Purpose of Access Real Disk

Discussion in 'General Returnil discussions' started by cyberdiva, Feb 7, 2010.

Thread Status:
Not open for further replies.
  1. cyberdiva

    cyberdiva Registered Member

    Joined:
    May 30, 2007
    Posts:
    71
    I'm puzzled by the feature Access Real Disk. I know that I can make changes to any file on my real computer and then save the changed file in my Virtual Disk. And I know that in File Manager I can specify files that I can work on and save directly to my real computer even though Returnil's System Safe is on. So what is the point of the Access Real Disk feature? What does it enable me to do that I can't do using the Virtual Disk or the File Manager? I did try to use Access Real Disk and was somewhat puzzled by the fact that it seemed to suggest that the contents of my entire real computer were found as well in some Virtual System partition. When I tried to copy a file from my real computer to the virtual partition, I was told that the file already exists there, and did I want to overwrite it. I then changed file A on my real computer and used Access Real Disk to copy the changed file, overwriting file A on my virtual partition. But what does that mean or accomplish?

    Before posting this message, I tried to search for information about this feature, and I also looked at the Returnil User's Manual. I found nothing in my search, and the User's Manual discussion answered none of my questions.
    I'd love to know what this feature accomplishes that can't be accomplished by Returnil's other Tools.

    Thanks in advance.
     
  2. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    It enables you to compare the contents of the real file system with the virtual file system to see what changes have been made within the virtual file system since System Safe was enabled.
     
  3. cyberdiva

    cyberdiva Registered Member

    Joined:
    May 30, 2007
    Posts:
    71
    Thanks, pegr, for your prompt response. I'm still somewhat confused, however. Why would there be any changes within the virtual file system? Would this indicate the presence of malware on the virtual system? Could anything else cause there to be a change between the real file system and the virtual one?

    Also, the User's Guide says in its description of Access Real Disk: "Access Real Disk is a powerful tool that allows you to access and make changes to the real system while using the System Safe protection feature. You can move files from the Virtual System to the Real System or vice-versa." I have no idea how Access Real Disk allows me to access and make changes to the real system, though the feature's name implies that it can. I'm trying to understand both how the feature can do what the User's Manual says and how that description relates to what you said in your response. I'd be most grateful if you could shed some light on these points.

    Thanks in advance for your help and your patience.
     
  4. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    The virtual file system is only a reflection of the physical file system and will therefore change for the same reason that the physical file system changes when you are not using RVS to virtualise it. Windows itself is constantly active and logging background activity. All changes to the registry are getting logged to the file system. Your browser is storing images on the hard disk as you surf the web. Your mail client is downloading emails. Your antivirus is regularly downloading updated definitions. Windows and other programs running in the background may be checking for and applying automatic updates, etc, etc.

    If it weren't for the fact that this continual activity is getting logged on the file system, all changes to the system would be lost at reboot. All of this is perfectly normal and is in no way in itself indicative of the presence of malware. If it weren't for the fact that the physical file system is constantly changing, you wouldn't need RVS at all. The whole point of RVS is to virtualise the changes to the file system while System Safe is enabled in order to enable the machine to be restored to a known state on reboot, discarding all changes or selectively keeping changes as required.

    When you enable System Safe, your physical file system on the system partition is effectively frozen at that point in time. All further changes take place within the virtual file system until you reboot at which point all changes that have taken place within the virtual file system are lost except for those that you have explicitly opted to keep.

    What Access Real Disk does is to enable you to compare the file system as it was when System Safe was enabled (the real file system) with the state of the file system as it is now (the virtual file system). Why would you want to do this? Well, there are several reasons. First, you might be using RVS to install and test a program that doesn't require a reboot. By comparing the two versions of the file system, you can see all of the changes that the program install made within the virtual file system. It also provides you with another way of making changes to the virtual file system permanent as you can commit files displayed within the virtual file system to the real file system. Or you might want to go the other way. Suppose you have accidentally deleted a file from the virtual system partition while System Safe was enabled. The deletion is only temporary as it will be restored on reboot but this might be inconvenient as you don't want to reboot now if you are in the middle of other work. Using Access Real Disk, you can copy the file back from the real file system into the virtual file system and carry on working.

    One way to think about Access Real Disk is to regard is as a flexible way of being able to synchronise the real file system with the virtual file system in both directions while System Safe is enabled without having to reboot. Using Access Real Disk, you can make selected changes within the virtual file system permanent by committing files to the real file system. You can also selectively undo changes within the virtual file system by restoring the original version of files from the real file system back into the virtual file system, overwriting any changed version that may exist within the virtual file system.

    Hope this explains it. If I've missed anything or got anything wrong, I'm sure Coldmoon will be along to provide the necessary correction. :)

    Regards
     
    Last edited: Feb 8, 2010
  5. cyberdiva

    cyberdiva Registered Member

    Joined:
    May 30, 2007
    Posts:
    71
    Thank you VERY much, pegr, for your extremely clear and helpful explanation! I now feel I understand the feature and see how useful it can be.

    I hate to take advantage of your expertise and good nature, but what you said raises one more question that perhaps you or someone else can answer. Since, as I knew, the computer is constantly making changes--logging changes to the registry, downloading email, downloading updates, etc.--if someone has System Safe on all or most of the time, how can he or she save these changes on the real partition (as opposed to the virtual one) except by painstakingly going through all the likely files in Access Real Disk's virtual partition listing and moving many of them over to the real partition? I know that a number of people have System Safe set to be active at Windows start-up until they log off. How is that practical, with so much activity going on? Does the user have to identify the very many files that are likely to change and list them in File Explorer, and then slowly and carefully go through Access Real Disk to see what's been missed? This seems immensely time-consuming. Is there a better way?

    Many thanks once again. :thumb:
     
  6. philby

    philby Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    940
    Hello again cyberdiva

    As pegr says, the Access Real Disk function can be used for some very specific tasks.

    More generally, and forgetting about ARD for the moment, part of the point of RVS is that you can avoid saving any changes to your real system partition.

    For example, I have System Safe always on. The only time I turn it off (for 20minutes or so) is to install selected Windows Updates and to update/tweak other software.

    Of course, I need to save certain things as I work, so these are saved to a partition other than the system partition.

    For example, I have moved Outlook's PST file, IE's Favourites and WMP's library to my data partition.

    That way, only the changes I want to keep persist after a reboot and system related changes are made as and when required with System Safe temporarily off.

    Hope this clarifies things a little and that I haven't missed what exactly you're asking about.

    philby
     
  7. cyberdiva

    cyberdiva Registered Member

    Joined:
    May 30, 2007
    Posts:
    71
    Thanks very much, philby, for your prompt and helpful response. Yes, your explanation answers my questions very well. I guess one reason I didn't think of your solution is that I don't have a second partition on my current computer. Such a partition, set up appropriately, would clearly make it easier to keep Returnil on all the time.

    Again, many thanks.
     
  8. philby

    philby Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    940
    You might be able to shrink your system partition and then create a new one for data.

    You would then protect the system partition with RVS and save to the data one.

    If you run compmgmt.msc and click on disk management, you should see your disk/partition arrangement. Right-click on your system partition and select "Shrink Volume". Don't worry, Windows will not shrink it, it will just tell you how much you can shrink the volume by.

    Incidentally, you might get a higher shrink figure if you defrag the drive first.

    You can then decide whether or not you want to go ahead and shrink (allowing room for Windows Updates, new programs etc) and subsequently create a new partition for your data from the newly released free space.

    philby
     
  9. cyberdiva

    cyberdiva Registered Member

    Joined:
    May 30, 2007
    Posts:
    71
    Hi, philby. Thanks very much for the followup message. I really appreciate your suggestion and plan to save it for future reference. For now, though, I think I will not keep Returnil on all the time. I've had very good success so far with my other security programs (McAfee antivirus, Outpost Pro firewall, Malwarebytes Anti-Malware Pro, and WinPatrol PLUS), and so I don't feel the need right now to have Returnil do around-the-clock protection. I've been using it more for situations where I feel I need a bit of extra insurance--going to websites I don't trust, installing and running programs I'm not all that familiar with, etc. I think I'll continue to use it that way, at least for now. I've found that the Virtual Disk and the File Manager give me the flexibility I need to save the changes I want. To move to around-the-clock use of Returnil would require me not only to make a new partition and rearrange a lot of program locations (in WinXP) but also to change the way I work. I guess I don't feel the need to do all that right now. But I very much appreciate your suggestions and instructions, and you've also helped me see that it is possible and reasonable to keep Returnil on all the time.
     
  10. philby

    philby Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    940
    Understood :)

    You might also want to take a look at 'Sandboxie' if you're on 32 bit Windows (there are limitations to running SB on 64 bit).

    You can mess around all you want within the sandbox and then just delete it - a little like RVS but at application rather than system level.

    I used to use a whole host of security apps until I found SB, RVS and Virtual Box.

    All the best

    philby
     
    Last edited: Feb 8, 2010
  11. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I agree with philby that you could also consider Sandboxie for additional browser protection. Even though the 64-bit version of Sandboxie isn't quite as secure as the 32-bit version, it is unlikely to matter if you combine it with RVS, and Sandboxie does have a couple of additional advantages: -

    1. With Sandboxie, you can lose all changes to the file system and registry simply by emptying the sandbox; no need for a reboot as with RVS.

    2. In addition to application virtualisation, Sandboxie has flexible policy restriction management features which make it worth considering as an additional layer. For example, you can configure Sandboxie to prevent read access to sensitive folders such as My Documents. There is no valid reason for the browser to have access to personal data and this should be prevented in order to avoid the risk of data theft when using the Internet. Although you can do this to a degree using the File Protection feature within RVS, Sandboxie is more flexible as it allows you to configure file protection on a per application basis for programs running in the sandbox.

    Regards
     
  12. cyberdiva

    cyberdiva Registered Member

    Joined:
    May 30, 2007
    Posts:
    71
    Thanks very much, philby and pegr, for the helpful information about Sandboxie. I had heard other people speak highly of it, and so when it was offered on Bits du Jour some time ago at half price, I took advantage of the offer. However, it has simply sat on my computer ever since. :oops: I keep meaning to try it out, but I still haven't done so. Perhaps your messages will give me the push I need.

    Again, many thanks for this and other very helpful messages from both of you!
     
  13. philby

    philby Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    940
    A good place to start.

    Then, when you're au fait with the program, have a look here.

    philby
     
Thread Status:
Not open for further replies.