Can Returnil restore your PC if you remove an important reg file?

Discussion in 'sandboxing & virtualization' started by ratchet, Dec 25, 2008.

Thread Status:
Not open for further replies.
  1. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    So say you go nuts with RegSeeker (my favorite tool after an uninstall , would never just use it as a stand alone reg cleaner) and some important entries are removed, can a Returnil reboot recover your exact state? The reason I ask is I have the Returnil Premium and Ayrecovery licenses pending and don't necessarily want both. I'm way more prone to "mess" my system up by messing with it, e.g. updating drivers or flashing the motherboard than getting any malware infections. Thank You and Merry Christmas!
     
    Last edited: Dec 25, 2008
  2. raakii

    raakii Registered Member

    Joined:
    Sep 1, 2008
    Posts:
    593
    Delete the whole registry , u will get get back to old state, thats what all lite virtualisation softwares do.
     
  3. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    :eek: DUDE! Are you serious? Returnil can handle that?
     
  4. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    There is no reason what so ever (other than experimentation) to do the things you describe while running Returnil o_O reboot and everything would be undone :D

    But to answer your question, yes you could blow up your OS while running Returnil and a reboot would restore things to normal.
     
  5. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,150
    returnil is great
    but unfortunately, unluckily does not support reboot:thumbd:
     
  6. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    True, not even paid version, but I reckon there are those whose needs are met precisely by that characteristic.
     
  7. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,150
    i'm looking for a program like returnil that support reboot
    powerful like returnil
     
  8. raakii

    raakii Registered Member

    Joined:
    Sep 1, 2008
    Posts:
    593
    Comodo disk shield beta is the one that promised wat u told but its buggy.
     
  9. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    How about Shadow Defender?
     
  10. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Clean Slate- Change from virtualized to non virtualized without restarting.
     
  11. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,150
    thanks
    it's not free
    but does it work like returnil ? i mean make a file and format it or work like sandboxie
    is easy & trusty ?
     
  12. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,150
    yes i read good about it , not freewareo_O
     
  13. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    I'm on a 30 day trial right now. It's, IMO, simple but not a TON of documentation however, I understand from others that the author will support it and there are several users that frequent Wilder's and some threads that discuss it quite a bit. Some use it only on demand for high risk activities, which is probably how it will shake out for me IF I end up paying for it - I think it's $35? I'm just learning about virtualization & light virtualization softwares as a security technique as I get up to speed on what I missed being gone from Wilder's about two years but I see alot of head to head comparisons between Returnil and Shadow Defender.
     
  14. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,150
    thanks
    returnil create a virtual partition with a file that format and mount

    does shadow work like returnil , i mean make a file , format and mount?
     
  15. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    Someone can perhaps correct me - file yes, I see a file named "diskpt0.sys" that I believe is SD's "virtual partition" or "sandbox" area in the root of my C: drive, I do NOT see this mounted as a drive anywhere however.
     
  16. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    This thread: https://www.wilderssecurity.com/showthread.php?t=196103 by BlueZannetti is where I started my reading on light virtualization and you can branch out in many directions from there, lots of reading to be had on this type of software. I am playing with SD right now and what I find a challenge is that, in order to commit, unless I have it wrong, you have to know specifically which folders you want to commit and if you are lazy like me, it can take quite a while to have it commit folder "C:\" plus all sub-folders!o_O :doubt:
     
  17. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I don't see why, in practice, you would want or need to commit all that much ?

    Say you download a file and what to save it - then you commit that file. As for lating beyond a reboot I find it far easier to simply make a shadow Protect image and the restore when I'm finished.

    I know that SD costs money but it is better than the free version of Returnil and the paid for version of Returnil requires payment every year which makes it a non-starter for me.
     
  18. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    Well, I claimed laziness but, in fact, it has more to do with my own ignorance.

    Case in point: I decided to give shadow mode in SD a try. My test subject was DriveSentry - maybe not so great a choice but it is my example nonetheless. I entered shadow mode, then installed DriveSentry and set it up, synchronizing signatures and all that. After a couple of hours, I decide to commit all changes. I open the SD interface and click Commit.

    Now I'm presented with a dialogue asking me to specify which folders to commit. So, instead of tracking down and dissecting every change that DriveSentry has made and figure out which folders they are (I could take some guesses, but would I get them all or end up with a dysfunctional DriveSentry half-a**ed install?), I just specify C:\ and tell it to include subfolders.

    My mistaken assumption was that SD would simply commit, incrementally I guess, only those folders that had changes. No, it starts scanning through all 11,773 folders on the drive (yes, exactly as I asked it to) and this takes forever and pauses for abort,retry,ignore on DriveSentry signatures and a number of other files/folders for which access was denied.

    So, I guess either I'm not a meticulous and sophisticated enough user (read: "lazy") to nitpick through which folders to commit in this case or I am trying to grossly misuse SD for much more than it's intended to be used.
    :p

    I'll certainly appreciate any advice or clarification anyone can provide although I don't really insist on hijacking OP's thread here.

    :ninja:
     
  19. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,150
    shadow Protect is cool !
    does it protect by virii that can attack partition tables?

    when i start shadow mode , a windows pop up with a warning file in use reboot it's normal?

    about commit : some programs like adobe have a strong protection anti piracy system , can i for example commit photoshop cs4?
    will restore photoshop cs4 regfiles , files and photoshop store the serial in the some hardisk sectors
     
  20. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Mantra shadow protect is cool - it is a great imaging program. I think, though, that you are refering to shadow defender SD ?

    pop up warning is normal - you possibly have some security program updating in the background and SD is just warning you.

    I hope that SD protects against partition virii but as I have never seen any real live virii or any malware I'm not too worried.

    As to commit - I tend to run protected when I go somewhere unknown and only commit the odd download. when I am happy with a new program I just install it without SD protection being on. If I have been testing for a few days and I want to go back to the way it was before I restore a shadow protect image. Both SD and SP get used almost every day.
     
  21. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,150
    thanks
    i mean shadow defender , sorry
    about shadow protect is better the ti 9 or new version?
     
  22. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Have been using Acronis since version 6 without problems. More recent versions have become somewhat bloated.

    I only use SP from CD to make and restore full images. Tends to be faster than Acronis for larger data drives and partitions. Acronis does still have some advantages for me. It works with whole drive encryption (drive crypt plus) wheras I have been unable to get SP to work. Last week SP would not work with an Acer laptop ( setup with a strange FAT16b) C: partition. I wouldn't be surprised if Acronis worked.

    If Acronis 9 works with your system then to me, apart from a bit of speed, that's all that matters.
     
  23. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    crofttk, when using shadow defender, as Long View mentioned, it's mainly for the odd download, to right-click and commit a document, bunch of mp3s, and so on.

    If you've switched it on, and shadowed your drives, you can test a program like drive sentry, and see how it works on your system. As you did. If you decide to keep it, all you had to do is 'commit' the install file, reboot, and with shadow defender off, launch the drive sentry install file.

    Once all rules are set up, launch shadow defender again. I've found the 'commit' feature works well with smaller files, I've tried it with a 4GB dvd file and it took a few mins. The 8GB file took a little longer.

    But if I want to keep large files, I find it easier to copy them to my external drive or say an 8GB USB stick, and then copy the files after a reboot. :) You basically can reboot, update any windows critcal files, updat your AV in about 15 minutes and have shadow defender or returnil running for the rest of the time. Or use these programs when trying out software, or installing a game, or installing/using something like limewire/frostwire or bittorrent program, committing what you need, then rebooting to see the 'shifty' program disappear.

    And for those times you come across a page you want to bookmark, but shadow defender/returnil is running, just create a text file, copy the links in, or any other things to remember and commit it. After a reboot, add all the bookmarks etc. Pretty easy program to work with considering the 'protection' it gives.
     
  24. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,150
    vert intersting
    but there are issues with ultimage degrag i mean the mft offline defrag

    is there a portable shardow protect version?
     
  25. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    mantra, not sure if there is a portable program for virtualisation.

    Regarding defragging, you wouldn't want to defrag a drive that has shadow defender or returnil running. My understanding is, you do all your 'business', such as windows updates, AV updates, deleting files, defragging (I'm using portable JKDefrag and that seems to work well), and launch the program only when you'll be trying programs out or trying a few things.

    For example, a couple of portable programs I have don't seem to run with sandboxie. But if run normally, they create a number of backup files which I have to manually delete. That's where something like returnil or shadow defender is useful, I can run the program knowing I don't have to 'clean up' after it. All junk cleaned up after a reboot.

    I just tried a few media programs today, some were ok, some installed everywhere they could. Reboot, and see you later ya piece of s*** that screwed all my file extensions and wouldn't uninstall! ;)

    You can also still sandbox your browser, and delete the contents of the sandbox browser whenever you need to improve your protection against keyloggers, and so you don't have to reboot as often. But running returnil or shadow defender on its own is still good protection if you reboot regularly such as once a day.
     
Loading...
Thread Status:
Not open for further replies.