Dregg Heda's Questions and Thoughts RE RVS 2010 Home Lux

Hi, Ive recently installed RVS 2010 Home Lux and I have some questions:

1) Can RVS be run with DefenseWall? Are there any known conflicts?

2) Does the anti-execute function(ie trust programs from the real disk only) cover all binary executables? What about script executables like wscript or jscript, etc?

3) In preferences whats "allow remote control"?

4) Does the virtual system run on disk or RAM? I think rvs 2008 ran on Ram by default. If it runs on disk why the switch back? Surely it would be easier to wipe all traces of your actions if ran on Ram?

5) When will virtualising multiple partitions become available?

6) Will RVS work with an ISR like Comodo Time Machine? Any conflicts?

7) Whats the point of a virtual disk? What kind of uses does it have? Any suggestions by forummers

And here are some of my thoughts:

Thus far I like this program. It offers more features than Shadow Defender but the programmers have done a good job of making the UI simple and intuitive. I havent used RVS 2008, so I might be wrong, but from checking out the previousmanual, it seems to be more complicated in usage than 2010 so congrats on this!

 

Hi Dregg,

1. We do not test specifically against DW so you you should experiment with this before you try to deploy to a production system. One thing to make sure you do however is to allow RVS access to the internet (updates, alert messages, product registration, and malware data/sample collection if you participate). Also, make sure DW is temporarily deactivated while installing/uninstalling RVS.

2. No, an example would be opening an archive (ZIP, RAR, etc). The opening of the archive would not be blocked, but a known malware or exe within that archive (if you try to activate it) would be blocked.

3. Allow remote control is an essential option for the management console. It allows remote management, product registration, messaging, and activation of new features when upgrading. Deactivating it will not effect your ability to use RVS however.

4. RVS 2010 uses dynamic caching that combines both memory and disk to achieve an effect similar to that of Windows memory. It starts in RAM and goes to disk when needed and disk space is used on the fly. The cache on the disk may appear to be a large space depending on the percentage you select (50% of free space is default), but it is not actually allocated or used until it is needed. Think of it as "reserved space" rather than allocated space...

5. It is being tested in the Returnil Labs version, is already implemented in a custom production version for a large customer, and should be available in the release version of RVS by early next year as part of a major virtualization engine upgrade (next few months).

6. Combining apples and apples may not be optimal. We do not plan to test this specifically so it would be a good idea to test in something like VMWare or VirtualBox before trying it on a production system. Further, you should wait for the multi-partition virtualization in RVS to determine if that would add additional issues not present with the current RVS 2010.

7. The Virtual Disk in RVS 2010 is the same as the Virtual Partition in RVS 2008; a convenience for those who do not have access to non-system partitions while the virtualization is active. It is not required for the virtualization to function and for some may not be needed.

Mike

 

Hi Mike,

Thanks for your response. Id like you to expand on points 2 and 3. Id like to know what types of executables are covered. For example I know from usage that .exe's and .dll's are covered. But there are still other types of executables and I would like to know which of those are covered and which arent. I would appreciate it if you could find out from the developers exactly which types of executables are blocked. This is quite important for me. Thanks.

With regards to remote control, if I have it disabled I wont be able to register or activate new features when I upgrade my product? What exactly constitutes 'remote management'? Is this for an enterprise setting where I configure returnil on one pc and then roll it out to the rest? Or am I wrong about this? What kind of messaging requires remote control? Will returnil be sending messages from a central server requiring this function to be enabled? I dont quite get it. Thanks.

 

The AE is basic so will block EXEs and some DLLs. It is based on its original purpose which was to add protection against specific types of malware like the Sony/Robo dogs and some other low sector editing tools. This means that it is not absolute...

RVS 2010 introduces our Returnil Commander management console which is designed with power users, business, public access, and enterprise users in mind where the administrator can:

* Turn virtualization on/off for one, a subset, or all of their licensed copies of RVS
* Power cycle one, a subset, or all of their computers with RVS installed
* Assign/revoke purchased licenses
* Create and send alert/other messages to their clients
* Create subset groups of clients for easier management
* Other contact information and resources

For the power user, the RC can be purchased as a stand-alone product and used in a similar way to remotely manage your copies of RVS. In a private home or SOHO setting, this would be a convenience for parents/proprietors on the road for example...

For Returnil, the messaging is as you have seen. We send alerts, product upgrade notices, and can use it to contact and work with a specific user/client in support situations (request for more information, malware sample and data collection, etc). It is also important in the registration process:

1. You enter your registration information into the GUI
2. RVS sends that to our servers
3. The server assigns a license (Home Free) or accepts and records the license number supplied (paid versions)
4. Based on the type of license requested (Free, Trial, Commercial), the server then details what features are available for that license type and tells the client what is allowed
5. The client then "turns on" the appropriate features for the period specified by the server.

This is all done automatically and the only time a person gets involved on our end is when there is a general issue or support request (can't register is an example). If the option is deactivated it does not mean that your current licensing would terminate or change (if applicable).

Mike

 

Hi Mike,

Thanks for your response. You've pretty much answered all of my questions.

Personally I think you should consider strengthening the AE element of your product.

A top notch anti-executable would greatly enhance the security provided by returnil. Also there would be no need for virus guard since the AE would paralyse the malware and a reboot would clear all malware traces. No need messing arround with signatures and fp's, etc.

I find the 'trust only programs from the real disk' setting very intuitive. You start of with a clean machine, install returnil and you're all set. The strengthened AE wont let anything install while systemsafe is on, a reboot will clear all malware and if you need to install anything just save it to the real system reboot with system safe disabled and install. Very strong protection thats extremely easy to use! So think about it...

 

Hi Pete,

yea ive got a clean image. I am currently running CTM with returnil with no seeming problems. Prior to this I also trialled SD while CTM was installed. Whatever the case I plan on uninstalling CTM as it causes too much slowdown during boot-up and log-in. This is from before I installed either rvs or SD so it isnt a conflict. I think the software is a little unstable.

 

Coldmoon,

I have another questions: in the file manager whats the point of saving a folder if you have to save individual files anyway? You may as well just save the individual files and not bother with saving the folder, unless you've created a new folder or renamed a folder or possibly moved a folder to a different directory. Am I right?

 

It's true that the case for a specific folder save is not as likely as a file save. The fact remains however that a folder's properties COULD be changed and as such needs to be addressed in the File Manager. Think of the FM as a transition feature that is designed to provide a solution for saving frequently changed content and look for a more robust approach as we go forward; especially with the work we plan on automation features in future builds.

Mike

 

Alright thanks Mike, I think I understand.