Returnil tutorial or good wiki? Also, related advice, please.

Discussion in 'sandboxing & virtualization' started by brjoon1021, Sep 11, 2008.

Thread Status:
Not open for further replies.
  1. brjoon1021

    brjoon1021 Registered Member

    Joined:
    Aug 10, 2005
    Posts:
    143
    Hi,

    I did a clean reinstall recently of XP SP3 on my laptop and I will never go back to the sludgy performance of all of the security layers that I had before: Avast!, Windows Defender, SandboxIE, Spyware Terminator, BOClean. I like this speed that I have now (it is still naked). I run 5 or 6 different online AV scanners every Friday night and nothing has been found yet.

    But, just to be safer, I want to use Returnil or something like it with Sandboxie. The rub is that I add new browser bookmarks daily, add new documents and files with each boot (several a day) and have new files created that have to be kept permanently. I wanted to know how to use Returnil properly within these parameters or to find another app that does the same thing. If I need to make some partitions on the HD, no problem, I am a wiz at that from using Linux LiveCDs. So to sum up, I want to have the safety of this type of security application but also keep my newly created stuff. I am usually in a hurry (work environment, tight schedule) so I am prone to forget things.This worries me a little bit. I am afraid that I will lose newly created important files because I forget to save them in a special place, etc...

    Lastly, I understand that Returnil runs everything in RAM. I have 1.5 GB of RAM on a Centrino 1.7 GHz single core processor. I am wondering if that will be enough to run XP SP3.

    Your advice, please on Returnil vs. other options and where I might be able to look to get the information I need to run them properly.

    Thanks,

    B
     
  2. brjoon1021

    brjoon1021 Registered Member

    Joined:
    Aug 10, 2005
    Posts:
    143
    Hmmm... maybe I did not give enough information or asked a dumb question....
     
  3. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Returnil PAID is exactly what you need:

    1.- Returnil protects only C: partition (free or paid), so if you have a D: partition for data (which is a good idea regardless if you use Returnil or not), you can always protect C: and save newly created or modified files in D:

    2.- With Returnil paid, you can
    a) commit files with right click menu (see pic1)
    b) specify folders to save before you shut down (pic2)
    c) save the whole session (pic3)

    pic1:
    pic1.JPG

    pic2:
    pic2.JPG

    pic3:
    pic3.JPG


    EDIT:
    Returnil has 2 options, to run in memory or in disk cache.
     
  4. brjoon1021

    brjoon1021 Registered Member

    Joined:
    Aug 10, 2005
    Posts:
    143
    Thanks.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    If you wish to use the free version of Returnil, you can use a different partition other than the one with Windows on it to save your data. You can relocate the My Documents special folder to be on a partition that is not the Windows partition.
     
  6. brjoon1021

    brjoon1021 Registered Member

    Joined:
    Aug 10, 2005
    Posts:
    143
    MrBrian,

    Would it be necessary to have all kinds of scanning software to scan the files that I would put on the other partition ? In other words, it is harmless, essentially, when in the Returnil boot, but if I decide that I want that file to be permanent, it then leaves the safety zone of Returnil and could be malicious, right ? All files should be scanned before being saved to a different storage partition, I assume.



    Thx
     
  7. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Yes. If you don't trust the file, or the origin of the file, you can upload it to virustotal and get 36 scans at a time.
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    If you have Returnil protection turned off, and you run an infected file from your permanent partition(s), then you could infect your Windows system permanently. If you have Returnil protection on, and you run an infected file from your permanent partitions(s), then any infection of the Windows partition should disappear upon reboot. Whether Returnil protection is on or off though, the data on your permanent partition(s) could be modified, deleted, etc., by any malware encountered, so it's a good idea to have a backup strategy for the permanent data partition(s).

    Whether it's "necessary" to have scanning software in such a setup is your own call. I have this setup for my father's computer, and I have one real-time antivirus scanner on his system. I am the only one who turns the Returnil protection off occasionally, in order to update Windows, other programs, antivirus definitions, etc. This setup has worked well so far.

    One thing to remember about such a setup: any data that's stolen while Returnil, or any similar product, is on, cannot be undone with a reboot.
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    thats why is always good to run returnil with a good and strong firewall to protect data theft and privacy.
     
Loading...
Thread Status:
Not open for further replies.