Lite-virtualization question

Discussion in 'sandboxing & virtualization' started by bgoodman4, Apr 5, 2010.

Thread Status:
Not open for further replies.
  1. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,131
    The following was posted (by me) on another Wilders forum but I think this is the more appropriate place to ask the question. I hope I am forgiven for posting the same thing in 2 locations.

    --------------------------------------------------------------------------
    I have a paid licence for Returnil and I never use it and now that I know more than I did when I got Returnil (thats knowledge gained due to this forum I must say) I don't really understand the value of this sort of program.

    In my case I use RollBack Rx on my PC and I find it more effective to simply take a snap of my system instead of launching one of the lite-virtualization programs. Then I do whatever it is I would have done had I launched (say) Returnil. Once done I can simply keep going thus meaning whatever it was I was doing is kept. Or, I can take a new snap as I restore to the previous state, which would give me the ability to mount the later state as a virtual drive and have the ability to copy any download or modified files that occured during the virtualized period to whatever drive I wish (external or internal)(here I mean by virtualized period that period that would have otherwise been virtualized but was not).

    This gives you full and total control over what is kept and what is gotten rid of if you should decide to "clean-up after yourself" (so to speak). The light virtualization programs have too many parameters that need fussing with in order to accomplish what a RollBack type program does so much more easily and efficiently. And you can reboot without losing the virtual state or any of its content

    I suspect a full virtualization program would probably be even more effective but at some cost in terms of complexity (I must admit full V is on my to-do list, expect me to begin pestering you folks about it sooner or later).

    So why do these programs exist? Do they have a distinct purpose for being used on a computer that I am not aware of? Don't get me wrong, Returnil (and many of the programs in this class) is a fine piece of programing and it is very well supported,,,,but why?

    Oh, if you were going to say they can be used for browsing thus protecting the PC while surfing into areas that are "a bit - or a lot - more dangerous than most sites Sandboxie handles this very nicely and with little in the way of user settings to bother with, again a much simpler solution than a lite-V program.

    PS: sorry if I am a bit off tonight in terms of expressing myself, I have not had much sleep the last 4 days and I am a bit out-of-it, none-the-less I look forward to any comments on this. It is about furthering my education after all and what better place to do so than here.
     
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,968
    Location:
    U.S.A.
    bgoodman4, I removed your post from that other thread, because it was off topic there. Let's keep this one open here for more exposure to your questions.

    JR
     
  3. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I suppose that in principle you are right, RollBack Rx is more versatile and complete than any of the light virtualizers. What comes to my mind with virtualizers is speed, a simple reboot and you start all over again (I've never tested RollBack therefore I could be wrong in assuming that taking a snapshot might take a little bit longer).

    With RollBack one keeps the snapshot/s with/out malware and all, which could lead to infections if not properly monitored; virtualizers wipe everything out on reboots. HD space could be another issue (I remember reading about space being suddenly an issue, although that was a long time ago, therefore this issue may not exist in its current version).

    Perhaps the truth is that every program has a particular way to do something very well and other things are better done with other tools. As an example the combination of of ShadowProtect Desktop and Shadow Defender for my habits it's ideal. One could probably do the same using RollBack Rx or the old FirstDefense ISR.
     
  4. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,131
    Thank you.
     
  5. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,131
    The normal re-boot period is a tad longer than without Rx but not by much. Snaps take about 2 sec and a re-boot maybe 2 -3 min total (unless you have a defrag scheduled).

    Yes, good point - make it idiot proof (or as close as you can) and you wont have some poor idiot mess things up for themselves. But you also have to be careful with the lite-virtualizers. Not about malware etc, but potentailly about losing work done etc.


    If that was a problem it has been fixed,,,,mind you I only keep the bulk of my snaps for 1 day (I automatically have a snap taken hourly) all but the first and last of these is deleted at days end. Then I keep 5 days or so of these. Memory is not an issue

    Yes, of course you are correct. A lot of it has to do with a users perception as well. Some like it hot and some like it clod sort of thing. Thats why some use Opera and some Firefox.

    Could I trouble you to describe how you use SP & SD together? I have SP on my desktop but will not (or is is it cannot properly) use an image program and Rx together. Its one or the other (but I do image the Rx PC regularly though) so in the interest of me learning something about how other approach PC....................

    If you can that is, if too busy np.
     
    Last edited by a moderator: Apr 5, 2010
  6. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    The concept of a lite virtualizer is simple: When activated, they use a virtual layer to intercept all changes until reboot. I've read that Rollback Rx works at the sector level to do record everything, which I don't really understand, but if I recall correctly, has to run continuously to keep everything locked, and thereby also prevents you from defragging or using some other backup programs. So for people who don't want deal with that Returnil, ShadowDefender, or another lite virtualizer is probably the better choice.

    As for full-virtualizers, aren't those just fully virtual machines that you use to test programs? For example, I recently added a small BartPE partition to my actual hard disk, and a boot menu option for it by following the instructions on an internet site. Stuff like that can be trouble and involves many reboots to get it right, so I first tried it on a virtual machine. Once I got it to work, I implemented it on my real computer. I also use virtualbox and vmware to virtualize applications to run off a USB stick, for example, during presentations.
     
  7. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    bgoodman, you are welcome, no trouble at all. Perhaps you've read too much into my statement of ShadowProtect and Shadow Defender together, but for the sake of argument I use Shadow Defender most of the time as I don't have to worry about anything regarding malware, any file or folder (even large ones) can be committed in seconds, and once I reboot, everything is wiped out within the time of the reboot itself. It keeps me alert as well, as you correctly mentioned there's always a possibility of losing your work if it is not committed.

    I use ShadowProtect as you use Rollback Rx. It is not installed on my computers, I only use the recovery CD, which I find the safest way to backup and obviously restore (mandatory). Backups and restores usually range between 5 - 8 minutes (once the CD is ready). These short times in conjunction with the reliability of SP give me a lot of freedom as I can store an Image say of Vista32 and one of Vista64, XP as well with different configurations. Basically I treat the images as snapshots with the added advantage that I can choose my destination (several USB hard drives).

    Everyone develops a way to do things with different applications, the reason I've never considered testing RollBack is the fact that it's not compatible with a number of applications, and 3-4 years ago some people had serious problems which I believe have been solved.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    To give you another view point. Your question is based on using Rollback, which is working well for you. I tried it and it wasn't trust worthy on my machines so for me it is a no go.

    I use FDISR as one approach and it works equally well. But I also use Shadow Defender when appropriate for two reasons.

    1. It is quicker. FDISR requires a copy/update to start, takes a couple of minutes. Then to undo I have to Reboot to another snapshot, do a copy, and then reboot back. Works well and I use it often, but one reboot to exit from Shadow Defender is quicker

    2. Shadow Defender when I need it, protects both of my hard drives.

    Pete
     
  9. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,131
    Thanks for the replies all. I now have a better understanding and appreciation of the lite-V class. I may even begin to use Returnil again, at least to get a first hand experience of what you folks are talking about now that I have a better idea as to when it should be used (in my case a session I know I will not want to keep, be that a testing session, or browsing session into potentially hazardous territory - specifically sites I am trying to reach but that my AV program flags as potentially dangerous).
     
  10. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    I tried rollback rx again by installing it on 2 virtual machines. seemed to work nice, but then i booted to a non-rollback recovery environment, defragged c-drive while it was offline and restarted. one machine failed to boot, another booted with errors until I uninstalled (and then reinstalled) rollback...

    my second test was to boot to bartpe, delete a few files from the c:\temp folder and add a new folder and a new text file to c:\. on reboot rollback was working fine, but those changes had become undone. i recorded another snapshot (snap1), and told rx to roll back to a snapshot that was recorded before i accessed any of files on c: while they were offline... the result was a failure to boot (blank black screen)... i reset the virtualbox (hard restart) and tried to rollback from the rollback's boot menu but same result. the other snapshots seem to be working though (installation shot and snap1)...

    i certainly see the advantage of rollback rx, but i think it may be too restrictive and fragile. what if I decide to resize my system partition (requires a reboot if initiated while system partition is active)?

    I'll switch to rollback rx if they make the following improvements:

    1. An option to delete all current snapshots and turn off rx's file locking until reboot so that you could defrag the system partition or make a full image of it. (rx could make a new baseline snapshot on reboot).

    2. An option to verify snapshots, and if possible, rebuild damaged ones.

    3. Better handling of outside changes. i.e. rx should not render the system unbootable even if the snapshots have gone bad. And it should store the installation files in the program directory for a possible reinstall or repair install in case of a problem.
     
  11. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,131
    I have never tried Rx in a virtual environment so I have no idea what the problems may be. I can tell you that after using Rx for over a year and doing a great many images and roll-backs I have never had a problem of any sort.

    I think the only way to disable Rx is to uninstall it. I do this monthly so I can defrag and do other maintenance etc, then I reinstall it. This is certainly something you would not have to do with lite-V programs.

    I am not clear about how Rx works but from what I understand what it does is protect the hooks (whatever they are) that were in place when a snap is taken. To roll-back Rx re-establishes the hooks. Probably your issues were with this since the location that the snap info is kept is isolated/protected.

    For more detailed insight (if you are interested), you might post questions on a new thread. There are a good number of very knowledgeable Rx users on this forum but they may not be following this thread.
     
  12. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    The virtual environment is unlikely to have been the problem, and in fact rollback rx worked perfectly when used as recommended. The problems were caused semi-purposely by me because I wanted to see how rx handles outside interference.

    If you were to boot your computer with ShadowProtect's Recovery CD, which I assume you have, and used the included File Browser or other tools to make a few changes to your system partition such as adding/deleting a few folders/files, or running ChkDsk on C: or running a (portable) defragger or some other stand-alone app off C: then I assume your computer would crap out too...
     
  13. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,131
    That makes sense,,,if you make changes to the OS or files before Rx is loaded as would be the case if booting into the recovery CD then Rx will not save the changes or there could well be issues with booting since Rx is expecting a certain configuration which is not there any longer.
     
  14. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    My latest test suggests that Rollback Rx is compatible with Image for Windows/DOS.

    I did the tests on a virtual Windows XP machine (VMware Workstation 7) with Rollback Rx 9.1 already installed. Here's the test:
    1. Took an rx snapshot.
    2. Installed Image for Windows trial. (reboot required, but no problems)
    3. Used Image for Windows to make a backup onto an external hard drive. (no problems)
    4. Took another rx snapshot.
    5. Tried to restore the system with Image for Windows, but the system was locked and IFW told me to use a recovery disk.
    6. Booted the virtual machine with a virtual Image for Dos floppy, and initiated recovery. (recovery was very slow - almost an hour)
    7. Restarted the machine. (no problems and the rx snapshot taken after the IFW backup had disappeared (as expected), but Rollback Rx was working fine.)
    8. Rolled back to an rx snapshot taken in step 1 (pre-IFW).

    Everything worked fine, so it seems at least some backup programs are compatible with Rollback Rx.

    About IFW: I chose to use IFW because it "backs up the file system and files up exactly as they are stored on the sectors of your hard drive at the time you make the backup, effectively taking a snapshot of your hard drive when you create the image." (from IFW manual). My understanding is that not all backup programs make sector based backups, which I assume Rollback Rx requires since it marks or tracks the data by sectors according to my understanding. That said, many backup programs do offer a sector-by-sector backup as an option, I just wasn't sure if that option would be available in their recovery disks or BartPE plugins, and I thought I might have to make the backup offline as well.

    On some machines IFW is relatively slow compared to some other backup software, but it has the most complete floppy based recovery/backup disk I'm aware of (IFD), which being 1.44 MB boots up instantaneously if you run it from a virtual floppy or USB stick. And on my real desktop it's about as fast as all the other backup programs. (On my real laptop IFD is twice as slow as Macrium/SP/Acronis/etc. from BartPE - maybe IFW from BartPE would also be as fast, but I don't remember...)
     
  15. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Rollback Rx is inherently unstable when you manipulate the file system outside of the Rollback environment. Personally, I view that as an extremely limiting constraint.
    I tend to casually view it as a shadow filesystem layered over the Windows filesystem. When you take a snapshot, the current filesystem map, and sectors occupied by the currently active filesystem, are locked and rendered static. Changes after that point are made on a new dynamic map and involve unoccupied sectors. Each snapshot incrementally performs this locking and subsequent redirection. Since most files on a HDD are rather static, you don't end up consuming large amounts of disk real estate using this approach. If you think of sequential snapshots as occupying specific sections of a main branch on a tree, when you hop back to a prior snapshot and make it current, it's roughly equivalent to creating a small twig off that larger supporting branch. Depending upon what you do, that small twig may remain small or may grow to a size similar to the main trunk.

    The problem is, if you end up performing any filesystem manipulations outside of the environment, they end up effectively corrupting the filesystem. Whether that's system critical depends upon precisely what is altered. For example, this is why defrag operations from third party products can be very problematic. Other operations that would be problematic, as illustrated above, would be using any CD based boot environment or a bootable CD-based AV rescue/scan disk. Stay within the environment, and you're fine aside from hardware failure. This is the same as with the native filesystem, although there is likely a difference in the extent of information ultimately recoverable from a HDD failure.

    Basically, one trades raw speed against inherent stability. It's a trade that many folks are apparently fine with. Personally, it's a trade that I wouldn't make given the other approaches available.

    Blue
     
  16. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,131
    Thank you for this, I am much clearer on how Rx works now. The tree branch, twig description was an excellent choice.
     
  17. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    The one qualifier I'd make, I used the product very briefly (not my style), so the description is primarily my inference from reading the documentation, supporting information that's out there, and some reasonable extrapolation. If any refinement or correction is required, anyone should feel free to chime in.

    Blue
     
  18. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,131
    Understood, but it sounds very reasonable and its a much better interpretation/description than what my understanding of the product was.

    Thanks again.
     
  19. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Some reasons that this niche exists given the existence of rollback software:
    a) Internet cafe-type usage needs rollback only to a baseline, not to multiple states
    b) until recently there was no free rollback program available
    c) uses no permanent additional hard disk space (at least for Returnil), unlike rollback software snapshots
    d) there is no management necessary whatsoever for the end user - i.e. no snapshot management
    e) avoid increased backup size that's involved in making an image of a partition using rollback software
    f) avoid problems with programs that manipulate sectors that the filesystem believes aren't in use by any file but are actually being used by the rollback software
    g) avoid the system trashing that some report with some rollback programs
     
  20. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,131
    Clearly there are a number of good reason for the niche, thanks for the explanation,,,,much appreciated.
     
Loading...
Thread Status:
Not open for further replies.