Returnil

Probably a simple answer, and some simple way to find it out, I am just not smart enough to figure it out.

So the question remains: when you generate files bigger than your available RAM, where does Returnil put'em?

 

Hello Hojtsy and dartsmaster,
The team is looking over the posts - than you for supplying the information. I will reply with more information as soon as I have it.

login123, yankinNcrankin, pandlouk, and whoman,
I do not want you to feel your questions are not being recieved, but I also hope you will understand that we cannot discuss everything about the software...

What I would ask in reply would be whether or not the content you downloaded or attepmted to save within your System Partition remained after reboot with System Protection/Session Lock on? Further I would ask if you were able to do the following:

1) Download or copy the file to your System Partition and then manipulate the file with System Protection on?

2) Were you able to move and save the file(s) on a an alternate partition and further if that file remained saved this way after a reboot with protection on?

HTH
Mike

 

I was about to download and install Returnil but noticed the messages from Hojtsy and dartsmaster.

I checked the HKLM\System\Setup\SystemPartition entry in my registry and it's value is Device\HarddiskVolume2. Does this mean Returnil will not protect my system partition?

 

Hi, Coldmoon, and thanks for the prompt reply. You must be busier than a one armed man rowing a boat, with this great program becoming so popular.

The answer to your questions (if they were for me):
No, nothing remains after a system reboot, as far as I can tell.
Yes, I can download and manipulate a file w/ sys protection on.
Don't know, didn't try to save anything to a separate partition.

Thanks a again for the letting us use returnil.

 

@Coldmoon

I think you will know by now that your software will be tested to its limit and beyond by the knowledgable users here at Wilders. It is inevitable that "awkward" questions will arise, but it is surely in your own interests to try and answer them when it comes to us knowing what the software we are using is actually doing. I am speaking particularly about where the "overflow" data is stored.
Hope you will take this in the spirit it is intended.

 

Hi Mike,

Thank you for your answer. I can understand that you do not want reveal any program secrets and I respect that. I will not ask any more details about this.

About you questions.
I performed some tests and here are the results:
Anything that I added in my System Partition with System Protection/Session Lock on was eliminated after the reboot. I also turned off the computer with the "forced/brutal method" and used a bart PE cd to check if any files were still there. I did this 3 times and the disk was clean. Nothing that I added was there.

1. I did not understand clearly the question.
a) I should add a file with the system protection on and then try to manipulate it? This can be done.
b) or try to manipulate an already existing file (that is saved there during the unlocked session), and try to manipulate it in a locked session? I did try it and although it could be deleted or manipulated in any possible way, after a reboot it returned at the original state.

2. You mean to move them with cut/paste? I only tried to copy the file and the delete it from the system partition. After the reboot the file was both in its initial/original place and at the copy existed at the new place where it was copied. But I expected that. As I expect that if I use cut/paste the file will return at its original place. I'll try that assap and return after a reboot.

 

To Coldmoon, the program is very cool and does what it suppose to. I personally do not want to really know how this program works, all I know is that it works. Upon DL large files and doing stuff on my box while the protection is on and after reboot all is gone like it never happened. I ran several recovery file programs just to see if any changes occurred and it appears that Returnil preserves the exact state of my C drive when I reboot. I'm not worried about any leakage of info that could end up low level on my disk as I do basic maintenance of shredding free space with an ocassional peak at my disc with Julie Lau's sector editor and all that good stuff. Awesome program its super fast on the fly and I really like that password protection feature very handy, I don't know of any program that functions exactly like this one and the best part is its FREE. This program really makes things easy for me especially on a clean install thats fully patched and set to how you want it. Maintenance has never been so easy for me. Thank you Returnil.

 

...continue from previous post.

After the reboot the file (moved with cut/paste) remained saved in both places.

And now it's time to pass at the results of the real tests that I put Returnil.

Before perfoming the test I secured/wiped my partition drive and then I used an image to restore a clean system (windows SP2 with only the drivers installed).

I installed Returnil, rebooted the system and locked the session.
Then I added 2 files:
a zip archive = 17.09 MB
a dvd iso image = 4.37 GB

During the locked session I run from a folder in another partition the Ontrack Datarecovery Professional demo. I noticed with big surprise that O.D.P. reported that the system partition was 4,37GB smaller . Then without rebooting the pc, I tried the Advanced Data Recovery with the default settings and the result was that both the zip and the iso files was invisible.

I rebooted the system and run again O.D.P. But this time I used the following settings:
In Advanced Data Recovery, I selected the system partition and under the advanced options I used -> Partition Settings = ignore MFT and performed a full scan of the system partition.
The result was that the recovery program found the 2 files that I had added during the locked session. And the most interesting thing is that it found not only the big 4.37 GB iso but even the small 17.09 MB zip file.

And this confirms my previous suspition that the info at your site is misleading.
Do not get me wrong, I really love Returnil and I think that it will become a must in the users security. I am really greatfull that you provide such an advanced security tool for free for personal use.
It is much faster than Deepfreeze and equivalent with EAZ-fix standard edition.

It sure gives maximum protection but it does not clone the computer’s System Partition in memory!

King regards,
Panagiotis

 

Wonder if it just a simple wording error maybe they meant to say system as in the OS itself being run in memory and not necessarily the system partition in which files could be added to? Either way the system OS gets restored and as you noticed the files that were added to the partition C is ignored (removed)upon reboot. Using Julie Lau's sector editor I was able to see this and its not an issue for me as I simply shred my slack, directory entries, etc. Thanks for confirming and doing your tests.

 

I agree the programs works - as advertised - but it simply, as Panagiotis said above, does not clone the system partition in memory. I, too, shortly after trying this program for the first time, placed about a GB of photos onto the system partition with system partition "ON". Later, after re-boot, Directory Snoop easily found (and RESTORED!) some of these files. I think it's great what you are doing, the support here on the forum and all of that, but the website says it performs in a way that is simply does not. Nobody, not even a software maker with a nice rep, gets a pass on that because it's simply not true. When I asked a programmer friend of mine - he said it "defies virtual physics." If I have 1GB of memory and there are three GB of files - where does it go? You seem to suggest the website is still accurate, but it's some kind of trade secret. I like how the program works, but it IT DOES write to disk, and to suggest otherwise after all of these real-world tests, is just not being completely honest.

 

Hi Coldmoon,

I don't think anyone wants you to reveal any trade secrets, but I think this is a basic and important question. My reasons for the file "overflow" question: Security and protection are also in place to protect our privacy - if Returnil is saving data (which may include passwords, social security numbers etc) on the hard drive, then they could be recovered and stolen. You have stated that privacy is not Returnil's prime function, but if we know where these leaks may be, we can try to plug them. For example if its only the pagefile - pagefile encryption will help. If it is on the hard drive then we need to know that we must still perform routine wipes.

To answer your question - I saved a 2G file to my C: drive with protection on,then copied it to a second partition.Rebooted and file was gone from C: but still intact on the second partition.

I know you are hard working hard trying to answer all the questions and I thank you for it. I too am very appreciative of this great software and its free offering.

 

You are welcome

I do not think that it is an issue either.
For telling the truth when the system is locked remains as it was. It is never altered even if we fill all the free space. The reboot is needed to unload the drivers so that they cannot see the newly modified files. Windows and simple recovery tools cannot see those files at all!

And the most curious thing is that it can coexist without any problems with Rollback RX/ EAZ-FIX and FirstDefense-ISR, all three of them together.

But this is a insane configuration.

 

After some more testing (and a little thinking) I realised that I was wrong (in part). I think that I finally understood how the program works and I admit that it really clones the entire system partition in memory.
This does not mean in any way, that the files are cloned in memory or that the newly created or the modified files are copied/modified in memory. They always remain on the disk. And this is the beauty and the power of the Virtualization of Returnil.

True

True

True in part (unless someone uses an advanced recovering program and performs a full scan of the system partition)

True in part (disk activity will be reduced, but only by little)

Absolutly True

True

True

True in part (see the above tests)

Absolutly True

True

True (this does not mean that a firewall, an antivirus and other security software aren't necessary)

True

Absolutly True

At a five stars rating system I would give six stars at Retrunil.
This program is simple fantastic.

my congrats to the development team and a great thank you at the Returnil company for giving this amazing tool free for personal use.
If you need any help in translating it in greek send me a pm. I will be happy to help.
ps. the italian lang. has some mistakes.


Panagiotis

 

i found this link, the TRuecrypt users now discuss the privacy issue from RVS too.
http://forums.truecrypt.org/viewtopic.php?t=7302

 

This post isn't directed at anybody, but you all have to keep in mind, RVS is not a privacy tool. This has been discussed before. I think Peter2150 and BlueZ touched on the privacy subject (you'll have to search a bit as I'm to lazy). Returnil performs as advertised in that it protects your system partition. As far as I know it's the only free tool of its kind currently available.

If somebody wants to dig into your computer, you have worse problems than RVS. I would assume anyone with privacy concerns would have a layered approach similar to a layered security setup. I guess RVS could be considered just one layer for privacy. I'm not into the privacy thing yet as I've been more concerned with security. Someday I'll be swatting down cookies and running Linux .

@ testsoso, thanks for that link. I hope that Returnil has a look at the time thing. They seem very flexible and willing to improve their product if possible.

 

I have just installed Returnil on an old pentium 4 2.4 with only 512 meg of ram.
previously had deepfreeze 6 installed.

Using Perfect Disk 8 nothing is automatically excluded. not sure if anything should be excluded but works fine anyway. compared to deepfreeze 6 Returnil C:
shows better results for C: with perfect disk 8 . The summary typically shows 8 fragments and 15 excess fragments. No real difference but certainly no worse tha deepfreeze.

Having only 512 meg of RAM I'm surprised that no slow down seems to occur.

 

testsoso,
Interesting discussion and thanks for the link.

innerpeace,
We have discussed the system clock commentary and think making it static is not appropriate to what RVS is designed to do. This may be useful/essential in a virtual testing envirnment like VMWare, but it has no relevance to RVS as it does not virtualize the BIOS or CMOS.

It would also add an unacceptible measure of annoyance for normal users who do not expect to have to adjust their system clock everytime they use System Protection/Session Lock.

Mike

 

Long View,
Thanks for the feedback - have you tried the test with minimal recommended RAM for using RVS on Win XP (128 Meg RAM)? This might be redundant, but the performance differences should be a bit more appearent.

Mike

 

Sorry - I have access to 7 machines all with 1 or 2 gig of memory. The oldest has only 512. 128 should be fun ?

Question if you don't mind.

I'm just about to make an Acronis 10 Full image of C:

I assume I will need to turn protection off first. With Deepfreeze 6 there is a requirement to "set the flag" before making an image. With Returnil there seems to be nothing to be done other than to make the image from within windows or with the emergency disk. Is there any reason why Returnil should not be imaged ok ? anything special that needs to be done ?

 

I'm thinking I'm going to take the plunge, however, I do have one question. If I do install it's going to be without the partition so I'd only be using Session Lock. I did read (I believe I did, a lot to read here) you can enable Session Lock without booting can Session Lock be disabled without a reboot? Thank You!

 

Session Lock cannot be disabled without reboot.

 

Hi Coldmoon, I wonder if it is possible to have a feature, like Windows Steady State, to keep changes temporarily for a certain no. of reeboots. It will allow to test those software that need a system reboot for their install.
May be in soome future version.
Thanks for the free version.

 

Thats exactly what I would like to see get added to Returnil as well.

 

I would like to see this also. It would be awesome to have a easy way to test/try new programs that require a reboot. Especially with an easy to use program such as RVS . Consider it a feature request.

@ Mike, Thank you for your reply and explanation. You have been very patient with me .

 

still having problems with Returnil and Perfect disk 8. when I installed Returnil of a machine which already had Perfect disk 8 I found that I got the 2 error messages when trying to defrag off line and Perfect disk refused to defrag.
Inistalling Perfect disk and reinstalling results in the 2 error messages but PD does then defrag offline. excluding Returnil makes no difference.