Applicability of ISR approaches (née PowerShadow vs Returnil)

Just a quick question;

I do drive backups now and again but these take days to restore so the prospect of ISR software looks very attractive.

Is ISR software like FD-ISR like System Restore feature in Windows? Or are they all the same like Returnil in the respect that you loose everything after a reboot?

What would you recommend me to use if I want like a ISR solution that is not based around reboot?

For ErikAlbert:- While the developers solve this vital reboot issue, try to use VMWare Player for your software experimenting. Just keep a blank XP image and everytime you want to try something else duplicate it and install your program on it.

 

Thank you. That is the obvious and easy solution to what has Eric Albert in such deep anxiety. But, he studies things for months (years?) before finally committing to anything. So, he'll come around to true virtualization in another year or two when everyone else has moved on to something else.

On edit: Though when he commits to something strongly, he certainly commits. Whew, that he does.

 

Now thats funny. Made me laugh out loud!

Edit: Seriously though could someone answer my previous questions

 

have you considered partitioning or using 2 drives ? if you keep C: fairly small ( less than 5 gig ) it only takes minutes to make and restore

Using FD-ISR you can make a number of snapshots. If you install to a snapshot and reboot - keeping the program - when you are finished you can either delete that snapshot or copy the original back from your primary snapshot. so no everything does not have to be lost after reboot - unless you freeze the snapshot.

as above. make C: small and you can then use images almost as conveniently
as other solutions - more time is "wasted" in discussion than the difference between different religions sorry softwares

 

Hi,

PS or Returnill are made available to protect malware infections, not, IMO, to test programs, therefore, failure to complete program test requiring reboot is not its own fault, rather users' misuse.

On the other hand, ISP apps such as Shadowuser or FD-ISR, luxuriously having reboot-retain capability are no longer available/or advanced any further. Why would developers abandon such a golden goose(producing golden eggs)? there MUST be good reasons. And probably does not need much IQ to figure it out. Just my day of reasoning. Take care.

 

Thanks for the advice, but I know about VMWare Player already and similar softwares.
I don't need that kind of software. If a new software corrupts my system and that happened 4 times, since March 2006, I restore an image and I'm back in business. The last time, I had to restore an image was when I installed "Baseline Shield" of HDS. All the rest of my experiments are fixed by my boot-to-restore. Four times in a period of almost 2 years isn't really worth to install another EXTRA software and certainly not for testing legitimate softwares.

Besides my boot-to-restore does alot more than cleaning up the mess of new softwares, it saves me alot of time, because I don't have to fix any problems anymore or waste someone's else time to fix my problems.
I don't have to run AV/AS/AT/AK/AR... scanners anymore, no registry cleaner, no history cleaner, no junk cleaner or do any manual cleanings anymore.

 

I wholeheartedly recommend VMs for such tasks. There is VirtualBox which is a full-featured VM, 15mbs or so, and free.

Since I burned my hands with FD-ISR (chinese AV or not), well.. let's just say I learned it's true purpose the hard way. I don't use it for testing anymore, except when I really need resources.

Cheers,

 

Re: PowerShadow vs Returnil

I've had have ShadowUser on my computer for more than 2 years which can reboot without loosing the previous virtual session. I also have Returnil on my son's computer to make sure he won't wreck Windows.

I have used ShadowUser special reboot feature maybe 3 times in 2 years, and never to test programs, as a matter of fact I find this extra feature quite useless since when I test programs (if any) I do it for at least a week or the full trial period. I fully agree with Longview's suggestion that an imaging program would probably do a thorough job.

The bottom line? Basically I'm using ShadowUser the same way I use Returnil on my son's computer, and IMO further developments of Returnil should not include the very feature that seems to trouble ErikAlbert.

Virtual sandboxes like PowerShadow and Returnil should keep their session 'unique' also because a very long session carried through a reboot, gives more time to malware to act in the area of spyware or privacy issues (I always reboot every 2 hours at the latest, for security).

Erik, I also think that for you to test and to protect are synonimous. Returnil protects by creating a virtual environment, if you can't test a program, you don't, period. It's got nothing to do with protection.

 

Re: PowerShadow vs Returnil

They are not the same to me, but I can do both with the same ISR-software, while Returnil only protects you, although they claim, you can use it to try all kinds of softwares, which isn't true.

 

Re: PowerShadow vs Returnil

Erik,

Could you please show me where they explicitly make or even suggest this statement? I don't see it anywhere. The do state quite explicitly on their website that:

Which is quite true.

Blue

 

Re: PowerShadow vs Returnil

For the second time :

http://www.returnilvirtualsystem.com/index_files/rvspersonal.htm

 

Re: PowerShadow vs Returnil

Which is not relevant to the statement that you made and on which I questioned you. If you wish to debate linguistic nuances, I'd be more than happy to do so offline. However, that is a debate you will likely lose.

For the record, the original versions of their website did make a claim that Returnil "Eliminates the danger of testing new software", which has now been amended as shown above to correctly portray the situation. Given that some of these claims were made when the product was first hitting the English language market, I'd give them a bit of a pass on the detailed translations, which were corrected when the error was noted.

Blue

 

Re: PowerShadow vs Returnil

I see where this is going, so I quit this discussion. If you don't see it, it's ok with me. I see it, that is enough.

 

All I can see is "Eliminates the danger of evaluating new software that does not require a reboot to install" what is wrong with that ?

 

I agree Long View, to me it,,,,,,hang on a second Long View, I will be right back. This post requires a reboot.

If I only had a F1 key.

 

It is true that both Power Shadow & Returnil will prevent the long term testing of software requireing reboots but it is possible to test some softwares long tem by simply making a Bart Pe Plug in & runningg from a usb drive. You can not do this with everything but quite a few softwares can be run in this manner. If you are testing firewall or AV applications you probably would need to install the reverred & now sadly departed FD-isr to do this.

 

Please explain ... the link is to a screen shot

 

Re: PowerShadow vs Returnil

Being Dutch and a neighbour to the Belgiums I can assure you that Antwerp is real nice at Christmas time. I would be happy to say hear-hear and yell booh in the pub you would select to continue your off line discussion.

Most Belgiums speak French quite well, so allowing other languages would reduce your native tongue English language advantage.

As lucas1985 puts it "Pouvoir à l'Imagination"

 

Re: PowerShadow vs Returnil

Come on Eric where is your famous Belgium 'red devil spirit'?

 

Re: PowerShadow vs Returnil

No doubt. My point is if a native speaker says that perhaps you're misinterpreting something, it might be time to step back and listen for a bit.

Context is important. Here is what was quoted, including the immediately previous paragraph:

There is a clear separation of how you handle, and what the consequences are, for purposely installing a piece of software (you do that while system protection is off, and it remains following a system restart) versus "exposing your computer to all types of software..." (this is done with system protection on, changes are removed following a system restart, and it is based on incidental exposure). There are two fundamentally distinct events being discussed in those two paragraphs: "installation of" vs. "exposure to".

Blue

 

Having looked again at "Eliminates the danger of evaluating new software that does not require a reboot to install" I can now see how this could be misread.
In English it is meant to be saying that software which does not require a reboot can be evaluated. It could be misread to read that it is possible to evaluate software without requiring a reboot.

Years ago my Spanish wife who was only then learning English misread a sign for a charity. The sign actually read "Help the blind feed themselves".
She unfortunately read it as " Help !!!! The blind feed themselves" What a language - come back Jacques Pierre - all is forgiven

 

OK, so the conclusion is that, generally speaking, tools like Returnil are not really meant for testing software. So I guess I should use image tools like Rollback RX for that?

Btw, I have also checked out Windows SteadyState (which doesn´t automaticly erase changes after reboot), and it was indeed capable to restore my PC to a certain "image", but after that I couldn´t turn disk protection off. For some reason I had to disable its service before I could switch of protection, so the apps seems a bit crappy.

But I must say I would never use (tools like) Returnil for malware protection, it´s not appealing to me at all, because I freaking hate reboots! Normally, I boot my machine only once in every 2 weeks, and that´s only because my machine will start to use more and more RAM. If possible, I´d never reboot (besides when restoring some image).

 

The link was addressed to Erik, regarding discussion from another thread...

I have installed AV from the link (DefenderPro) in a secondary snapshot. After that, unable to switch snapshots from Windows (taskbar icon crossed), I had to use the "F1" key to get to my primary. Apparently, DefenderPro had Kaspersky engine, whose version 5 (according to a fellow member) had some incompatibilities with FD-ISR. I used FD-ISR 3.20.202.

Long story short, I reimaged....