Returnil Lite ?

Discussion in 'General Returnil discussions' started by StevieO, Oct 6, 2009.

Thread Status:
Not open for further replies.
  1. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Well it used to be in version RVS2008.

    The latest version is many Mbytes larger. I'm presuming this mainly stems from the fact it now has AV included.

    Leaving aside, for now but not forgotten, the System Restore + Defragging problems associated with RVS2008, apart from those it was an excellent program.

    I realise that RVS became aware, as some of us have, that VM type Apps are not as infallable to certain Malware as we used to think. Notably MBR nasties.

    So i can understand RVS wanting to try and do something about it, and help protect us and their previously good name. That's why the've now included an AV. But i think a full blown Anti is not required, or actually beneficial to smooth running or being as resource light as possible. Also unless such an Anti is top notch, what's the point when there are numbers of very good solutions available. Including one that isn't up there doesn't make any sense, even though i empathise with their initial thoughts for wanting to address the MBR situation. I know we can disable the AV if we choose, and who wouldn't, but all that extra code will still be loaded.

    What i would like to suggest is, ditch the Mbyte wasting full type AV and instead just provide Anti MBR etc code/definitions built into a much smaller Anti type App. This can't be a problem for good coders, as there are several examples of Anti Apps with code under 1Mb. EG - Prevx, and the former BOClean which was around only 400K, and that included ALL the defs ! So something that would help protect the MBR etc with a relatively small number of Defs/Blocks, should able to be coded for even less that that.

    Or failing that, just do what you where mainly good at before Virtuality, and leave the full Anti's to others.

    Anybody else agree ?
     
  2. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    703
    Hi

    Couldn't agree more. When developers lose the plot they lose the plot. Why on earth include an antivirus when there are so many around?. It suggests the developers are floundering for inspiration.

    Worse it implies the technology is not up to scratch. So the end result is Bloat just like Acronis has ended up.

    Terry
     
  3. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi Terry,
    The main reason is to address the Achilles Heel that all ISR implementations face. They cannot detect or block activation of malware; especially those programs that can bypass virtualization. Regardless of what may be said by other solution providers in this space, if they are bypassed today and then provide protection with a new version or upgrade, they have used a targeted antimalware or antiexecutable technology.

    A simple, home-grown AV engine can be included without the user even knowing it is there. At least we are being honest about it and also trying to make it robust and upgradeable in place ;)

    The goal however is not to BE an antivirus provider and to take advantage of the one thing AV's are the best at - detection. Now combine detection with a painless removal technology (virtualization) and you have effective protection even if the AV doesn't detect the malware. Regardless of this however, RVS provides the fastest time to removal for both detected and undetected malware. Think about it seriously:

    1. Malware detected: It is blocked or you simply restart the computer and *poof* its gone
    2. Malware undetected: Turn your computer off at the end of the day and *poof* its gone

    No "floundering", just needed time for the concept to sink in and also for additional development to reach fruition. The current AV/behavioral data collection is simply an intermediate step to where RVS is actually going. The vision is for component parts that are targeted to a specific function that is designed to address the weaknesses of the other component parts without overlap. Further, the components are also being specifically chosen to provide full protection for the single user as well as the larger community of users as we go forward. All this while working to minimize the need for direct human interaction at the client level.

    The next steps will be optimization, automation, protection in the form of AI/machine learning, and distributed immunity...

    RVS will not be your father's ISR solution ;) :cool:

    Mike
     
  4. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
  5. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    I'm sure I don't know. :doubt:

    Is it there to protect the user?
    Is it there to protect Returnil? (Most likely...)
    Is it just a random substitute for the Anti-Exec module?

    What's the real point of this AV module?
    It's neither fish nor fowl, so it's doubtless not enough for convinced AV users and just a big annoyance for the rest.

    I wonder why it is that difficult to release a version without all traces of this AV module.
    Just that users get "their Returnil" back - a solid, light and secure virtualization program.
    Not a strange creation which cripples every system because of server-sided problems.

    Cheers
     
  6. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I installed Returnil 2008 on my Daughters computer because all her and the Grandchildren had to learn was click "Enable" when they go on line. The new RVS2010 is too much for them to comprehend. I would have to disable the AV and AS and instruct them to just click enable the new way. Her copy of RVS2008 is coming up for re-registration and thankfully I have the habit of saving the .exe file in My Downloads. I was able to re- up RVS2008 for another year. ;)
     
  7. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    703
    Hi

    Good forums are where one can have your say without fear or favour. Coldmoons reaction to my comments echos the spirit of a good forum.

    From a business point of view "differentiation" is the name of the game be it via the product or service or both. I simply restate my previous views it really does not produce product differentiation by adding an anti-virus. Yes, by adding it you acknowledge there is a problem with the technology, but the solution (A/V) is hardly an earth shattering step forward.

    When or if Returnil introduce the ability to retain software installs after reboot, that will be a real step forward, or real product differentiation. So in the context of my comments you acknowledge that there is a problem (hence adding A/V) when are you going to produce a real solution to the problem that does not take a backward step?

    Returnil has made tremendous advances over recent years as have other similar software, so to me it is astonishing that you resort to antequated and imprecise methods of protecting your own software which is in itself a form of protection software.

    Sorry I don't see the business case or the logic in what returnil is doing

    Terry
     
  8. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    True, but the same can be said for ISR and virtualization in general. Virtualization has been around since the 50's and up until we started making noise with RVS 2006, ISR was essentially a "dead" technology to the consumer outside of public access and tight corporate environments.

    The key here is not the technology itself, rather it is how it is used and the steps needed to correct the skew that resulted from industry AND community messaging that you had to have some form of AV to be protected. We are wiser now in the community, but what about the average user who has no idea that places like Wilders even exist and that there are more effective alternatives to traditional security strategy?

    There needs to be a transitional period here ;)

    Again, true. The use of an AV and anti-executable are not revolutionary. The way they are in RVS is however. It is a fact that you could use RVS 2008 along side an AV/AS/AM/AE and create a "similar" result to using RVS 2010. The difference is that with RVS, the objective is not to rely on it as core protection. In RVS it is the canary-in-the-coal-mine or alternatively, the idiot light on your car's dashboard: There is a problem here and perhaps I should restart my system to make sure I am/remain clean.

    The differentiation here is that RVS is working to produce the long term cure to the malware threat and not just alleviating the current symptoms time and again.

    Not entirely. VMWare can retain as many virtual sessions as you would like to have and not just across restarts, but also across different computers. Why hasn't it been widely adopted by the average user? There is a much older light virtualization solution that did have this capability and it was essentially discontinued long before what happened to the original FD-ISR. Why wasn't this widely adopted or imitated?

    Traditionally, the only real use for this type of feature has been for testing and testing is not something the average user does frequently. There are times when it is needed or wanted however so there will be a form of this in RVS; just don't expect it to be exactly like the implementations you might be using now...

    We have not taken any backward steps that I am aware of as the implementation in RVS is a completely new take on the way these technologies are used and integrated. The AI/Machine learning has been in development for well over a year now and if you are looking for the super-shiny whistle, this will be it when placed along side our concept of Distributed Immunity. I am hoping to get it incorporated in the 3x series rather than the 4x series as it will provide one of the core components needed to realize our goal of eliminating the threat of malware once and for all (yes, it may seem "Nirvonic" but the final vision will have the best chance of getting there over any other solution/idea I have seen or heard of up to this point...).

    I hope this provides some light on this and also on the difficulties of overcoming the public's fanatical faith in AV solutions. We have a long road to get where we want the company and software to be. I really hope you will keep watching, commenting, arguing, and keeping an open mind as we go forward :)

    Mike
     
Thread Status:
Not open for further replies.