Returnil

Power Shadow 2.6/Returnil user here.

I regularly install/use BOTH because they both have proven themselves for me and in them i have the best of two worlds, with Returnil the imaginary partition is placed in RAM whereas PS's is to disk.

It would be fruitless now to make mention of the once fancy/luxury (features)of FD-ISR because that program no longer affords a user the benefit of creating up to 10 individual & different systems (snapshots), all bootable with unlimited archives which also in reality could be transformed to even exceed that former 10 snapshot limit, but not at the same time.

But for those fortunate to still have the genuine versions it remains a PRICELESS tool with enormous advantages which include of course it's main measure of importance, it's immediate system recovery.

I find SESSION LOCK in Returnil only of benefit if the need arises where the active system could face peril, such as probing a dodgy site for sample malware to determine if any are new in nature since last visit. This is from a research standpoint of course, but is chiefly the purpose BOTH Returnil & Power Shadow serve for me locally.

I think another good combo is SandboxIE + Returnil, where the Sandbox effectively keeps the internet channel browser of choice contained and anything entering is confined and can be deleted completely afterwards.

 

Returnil is my new best friend. I crank the machine up in the morning, get my av download, and Returnil gets turned on and stays on for the remainder of the day.

I've also got geswall that I use occasionally, if I'm going to a new site I've never visited before. I trust no site. Mostly, Returnil carries the load for me. I'm as high on this software as I was with Powershadow, which I loved.

 

Hi,

The version of Returnil you guys are using is free? I thought so.

I just saw a 2008 premium version on majorgeeks, asking $29.95/yr.

Will the free version of that be available as well?

 

Good post, Returnil will still be on mine in the morning.

 

Since I´m not an user of virtual programs (except Sandboxie), and also a dedicated gamer, I just wonder if Returnil will have some negative impact on performance? I will test it anyway, but any views on this would be appreciated.

/C.

 

No performance hit for me. Same is true for DeepFreeze. In fact the reverse may be the case with systems running a bit faster.

set up your system the way you want it. run cleaners, reg cleaners if wanted or needed. Finally use Perfect Disk to defrag C: and then freeze. remember what you freeze is what you get - so if something is slow opening now it will remain slow opening. fix that problem first and then freeze.

Do this say once a week - updates can be left for a few days - and when you boot C: will always be as perfectly fragmented as makes no difference.

 

Agree with Long View, since you are using Sandboxie anyway, Returnil would let you dump all other security apps and oh, yes, you will see an impact on performance, a very positive one.

 

Alrighty, I´ve tested Returnil 1.70.7502 and it delivers as designed BUT...

1. The virtual driver doesn´t work by default if you are a limited user. You have to give the user write permission for the virtual driver (LUA bug).

2. You can´t decide which files or folders to exclude from virtualization.

I seems that the beta version, 2.0.0.2555, is using a file/folder manager instead of the virtual driver which I consider an improvement. I don´t know if the LUA bug is solved. If someone is running the beta version, is it stable enough to install?

/C.

 

Hello johnwilliam,
Try the following and let me know if you continue to have any issues:

1) Boot into Safe-Mode
2) Log into an administrator's account
3) Click Start > all programs > Returnil > Uninstall
4) Reboot your computer when requested by the wizard
5) Restart in normal Windows
6) Log into your Administrator's account
7) Navigate to the C:\Returnil folder and delete the file RVSYSTEM.dat if it is there. To see this folder, you may need to enable the "View hidden files and folders" option in Windows Explorer
8 ) Perform a complete scan of your system with an updated and current Antivirus and Antispyware to ensure your system is clean
9) Defragment your hard drive
10) Download a new copy of Returnil and then install

Steps 7, 8, and 9 will ensure your system is clean and that RVS will perform at optimal level.

Mike

 

Hello Cerxes,
The Virtual Partition can be used by Limited users. The only restriction is that they cannot write to the root of the VP. To test this, open your VP in the Limited account and then create a test folder. Once created, open this folder and save your files/data as expected.

In #2 this is true to a certain extent in 1.70 but you can save any file or folder within your VP as described in my reply above. We recommend using alternate data partitions for this and added the VP as a convenience for those who only have a single partition (C:\ for example)

Version 2.0 has change commit and choice of cache method as its core upgrades. This does allow selective change commit as well as total session save. For testing purposes, the change commit is limited to the file cache method.

Our internal and initial external testing to date has shown it is extremely stable, but it is BETA software so should be used/tested with this at the front of your mind. If you do test it, please do not be shy with your reports as we welcome all feedback be it positive or negative...

Kind regards
Mike

 

A friendly reminder that there are trojans in the wild that will bypass the protection from powershadow/shadowuser/deep freeze and others similar. Which means trojan will be installed on your system even after you reboot/restore.

The good news is: these trojans are mainly targeting Chinese users which used to steals online game accounts (these security applications are very popular in internet cafes and School/university pc labs).

Just be warned!

 

I read this before but never seen any evidence. Does anyone have any verifiable source for these concerns ? I seem to recall reading that deepfreeze had been vulnerable but that it required fairly lax behavior on the part of the user. Put simply I would like to distinguish between some vague possibility and examples of actual harm. Perhaps ColdMoon will be able to clear this up as far as Returnil is concerned ?

 

I tested it today, it works except the virtual partition fails to start but doesn´t matter that has no essential disadvantage.

 

I tried the free version and liked it, but didn't see any easy way to tell it for example to ignore my Outlook data file, so that I could virtualize everything except my email and a few other things that I use daily and want to keep. I suppose I'd have to move the .pst file from Outlook to the virtual drive? Don't really want to do that, I'd rather be able to tell Returnil to just ignore certain folders or files...

 

How about using partitions ?

C: for OS and programs
D: for data

move my docs from C: to D: same with pst and Firefox profile
makes C: much smaller and more flexible when it comes to imaging - faster restorations

 

That is basically what you can do with the new beta.

 

If that happens, I restore a clean system image = 10m. If that doesn't work, I zero my system harddisk first and restore a clean system image = 30m.
So these scaring trojans aren't so scaring anymore, they are now peanuts like the Killdisk Trojan and Joanna's invisible things.

 

here, and all I do is update the files or folders selected and any changes I have made are not blown away.

 

Even in the remote chance, that is why I like the combo of Sandboxie and Returnil. It has to first get through Sandboxie on the front line, and then Returnil is waiting to nuke it on reboot. I would say this is a better approach then already having it and waiting to detect and try to remove it.

 

What trojans are supposed to be able to bypass these virtualization programs and by what method are they supposedly able to do it??

 

Hi SystemJunkie,
Uninstall and then reinstall RVS but make sure the VP is at least 200 MB and let me know if you continue to have issues loading it. If you do, let me know what the exact text of the error message is so I can take a closer look at this.

Mike

 

Very cool.... thanks. I will definitely have to have a look at the beta then...

 

Hello R8y,
This is very good advice. The develeopment team has been aware of these and has been working towards permanent solutions. In the interim there are two things to know:

1) These trojans need Administrative permissions. So make sure you are using limited accounts or UAC in Vista to make it harder for these to activate properly

2) Starting with 1.7X and above, the software includes a warning to the user should there be a change that compromises the System Protection Engine. If you recieve the following error message from RVS it is recommended to do a complete, in-depth scan with your antivirus/antimalware solution to detect and remove them:

"Warning! The System Protection Engine has been compromised!"

Mike

 

Very worthy approach trjam.

I employ this same approach routinely but also throw in EQSecure as an additional precaution since it intercepts SCRIPTS!!! and other various file associations to go along with monitoring driver/services installs etc.

There absolutely "MUST" be IMHO some solid watch guard between a Sandbox and Virtual Reboot-To-Restore for optimum coverage. After all we're dealing here mostly with these set ups that omit the employ of AV's, avoiding both resource drain and conflicts not to mention signature gaps which are their chief limitations.

 

As mentioned by coldmoon, Admin previlidge required by trojans to either use low level disk access to bypass such protection or modification of userinit.exe of your windows....Probably some other ways as well which I am not aware of.

But most of these trojan used arp spoofing within a LAN to try and infect everyone (as I mentioned such protection system popular in internet cafe and pc labs in China, with ARP spoofing, over reliance on such security applications and not up to date patched operating systems, such network and system is open for compromise.