot-to-restore fixes that.
I don't have that possibility anymore since I use Sandboxie, because Sandboxie is not good enough to test softwares and Sandboxie only works with sandboxed applications, just like DefenseWall does with untrusted applications.

If I test software in my system partition now and there is a malware that targets my second HDD, it will be infected or even destroyed.

The bottom line is :
1. I solved one problem, but I created another problem : I can't protect my second HDD anymore during testing of softwares in my system partition.
2. So I need another extra software to test softwares, like VMware, Virtual PC, etc.
Locking my second HDD would have solved both issues.

Using Returnil doesn't change anything and I have already something like Returnil. Maybe all these ISR-softwares and isolating softwares are not good enough to TEST softwares and do we all need something like Virtual PC, .... whatever.

 

Hi Erik

I still think you're selling yourself a little short by so quickly discounting PC Security this soon. The percentages are still in it's favor after all. How many malwares specifically can cross into the "LOCKED" data partition by PC Security. Peter2150 indeed proved "one" was able to penetrate, but you do open up a valid concern if even "one" is one too many and it only takes one entry of some destructive type to ruin what is expected to be secure 100%. I dunno short of changing partition flags exactly what software could ascend to that mark. I'm just as skeptical as you but not as quickly convinced. You still should keep a duplicate mirror copy of the data partition in any event because we both know theres always a chance any software will fall short at some point, including the system itself hence the need for images. I just haven't seen that happen yet with PC Security in normal surfing and some of those being visits to known risk sites. I guess whats sets my confidence apart from yours concerning PC Security is EQSecure 3.41 HIPS. It's already alerted me to a few stealth attempts of dropping a malicious file but they are easily cancelled with one click, DENY!
Still, i line up completely with the idea and expectation that some software should automate this action without user interaction, but that's simply not possible yet, and then attention is returned back again to signature-based AS's and resident scanners.

 

More and more malwares are using the autorun.inf trick to copy themselves into every disk/partition they encounter. Worms spreaded throu removable drives are very common and some of them carry a real annoying payload (Virut/Tenga/Parite/Brontok)

 

Easter,
I'm not willing to discuss "PC Security" anymore. PC Security failed ONE time and that is enough. Tropical Software is selling a product that doesn't do its job. Period.
I don't even understand why you are still defending PC Security. Locking a HDD should be a very simple thing to program : no reading and no writing. That's all and even that wasn't possible for TropSoft.
If locking isn't technical possible at all, don't create such a software, because you are cheating the users.

 

How is this possible with anyone who has some type of execution protection?


----
rich

 

I disabled autorun a long time ago because I found it annoying. whould this prevent the problem ?