Discussion in 'Returnil releases' started by s4u, Jan 10, 2009.
I believe in virtulazation, but what is the best way to use Returnil?
Hello s4u and welcome to the forums
It depends on how you use your computer. There is really no "standard" or expected way to use ISR as each user is different outside of a corporate network. Experiment with protection always on and then only using Session Lock to see what happens and which feels best to you...
But does Returnil virtualize malware for me. Or do I virtualize files which I suspect
The System is virtualized which means that anything happening on the System Partition is actually happening, but within a fantasy world as far as Windows is concerned. Any malware which "infects" the virtual system will still work as it would if it was on the real system, the difference is that this is a temporary activation that is only until the computer is restarted when you have the protection on.
The advantage here is time to removal. Your AV/AS/AM solutions may not be updated to deal with it properly or may not even detect it if the content is not known to that solution provider. So the time for this malware to be removed from your System Partition is only as long as the period between restarts whereas with signature based solutions you may be looking at days, weeks, or even years before your AV can deal with or detect it in the first place.
Keep in mind that ISR (Instant System Recovery) is not a silver bullet; rather it is the last defense against the indefensible when time really counts...
So the extra protection is that when I get infected now and I restart. The infection is over.
Sounds great for testing.....
Is this a fact?
I use Reurnil. As far as I know there was only one known type of malware that could penetrate Returnil. But for the most part, any virus or malware will disappear as soon as you restart.
However, if you have a USB stick or something else like that that is not virtualized, I don't know. I don't know if malware can run on a USB stick.
But I use Sandboxie over top of Returnil. That way if I get a keylogger, it is trapped inside of the sandboxed browser and cannot temporarily read my files elsewhere on my computer. And when I exit out of Sandboxie, malware will disappear and will never see the rest of my system. At least this is my understanding. I am far from being truly knowledgeable about these things..
Sounds good to me. And a really great tool than. That even means that you can be safe with only Returnil and no other AV
Will updates from other apps be gone after reboot?
Yes, unless you explicitly tell it to save changes on reboot - at least in the Premium edition, I don't know if that's a feature of the Personal edition or not.
But if you tell it to save changes it will also save all the malware changes, won't it?
Of course. As the saying goes, "be careful what you ask for, you may get it."
There are some different ways to go about saving things on purpose but I think a big starter for this software is to have your documents on a separate partition.
Then you only save changes on the system partition after brief periods of maintenance activities, like updating AV definitions, Windows and other software updates, etc.
I absolutely LOVE Returnil. I use it on my XP computer. But when I found out that I couldn't use it on my new Vista 64 bit I about died. I have grown so use to it that I feel uncomfortable without it. Hopefully a compatible version will be available before too long.
Separate names with a comma.