Returnil

Discussion in 'sandboxing & virtualization' started by biatche, May 14, 2007.

Thread Status:
Not open for further replies.
  1. biatche

    biatche Registered Member

    Joined:
    Apr 16, 2007
    Posts:
    12
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Give it a quick whirl on a VMware machine. Built a zip file, and rebooted and it worked as advertised. Then threw the Killdisk trojan at it, as both Power Shadow and Sandboxie survived this nasty. Killdisk trashed the disk. End of test.

    Pete
     
  5. biatche

    biatche Registered Member

    Joined:
    Apr 16, 2007
    Posts:
    12
    Peter you seem very experienced with testing. OK, so would you use this over those fd-isr df and such?
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    No. FDISR is to tried and true, although admittedly DiskKill gets it also. Also FDISR is a part of my backup strategy. I can't use PowerShadow(raid 0), but I do like Sandboxie, as it gives me extra protection, and doesn't require any reboots.

    Pete
     
  7. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hello Pete,
    Thanks for taking a look at RVS and your feedback. I have made the lead developer aware of your report and have added this to the development feature "needed" list.

    We do not suggest that you should rely on one solution for your system security, but use an inteligent layered approach that includes process control.

    We look forward to all of your comments and suggestions :thumb:
     
  8. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Looked at Returnil Virtual System in 2006 when it was ver 1 I believe. Download is only 1.5MB now so I can see it has gone through a bit of transformation from then.
     
  9. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    Interesting,

    I installed Returnil in a virtual system and deleted some important files:

    00_returnil.jpg

    01_returnil.jpg

    The virtual system reboots without a problem.
     
  10. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi Meriadoc,
    The program has been completely redesigned since then. We have been updating the change history in several forums that have gratiously allowed us to do so.

    The original announcement thread and subsequent 1.62 Beta release history can be see here: Major Geeks Forum
     
  11. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Thanks, yes having a look now.
    _________

    Note in the hint (1st pic) Protection Mode will be off after a restart. Protection also takes a restart (last pic.)
    You can save data in a Virtual Partition (created at install 2nd pic, Virtual partition 'RETURNIL' ( Z: ) 3rd pic) while protected which can be copied and moved.
     

    Attached Files:

    Last edited: May 17, 2007
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    It's logical that your system partition is fully protected this way, but you can't do any writing/editing anymore on your harddisk, because each update will disappear after reboot.
    My recommendation is that you better separate your system files from your data files, when you use this software or it will be veryyy inconvenient. No updatings of any documents, no downloadings, nothing to store when you are surfing on the internet.

    And that makes your system partition again very vulnerable. So you better keep your security softwares, when you use this software.

    You can do the same with FDISR (frozen snapshot). I don't use RAM of course, I use an archived snapshot (= freeze storage).
    It will work probably faster than FDISR, but it has to beat 100 seconds. That's the time FDISR needs to restore my system partition during reboot from desktop to desktop, restoration included.
    Retunil is just a different method to accomplish, what I do with FDISR with the very same advantages and disadvantages.
    FDISR is still more powerful than Returnil in functionality and possibilities, that's why it is cheaper. :)

    PS: Can you exclude objects from being frozen in Returnil ?
     
    Last edited: May 17, 2007
  13. EASTER.2010

    EASTER.2010 Guest

    From the product's homepage:



    Isn't this install just a bit too hungry? Plus TYPO!!! Dirk?

    Users can cover themselves virtually with Power Shadow for "FREE"! and is stable on most systems plus compatible with most security apps.

    Comparison with FD-ISR? Not close by a hundred miles or more. Totally different concept.
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    PowerShadow offers indeed the same. I thought PS was pay-ware, it's probably free when you use a stolen serial key. :D
     
  15. EASTER.2010

    EASTER.2010 Guest

    On the contrary Erik, the introduction key was never stolen at all but instead freely provided as in promotional offering.

    That's the one i accepted and have made most use of and none other. Just like EQSecure at some point is likely to go commercial but the first Beta is working to perfection here and i intend to make the most use of it so long as it proves to hold it's own like it's done so far.

    So in that respect Power Shadow is indeed FREE!! At least version 2.6 is and i have no idea what is come after it since because that don't matter to me. The one that protects and works completely stable & safe (first one) is all the one i need.
     
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Well, one day you have to pay for it, if you want to keep PS up-to-date.
    It's already version 2.8.2 or maybe even higher and waiting for the English version is inconvenient and not understanding Chinese is even more inconvenient. If you deny all these problems, PS will be good for you as long it lasts. :)
     
  17. EASTER.2010

    EASTER.2010 Guest

    Not a problem for me and the millions of other ENGLISH language users either. Since i remain quite content with the effectiveness and protection of PS 2.6 the only reason for me to finally upgrade to it's commercial stock will be WHEN they solve the exiting shadow-mode without reboot. Then it will be worth every penny for that purchase model which i already sense won't be that outrageous anyway and as long as it's in ENGLISH of course. Otherwise my machine doesn't translate little squares very well.
     
  18. Banshee

    Banshee Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    543



    I am not sure why you like power shadow so much.I am not saying the app is bad or anything.But.Wouldn't you be better off with sandboxie ? At least you don't have to reboot to get out of shadow mode.I hear some of you say sandboxie is "leaky" ?

    Ok, if that is the case isn't first defense (frozen snapshot) better? No ?
     
  19. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    A normal snapshot + PowerShadow = frozen snapshot. So PowerShadow is superfluous in FDISR. PS does nothing more than that, while a frozen snapshot is just one of the many features in FDISR.
    PS costs $40. Add $30 and you have alot more than PS and you need only ONE software.
     
  20. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    Hello Coldmoon,

    In the MajorGeeks forum I read that the virtual partition can be preserved and transferred to another computer.
    Does that mean that I'm able to install applications with Returnil enabled, save the new configuration and take it with me? And then leave the computer in it's original state?
     
  21. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Yes this is working great so far. I gave the test vm 200MB, and started various apps working away also. The vm seems very light, Returnil works well.
    So, will Returnil ever work without reboot?
     
  22. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi,
    Thank you to everyone participating in the discussion and especially for their commentary. Please forgive the length of this post, as there is quite a bit to cover:

    Meriadoc asked:
    The top priority for the 1.62 series was Vista (32-bit) compatibility. We are working towards compatibility for X64 systems as quickly as possible, but our first concern has been to prove and ensure the stability of the Protection and Virtual Partition engines before we begin expanding RVS's capabilities.

    The question here however is whether RVS will function without the need for a reboot. The first part of this equation was solved with the "Session Lock" feature that allows the user to Turn System Protection ON without a reboot. Think of this feature used as the space ships use their protective shields in science fiction – when threatened or suspect trouble, turn on your shields…

    The second issue here, “Turn off System Protection without reboot”, is not a trivial thing to solve due to the design of Windows itself. We are exploring several different ideas to address this, but remember there is a reason why even Microsoft itself must require a system reboot when installing some critical updates and patches…

    Wilbertnl said:
    Anything saved within the Virtual Partition remains after reboot when using the System Protection feature. If you choose to save configurations or install programs within the VP, you will need to assure that the VP is mounted on the alternate system and that this other system will require an installation of RVS to mount the VP you are moving. I would suggest here that you should experiment cautiously where installing programs in the VP is concerned. Many programs require additional changes to %s which would be lost after a reboot when using the System Protection feature.

    The main mission of the VP is to allow a convenient means for the user to save their data while using the protection feature. You should also explore saving data in alternate partitions – part of the design concept of RVS was to force awareness that you do not have to save your data in default locations, especially the System Partition…

    Reply to side discussion between EASTER.2010, ErikAlbert, and Banshee

    We welcome a debate to discuss detailed comparatives between the various products mentioned. An essential part of our approach is to design utilities and technology that focus on being targeted, simple, and effective. Just because we choose not to “pile on the features” does not mean that we are not developing or have developed solutions. We feel that it is more important to establish a proven technology and then expand on that technology while maintaining rock-solid stability for our users.

    This is the reason we have extended our beta testing for a longer period than was first announced to address issues as minor as text fonts, graphics, and language support for example. Your opinions, whether they are positive or negative, will help us to develop the products YOU need and want, rather than what the developers or the marketing people THINK you want…

    Additionally, I personally have nothing but respect for the technologies and solutions developed in PS, FD-ISR, DF, SU, MS-Shared access, VMWare, etc. If we are going to win the battle against malicious content, we, as an industry, have to be able to provide a wide selection of alternatives for our users. Saying your favorite product is better than my favorite product provides 0.00% value to the reader who may be trying to understand the concept or trying to decide which solution is best for THEM.

    I will not get into a discussion of the freeware/pay-ware/shareware issue because it only serves to incite emotional response. The user must make those choices – it is the responsibility of the industry to provide those choices and in doing so, validate their own business model.
     
  23. EASTER.2010

    EASTER.2010 Guest

    I already have received that easily with the combo of Power Shadow + FD-ISR as ErikAlbert so smuggly alluded to. He's of the belief that fd FREEZE snapshot accomplishes the same which it does but also at a cost of drive/partition real-estate in GigaBytes! which he won't mention, and also not at the 40$ price stated unless users missed out on the initial freeware promotion, but even then that is reasonable enough market value for some.

    I also have to say for the record that i do applaud the efforts of introducing any new program developments such as Returnil, and can only wish all the best in those efforts to climb into this current fray of Virtualization Apps, but i also must admit that the preceeding response also bears a very familiar tinge in resemblance to many similar ones before which originated from Lavasoft. I take it there is no connection whatsoever.
     
  24. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    It sounds like Returnil is focusing on security?

    Well, today I have myself comfortably wrapped in a few virtual layers.
    Returnil is protecting my Windows XP system partition, that resides on an immutable Virtual Disk Image of VirtualBox, which is hosted on Xandros 4. :D
    Cool, hm?

    snapshot1.jpg

    But actually, I'm interested in how I would use Returnil for evaluating and beta testing software.
     
    Last edited: May 18, 2007
  25. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Here are the many gigabytes, I need for my immediate recovery solution. :D
    That's not a secret, but nobody asks because nobody is interested in my setup.

    My actual solution requires 3.04gb = Frozen Snapshot + 3.00gb = Freeze Storage = 6.04gb total and that keeps my on-line snapshot clean, trouble-free and malware-free during each reboot.
    6.04gb is nothing, one long movie takes more than 6.04gb.
    And of course these numbers will increase when I need more softwares to do my job and hobby, isn't that logical.

    Why are numbers so important. Everybody is talking about volume, memory usage, cpu usage, ... What have numbers to do with security and recovery ? NOTHING.
    If you have problem with numbers buy another computer. :)
     
Thread Status:
Not open for further replies.