Returnil as a virtual machine?

Discussion in 'General Returnil discussions' started by Noob, Nov 27, 2009.

Thread Status:
Not open for further replies.
  1. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Just a question, can Returnil be used as a completely safe virtual machine?
    :D I mean things like test programs, download random files (Not viruses :p) and then when you restart, everything i mean EVERYTHING (all files, registries etc.) are back to normal? :D
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Welcome on Wilders,

    That question needs some explanation. There are several types of virtualisation.

    Application virtualisation
    A program (like your browser) is seperated from the rest. All changes made by this program can be cleared (un do) when you clear the sandbox. Programs like Sandboxie and SafeSpace provide this type of protection.

    Advantage: use on a per case basis (user advantage)
    Disadvantage: complex interfaces for the program itself (is only a disadvantage to the developer of the program, not the user)


    File system/disk virtualisation
    This will protect your harddisk or a part of it (known as a partition), by making all changes in a copy (sandbox or shadow) of your harddisk disk(sometimes in RAM, mostly in a hidden disk area). After a re-boot all the changes to your harddisk are thrown away. Programs like this are Returnil and Shadow defender. Most offer the option to exclude some directories and files.

    Advantage: easy interface (that is why these programs are available on x64 operating systems) for the devloper.
    Disadvantage: Although you allow directories to commit changes to the harddisk while in 'shadow' mode, Windows programs also save changes to your registry. When you re-boot, you loose the registry changes. This may cause unexpected results. In practise this is a non-issue as long as you are aware of this.

    Hardware virtualisation
    These type of programs, virtualise your complete PC. Examples are Virtual Machine and Virtual box programs.

    Advantage
    The best option wqhen you are testing new software or playing with malware.

    Disadvantage
    In the virtualised machine you need to install a second Operating System. So you may need an extra lisence. Another issue is that some malware is aware it is in virtual machine and stays dormant until released on the real system.


    Your question
    NO returnil is not a virtual machine type of program, but YES you can use it the way you asked. The free version works also on x64 and has a F-protect virus engine as a bonus. The free version does not allow to save files to the real system. But for the usage you outline it works well. A friend of mine has an x64 machine on which he uses Returnil home free. He calls it secure porn mode. Since he uses Returnil he has not been infected any more (he used to be every two to three months). He has the Returnil/F-protect anti virus set to maximum. When the heuristics engine finds something suspicious (nearly all packers used in malware), he just checks it with the x64 free version of Hitman Pro. And he has UAC on to max.

    Regards Kees
     
  3. jonyjoe81

    jonyjoe81 Registered Member

    Joined:
    May 1, 2007
    Posts:
    829
    The answer is Yes. That's what I use it for. As long as the program you want to test doesn't require a reboot, it will work.

    Anytime I surf the internet I always engage returnil, it is my last line of defense. Any virus/malware that slips through the firewall/antivirus wont defeat returnil. If malware changes the registry it's no big deal, when you reboot it's gone. Any changes you make to the registry/delete system files etc won't be permanent.

    In 2 years I've use this program, it has been completely safe. Nothing has ever survived the reboot. Doesn't get any more safe than that.
     
  4. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Been trying it these days, awesome program, excellent!!
    :D

    Really like it, the only bad thing is i can't test things which requires reboot :rolleyes:
     
  5. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    Last edited: Nov 30, 2009
Thread Status:
Not open for further replies.