Returnil

Discussion in 'sandboxing & virtualization' started by maddawgz, Oct 18, 2007.

Thread Status:
Not open for further replies.
  1. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,276
    Location:
    Earth
    Hi, I think this program is great, a few questions when my AV updates or spybot etc do i have to turn of protection? reboot ? alot of reboots etc, or is there a better way to let your updates through and installs you want..... cheers MD :D

    Edit
    can i remove my AV etc i wont really need it, if this deletes everything ccleaner the lot yes?
     
    Last edited: Oct 18, 2007
  2. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I get my antivirus first thing in the morning before Returnil gets turned on. I have discovered one thing. If you have a second hard drive, you can save things over there and Returnil won't delete them. Antivirus, etc of course is different, but yes, Returnil has to be off or all updates will be lost.

    I wouldn't remove the antivirus, just make sure you get your updates before engaging Returnil.
     
  3. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I turn Returnil's protection on manually after updating my anti's. I mainly use it's protection for risky ventures. If you plan on using its protection all the time, you will have to save that information to another location other than your system partition.

    Play around with it before you give up your normal protections. You still need to protect your data/information from being stolen while using Returnil.
     
  4. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I already have "My Documents" in a second drive and made a shortcut for it to the original location. I have installed updating programs to that second drive as well. I have "Windows Automatic Updates" turned off as I manually update about once a month so they wont mess with Returnil. This is what I use for full time Returnil Virtual Protection while keeping "My Documents" and "Updates" during its protection. I still turn it off and do full imaging with ATI, then turn it back on.

    dja2k
     
  5. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    I run my desktop 24/7, and simply let AV update as normal, when I reboot usually at the weekends I simply let the AV update again before applying session lock, no biggie.
     
  6. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    721
    Location:
    Cumbria, England
    I update every time i have to reboot my computer, not every time there is an update.
    Although my AV does still update whilst system protection is on, then i should effectively always be up to date.

    (Hope that makes sense)
     
  7. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    As i read thru this thread the obvious is not always close at hand !

    thanks.
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    To keep the good changes :
    You have to turn OFF any automatic updating of all softwares, including Windows. This is an one-time operation.

    Each time, when you want to update your system :
    1. Reboot first, because that cleans your system.
    2. Unfreeze your system.
    3. Do all your updatings and NOTHING else.
    4. Freeze your system
    5. Reboot, if recommended by the ISR-software.
    This procedure can be used for any ISR-software.

    For all the rest keep your system constantly FROZEN and certainly when you try new stuff, you only have to reboot to get rid of it.
     
    Last edited: Oct 19, 2007
  9. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    But now we are talking about Returnils sessionlock related to updating your AV-signatures and the different kind of strategies to follow.
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I wonder why Returnil-users are still using scanners, to find "nothing" or what ?
    Returnil removes any change during reboot, including viruses, spyware, ... anything. So what's the point of using scanners ?
    An old habit from the past perhaps o_O

    You only need security softwares that stop the execution of malware. That's all.
    Softwares like SSM, AE, DW, ...
     
  11. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Not running any Scanners here! I am mainly using Online Armor and Pro Security on a separate drive cause I want it to remember my user actions. :D

    dja2k
     
  12. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    If you really have to use an AV consider turning off auto updates and manually unpdating every few days. An alternative approach might be to remove your AV as a real time program and to load it when the returnil protection is on. You will then be able to check to be as sure as you can be that you are clean and get rid of the program when you reboot. If you build up a small collection of free AS and AV programs you can the load and run them when you have nothing better to do.
     
  13. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    I leave my system running for days, usually 5 at a time, I guess I'd like to know if anything has slipped on during that time so I run a real time AV
     
  14. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi maddawgz,
    One thing I do not see mentioned here is the use of the System Protection Scheduler in 1.70.

    The example shown in the manual is not a recommendation, but it should provide guidance as to the possible configuration that would be acceptable for your setup. An added benefit is that you would not have to manually turn the protection on and off. It will require good coordination between your other scheduled tasks however.

    For an AV, you could "split" and hour where RVS protection is off. An example of this would be:

    1) RVS protection scheduled off for 01:00 - 02:00 every day. This means that at 01:01, RVS protection will reboot to turn the protection off.

    2) Schedule your antivirus to perform an automatic update at 01:10

    3) Schedule your Antivirus to perform a preffered type of scan at 01:20. This should give you 40 minutes to perform an automatic scan/detection/removal

    4) At 02:00 RVS protection is scheduled to be on and will start again at 02:01 following the built in delay.

    You can make the schedule tighter or looser depending on your needs and the scanning speed of your AV solution.

    But the key here is that it can all be automated so you do not have to spend time doing this manually or watching your AV scan your system...

    Mike
     
  15. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Simple,If in sessionlock i let my AV scan downloads for HIDDEN nasties before i save them to a second partition for later use such as .exes,attachments,documents etc. Use AV only on demand and have disabled realtime protection ,so IMO they do have use in sessionlock . To kill the malware trying to load in memory i have Boclean,updated daily.
     
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    OK. That's one of the valid reasons, why you still need scanners.
    Just one AV to scan downloaded objects ? Why don't you use VirusTotal ?
    http://www.virustotal.com/
     
  17. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024

    Thanks, Many engines to shoot the Bull !!
     
  18. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,276
    Location:
    Earth
    Thanks all for the tips, sincei think ill just manually update all once a week no big deal since pc is on 24/7, i have windows updates off anyhow, for the peace of mind spyware virus, accidental deletes i think its a small price to pay anyhow for once a week manual, I have a 1gig USB drive where i can save anything i need to anyhow, and for instalilng any software i think this is brilliant to test it out without always messing with the reg , wish i knew about this yr ago woulda saved me headaches, best of all its free :) cheers MD
     
    Last edited: Oct 19, 2007
  19. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    You can set you updater to notify you about updates, but not download or install, thus you will be alerted and can review the updates to determine whether you wish to update immediately or leave to next reboot.

    Returnil allows the creation of a virtual partition (VP) for the purpose of storing things like downloads, or files created, such as word documents or whatever you create on a computer, the contents of the VP are not erased on reboot and assuming you do not boot straight into session lock you can simply copy the VP contents to wherever it belongs on your hdd before engaging session lock.
     
  20. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Sorry to steal the thread but i recently installed returnil and have some quesitons. I just noticed i now want the virtual partition, do i just need to run the installer again? Also can you install programs in the virtual partition and run them inside the virtual partition so you can test programs that need a restart?
     
  21. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    According to the documentation, the VP must be created during an installation process
    Generally, no. Typically, information will be placed outside the VP as well (registry, Windows directories, etc.) and this is lost on a restart. If the application is a portable/standalone program, then the answer is yes.

    Blue
     
  22. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,276
    Location:
    Earth
    But what if u get a virus on VP? , or if u do doesnt it matter because your main drive is still protected reg windows etc.. trying to understand VP?

    Qoate
    Generally, no. Typically, information will be placed outside the VP as well (registry, Windows directories, etc.) and this is lost on a restart. If the application is a portable/standalone program, then the answer is yes.

    ok so the things that get sent to reg important places windows etc still get delted on reboot? So think of VP as a storage device for things that you want to keepo_O mite be worth installing that then and changing IDM download path to save there am i on the right track,cuz i was finding it a little anoying rebooting to turn off and on to save something i wanted to keep , and then there is the chance of a power cut and could loose things i downloaded, program gets better and better, saves me buying a external now Woot! :)

    What is session lock?
     
    Last edited: Oct 20, 2007
  23. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    Well imo the VP is largely a temp storage space, a holding area if you like, so whatever you save to your VP, you should examine and trust before you allow it onto your system proper, so if it is a questionable program for example, you can install it from the VP (assuming you are in session lock) and see what it does, if the result is something you don't like you simply reboot and all is gone except for the original program download in the VP which can simply be deleted. The exception to this of course is programs requiring a reboot to install, as the reboot will erase all the installation. If it passes your test and you want to keep the program then after reboot you can install the program before going into session lock.
    Anything in the VP will still be there after reboot, until you decide to delete it, so power cuts are irrelevant, at least no more relevant than they would be saving data to your computer normally.

    For session lock think protection. Essentially for the purpose of this discussion we can say there are 2 ways to use this program (I know there are likely many ways, but just for this discussion) You can set it up to automatically protect from boot, so that you are always in protected mode,(you might do this if other people use your machine, and you don't trust them to manually activate the program) or you can set it up as on demand. The latter is the way I use it, so everytime I reboot the program is passive, ie I am not protected, at this point I can update windows, and my AV, and these changes will stick. Then I activate session lock (turn on the protection) and now I am protected until the next reboot.
     
  24. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,276
    Location:
    Earth
    ok if u start in passive ie not protected, then update av's then do session lock doesnt it say reboot when you turn on protection? then you reboot and its in protected mode? so if u want to update av again you need to reboot? isnt that sorta same anyhow, I have it starting pretty much all the time, i might just update Av's once week etc and Windows sounds easier i guess.

    Vista didnt like the Mounted drive though i got the BSOD error message after 4 or so reboots i think it detected it as hardware :( so thats out had to uninstall re-enstall just using minimal like before darn that was starting to sound good too but im still pretty happy overall with the program, example today i and friend installed some pc anywhere program to try remote what a mess, reboot all gone Phewwwwwww because i reboot like every 4days things ive downloaded I've put onto flash drive or burnt so dont need them no more..got a bad habbit of collecting Ex'es so that will help lol.... so works for me still :D Tx again MD
     
  25. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    No, there is no requirement to reboot in order to enter session lock. If you had a program update to your AV you may have to reboot, but that is neither here nor there.
    On my desktop for example, I boot into my working OS on Monday morning, if there are any windows updates I will download and install, same for any AV updates, if any reboots are necessary I will. Then I enable session lock. The next time I reboot this machine is likely the weekend, unless I have reason to think I have been infected with something.

    My laptop, slightly different, I will boot into it when I need to, again I update windows, and AV if necessary, then I mount the VP (since this machine has only one single partition) If I have to download anything, I will save it to the VP, when I reboot all changes since session lock was applied except what is saved in the VP will be gone

    I was under the impression this program supported Vista, but I use XP so not sure.
     
Thread Status:
Not open for further replies.