Returnil Geswall Buffer Zone

Discussion in 'General Returnil discussions' started by hogndog, Nov 21, 2011.

Thread Status:
Not open for further replies.
  1. hogndog
    Offline

    hogndog Registered Member

    There sure seems to be a large variety of virtual security applications. First i asked about Geswall, having used it before as well as Buffer Zone, now i see Returnil. Returnil looks to be running neck and neck with the others with that one exception "the restore capability".. I have a question about that part of the application. Lets say you want to download something and keep it? According to Returnil, when you reboot your machine it reverts back to the way you started using it that day, how would you save that download?

    Thanks in advance guys.. :)

    Hogndog
  2. hogndog
    Offline

    hogndog Registered Member

    Oops' me thinks I've found the answer, you can't save downloads in the free version without a file manager.. :doubt:

    Thanks anyways, next time I'll look before i leap.. ;)

    Hogndog
  3. pegr
    Offline

    pegr Registered Member

    That's true, but you can create a Virtual Disk where you can save downloads. The Virtual Disk can be used whether the protection is on or off, and is available in the free version.
  4. hogndog
    Offline

    hogndog Registered Member

    Many thanks and your OS is the same as mine, I see your using Sandboxie as well.. my security is a Sygate firewall,
    Hostsman and MSE. :)

    Hogndog
  5. pegr
    Offline

    pegr Registered Member

    You're welcome. I hope Returnil does the job for you. :)

    Regards
  6. hogndog
    Offline

    hogndog Registered Member

    I went in a different direction for now, instead i went by way of sandboxing my browser in Comodo's Firewall. If this works it will eliminate the need to download a virtual environment thus eliminating the need to consume more resources, the possibilities are endless, if it doesn't work then its..

    http://i171.photobucket.com/albums/u298/hogndog/runforhills.gif

    Hogndog

    Thanks for the advice.. :thumb:
  7. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    Hi,
    One thing to keep in mind here is that RSS/RVS virtualization will have a significantly lower impact on your resources than sandboxing through the firewall. Try both and make a comparison...

    Mike
  8. pegr
    Offline

    pegr Registered Member

    From my own experience, I agree with this but I would just like to add a few additional remarks for hogndog while we're discussing this.

    The term sandbox is often used with two completely different meanings. The first use of the term refers to running programs with restricted rights in the real environment and the second use of the term refers to running programs with normal rights in an isolated virtualized environment. As the two uses of the term are conceptually very different, personally I prefer to use the term sandbox only to refer to separation by isolation. I wouldn't make a direct comparison between GeSWall and RSS/RVS for example because they are very different types of software.

    On my system, sandboxing in the policy restriction sense has never produced any adverse impact on system performance that I have been able to detect. This includes the automatic sandboxing of applications by the Comodo Firewall, which is currently performed by policy restriction rather than virtualization. I have noticed a small but noticeable impact on performance though when using application sandboxes such as Sandboxie, which work by file system and registry virtualization. This includes the manual sandboxing of applications by the Comodo Firewall, which does use virtualization for manually sandboxed applications.

    From my experience, disk virtualization software such as RSS/RVS does appear to be lighter in resource usage than application virtualization, at least it does on my system. Because disk virtualization operates below the level of the file system, other applications tend to be unaware of its existence, which also reduces the potential for conflict. Application sandboxes on the other the hand have a higher potential for incompatibility with other applications and need updating more often to cope with change. Another feature of disk virtualization of course is that the protection it offers is system-wide, rather than focusing on specific applications.

    I assume the difference between the two virtualization technologies also explains why disk virtualization is not weakened on 64-bit systems whereas application sandboxes are not quite as effective on 64-bit systems due to Kernel Patch Protection.
    Last edited: Nov 26, 2011
  9. hogndog
    Offline

    hogndog Registered Member

    Well this is a fine kettle of fish Firefox kept popping out of that firewall.. :argh: Plan two; Geswall without any antivirus just the Comodo firewall with Defense + The Comodo firewall is in my opinion the best firewall on today's market, add the attributes of Geswall my machine should be bullet proof.. :rolleyes:

    Hogndog

    Haven't taken the plunge yet have to reacquaint myself with Geswall..
    Last edited: Dec 1, 2011
  10. hogndog
    Offline

    hogndog Registered Member

    Uh Oh! Me thinks Geswall might not be such a great choice after all.. :'( A little trip to their support forum gave me some doubts. Its been a wee bit too long since the last build. If they aren't going to develop Geswall beyond the current 2.91 version then there isn't much sense in pursuing it. I sent off two letters asking if they intend to have any further support. I brought this from their support forum for anyone that's interested.. :)

    http://www.gentlesecurity.com/board/viewtopic.php?t=446

    Hogndog

    If i try Returnil I'd like to get some extra memory so I sent off for some 2 Gb's from Crucial.
    Last edited: Dec 1, 2011
  11. pegr
    Offline

    pegr Registered Member

    If you particularly like GeSWall and want something similar, perhaps you should also take a look at DefenseWall (32-bit only) and AppGuard (32/64 bit).

    I'm not saying you shouldn't try Returnil - it's a great program; only that you can't make a direct comparison between Returnil and GeSWall. Returnil is primarily virtualization software with added features and GeSWall is policy restriction software. See here: http://www.gentlesecurity.com/docs/geswallfaq01.html#q4

    Virtualization software and policy restriction software work well in combination. I use both types of application as you can see from my signature.
    Last edited: Dec 2, 2011
  12. hogndog
    Offline

    hogndog Registered Member

    Thanks Pegr great information, hadn't seen it before, that piece about VmWare/VirtualPC is another area I've been exploring, is why the need for extra memory, that puts an extra load on a machine. I went to the Comodo forum to explain myself. A couple of reasons for the glitch, some programs run in the sandbox require user interface, some programs will run until the firewall deems them safe, then spits them out for good. They have a new build coming out 6.0 In my opinion Comodo would do better to concentrate more on that firewall of theirs. Lets say you use Geswall and that firewall with Defense + you'd eliminate the need for an antivirus "in my opinion of course" :argh:

    I'll look in to your suggestions but i want my findings to be free applications..

    Thanks again.. :thumb:

    Hogndog
  13. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    Perhaps, perhaps not. For some with the experience and a high level understanding of Windows; a HIPS approach can be both liberating as far as resource use and efficacy. Where the rub happens is when a user either answers a question wrongly or formats an improper rule.

    For the majority of users who tend to be new to average, there still needs to be some form of expert feedback on the efficacy of their security strategy and this is the main strength of an AV/AM (read canary in the coal mine). Combine that with a form of instant system recovery and you have (in my opinion) the perfect defense against the majority of malware. Simply restart the computer following an alert and you are back up and running with confidence that your system is clean rather than having to wait for a scan/removal process to take place or mucking about in the OS to make sure all is well. Also note that ANY user can do this without needing tech support to visit their workstation to resolve the problem and you have a very efficient, safe, and effective way to keep your employees and/or public system users happy and productive.

    In the case of a home user, this also applies in the same way, but with the added benefit that they will not need to track down their techie relative or face the expense of a trip to the local cleanup technician to get their system cleaned and you can see the benefits of the approach we designed in RSS Pro.

    Mike
  14. hogndog
    Offline

    hogndog Registered Member

    Hi Mike thanks for the feedback, well i finally got my browser to work in the Comodo firewall, found out what i wanted then got back out. Another plus in my favor is my router, a Qwest M1000, didn't mention that before. I'm pretty sure there is a firewall in that router, at least that's what I've been told. When i get that extra memory installed Returnil is next on the list, until then another go at Geswall. I've sent two letters to their support people asking about a possible new version, so far not a peep, I know others are curious as well. o_O

    Thanks..
    Hogndog
  15. constantine76
    Offline

    constantine76 Registered Member

    Nice insights here.

    @pegr,

    I see that you use Comodo's sandbox for browsers. I have CIS v5.8 and have problems with printing in pdf while in a CIS sandboxed browser. Might you know a workaround for this. I cannot print and seems the plu-in of the pdf printer is blocked. A friend has similar oservations also and asked the Comodo forums but still no workaround.


    @hogndog,

    CIS ver6 will be equipped with full virtualization. Have you tried RunSafer of Online Armor?
  16. hogndog
    Offline

    hogndog Registered Member

    I haven't had to deal with that end of it yet but i did find this, and it just may be the answer.. :thumb:

    How to Tame Comodo Defense+ 3 Without Disabling It

    A. Your security settings

    First of all, in order for the suggestions in this article to work 100% properly, Comodo's Defense+ level must be in "Clean PC Mode". If not, My Pending Files will not automatically detect new potentially dangerous files for you to evaluate. If you don't want that, do not follow section C (reading it may still help you).

    Secondly, although optional, checking everything under Defense+ "Monitor Settings" (Defense+ Tab>Advanced>Defense+ Settings>Monitor Settings) will increase your security. It'll cause the alerts to appear more often, but if you follow this guide properly, that won't be of an issue for your trusted programs.
    .. :)

    http://www.techsupportalert.com/content/how-tame-comodo-defense-without-disabling-it.htm

    Hogndog
  17. constantine76
    Offline

    constantine76 Registered Member


    There are some issues still with the CIS ver5.8 D+ I see some posts in the Comodo forums that they disable the sandbox so you'll get an alert(pop-up) to anything that may bypass D+. Take a look at this xttp://forums.comodo.com/news-announcements-feedback-cis/bypass-defense-xls-file-t78307.0.html and xttp://forums.comodo.com/news-announcements-feedback-cis/malwares-bypasses-defence-easily-without-alerts-t78036.75.html

    I don't know when will ver5.9 will be available. I do not have CIS sandbox "on" so alerts will show. The issue with the pdf printer plug-in is at that and waiting for full virtualization in ver6. If I will not print via pdf then CIS sandbox is okay. But as compared to Online Armor's RunSafer I can print via pdf. About the printing in pdf it's xttps://forums.comodo.com/beta-corner-cis/print-in-pdf-with-browser-inside-comodo-sandbox-t75800.0.html;msg542842#msg542842

    Have tried Bufferzone but cannot make it work with Comodo. After reboot I would get a blank screen after the "Welcome"(Win7).
  18. hogndog
    Offline

    hogndog Registered Member

    Haven't tried Online Armor for a while, I'm having issues with the antivirus engine in the current build of Comodo. I'm thinking the new build will have a lot of this cleaned up, hope they incorporate XP into those plans.. ;)

    Hogndog
  19. pegr
    Offline

    pegr Registered Member

    I'm sorry but I've never used the Comodo sandbox in manual mode to virtualize the browser, so I haven't experienced the printing problems you are referring to. I use Sandboxie for application virtualization, not Comodo. If the Comodo sandbox is causing you problems, you could consider using Sandboxie instead.
  20. constantine76
    Offline

    constantine76 Registered Member


    Oh, I thought otherwise. Sorry for that. I do have SBIE but it will soon expire so am trying ther freeware stuff now. I do not want to replace CIS on this pc(I have OA on the other which I use the RunSafer with the SBIE that will expire soon). For now it's okay until it expires. I went to the Bufferzone forum earlier and there are a lot of posts that aren't replied to...going the way of GesWall I see.
  21. cm1971
    Offline

    cm1971 Registered Member

    DefenseWall and Returnil work great together.
  22. pegr
    Offline

    pegr Registered Member

    Glad to hear it - that should be the case. :)
  23. hogndog
    Offline

    hogndog Registered Member

    Re: Returnil Geswall Buffer Zone & Sandboxie

    I landed in a slightly different zone the Sandboxie zone.. Years ago when a TRS-80 was a twinkle in my eye Sandboxie was a million miles away, I'm thinking that was in 85. Well, now that its installed, for the second time, I'm seeing what i was missing the first time, this is so easy to use a child could use it, for you parents out there when you consider the dangers that lurk in the background this application should be a must on your machines.. :thumb:

    Hogndog

    http://www.sandboxie.com/

    I'm assuming this will work with Returnil? :)
  24. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    Re: Returnil Geswall Buffer Zone & Sandboxie

    Yes, SBIE and RSS/RVS work well together.

    Mike
Thread Status:
Not open for further replies.