Returnil and FDISR

Discussion in 'FirstDefense-ISR Forum' started by Longboard, Dec 15, 2007.

Thread Status:
Not open for further replies.
  1. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    HAs anyone used Returnil installed into an FDISR snapshot other than Primary snapshot.

    Can returnil be installed into different snapshots and function as intended ?
    Howmuch space does a returnil protected partition use?
    How safe is the returnil protected partition: from destruction and in terms of isolation?

    The reason for asking is that:
    1: Returnil is looking like a seriously good tool.
    https://www.wilderssecurity.com/showthread.php?t=194607
    2: The 'freeze' in FDISR while an excellent option is not 'virtual' and therefore uses space +++.
    3:i have a snapshot I use for testing stuff and deep browsing which has 'adjustable' protection and is frozen. We are aware that this may not be ideal.
    Returnil may be an option to protect that snapshot.

    Any opinions/experience?
    REgards
     
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Returnil is a simple boot-to-restore solution without any further possibilities.
    So Returnil alone is a step back as long FDISR is there.

    Returnil as boot-to-restore solution is better than a frozen snapshot, because Returnil protects itself better than FDISR. If they had given FDISR the same kind of protection, Returnil wouldn't be better.

    When I combine FDISR and Returnil, the booting between snapshots doesn't work properly anymore. In practice this means I have to wait for the F1-key during each reboot to another snapshot. An inconvenience that occurs more than once EVERY day and just because there are some destructive malwares out there, that corrupt FDISR, something that never happened until now. So what is the advantage of using Returnil ? I restore my system partition in 10 minuts, when that EVER happens and it never happened since I use computers. So what's the point ?

    Why is Returnil so popular ? It's freeware and that is the only reason.
    When PowerShadow was introduced, suddenly lots of users, discovered the advantages of a boot-to-restore software, because it was freeware. PowerShadow isn't freeware anymore, so Returnil became #1. Returnil is getting better and better, one day you will have to pay for it, just like Sandboxie. ShadowSurfer was freeware for a short period and suddenly everybody was talking about it and using it. History repeats itself.
    I don't use softwares because they are freeware. :)
     
    Last edited: Dec 16, 2007
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    you dont think that developers of products that actually work, shouldnt at some point be rewarded for their efforts. Sandboxie and Returnil are both still free and paid versions.

    Or my friend, as some might say, "Thats life.":D
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Did I ever say, that developers don't deserve a reward for their efforts ? I don't read that line in my post.
     
  5. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    That's a rather insulting generalization to the developers of Returnil Erik. Whilst I would agree it's popularity has been helped a great deal by having a free version, I think it requires a little more than that to make it popular. If it shat all over your system, I doubt it would be very popular, free or not.

    For my software choices, I simply ask "Do I need a product like this?" If the answer is yes, I compare what's on offer in the category and then I use whatever suits my needs best, paid for, or free. If it happens to be free all the better, but if the best product for my needs is paid for then so be it.

    To the OP
    Yes it can be installed in different snaps, Returnil will function as intended, but FD-ISR has a slight glitch in that you cannot use the "Boot to snapshot" command, as the instruction will be deleted during the shutdown / reboot process and you will reboot into the same snap, the work around for this is to use the F1 key during a normal reboot and select the snap you want from the menu.
    Not sure I understand what you are asking here, Returnil is simply a program installed into an OS, it doesn't create a partition, (leastways not for protection) so a Returnil protected partition is whatever size it was before install plus a couple of MB
    Seems fairly safe to me, though someone like Peter would be better answering that one since he has a knack for working out how to destroy things like this :D
     
    Last edited: Dec 16, 2007
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The question is here : "Does it make a difference for a malware to do its evil job (= execution), if it is in real or virtual environment ?"
    If a malware is planning to steal your private info, can it still do this, even when it is in a sandbox or virtual environment ? I never got a clear answer to that question, just guesses and opinions. What about keyloggers ?
    My assumption is that none of these software prevent the execution of malware.
    The isolated or virtual environment can only limit the damage in some cases.
     
    Last edited: Dec 16, 2007
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048

    ROFL. Depends on what you mean. Overall, I think returnil's protection is excellent. To me the biggest weakness is just protecting the system partition.
     
  8. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    If your sandboxie is configured properly then no malware in the box should be able to read any personal data on ur PC. This will of course not stop it from reading what you are typing during this session in sandboxie. However, and like you my understanding of these things is not all it could be, but, in order to read and send what you are typing I presume it must execute and this should be picked up by something like SSM or AE. Also it may need to establish it's own connection to the internet (not sure if it can ride on an existing one) and a software firewall monitoring outgoing should see this.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Sandboxie protects your personal data, NOT by stopping the execution of malware, it does that by locking your data partition or data folders.
     
  10. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    Thought that's what I said, not to worry.
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's not the point. My assumption was that none of these softwares stop the execution of malware.
     
  12. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    That's quite correct, they do not, since that is not their job, just like fd-isr will not stop them, and AE will not image your system. It's all about selecting the right tools for the right job
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That is the reason, why I don't combine FDISR with Returnil, my frozen snapshot = Returnil.
    Returnil's frozen mode is even less than FDISR's frozen mode, because Returnil has no "Freeze Previous" function. I'm not going to use Returnil to win 20 seconds in my reboot.
     
  14. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    Quite right too! It always amuses me to see people fussing over a few seconds like they were Grand Prix race drivers worried about a lap time.
     
  15. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi Longboard,
    The thread seems to have taken a detour off of the main questions:

    Yes, RVS can be installed and it will work well when the snapshot is restored.

    Can you be a bit more descriptive or expand on this question a little for clarity? Is this just the space that RVS itself takes up in the snapshot? If yes, you will have to look at different scenarios depending on what caching method you use and whether you have a VP or not.

    This question requires clarification please...

    Mike
     
  16. Leapfrog Software

    Leapfrog Software Leapfrog Management

    Joined:
    Jan 25, 2006
    Posts:
    251
    Location:
    Northern Nevada, USA
    Greetings Longboard,

    I have tested ISR with Returnil and it does work quite nice. You can install Returnil in more than one snapshot. To boot to alternate ISR snapshots you must use the F1 pre-OS menu.

    Due to the nature of their technology of cluster redirection, "freeze" products like Returnil, DeepFreeze, etc, will void the ISR "boot to" command when performed at the GUI level.

    Of course, the fact that Returnil has a free version makes it even better :) I did try the new 2008 version and being able to select the cluster cache in memory vs. disk is nice.

    The difference between the ISR "Freeze" and Returnil is that ISR does not need to monitor or capture I/O in the bacground. This of course, is at the expense of disk space, which ISR "Freeze" will need plenty of. Returnil and like products require the disk space of what clusters have changed, at the expense of a performance hit on your system. Since ISR is compatable with these applications you get to choose which fits the bill the best for your system.

    I hope this helps.
     
    Last edited: Dec 18, 2007
  17. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    @Todd & Coldmoon
    Thankyou
    Lbd
     
  18. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Did you see any "Freeze Previous", while testing Returnil ? I didn't. DeepFreeze doesn't have that function either.
    Returnil/DeepFreeze is not a full replacement for a frozen snapshot, that's why I keep using my freeze storage. The F1-key is not a problem, but an inconvenience, because you have to wait for it.
    Space is not a software problem, that's a hardware problem. I have space enough for my freeze storage.
     
  19. Leapfrog Software

    Leapfrog Software Leapfrog Management

    Joined:
    Jan 25, 2006
    Posts:
    251
    Location:
    Northern Nevada, USA
    Hey Erik,

    btw: Have you seen that you can redirect the "Freeze Storage" area. Find it in the GUI under Tools, Options, Freeze Storage.

    The "Freeze Storage" area is simply an archive. If you have two drives, you can store the "Freeze Storage" archive on that secondary drive (just make sure the drive is always available during a system boot).

    If the system drive craters (I guess I should say "When"), you now have an archive of your system safely on the secondary drive. This can also speed up the boot process during normal operation since snapshot rebuilding is across multiple hard drives instead of intra-disk transfers.
     
  20. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I use FDISR, since March 2006 and I'm one of the few members, who uses a frozen snapshot for more than 6 months. Of course I know this.
    Most users ditched a frozen snapshot for two reason : extra space and slower speed, just because they have an older computer. Hardware is the problem here, not FDISR.

    Although the manual of FDISR says clearly, that you can only boot in a snapshot and not in an archive, I can boot in any existing archive, if I use a frozen snapshot.
    I only have to change "Freeze" under Tools/Options into an existing archive as freeze storage and then I can boot directly in that archive.
     
    Last edited: Dec 18, 2007
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Hello Todd

    And i must say it's a welcome relief to find your posts & replies. FYI. FD-ISR of the version your company distributed via Raxco continues to not only work like a charm, but is nearly on the order of a Miracle soft that is proven itself quite STRONG! in overtaking several challenges i've recently encountered.

    In fact, FD-ISR is come to rescue in situations where most would scramble to restore an image. This is the Best of the Best in ISR Technology and my sincere thanks for all the efforts put into it's development in the past as well as your own generosity in weighing in on various issues users have occasionally run across from time to time.

    Whatever it was that you guys done to make this app a real Jewell speaks for a lot of credit in your favor & to excellent intelligence and ingenuity, a relentless interest that is proven to far surpass the ordinary expectations most of us have always been left to deal with.

    FD-ISR is definitely bucked the trend in a big way and went far above and beyond.

    BTW, i use Returnil myself in snapshots with zero issue. Quiet as a mouse, nothing even remotely of any concern when teaming Returnil with FD-ISR.

    Many times over i could ill afford to suffer data corruptions, whether it was from personal mistakes, sourly coded programs, as well as malware researching, and thanks to the archive feature implimented, FD-ISR repeatedly has reconstructed 100% intact every single mishap of that nature with flying colors. It just doesn't get any better then having a perfect fail-safe data/system preservation machine that FD-ISR truly is!

    EASTER
     
    Last edited: Dec 20, 2007
  22. Leapfrog Software

    Leapfrog Software Leapfrog Management

    Joined:
    Jan 25, 2006
    Posts:
    251
    Location:
    Northern Nevada, USA
    Greetings EASTER,

    Wow, these are very nice comments. It is always appreciated when folks tell us these things. It really keeps us going! I always pass these on to the team. We will all have a beer in your name tonight.
     
  23. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Just to add to EASTER's comment. I've recently been playing with Safe Space and it also runs nicely with fd-isr. I haven't had a problem yet with it. It's probably overkill having two such softwares on board, but now have Safe Space free in my primary snapshot. Should it ever begin causing any sort of conflict that I can attribute to it, it will be gone via secondary snapshot and delete the first snapshot.

    Only last night fd-isr saved me from a mess when I was trying out some type of virtual software in an attempt to play with one of my Linux live CD's. My entire computer locked up tight and, after a momentary panic (with a prayer or two) I rebooted. Everything back to normal and offending software gone.

    FD-ISR is without doubt one of the finest pieces of software I've ever installed on this computer. I only wish I'd installed it when I first purchased it over a year ago (V 1.10.173, I think). Still can't remember why I put it aside and forgot about it.
     
  24. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If FDISR would have been a combination of Image Backup and Immediate System Recovery, it would have been more attractive for average users.

    Users are more interested in Image Backup, because that is a must have and that's why they buy it.
    In case of FDISR they would have ISR as an extra addition to Image Backup and that part of ISR was already very good and reliable.
    The users already know that you can't depend on ISR alone, you still need your Image Backup.
    If FDISR had Image Backup, it would have been a more commercial success, because users would have bought it as an Image Backup in the first place and ISR would have been used later as the next step.

    If I would be a Returnil-user without FDISR, I would need my Image Backup alot more than with FDISR, because I can't do with Returnil what I can do with FDISR. The time you win with Returnil (faster reboot), you will lose many times over with Image Backup/Restore.
     
  25. ahriman

    ahriman Registered Member

    Joined:
    Sep 18, 2007
    Posts:
    124
    Todd
    Thanks for replying on the board! FD-ISR is just wonderful. :thumb: Thanks to you and your team. And please let us know when you have a new program out. I know I'll want it (hope it will run on one of my OSs -- XP Pro x86 or Vista x64). I'll even consider a different OS!
     
Thread Status:
Not open for further replies.