So I tried Returnil 2010

Discussion in 'Returnil Betas' started by Boost, Oct 1, 2009.

Thread Status:
Not open for further replies.
  1. BlueZannetti
    Offline

    BlueZannetti Administrator

    Think about this from a structural perspective.

    OK, there may be something out there in principle waiting to blow by everything..., personally I'm not going to worry about me being the first hit by that (and if I am subject to that 1 in a billion chance - WHS allows a bare metal reset to virtually any point in time - remember - backup backup backup).

    So..., LUA - the scope of action of anything that runs is limited. Problems can arise, but not propagate system-wide. In some respects, this is the most critical element of all.

    SuRun, an essential patch-up for legacy apps that don't play nice in LUA and a bit of a convenience for performing any admin level functions. Renders LUA user friendly.

    RVS 2010 - want to up the protection level dynamically (say surfing to unknown territory or check some link posted here)? Jump into a virtualized mode. LUA limited scope with respect to the system, this limits it with respect to time.

    However, when not in virtualized mode and/or committing content to the real disk - an AV is present as an ever present backstop. There is some level of automated (assuming real time is active) expert system check that any downloaded file is OK. Yea, this is not foolproof, but it's certainly much more of an analysis than I'd do on the fly.

    Also, I tend to have the AE functionality active in RVS 2010, and I personally think this is a bit of an unheralded and very useful additional. The more I think about this piece, the better I like it.

    That's the logic. Layered in the sense that I believe is useful. Flat in terms of conceptual basics.

    There are certainly some rough spots needing to be ironed out. That's par for the course on a major version upgrade whether we like it or not. The glitches here are performance based and that needs to be kept in mind. I have yet to experience anything untoward with any version of RVS.

    Blue
  2. SammyJack
    Offline

    SammyJack Registered Member

    BlueZannetti:

    "I have yet to experience anything untoward with any version of RVS."

    conceptual,performance,all the same if it will not work.

    Constant CPU use of 50%-100%,plus the inability to register the
    product do not amount to "untoward"?
  3. pegr
    Online

    pegr Registered Member

    The logical extension to this is the addition of firewall and anti-spam in RVS 2011, then the suite will be complete. If part of the point of adding AV to Returnil is to increase the appeal to the mass market, I doubt it is likely to have the desired effect. The average person who uses a suite is not likely to have heard of, let alone be interested in, lightweight virtualisation applications.

    On the other hand, the kind of people who do use applications such as Returnil will probably already have an AV as part of a layered defence, and are unlikely to want a second one embedded within an application deployed for an entirely different purpose. The anti-execute features within RVS on their own should be enough to prevent the virtual layer from being penetrated. I would have preferred to see further extensions and improvements to the core functionality of Returnil, rather than adding an AV with the consequent drain on resources of maintaining it with up-to-date signatures. This coupled with the fact that, from a preventative point of view, blacklisting is somewhat hit-and-miss when compared with the default deny of an anti-executable.

    Comodo are going down the same road with the proposed inclusion of Comodo Time Machine in Comodo Internet Security. The difference though is that the design of CIS is modular, and the various components can be installed individually as required. Turning off the AV in RVS 2010 is an option, but will the AV component be unloaded from memory and the RAM it uses released? I suspect not.

    Please don't take this as a criticism of your post, Blue. I'm merely stating an alternative point of view from a different perspective.
  4. BlueZannetti
    Offline

    BlueZannetti Administrator

    This is easily dealt with via an uninstall or boot to a second partition. This is an inconvenience.

    I have had new product issues blow away an OS installation. That is quite untoward. As would be items such as file corruption, being unable to gain internet access via Winsock corruption, and so on.

    Blue
  5. BlueZannetti
    Offline

    BlueZannetti Administrator

    I understand that, and believe that we really need to get a sense of true performance dimensions of RVS 2010 first. That's still an open question.

    I agree that a modular design which basically eliminates deselected product functionality from installation in the first place is the preferred way to go. However, this does present a somewhat more complicated design challenge.

    I really wouldn't compare the inclusion of CMT into CIS in the same category. As I've noted elsewhere here in the discussions of CMT type solutions, there's a degree of inherent instability in the approach used by CMT that any user of that technology really needs to fully appreciate before pulling the trigger on use. Inclusion of that type of module into a general use product is fraught with issues.

    Here we have a minor product feature set extension. I do think you can make a good case on either side of the argument. That itself says that either perspective needs to be served well. What this means is that you cannot have any conflicts emerge. There can be no significant performance or realtime resource consumption hits. The feel in use needs to be very similar to RVS 2008. In my testing with the early betas, on my machines (which are older P4's running XP Pro), at least that appeared realized.

    RAM usage from what I've seen thus far is in the noise in a typical current configuration (~ 1-2% on a 1 GB - 512 MB system) and I tend to ignore that. I don't ignore system responsiveness at the keyboard. This really can't suffer a perceptible drag, and I hope it doesn't.

    If the evolution were towards a complete suite (antispam, firewall, etc.) with light virtualization becoming one of many functionalities, I agree, that would not be a direction that I'd recommend.

    Blue
  6. pegr
    Online

    pegr Registered Member

    Hi Blue,

    Yes, I agree with the main thrust of your post. As always, your posts are constructive, helpful, and of a high quality.

    The only reason I drew the parallel with Comodo was to illustrate how a modular design within a security suite can permit a choice of components during installation. I wasn't trying to imply that Returnil is in any way similar to CMT. Personally I would be nervous of trying CMT due to the potential for data corruption implicit in the approach used by CMT, as you correctly pointed out.

    It's interesting that you found the increase in RAM to be insignificant. On my XP Pro system the RAM went from around 6-7 MB for RVS 2008 to over 20 MB for RVS 2010. RVS 2010 also conflicted horribly with AntiVir Premium, although I believe that Coldmoon has already said that a reason for the conflict has been identified, so maybe this won't be this won't be an issue for users of other antivirus solutions.

    In the end, it does come down to a matter of user perspective. Some people will no doubt like the incorporation of an AV in RVS 2010, while others won't. I agree that what does matter is the quality of the implementation. For many users, RVS 2010 will be installed alongside an existing antivirus, so it is important that Returnil cooperates with other security software without conflicts or performance issues.
  7. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    Hi pegr,
    Firewalls and anti-spam technologies are not target features. The next step in the evolution is simplification and optimization. There was a need for a slight increase in complexity for 3.0, but this is only due to a "first generation" situation.

    Mike
  8. BlueZannetti
    Offline

    BlueZannetti Administrator

    I see the same numbers, but on a 2 GB RAM system, a 13 MB piece of RAM is less than 1%, hence my qualifier of insignificant. In one sense, fluctuations of ~ 1% are lost in the noise (watch Firefox with a number of tabs active). I do realize that a bunch of increases among a collection of running processes, each individually "lost in the noise", can sum up to be an issue of net RAM utilization.

    Blue
  9. BlueZannetti
    Offline

    BlueZannetti Administrator

    By the way...., at least from what I see on my machine, the CPU utilization issue appears resolved (at least for me).

    Blue
  10. pegr
    Online

    pegr Registered Member

    Hi Mike,

    I was being slightly ironic. I didn't really think you were trying to build a full-blown security suite. ;)

    Seriously though, if you could manage to solve some of the key technical issues that make Returnil slightly inconvenient to use: e.g. extending virtual sessions across reboots, being able to exit virtual mode without a reboot, etc, IMHO that would be a big step forwards.

    Regards

    pegr
  11. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    Hi pegr,
    In internal testing - look for it at some point in the 3.1 series (tentative).

    Still working on this, but may be a consequence of the virtual sessions across restarts. Don't hold me to that however as there is still a great deal of testing to do.

    Mike
  12. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    Fantastic :)

    There will be a new build available next week that should provide relief for others who may still be affected following the fixes from today. Stay tuned ;)

    Mike
  13. pegr
    Online

    pegr Registered Member

    Apologies Blue, I misread your post. I thought you were saying that the increase in RAM usage on your system was only 1-2%. I didn't realise you meant the new version uses 1-2% of the total available RAM; so yes, we do indeed see the same numbers. :)

    Regards

    pegr
  14. pegr
    Online

    pegr Registered Member

    Hi Mike,

    That's great news! Awaiting 3.1 with keen interest. :thumb:

    Regards

    pegr
  15. Robin A.
    Offline

    Robin A. Registered Member

    What would be the difference between "extending virtual sessions across reboots" and the current option "on computer shutdown - save all changes"?
  16. Coldmoon
    Offline

    Coldmoon Returnil Moderator


    Hi Robin,
    The concept is basically allowing you to test a program that requires a restart of your computer to install for example and follow the results through the initial restart or over many restarts. Then when you are done with the "session", simply dump it and you return to the state your system was in when you first turned on the virtualization.

    Saving content at shutdown commits the changes to the real disk immediately as though RVS were not installed without a similar means to return the real system to the same state as above.

    HTH
    Mike
  17. Uli9000
    Offline

    Uli9000 Registered Member

    Hi folks

    It's quite a debate going on here. I'd like to add my side as a relatively novice user. The inclusion of an AV on RVS 2010 seems to me a good idea. I am currently running it alongside Avast with no issues. The excessive cpu usage and stalling updates seem to have passed. The AV has already picked up a number of malware/virus items that Avast missed so it would seem to have justified it's use already. Good realtime protection plus the security benefits of virtualisation provide a real boost to non tech-savvy users.

    Thanks to all the folks here and at Returnil.

    Uli
  18. Firemage
    Offline

    Firemage Registered Member

    Where did you find such performance? :) On Vista SP0 ? :)



  19. Firemage
    Offline

    Firemage Registered Member

    I think that to get full suite returnil must add such functionality:
    - firewall
    - antikeylogger

    But why do you need Antispam? Do you really think that any user tries to have personal mail server on its PC? I think that antispam must to be privelegy of dedicated servers. If your mail provider do not protects you from spam than I don't see any reason to not use gmail as default...

    But I'm really agrees with you that RVS installer must include options to do not install default AV.

    But as for me - than I think thah RVS AV is must to have with any defferent AV's. Currently I using KAV + RVS



  20. pegr
    Online

    pegr Registered Member

    I wasn't suggesting that RVS should develop into a full suite, but if it is the view of the developers at Returnil that adding an AV is beneficial to securing the main function of RVS as a partition virtualisation application, in order to help detect and prevent malware penetration, then so be it.

    Personally, I would have preferred a different approach but the important thing is the quality of the implementation, which means that RVS Virus Guard needs to be compatible with other security software (including other vendor AVs) that the user may have installed without causing any conflicts or performance issues.
Thread Status:
Not open for further replies.