Returnil - Keeping Good Changes

Discussion in 'sandboxing & virtualization' started by ErikAlbert, Jun 21, 2007.

Thread Status:
Not open for further replies.
  1. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I have three partitions now :
    1. System Partition[C:] = Windows + FDISR + Returnil + Applications, but NO data.
    2. Data Partition[D:] = folders and personal data.
    3. Returnil[Z:]
    I know that Returnil has no influence on my data partition [D:] and any change is allowed and retained.

    Straight from the manual (Help) of Returnil :
    Is Virtual Drive = Virtual Partition ? If true, I suggest you change it in "Virtual Partition". It's confusing, when
    you start using different expressions for the same thing.

    I have the impression, that I do NOT need a Virtual Partition, because
    1. it seems to me, that Virtual Partition = folder "My Documents" AND
    2. my data is stored on another partition.
    Am I right about this ?

    Suppose I would have my data on my system partition [C:] like most users.
    1. When System Protection = ON, I have to store all my new data in the Virtual Partition, because I can't store it in the folder "My Documents" (including subfolders), otherwise I would lose it during the next reboot.
    2. To get the new data in the folder "My Documents", am I supposed to move it from Virtual Partition to the real folder "My Documents", while System Protection = OFF ?
    3. Or do I have to use my Virtual Partition as a replacement for the folder "My Documents" and not use the folder "My Documents" anymore.
    What does Returnil expect from users how to store their data ?

    Suppose I want to change a setting in a software on my system partition[C:]
    1. Turn System Protection OFF
    2. Change the setting
    3. Turn System Protection ON.
    Is that the only way to do it ?

    The manual doesn't say anything about this and frankly, I didn't learn anything from the manual, because everything is well explained on the screens of Returnil already.
    The manual is just a repetition of what is said on the screens and what users really need to know is NOT explained : how to keep the GOOD changes. :)
     
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi Erik,
    Yes you are correct and its noted for a future update to the manual

    Yes, you do not need to use a VP with RVS. Most of our Asian users have a similar configuration. The VP was added as a convenience for those who may be partition deficient as it were...

    The short answer here is "however they deem is best for them". A longer answer would be that you do not have to save your data within the VP to use RVS, but if you want to save data while the protection is ON, you need to choose an available alternate partition, whether this be D:\[DATA], external drive, or the VP is best determined by the user.

    No, but is one way to accomplish your goal. The best way is to alter your application default preference save directories to your D:\[DATA] drive. This also includes AV/AS/AM/etc signature updates.
     
  3. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    Hi Erik.

    I've given 199Mb to the VP because I think that it could come in handy in the future for storing sensitive information.

    If I understand correctly, the VP can be both password protected and hidden and might prove to be an ideal hiding place for vital data items.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    Yes, indirectly. You do have to password protect the GUI, but you also have to be sure you uncheck the mount partition at windows boot, other wise it will be there for the world to see.

    Pete
     
  5. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I'm one of the unfortunate souls who has yet to create a data partition. Could someone please clarify these questions, especially 2). Thanks
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    OK. Creating a VP and make it password-protected is the EASY part of Returnil. That's not the problem.
    System Protection = ON is supposed to protect your SYSTEM partition, but you need to edit and add new data also and most people have EVERYTHING on one harddisk and one partition [C:].
    Each time you turn OFF System Protection your system+data partition is not protected anymore, while your computer is on-line.
    If you don't consider this as a problem, then Returnil is good for you.

    Personally, I think you have to keep all your data in the Virtual Partition to make it EASY. Any other solution will be more complicated, unless you store your data on a separate partition, but many users don't want this or don't have the knowledge to do this.
    That's why Returnil has a Virtual Partition for the less-knowledgeable users.
    BUT believe me, separating your data files from system files, isn't always easy and can be a problem too.
    No wonder that the Returnil manual doesn't talk about this. :)
     
  7. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    I have made a shortcut on desktop to to my D partition then dragged it to the "SendTo" folder in username - documents and settings.

    Now a right click - "Send To" will save save what I want to my save partition.

    Maybe Returnil could add a right click - Send To - Save Partition on install?
     
  8. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hello Erik,
    This is not the reason that we did not include a detailed discussion on how to save data to an alternate partition. There are many applications that will assist you in creating a new partition and also there is extensive information at Microsoft that would be better than any summary we could offer in a simple user's manual.

    For example:
    http://www.microsoft.com/resources/...docs/en-us/dm_create_partitions.mspx?mfr=true

    This is straight from the XP Pro documentation. Though it may be beyond some users, it is not that complicated a thing to do.

    Mike
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    I don't see this as that big a deal. For the most part I would leave protection off. Then when I go on line I would turn it on. If I download something I want to keep, then it goes to the VP or my other disk. Then reboot, and go back to work normally.

    Another example I see for the use of a returnil program. On my main business machine Returnil would normally be off. Then an email comes on from a client with an unusual attachment. It could be good or it might be bad. So I would turn on session lock, and then save the attachment, and see what it is. If it is good, I could stick it in the VP, but in either case I just reboot. Then if attachment is good I resave, but if bad, just delete the email.

    These are the kinds of use I see for Returnil.

    Pete
     
  10. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    I will certainly point this out to the devs and get thier feedback on it.
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Returnil has certainly its own advantages :
    1. RVS = my frozen snapshot. RVS is faster, but both are hard to keep them clean.
    2. VP = my data partition and what VP has more can be accomplished in another way.
    I can replace my frozen on-line snapshot with a "normal snapshot + RVS" and I can do the same for my off-line snapshot to clean it up. Rather this, than a "normal snapshot + powershadow " :rolleyes:

    I have at least more frozen snapshots and a faster boot-to-restore solution, but I'm waiting for something stronger than all these boot-to-restore softwares. :)
     
  12. EASTER.2010

    EASTER.2010 Guest

    How about a no boot-to-restore solution? As in immediate restore (click) to some arbitrary periodic frozen system/data states of your choosing.

    Now this is one that i'm waiting on programmers to sink their teeth into. :D
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    It would be an improvement, if a reboot was NOT required to restore a system partition, but it would be even better if a possible change was restored immediately, so that infections don't even have a chance to execute themselves. A kind of real-time protection, based on a whitelist of all objects on your system partition, that acts immediately if an infection tries to change it.
    Boot-to-restore is too late, but we are dreaming of a software, that doesn't exist yet. :D
     
  14. EASTER.2010

    EASTER.2010 Guest

    I know Erik.
    But that technology HAS to be available to someone or group someplace given all of the wonders that are rapidly surfacing this year alone (2007).

    Always having to reboot which i assume is due to $M's nearsighted engineers kind of reminds me if everytime we came to a stop light or sign and turned the key to shut down the motor, then turned it back on again. What a frustration that would be. Well, that's exactly how i feel with Windows. There HAS to be another way to flush memory without turning off the switch each and every time just to update files, clear memory, attach to registry etc.

    With virtualization or even some type of resident imaging/rollback app, wouldn't it be great to simply click to switch back say 10 minutes ago or even 3 hours and such on-the-fly as they say. Then easily dispose of the system/data state that we determined wasn't to our expectations (bad software) or infested by some file intruder.

    I'm still of the mind this method of that type of Computer Science is available somewhere and to heck with all these restarts. A vehicles starter can wear out over time from all those rotations and i can't help but feel the same is true of our equipment.

    Sorry if i veered a bit off topic. Virtualization is really innovative IMO and always looking to throw out in the open some new ideas for developers to chew on. :D
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    I dream with the rest of you, but not holding my breath. It apparently hasn't been all that easy to lock the system just to be able to copy out system files. Here we are talking about replacing system files while the system is in use, and have the system start using them without a reboot.

    With drivers running at the kernel level, I wouldn't expect that be very easy to accomplish.
     
  16. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi Easter and Pete,
    This is one of our goals, trust me. It just isn't as easy as intuition thinks it should be. We will get there, it just needs some more time...

    Mike
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Anti-Executable does this already. It stops any unauthorized executable object immediately. Why not for all system objects ?
    The rule is simple : what doesn't belong in the system partition, isn't allowed.
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    We aren't talking about stopping execution, to turn off protection on the fly, might require replacing a system file, while the system is in use. Not a simple issue at all, and totally different.
     
  19. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    Thanks for that, Peter.
     
  20. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~

    Hi Erik, your posts are generally thought provoking, though as a novice user, some of the issues you raise go over my head but I do admire your 'Devil's Advocate' stance.

    'Most people have EVERYTHING on one harddisk and one partition [C:]' as you say but, judging from your posts, this situation does not apply to either of us.

    Why worry about it then? say I. Celebrate the advantages, I say, and don't spare the enthusiasm! When an appliance works as well as RVS it deserves recognition. But there again, that's my cultural background, I come from a people who have a standing army of 20,000 poets, so forgive me if I should wax so lyrically.

    Though I do appreciate the value of your memos in pointing out the deficits and inconveniances of using various appliances in the computing realm, and their strengths, for my own part, I focus on the positives.

    My attitude may be one of the feckless, devil may care Celt but I can see the benefit of a VP and RVS makes it easy for the average user to create one.

    What I am saying is that this special partition, the VP, given it's stealth capacity may prove to be a convenient and secure place to store vital information and that's just another plus in my book in engaging with RVS but the main payoff for me remains the superb protection and the comparative stability of this well thoughtout program.

    So, I was just making an observation, in passing as it were, and enumerating a further possible modus operandi for the virtual partition.

    I may be mistaken in thinking this, the VP may not be as secure as I imagine, I am a novice user after all, and further experience may prove me wrong and expose my naivety, but even if this is so, it won't change my admiration of this tremenduous piece of software.

    I'm well aware that nothing in life is perfect but this neither deters me nor dismays me; I focus on the bright side and while I am not blind to the limitations of particular appliances, thanks in part to my own powers of reasoning and largely, due to the constructive and thoughtful criticism of the intelligent people here in Wilders, I prefer to dwell on the incontestable advantages of using an application like this, for me the glass is half-full. Let me rephrase that, the cup overflows thanks to this cornucopia of good things, this fruition of excellence, the wonder of this marriage of function and simplicity.

    Speaking as a relatively inexperienced user, RVS far out performs PS to my way of thinking. I know that I am one of the few people for whom PS did not work as it was supposed to work and far more knowlegable persons than I are effusive in their acclamation of PowerShadow. Mind you, I was very careful to disable anything that might mitigate the effectiveness of PS when I installed it for the very last time; it still didn't work. RVS does! For me the nub of the matter is that PS caused more problems than anything else, the most serious being, threatened HD failure. This potentially fatal breakdown in protection which I experienced with PS, revealed itself very quickly indeed. This is why I was so reluctant in trying out another virtualisation program; a previous version of RVS is still sitting on my D-drive, unused and redundant now thanks to 1.6.2.4107.

    I am so relieved to have this program on my computer and so thankful for the way it works, it's stabilitry and the unrivalled insurance that it affords not to mention the generosity of those who have made it available to us; I'm so enamoured of this utility that you will forgive me if I fail to see the downside. My attitude is there are ways around those and I'll discover them as I go along.

    Thank you once again for your many quality posts, and bear with my long rambling missive.

    Bedankt! ;)

    Best wishes, Erik.

    Have a great weekend and don't neglect that tasty Belgian beer.
     
    Last edited: Jun 22, 2007
  21. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Hi, could someone give me an answer to my mis-stated question that I asked in my #5 post. I would like to add a little more background information. My C: drive has everything on it. My D: is a small 3GB restore partition that came with my computer from e-machines. I'm not sure I need it as I made restore cd's long ago. My D: also has some type of PCAngel protection, so eliminating it may be complicated. I would like to make a data partition, but I'm not sure I'm up to it.

    Can I transfer data from the VP to my C: drive? If so, how is this possible? Would it be as easy for me to create another partition with paragon just to save my data on, and then transfer files I want to keep from it (the newly created 'temp' data drive) to my C: drive when protection is off? All suggestions are welcomed.

    Also, what is the easiest way to create and use a data only partition that is so highly recommended? Are there any good programs and tutorials to assist in this? I will also check out Coldmoons, MS link.

    Thanks, innerpeace
     
  22. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~

    Ahhh...mystery solved! I've discovered why PS didn't work for me. No reflection on PowerShadow; I'm using a Sata drive! :oops:
     
  23. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    innerpeace,
    I did some searching here in the forums and this thread might give you some help with Paragon:

    https://www.wilderssecurity.com/showthread.php?t=163118&highlight=create logical drive Paragon

    Not if you have protection ON. What is the total size of your HDD?

    Mike
     
  24. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Around 100GB, Thanks
     
  25. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
Thread Status:
Not open for further replies.