How to....

Discussion in 'Returnil releases' started by s4u, Jan 10, 2009.

Thread Status:
Not open for further replies.
  1. s4u

    s4u Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    441
    Hi
    I believe in virtulazation, but what is the best way to use Returnil?
     
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hello s4u and welcome to the forums :)

    It depends on how you use your computer. There is really no "standard" or expected way to use ISR as each user is different outside of a corporate network. Experiment with protection always on and then only using Session Lock to see what happens and which feels best to you...

    Mike
     
  3. s4u

    s4u Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    441
    But does Returnil virtualize malware for me. Or do I virtualize files which I suspect
     
  4. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    The System is virtualized which means that anything happening on the System Partition is actually happening, but within a fantasy world as far as Windows is concerned. Any malware which "infects" the virtual system will still work as it would if it was on the real system, the difference is that this is a temporary activation that is only until the computer is restarted when you have the protection on.

    The advantage here is time to removal. Your AV/AS/AM solutions may not be updated to deal with it properly or may not even detect it if the content is not known to that solution provider. So the time for this malware to be removed from your System Partition is only as long as the period between restarts whereas with signature based solutions you may be looking at days, weeks, or even years before your AV can deal with or detect it in the first place.

    Keep in mind that ISR (Instant System Recovery) is not a silver bullet; rather it is the last defense against the indefensible when time really counts...


    Mike
     
  5. s4u

    s4u Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    441
    So the extra protection is that when I get infected now and I restart. The infection is over.

    Sounds great for testing.....
     
  6. s4u

    s4u Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    441
    Hi Coldmoon

    Is this a fact?
     
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I use Reurnil. As far as I know there was only one known type of malware that could penetrate Returnil. But for the most part, any virus or malware will disappear as soon as you restart.

    However, if you have a USB stick or something else like that that is not virtualized, I don't know. I don't know if malware can run on a USB stick.

    But I use Sandboxie over top of Returnil. That way if I get a keylogger, it is trapped inside of the sandboxed browser and cannot temporarily read my files elsewhere on my computer. And when I exit out of Sandboxie, malware will disappear and will never see the rest of my system. At least this is my understanding. I am far from being truly knowledgeable about these things..
     
  8. s4u

    s4u Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    441
    Sounds good to me. And a really great tool than. That even means that you can be safe with only Returnil and no other AV
     
  9. s4u

    s4u Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    441
    Will updates from other apps be gone after reboot?
     
  10. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    Yes, unless you explicitly tell it to save changes on reboot - at least in the Premium edition, I don't know if that's a feature of the Personal edition or not.
     
  11. s4u

    s4u Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    441
    But if you tell it to save changes it will also save all the malware changes, won't it?
     
  12. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    Of course. As the saying goes, "be careful what you ask for, you may get it."

    There are some different ways to go about saving things on purpose but I think a big starter for this software is to have your documents on a separate partition.

    Then you only save changes on the system partition after brief periods of maintenance activities, like updating AV definitions, Windows and other software updates, etc.
     
  13. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I absolutely LOVE Returnil. I use it on my XP computer. But when I found out that I couldn't use it on my new Vista 64 bit I about died. I have grown so use to it that I feel uncomfortable without it. Hopefully a compatible version will be available before too long.
     
Thread Status:
Not open for further replies.