I wanted to start this thread not to say that product X is better than product Y and therefor I'll use Z but rather to find out how they are different, in terms of how they operate. Virtualization products seem to be the3 new fad, which is fine with me because I think that malware scanners are not able to handle modern fast-evolving threats, since they rely or signatures and heuristics. I have been a Shadow Defender for a while, and I like it very much. But Tony's absence got me thinking of other similar applications. That is where Returnil comes in. I understand that their purpose is the same; to allow the user to operate inside a virtual environment. But, I find it interesting how the approach both uses differs. Shadow Defender does not use a system service. They do use a driver. Shadow Defender seems to write to no cache file. Does not using a system service make the application easier to terminate? If so, that is a pretty significant vulnerability. It also does not write system changes to a temporary cache file, so how are the system changes stored? Shadow Defender has one process in memory that uses under 10 meg. Returnil Virtual System 2011 is the exact oposite of Shadow Defender. RVS uses a system service to run it's application. It uses two drivers It does use a predetermined cahe file to store changes made to the system while in virtual mode. Both products have similar features. But is one product "better" than the other because of the way it employs its methods, or is it just a difference in implementation that means very little?