Returnil

Discussion in 'sandboxing & virtualization' started by Ghostcloak, Nov 29, 2007.

Thread Status:
Not open for further replies.
  1. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country

    Sorry for not being clear. I agree, of course, that the system partition is unchanged in both cases but the susceptibility to attack need not be the same for all boot to restore programs - a nasty might find it easier to attack one compared to another. I have no idea which method is safest but would not expect differing methods to be all equally safe or all equally risky.
     
  2. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    no they are very different. With Eriks approach you go back in time and loose anything you may have chosen to save. With Returnil Beta you can choose to save as you go, so on a reboot like my kids games, changes they have made are still there. Screw the AV idea as I wasnt thinking. I can do a online scanner like Kaspersky to check things, either in protection mode or out. My only last remaining issue is email. With Outlook 2007 any email recieved is lost on reboot and for the life of me I cant figure out how to exclude or save changes to Outlook. Just blew a file away in it so having to reinstall Office 2007. Not a big deal, but coldmoon some advice is needed. I tried to include Outlook from the desktop, the files everything and changes I make are not saved..
     
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Actually Eset 2.7:rolleyes: worked well in it. I was able to save updates and scan records. It didnt touch it which is good.
     
  4. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Do you not want to move the pst file to a non protected partition ?
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I think that is it because that was the one that says was missing when trying to open Outlook. I thought I did.
     
  6. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    ok, you delete the pst file and when it asks for it you point it to drive D which will hopefully cure this issue. Doing it now.
     
  7. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I guess the tough question here is, you get email while in protected mode and dont open it, nor has it been scanned,"how do you like that thought Erik;) ". You come out of protected mode and now the way I am setting it up it is still there, I open it, it is infected and WTF next. Guess Returnil needs to think about that.
     
  8. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    @trjam: Instead of POP, try IMAP, then you wont loose your mails.

    /C.
     
  9. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    ErikAlbert,

    We don't need every thread on every approach to protection turning into a rehash of the wonders of FD-ISR and the other components you've selected to use. We get it. You talk about not using scanners, but from what you wrote above, you use them a lot more than I do.
    Of course users can backup without running their scanners. People do it all the time. I do it all the time. You have a skewed idea of what many people do if you believe these types of operations absolutely must be preceded with a scan.
    Running a scanner everyday? Are you joking? If one wants to schedule an off hours automated scan, why not, but that requires zero discipline. As for scanning itself, once I perform a comprehensive scan, I pretty much back off except for exception based scanning, which I haven't done for longer than I can remember. Prior to that it was scheduled/unattended/off-hours and never looked at the results since I would be alerted if needed - no ongoing discipline required.
    and that's great, it really is. However, since you've implemented that general scheme, and augmented it with prevention of the launch of non-whitelisted executables (AE), moved to running you browser in a sandboxed fashion, and finally prevent access to your data partition from sandboxed applications, you appear to have continued your quest for some mythical security Holy Grail of absolute assurance against anything real or imagined.
    Without knowing what each of us actually does on a daily basis, how can you even begin to make that claim? I'll answer that one myself, you can't.

    As for the subject of this thread - Returnil - I personally find it a much more attractive and utilitarian solution than comprehensive failsafe solutions such as FD-ISR and related products.

    Blue
     
  10. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I just tried to send myself the test virus Eicar and my mail provider removed the zip and sent me the following message:

    ***********************
    A virus (Eicar_test_file) was detected in the file (eicar.zip/eicar.com). Action taken = remove
    ***********************

    If mail gets thru it is then processed by Benign from www.firetrust.com which removes non standard HTML tags, scripting, undesired tags etc

    I don't see how sandboxie or Returnil can help here - a good mail provider scanning and removing spam and nasties is quite important I would have thought ?
     
  11. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I don't think so.

    One can either:
    • Augment with an AV - I know, you may choose not to
    • Use session lock, select the appropriate folder in the File Manager, download mail, update selected folder, read mail, and if anything bad happens, don't update... I assume this would work, but haven't explicitly tried it.

    Blue
     
  12. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    well I dont have that luxury. And the comment made about pop3 and imap doesnt matter as we are talking about a product the average joe would be buying.:) .........I am currently testing on 2 machines to try and make te one last determination on how email is handled and should know soon.

    I mean lets get real folks, total virtualization is great if you boot up, explore the internet and shut down. What I want to know is one, I need to save emails, and that is where Nod is coming in tonight for help, I need to know that what I choose to save is good. I dont know. I like, really like this product, but it just seems to me you have to have a method of providing detection. Because in the real world, some stuff is just going to have to be saved and this beta allows it. Either I go thumbs up or down tonight based on the average users ability and protection, or it is back to Sandboxie and my 55 year subscribtion to F-Secure. I still say the perfect product will have both and please dont say Norman. Avira, you failed IBKs test, and were not certified by VB Bullentin, you have some issues and no casino in Vegas:rolleyes: would take your bet right now. Eset, F-Secure and Norton is where my pappa said,"Go North my son, that is where the best beaver hunting is." Excuse me, a Jeramiah Johnson:cautious: moment.
     
  13. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Using Returnil - Sandboxie here as well.

    XP and Outlook Express.Any suss email attachments are uploaded to Virus Total.

    If the body of the email needs to be saved within OE I can copy and paste any of OE's dbx files to another partition, then back again out of virtual mode.

    Also use an app that shows, manually select and deletes any unwanted emails at the servers end.
     
  14. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    ok with respect stop there, you said any suss emails. You know them but how is the average consumer going to. You found a way that works, but they want to sell this product and make money at some point and if it isnt user friendly, no beans on the table. So a very good comment you made because it made a point I made to coldmoon true. thanks

    the only way I see to handle email is that your email program would always have to be protected, even when coming out of protected mode. Or do the unthinkable and say this is a product that would go well with your AV which isnt going to happen. there is a answer, from a selling point, it just isnt discovered, yet.;)
     
    Last edited: Dec 5, 2007
  15. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    and you may be right. My pointing the pst file to drive D worked.:thumb: all emails an/or changes worked. So that issue is taking care of. thank you Long View and Coldmoon on that. Now the question is what blue said, but blue, even in session lock how are you going to know if it did something bad. It all comes back to either a AV or email program has to always be protected, but now saved.:thumb: I am happy, hungry and tired tonight. These folks are going to get it right and when they do, well, lets just wait.
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    A fully-automated solution doesn't exist (and I believe that we won't see it anytime soon) The user needs to be involved at some point, either setting up the solution (you can outsource :D this to your geek friend) or answering the pop-ups, even if they are few and far between. Relying on security software alone isn't going to work.
     
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    well I always like reading your posts,:) but going to disagree on this one. Returnils help folder is the first I have seen that actually walks you through each step so that even a Southern like me understands. Easy to set up, works well, very well in comparision to PowerShadow and the rest. Yes the user needs to be involved, but the key is informed at the same time. Pop-ups are not a bad thing like some would have you think.

    This group is serious,open, and will make a product that does put a big dent in all the others we talk about here. Fully automated? No, I agree, user understandable?, yes.
     
  18. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    trjam,
    Are you looking for detailed instructions for each application you want to save data for or were you looking for a button that says "Save data for 'X'"?

    Mike
     
  19. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Returnil is a solid app, no doubt on this. But hoping that a security app will solve all our mistakes is naive at best.
    Basic care with mail and/or choosing a good mail provider (filtering spam, executables and scanning for viruses) is an example of an user involved with his/her security process without relying on XXX application.
    I don't expect that we all become security experts (I don't want this, BTW), but adquiring some safe habits shouldn't be that hard.
     
  20. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    how bout one that instead of saving files or folders, says, keep program,protected on exiting out. Then I could choose to exit out for all the updates I might want to do, but leave my email program still protected.
     
  21. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    If I can always leave it protected, why would I ever need a AV.
     
  22. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Or shall we say, "Forced Programs" like another product.;)
     
  23. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Keeping Returnil, for email protection went with Benign by Firetrust. Works very well to.:thumb:
     
  24. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi,
    I thought I should give you time to work through the decision before I replied and am glad that you are staying with RVS. Also to let you know that development will research your idea for possible inclusion in some form in the future...

    Mike
     
  25. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    thanks, actually Long View gave me the idea of the email program which is really very good. Back to testing.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.