Returnil vs Powershadow

Discussion in 'sandboxing & virtualization' started by WilliamP, May 25, 2007.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Here is my question. PowerShadow loads the shadow on the hard drive. At least that is what I understand. Now Returnil loads the shadow on RAM.
    Which is more secure? Of course Returnil says it is better for the HD. But what do you feel?
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,053
    The hard drive issue has been beaten to death in the Software ands Services forum. This discussion should be confined to the security aspect and not another rehash of hard drive issues.

    Pete
     
  3. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    I would think that the program in memory would be better for security, BUT, depending on how much physical memory you have, the program/processes would possible still use the pagefile that is still on the physical disk.

    (Side note, I have about 1.5GB of physical memory, but I am going to disable my pagefile to help make smaller images.)

    That is just my guess,
    Mike
     
  4. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Well i'd say that writing to ram is possibly a bit more secure imo. If anything goes wrong and the system resets then all data in ram is gone. Where as data written to the hd could possibly remain after a reset. Thats my 2c anyway.
     
  5. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Pete ,I started this post ,not because of disk concerns but there seems to be a concern about what are the intentions of PS with the hidden things. I don't really put any stock in either concern. I just felt that this program is a possible alternative to PS. Not being that computer savvy I wondered about things being in RAM being less apt to infect. I thought I would ask the experts.
     
  6. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Side note, I have about 1.5GB of physical memory, but I am going to disable my pagefile to help make smaller images.)


    its common consensus in IT circles to not do disabling pagefile,app seeking for storage but can't find the pagefile to dump excessive data put it in RAM,so if you have many serious app. running than your RAM burns away.its not my finding but i see the logic in here,maybe its just theory and in real world it works out different maybe !?!
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,053
    Thats fine.
     
  8. mitchelson

    mitchelson Registered Member

    Joined:
    Mar 9, 2007
    Posts:
    69
    Powershadow maily loads shadow on HD, but also in RAM , especially when there's no more space on HD to use. (Someone has done experiments to verify this theory.)

    Sure, the way in which Returnil works seems much "better" than PS ---- no data written to RAM can be restored after a reset/shut-down. But, in this case, u must have enough space of RAM for system to utilize, or, data will be written to "pagefile" on HD -----"damages" to HD still seems unavoidable. ;)

    I suppose that "Returnil" might have some negative affect on system stability&efficiency especially when capacity of physical memory is not big.
     
  9. EASTER.2010

    EASTER.2010 Guest

    From what i gather so far as concerns advantages with Returnil as compared with Power Shadow Master is that with Returnil you can easily switch in and out of Virtulization/Protection Mode at will, whereas with PS you can easily ENTER shadow-mode without reboot but not on EXIT and certainly cannot switch OFF it's vitualization and enter it again like Returnil.

    Coldmoon is the resident specialist on this new program and can verify or discount any differences as well as features.

    Returnil Topic Here
     
  10. mitchelson

    mitchelson Registered Member

    Joined:
    Mar 9, 2007
    Posts:
    69
    From my own experience, Returnil may write MBR or something else.
    After installed a special authorized version(without time limitation)and rebooted, my system suffered a serious error with "blue screen".
    I cannot even load my windows! Tried many ways but couldn't fix the problem.
    At last, I used " diskgen" to restore the HD partition table and rewrite MBR, then uninstalled the stuff . Everything turns back normal.
    I still can't figure out the exact reason.
     
  11. EASTER.2010

    EASTER.2010 Guest

  12. mitchelson

    mitchelson Registered Member

    Joined:
    Mar 9, 2007
    Posts:
    69
  13. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hello mitchelson,
    What OS are you using for your test? IF you are using W2K or 2K server you will have issues with 1.62.XXXX which is compatible with 2003 Server/ XP /Vista 32-bit.

    The 1.61 series is compatible with W2K server/ 2003 Server/ W2K/ XP

    To include Vista the driver had to be extensively redesigned. This redesign had implications for W2K that could not be solved without adding an unacceptible amount of instability.

    This however lead to miscommunication between the development team and myself as to what is supported and what is not. Specifically, because we still had downloads for the 1.61 series available from our website (change to 1.62 happened mid-stream during the testing).

    I will have the information updated so it is clearer about this while we weed out downloads that still have 1.61 available.

    Mike
     
  14. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Helo Easter,
    A clarification is needed here so that readers will not become confused. The System Protection (Session Lock) feature still requires a reboot to Turn protection OFF which is similar to what PS must do to turn their clone technology off.

    The difference is that the Virtual Partition feature will work regardless of the System Protection Mode. So you can mount, dismount, read, write, add, or remove files/data with the VP without worring about whether you have protection ON or Off. So the VP acts like any other alternate partition on your computer with the following restrictions:

    1) You must have RVS installed to mount, dismount, or access the VP
    2) Limited users cannot access the root of the VP (restricted to Admins) but they can add folders where they can then save data with the VP

    HTH
    ---
    Mike
     
  15. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    Originally posted by Easter.2010:

    C
    When Powershadow first hit Wilder's, one of the complaints (observations) was that the devs were unknown and everyone was left to guess about how PS actually worked. With Returnil, we have a PS like program that has a real live person fielding every question members may have about their product. That is another difference between the two.

    edit: just picture the "C" next to the "o" in the quote.
     
  16. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    RVS now includes protection for the MBR (sectors 0 - 62) as an integrated component of the System Protection (Session Lock) feature. So if you are using an application that needs to make changes to the MBR such as Partition Magic for example, you will need to turn protection OFF for those changes to take place.

    As changes to the MBR are rarely ever made on an average computer setup, this should not be an issue for the normal user. Just remember to turn the protection OFF (open RVS -> System protection -> Change Protection Mode).

    If protection is ON, select Turn System Protection OFF, reboot, and then use the application that will make changes to the MBR when you log back into your admin account.

    Once satisfied with the changes, you can turn the protection back ON to protect your new configuration.

    ____
    Mike
     
  17. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    To all reading this,
    I apologize for the multiple posts as I should have used a single reply to catch up on the questions. I missed this earlier and it needs to be addressed.

    First RVS uses a very small amount of RAM at any given time. Therefore, I fail to see where there is any connection between RVS and potential instability in the system. What you are describing is someone trying to stress test his or her machine. This has nothing to do with RVS and everything to do with physical limitations of the system you are using.

    Nevertheless, as I have said in the past many times, do not take my word for it or anyone else’s word: test it for yourself.

    ____
    Mike
     
  18. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    A very good point. Whenever their is frequent interaction between the consumer and the software developer, only good things can happen. :)
     
  19. mitchelson

    mitchelson Registered Member

    Joined:
    Mar 9, 2007
    Posts:
    69

    Thank you for your detailed reply.

    Returnil creats a virtual partition ? Maybe this has someting to do with my system error. After installed returnil, all partitions except C turns unaccessible, with alerts that the partitions are not even formatted! ----Of cause, this is because the partition-table is damaged.

    I tested it on windows xp, and I also installed powershadow/ Tiny desktop firewall Pro/ Safesystem 2006/ ProSecurity 1.3 free. Hardware: AMD 4000+ , 1G RAM.
    Maybe there are some conflicts among these softwares? I will try sometime later in another system.

    Anyhow, thanks a lot. :)
     
  20. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    This is not due to anything RVS is doing. RVS System Protection does not allow the MBR to be changed and does not clone it as there is no compelling reason to clone something that is rarely if ever changed on a normal system (except for recovery imaging). Where I would start looking for an issue is with whatever is attempting to access and change your MBR.

    I would strongly suggest that you do a thorough full system scan with a fully updated AV at the very least. The most inmportant thing to remember is that RVS will not provide you with protection if you are already infected.

    Another important thing you have to remember is that layering needs to be well thought out and planned before you try to throw them all together at the same time. You should start with a simple configuration and then SLOWLY add one layer at a time. You then need to closely observe the results of each change before you add the next layer.

    ____
    Mike
     
  21. mitchelson

    mitchelson Registered Member

    Joined:
    Mar 9, 2007
    Posts:
    69
    Luckly, no virus was found。 System is quite clean。Restore the partition table/MBR, everything works fine.
    suspecting that installation file is not officially released or modified by someone, I will redownload and try again.
     
Loading...
Thread Status:
Not open for further replies.