Returnil is this the answer to all you need

Discussion in 'other security issues & news' started by damian666, Jul 28, 2007.

Thread Status:
Not open for further replies.
  1. damian666

    damian666 Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    63
    Hi All
    Ive been using a security app called Returnil, Its easy to use and seems very effective.Have any of you had any expereance with it, If so do you know if you could get rid of my anti-virus firewall and other security apps and just run with Returnil in protection mode all the time to keep safe.Might be a silly idea but thought id ask anyway
    Thank you alls
     
  2. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Not a silly idea at all. I have been using Returnil for a while now with no software
    firewall, anti-virus, anti-spyware, hips.............

    There are 2 parts to the argument here:

    (1) I personally have never seen a virus in over 11 years of surfing. Since moving to broadband 4 years ago I have been protected by a Hardware Firewall.
    My mail is collected and scanned before I get it and I use Firefox - No scripts.

    (2) If anything bad did ever get in it would be gone at the next reboot.


    I believe that far too many run far too much security and as they load up ever more programs they fail to see how much damage these programs are doing to performance. How do you boil a frog ? Answer - put it in a pan of cold water and slowly turn up the heat. It will not move or notice.

    When I removed all security I noticed that a program that used to load in 5 or 6 seconds years ago but with security installed was taking 30 seconds now was loading on 6 seconds again - now that all ther crap had been removed.

    For those of a nervous disposition it is always possible to load anti-virus, anti-spyware to a protected desktop. Run the programs say once a month to show that nothing bad is loaded and then reboot to remove the programs.
     
  3. damian666

    damian666 Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    63
    Thanks for the quick reply i think im going to just run with Returnil for a while now to see how it goes.Do you have any tip or advise before i go a head with this exciting idea like would i be safe with passwords on my online banking etc i use roboform at the mo but was just thinking if i did not have a firewall and used Returnil would someone be able to get hold of my passwords etc
    Thank you
     
  4. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    I'm interested in trying Returnil, but I wonder if the program makes any system changes that persist if I decide to uninstall it. (MBR, Partition, etc.)
     
  5. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I also use Roboform with MyRoboform data held on my data drive F: so Reurnil does not have any impact. You can increase the level of security with Roboform to very high levels. The only thing I have changed is to set auto log off to 5 minutes from the default of 120 mins. I'm happy to use it this way for credit cards, abnks etc. If you want though you could always run it from a memory stick and if not plugged in it would be totally secure.
     
  6. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I can't answer this one technically but I can say I have installed and uninstalled without problems. I also use FD-ISR and Acronis. Acronis allows for imaging of the MBR and restoration -- no problem here either.

    Before trying you perhaps ought to make a system image with a program like acronis - which images the mbr and then if you need to you can restore without a trace.
     
  7. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    If you don't have a router and or firewall, your computer will be infected very quickly and all your data would be at risk. You have to have some sort of inbound protection. It's not the hackers anymore, but it's millions of other infected computers automatically seeking out others to infect. Running security software with Returnil will protect your data when online. If your running Returnil protection and happen to go to a site that infects your computer and then you go to your banks site and enter your information, the trojan has already captured that data and sent it to the bad guys. Returnils main advantage is that when you reboot, the trojan should be gone. The damage has already been done though. If your a safe surfer, you probably don't need the extra security software. If your like me and not that sure about everything, then the extra layers are handy. Either way, you still need a firewall and or router unless your an expert and can open and close your ports manually. Returnil is great though, especially when surfing the internets rough neighborhoods or checking links that your not sure about. I even run Returnil with Sandboxie and they work fine together.

    Cheers, innerpeace
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,

    Even if he does not have router or firewall, he needs not get infected very quickly.

    If all his ports are closed, then no worries.

    Even if some are open, if the services listening to them have no vulnerabilities, then they cannot be exploited. End of story.

    Mrk
     
  9. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    Ok, I've always wondered this. You said 'If all his ports are closed'. What exactly does this mean? All the services disabled that listen on the ports? I've always assumed the 'closed ports' meant that it's an expert only area of expertise. To the best of my knowledge, I have disabled many services and the only thing listening now is Avasts' Webshield.
     
  10. damian666

    damian666 Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    63
    Hi
    I have thought about inbound and outbound connections so i am using sygate firewall with returnil no anti-virus or realtime spyware protection though.Just trying to keep my surfing and computer speed as fast as possible.Do any of you see anything wrong with what i am doing
    Thank You
     
  11. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    For general surfing no, it's ok. There is always a chance that you can get malware during your protected session and it can relay any information on your computer back to the bad guys. Nothing is a silver bullet as far as protection.

    Others may say run Returnil and nothing else, but I will not say that. There is just too much change in malware that one program covers or protects it all. Also keep in mind that Returnil only protects the system partition only. This is usually the C: drive or where Windows is installed. It does not protect your other partitions.

    You can do what you want and I really like and use Returnil myself. Just keep in mind that during that protected session that you can get infected and any information leaked out or captured by the malware such as bank account numbers, passwords, usernames etc. are already owned by the badguys. Like I said, a reboot will remove the infection, but, the 'damage' will be done.
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,

    innerpeace:
    Ports are no magical thingies. They are endpoints for connections that can be established to and from the machine. If there's no application bound to a port, this port has no reason to be active - hence closed.

    Incoming packets to closed ports will do nothing.

    If you wish to receive incoming connections that you did not initialize, you will need open ports. You will have applications / services / whatever listening to these ports - listening means waiting to accept packets.

    These applications will receive packets and act accordingly.

    For example, web servers have their port 80 open to accept http traffic. Thus, if you send a query for a certain page to your dns server, it will then delegate your request further until you receive the desired info back via a chain of servers.

    But if the port is closed, nothing will happen.

    Likewise, if you send wrong info to this port, nothing will happen. For example, if you send your skype session packets to a web server, it might know what to do.

    Now, more seriously, someone tries to hack you, by sending a long string of commands to an application listening on a port.

    If the application is not what the sender intended, the commands will fail.
    If the attempt is to exploit a vulnerability that has been patched or does not exist, the commands will fail.

    And so it goes.

    damian:
    Sounds good to me.

    Mrk
     
  13. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    I have a hardware firewll but I still run PC Tools FW for outbounds, mainly ms apps phoning home.

    Running Returnil for other system protection is fine but you could still pick up a nasty which will require a reboot to be rid of.

    Hence the reason why I still run FF with noscript through Sandboxie.

    Any and all inet nasties are contained to the sandbox and a simple "delete contents of the sandbox" will give you a clean slate instead of having to initiate a reboot.

    All my trusted sites and login details are done outside the sandbox so as they remain when the sandbox is emptied and FF is resandoxed with all my details staying intact.

    Of course all the login details have to be done outside of Returnil mode as well in order to stick.
     
  14. damian666

    damian666 Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    63
    Thanks for the reply.So would you be happy to use just a good firewall and Returnil or would you have anti-virus aswell
     
  15. damian666

    damian666 Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    63
    Thanks for the reply.So would you be happy to use just a good firewall and Returnil or would you have anti-virus aswell
    Thanks
     
  16. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    If there is nothing to leak then the bad guys stay emptyhanded !!use no autofill and have your precarious stuff offline, though useble are anti keylog and such stuff like Roboform pro [one click fill form without touching the keyboard].
     
  17. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    damian, I have several comps running only firewall.
    Mrk
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    The other advantage to Sandboxie is you can set it so your data area's aren't accessable from the sandboxed application. Like right now, I simply can't download into the my documents area.
     
  19. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I could be wrong, but the way you have to do this in Sandboxie wasn't really userfriendly.

    DefenseWall has a similar function : "Secured Files" and you only have to specify the disk and/or folder to protect it against access of untrusted applications.
     
    Last edited: Jul 29, 2007
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I guess if having to type a line in a config file isn't user friendly you are right. I tried Defense Wall, just could never tell if it was doing anything. Also I didn't like the fact, that I could have an online session, and not make everything go away.
     
  21. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    Mrk: So, there are no port unicorns :D ? Seriously, thanks for you reply and clear explanation. I think I got it. It's the things that I don't understand that keep me cautious. Now that I understand more about ports, thats one less thing to worry about.

    Peter2150: I'm using Sandboxie 2.86 and when running FF sandboxed and I download something to my documents, I always have to recover the file in order to get it to my docs. I haven't edited the configuration of Sandboxie so it could be default.

    Cheers, ipeace
     
  22. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    If you're looking to keep things simple then yes its a simple but effective solution. All i run these days is either powershadow or returnil combined with my hardware firewall.
     
  23. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Well, for some persons it is con, for others- pro. So, it mostly depends on auditory developer aim for. As for software products- you can always choose the one that meets your requirements, and that is really great!
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Ilya, I totally agree, and it is clear DW, has a satisfied audience. That is great.

    Pete
     
  25. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    The biggest risk I can see because Returnil requires a reboot to ensure that any infection picked up is cleared is that you become lazy / complacent and after some period of surfing go to a secure site such as a bank or whatever and enter your personal details, all the while having a keylogger on your system. One way to protect against this as someone has already suggested would be to run an app like Sandboxie alongside Returnil, in such an instance you can simply empty the sandbox before going somewhere sensitive.
    This is the type of setup I am trying at the moment, but I personally see little reason to drop either my AV or HIPS.
    I think a lot of this type of thing comes down to trends, we have had the run as much security as you can fit on your machine trend, and now as virtulization is taking off we are moving full circle to the run as little as possible, Assess the risks for yourself (only you truly know what risk your surfing habits pose to you) and march to the beat of your own drum.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.