You tell me why not Returnil and nothing else

Discussion in 'sandboxing & virtualization' started by trjam, Dec 8, 2008.

Thread Status:
Not open for further replies.
  1. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    LOL,why so disillusioned,may I ask.o_O
     
  2. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    875
    Location:
    Sverige

    indeed, why? :D
     
  3. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Indeed i also want to know why. :p
     
  4. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,388
    Just looked at shadow defender - not much info there on how it works.

    Am I right in assuming that it protects from unintended malware downloads (drive-by) but cannot protect you if you save files intentionally? How about email? What is the advantage over sandboxie?
     
  5. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    875
    Location:
    Sverige

    none, really - returnil virtualizes on the system level, whereas sandboxie's virtualization is application specific. sandboxie is actually quite a bit more powerful*puppy*
     
  6. illicit

    illicit Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    101

    Apples and oranges. A combo of sandboxie and returnil/SD is solid. If you have SD set up with exclusions, and you download a file to that folder, then yes...it is committed to the hard drive. Defensewall untrusting downloads from untrusted sources fixes that problem.
     
  7. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Originally I ran Deep Freeze 6 then I tried the free version of Returnil. I didn't go for the paid version as I don't like the idea of paying every year and I think the program requires activation ? Anyway Returnil was fine with me ocassionaly feeling that it was causing slow downs. Then I tried shadow Defender and have had zero problems. Most of the time I run with no protection. Then when I want to surf to places unknown I turn on the protection with reboot back to normal. while I'm protected I can always use the commit function to save any download. As to any nasty things trying to steal passwords I use Roboform and in any event am not convinced that things are as dangerous as many believe. Did try sandboxie and just never got on with it. My security set up is as per my sig i.e nothing really. The main benefit for me of Returnil, shadow defender is that I can play with programs, make changes, do dumb things and then re-boot. The security aspect is just a bonus - a hardware firewall and firefox plus a few
    add ons is more than enough for my way of operating.
     
  8. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    875
    Location:
    Sverige
    why not just use sandboxie and save yourself a reboot?
     
  9. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,910
    Location:
    USA
    I use Sanboxie then just Erase the nasties when I am finished with online banking or surfing on the dark side.
     
  10. idbit

    idbit Registered Member

    Joined:
    Dec 9, 2008
    Posts:
    43
    Location:
    Florida
    Sorry for the suspense! Maybe 'exhausted' is the better word. Check my post:
    Adding Firewall, Real-time Protect Against Vundo, Look N See, Do I need HIPS?.

    To sum it up, I had a Vundo infection and spent a good week on clearing the infection and learning about security. I thought I did my due diligence and was almost done. Just one more piece to the puzzle and I can get back to my life. Then I see this post. What's frustrating is that nobody else is talking about this. I guess I was just looking in the wrong places. Most tech websites will tell you that you need the following for real-time protection:

    1 real-time anti-virus
    1 real-time anti-spyware
    Spybot - using SDhelper and Immunize
    SpywareBlaster
    1 hardware firewall
    1 software firewall - for outbound protection

    I had this up and running. Now I read this post and it's clear that I have lots of work still ahead. This sandbox concept is totally new to me. Same with imaging software.

    So nobody around here said (or didn't say) anything objectionable. In fact, I'm sure in the long run, I'll be glad I came across this post. Thanks for opening my eyes! Well, back to the drawing board.

    IB
     
  11. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    875
    Location:
    Sverige
    you still yet just dont get it do you?
     
  12. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Coupla years ago there was a zero day attack of a malware with over 200 or so variants.

    Not a single AV protected against all variants whereas Sandboxie and Defensewall easily contained/protected against all of em.

    Shadow Defender and Returnil wouldn't have protected realtime but the malware would be gone on reboot.

    I would say that this same scenario of a massive zero day attack could happen again and you just won't be safe if using blacklist scanners?
     
  13. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    A good reason is the very difference between the two; that is, application and system level virtualization. While SandboxIE is sandboxing your current app or apps, it is not able to protect the system from other vectors. What happens if something gets outside of the sandbox in other words...

    RVS adds that additional layer to ensure you can get back up and running with a simple reboot that takes you back to the time you turned RVS protection on. Restoring an image is a slower process and outside of the regular posters here and in other security communities ;) , is from a much earlier time so may not have been updated...

    This is mitigated by using replication to restore current data, but this also adds additional time to the restore when it may not have been neccessary to go to that extreme.

    Mike
     
  14. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    875
    Location:
    Sverige
    say the user didnt have a software firewall - had they been doing financial transactions for instance, their personal info wouldve been uploaded to wherever in hell, long before that reboot would save them
     
  15. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Ok I see,I read that post sorry to here,I my self been infected before but nothing that was hard to remove,Yes do your self the favor learn about sandboxie,Hips,Returnil shadow Defender and the like. Don't got crazy with numerous security apps this could actual lead to conflick,overlap or a bloated machine.learn programs of returnil or shadow defender same concept and sandboxie.you just might find your never infected any more and before you know you might be testing real variants and come up clean when done.
     
  16. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    875
    Location:
    Sverige
    :D :D
     
  17. pidbo

    pidbo Registered Member

    Joined:
    Dec 25, 2006
    Posts:
    198
    just a note

    Returnil doesn't run on Windows 2000
    Shadow Defender runs on Windows 2000


    ....................................
    Sandboxie
    If you designate a "quick recovery" folder within Sandboxie you do not have to "quick recover" straight away, you can run a virus/trojan checker on your sandbox first.
    I use Sandboxie within Shadow Defender...just supposing something could jump the sandbox during a Shadow Defender "session" (which, as I understand it, it can't) all you would have to do was re-boot and all is gone.
     
  18. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    To add to mikes comments, again I say I am No expert tester but just about through the kitchen sink at returnil and SD and I have always came back with a clean bill of health after a simple reboot.IMO compliment it with something as sandboxie and you have jack to worry about.
     
  19. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    875
    Location:
    Sverige
    again I say I am No expert tester

    dave, you've earned yourself a reputation on these boards, why not enjoy your success?:blink: :blink: :blink:
     
  20. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Thank you sir,I think I hope my reputation is not a A hole.:D
     
  21. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    875
    Location:
    Sverige

    hey, we try, don't we?
     
  22. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,289
    Location:
    Pennsylvania.
    Returnil and Sandboxie FTW!!!!!!
     
  23. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Much of the tech media receives advertising support from AV companies. There may or may not be a correlation...

    In a recent widely-respected on-line newsletter, an article included this astounding statement,

    This is a natural reaction from those locked into the "Anti-Virus is the way" syndrome. The newsletter article warns,

    Anti-Virus has many uses, but in preventing this type of attack, it is not reliable.

    The attack vector uses remote code execution (drive-by) exploits, so that any number of products mentioned in this forum would easily block the execution of the trojan.

    Which brings me to some comments made in this thread,

    I'm curious as to why anyone would let a "nasty" to get onto the computer in the first place. It strikes me as saying, Well, I don't need rat traps by my door because I've caged off an area which will contain them if they get inside, and I'll just wisk them away by removing the cage each night.

    The topic of preventing the malware from executing came up in this forum earlier this year, and I asked those who were able, to test to see if their product would prevent the malware from executing in the first place. Setting a trap to prevent the malware from running, if you will.

    I don't remember the specific thread, but I collected all of the screen shots and put them on my web site some time ago. I'm sure there are other solutions besides those that aigle and others tested:

    http://www.urs2.net/rsj/computing/tests/remote/

    While reboot-to-restore products are wonderful, when I set up security for a home system I want to insure that nothing like Mebroot/Sinowal can penetrate the perimeter. I don't want to take the chance that the family computer can have "nasties" lingering until the next reboot. I realize that theoretically, nothing is supposed to do permanent damage, but I'm just overly cautious on this point. I want there to be an alert that something unauthorized is attempting to execute.

    That's my take on this. Otherwise, interesting discussions and very enlightening as to different approaches to security.


    ----
    rich
     
    Last edited: Dec 9, 2008
  24. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    @ Rmus agree,Thats why I like a combination Antivirus for what it can handle and for what it can't the hips to stop what AV does not see as a threat and something may try to execute,then either a lockdown from the execution in the first place or least to prompt something is trying to execute and deny it terminate it and so fourth. shadow mode for the extra blanket just in case.IMO pretty steep hop for anything unwanted to get through if It did would be really sad.
     
    Last edited: Dec 9, 2008
  25. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I notice that SD requires 256Mb of memory, and Returnil requires 128Mb memory. Can you comment on why SD needs that much more?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.