Lite-virtualization question

The following was posted (by me) on another Wilders forum but I think this is the more appropriate place to ask the question. I hope I am forgiven for posting the same thing in 2 locations.

--------------------------------------------------------------------------
I have a paid licence for Returnil and I never use it and now that I know more than I did when I got Returnil (thats knowledge gained due to this forum I must say) I don't really understand the value of this sort of program.

In my case I use RollBack Rx on my PC and I find it more effective to simply take a snap of my system instead of launching one of the lite-virtualization programs. Then I do whatever it is I would have done had I launched (say) Returnil. Once done I can simply keep going thus meaning whatever it was I was doing is kept. Or, I can take a new snap as I restore to the previous state, which would give me the ability to mount the later state as a virtual drive and have the ability to copy any download or modified files that occured during the virtualized period to whatever drive I wish (external or internal)(here I mean by virtualized period that period that would have otherwise been virtualized but was not).

This gives you full and total control over what is kept and what is gotten rid of if you should decide to "clean-up after yourself" (so to speak). The light virtualization programs have too many parameters that need fussing with in order to accomplish what a RollBack type program does so much more easily and efficiently. And you can reboot without losing the virtual state or any of its content

I suspect a full virtualization program would probably be even more effective but at some cost in terms of complexity (I must admit full V is on my to-do list, expect me to begin pestering you folks about it sooner or later).

So why do these programs exist? Do they have a distinct purpose for being used on a computer that I am not aware of? Don't get me wrong, Returnil (and many of the programs in this class) is a fine piece of programing and it is very well supported,,,,but why?

Oh, if you were going to say they can be used for browsing thus protecting the PC while surfing into areas that are "a bit - or a lot - more dangerous than most sites Sandboxie handles this very nicely and with little in the way of user settings to bother with, again a much simpler solution than a lite-V program.

PS: sorry if I am a bit off tonight in terms of expressing myself, I have not had much sleep the last 4 days and I am a bit out-of-it, none-the-less I look forward to any comments on this. It is about furthering my education after all and what better place to do so than here.

 

I suppose that in principle you are right, RollBack Rx is more versatile and complete than any of the light virtualizers. What comes to my mind with virtualizers is speed, a simple reboot and you start all over again (I've never tested RollBack therefore I could be wrong in assuming that taking a snapshot might take a little bit longer).

With RollBack one keeps the snapshot/s with/out malware and all, which could lead to infections if not properly monitored; virtualizers wipe everything out on reboots. HD space could be another issue (I remember reading about space being suddenly an issue, although that was a long time ago, therefore this issue may not exist in its current version).

Perhaps the truth is that every program has a particular way to do something very well and other things are better done with other tools. As an example the combination of of ShadowProtect Desktop and Shadow Defender for my habits it's ideal. One could probably do the same using RollBack Rx or the old FirstDefense ISR.

 

Thank you.

 

The normal re-boot period is a tad longer than without Rx but not by much. Snaps take about 2 sec and a re-boot maybe 2 -3 min total (unless you have a defrag scheduled).

Yes, good point - make it idiot proof (or as close as you can) and you wont have some poor idiot mess things up for themselves. But you also have to be careful with the lite-virtualizers. Not about malware etc, but potentailly about losing work done etc.

If that was a problem it has been fixed,,,,mind you I only keep the bulk of my snaps for 1 day (I automatically have a snap taken hourly) all but the first and last of these is deleted at days end. Then I keep 5 days or so of these. Memory is not an issue

Yes, of course you are correct. A lot of it has to do with a users perception as well. Some like it hot and some like it clod sort of thing. Thats why some use Opera and some Firefox.

Could I trouble you to describe how you use SP & SD together? I have SP on my desktop but will not (or is is it cannot properly) use an image program and Rx together. Its one or the other (but I do image the Rx PC regularly though) so in the interest of me learning something about how other approach PC....................

If you can that is, if too busy np.

 

The concept of a lite virtualizer is simple: When activated, they use a virtual layer to intercept all changes until reboot. I've read that Rollback Rx works at the sector level to do record everything, which I don't really understand, but if I recall correctly, has to run continuously to keep everything locked, and thereby also prevents you from defragging or using some other backup programs. So for people who don't want deal with that Returnil, ShadowDefender, or another lite virtualizer is probably the better choice.

As for full-virtualizers, aren't those just fully virtual machines that you use to test programs? For example, I recently added a small BartPE partition to my actual hard disk, and a boot menu option for it by following the instructions on an internet site. Stuff like that can be trouble and involves many reboots to get it right, so I first tried it on a virtual machine. Once I got it to work, I implemented it on my real computer. I also use virtualbox and vmware to virtualize applications to run off a USB stick, for example, during presentations.

 

bgoodman, you are welcome, no trouble at all. Perhaps you've read too much into my statement of ShadowProtect and Shadow Defender together, but for the sake of argument I use Shadow Defender most of the time as I don't have to worry about anything regarding malware, any file or folder (even large ones) can be committed in seconds, and once I reboot, everything is wiped out within the time of the reboot itself. It keeps me alert as well, as you correctly mentioned there's always a possibility of losing your work if it is not committed.

I use ShadowProtect as you use Rollback Rx. It is not installed on my computers, I only use the recovery CD, which I find the safest way to backup and obviously restore (mandatory). Backups and restores usually range between 5 - 8 minutes (once the CD is ready). These short times in conjunction with the reliability of SP give me a lot of freedom as I can store an Image say of Vista32 and one of Vista64, XP as well with different configurations. Basically I treat the images as snapshots with the added advantage that I can choose my destination (several USB hard drives).

Everyone develops a way to do things with different applications, the reason I've never considered testing RollBack is the fact that it's not compatible with a number of applications, and 3-4 years ago some people had serious problems which I believe have been solved.

 

Thanks for the replies all. I now have a better understanding and appreciation of the lite-V class. I may even begin to use Returnil again, at least to get a first hand experience of what you folks are talking about now that I have a better idea as to when it should be used (in my case a session I know I will not want to keep, be that a testing session, or browsing session into potentially hazardous territory - specifically sites I am trying to reach but that my AV program flags as potentially dangerous).

 

I tried rollback rx again by installing it on 2 virtual machines. seemed to work nice, but then i booted to a non-rollback recovery environment, defragged c-drive while it was offline and restarted. one machine failed to boot, another booted with errors until I uninstalled (and then reinstalled) rollback...

my second test was to boot to bartpe, delete a few files from the c:\temp folder and add a new folder and a new text file to c:\. on reboot rollback was working fine, but those changes had become undone. i recorded another snapshot (snap1), and told rx to roll back to a snapshot that was recorded before i accessed any of files on c: while they were offline... the result was a failure to boot (blank black screen)... i reset the virtualbox (hard restart) and tried to rollback from the rollback's boot menu but same result. the other snapshots seem to be working though (installation shot and snap1)...

i certainly see the advantage of rollback rx, but i think it may be too restrictive and fragile. what if I decide to resize my system partition (requires a reboot if initiated while system partition is active)?

I'll switch to rollback rx if they make the following improvements:

1. An option to delete all current snapshots and turn off rx's file locking until reboot so that you could defrag the system partition or make a full image of it. (rx could make a new baseline snapshot on reboot).

2. An option to verify snapshots, and if possible, rebuild damaged ones.

3. Better handling of outside changes. i.e. rx should not render the system unbootable even if the snapshots have gone bad. And it should store the installation files in the program directory for a possible reinstall or repair install in case of a problem.

 

I have never tried Rx in a virtual environment so I have no idea what the problems may be. I can tell you that after using Rx for over a year and doing a great many images and roll-backs I have never had a problem of any sort.

I think the only way to disable Rx is to uninstall it. I do this monthly so I can defrag and do other maintenance etc, then I reinstall it. This is certainly something you would not have to do with lite-V programs.

I am not clear about how Rx works but from what I understand what it does is protect the hooks (whatever they are) that were in place when a snap is taken. To roll-back Rx re-establishes the hooks. Probably your issues were with this since the location that the snap info is kept is isolated/protected.

For more detailed insight (if you are interested), you might post questions on a new thread. There are a good number of very knowledgeable Rx users on this forum but they may not be following this thread.

 

The virtual environment is unlikely to have been the problem, and in fact rollback rx worked perfectly when used as recommended. The problems were caused semi-purposely by me because I wanted to see how rx handles outside interference.

If you were to boot your computer with ShadowProtect's Recovery CD, which I assume you have, and used the included File Browser or other tools to make a few changes to your system partition such as adding/deleting a few folders/files, or running ChkDsk on C: or running a (portable) defragger or some other stand-alone app off C: then I assume your computer would crap out too...

 

That makes sense,,,if you make changes to the OS or files before Rx is loaded as would be the case if booting into the recovery CD then Rx will not save the changes or there could well be issues with booting since Rx is expecting a certain configuration which is not there any longer.

 

My latest test suggests that Rollback Rx is compatible with Image for Windows/DOS.

I did the tests on a virtual Windows XP machine (VMware Workstation 7) with Rollback Rx 9.1 already installed. Here's the test:
1. Took an rx snapshot.
2. Installed Image for Windows trial. (reboot required, but no problems)
3. Used Image for Windows to make a backup onto an external hard drive. (no problems)
4. Took another rx snapshot.
5. Tried to restore the system with Image for Windows, but the system was locked and IFW told me to use a recovery disk.
6. Booted the virtual machine with a virtual Image for Dos floppy, and initiated recovery. (recovery was very slow - almost an hour)
7. Restarted the machine. (no problems and the rx snapshot taken after the IFW backup had disappeared (as expected), but Rollback Rx was working fine.)
8. Rolled back to an rx snapshot taken in step 1 (pre-IFW).

Everything worked fine, so it seems at least some backup programs are compatible with Rollback Rx.

About IFW: I chose to use IFW because it "backs up the file system and files up exactly as they are stored on the sectors of your hard drive at the time you make the backup, effectively taking a snapshot of your hard drive when you create the image." (from IFW manual). My understanding is that not all backup programs make sector based backups, which I assume Rollback Rx requires since it marks or tracks the data by sectors according to my understanding. That said, many backup programs do offer a sector-by-sector backup as an option, I just wasn't sure if that option would be available in their recovery disks or BartPE plugins, and I thought I might have to make the backup offline as well.

On some machines IFW is relatively slow compared to some other backup software, but it has the most complete floppy based recovery/backup disk I'm aware of (IFD), which being 1.44 MB boots up instantaneously if you run it from a virtual floppy or USB stick. And on my real desktop it's about as fast as all the other backup programs. (On my real laptop IFD is twice as slow as Macrium/SP/Acronis/etc. from BartPE - maybe IFW from BartPE would also be as fast, but I don't remember...)

 

Rollback Rx is inherently unstable when you manipulate the file system outside of the Rollback environment. Personally, I view that as an extremely limiting constraint.

I tend to casually view it as a shadow filesystem layered over the Windows filesystem. When you take a snapshot, the current filesystem map, and sectors occupied by the currently active filesystem, are locked and rendered static. Changes after that point are made on a new dynamic map and involve unoccupied sectors. Each snapshot incrementally performs this locking and subsequent redirection. Since most files on a HDD are rather static, you don't end up consuming large amounts of disk real estate using this approach. If you think of sequential snapshots as occupying specific sections of a main branch on a tree, when you hop back to a prior snapshot and make it current, it's roughly equivalent to creating a small twig off that larger supporting branch. Depending upon what you do, that small twig may remain small or may grow to a size similar to the main trunk.

The problem is, if you end up performing any filesystem manipulations outside of the environment, they end up effectively corrupting the filesystem. Whether that's system critical depends upon precisely what is altered. For example, this is why defrag operations from third party products can be very problematic. Other operations that would be problematic, as illustrated above, would be using any CD based boot environment or a bootable CD-based AV rescue/scan disk. Stay within the environment, and you're fine aside from hardware failure. This is the same as with the native filesystem, although there is likely a difference in the extent of information ultimately recoverable from a HDD failure.

Basically, one trades raw speed against inherent stability. It's a trade that many folks are apparently fine with. Personally, it's a trade that I wouldn't make given the other approaches available.

Blue

 

Thank you for this, I am much clearer on how Rx works now. The tree branch, twig description was an excellent choice.

 

The one qualifier I'd make, I used the product very briefly (not my style), so the description is primarily my inference from reading the documentation, supporting information that's out there, and some reasonable extrapolation. If any refinement or correction is required, anyone should feel free to chime in.

Blue

 

Understood, but it sounds very reasonable and its a much better interpretation/description than what my understanding of the product was.

Thanks again.

 

Some reasons that this niche exists given the existence of rollback software:
a) Internet cafe-type usage needs rollback only to a baseline, not to multiple states
b) until recently there was no free rollback program available
c) uses no permanent additional hard disk space (at least for Returnil), unlike rollback software snapshots
d) there is no management necessary whatsoever for the end user - i.e. no snapshot management
e) avoid increased backup size that's involved in making an image of a partition using rollback software
f) avoid problems with programs that manipulate sectors that the filesystem believes aren't in use by any file but are actually being used by the rollback software
g) avoid the system trashing that some report with some rollback programs

 

Clearly there are a number of good reason for the niche, thanks for the explanation,,,,much appreciated.