Returnil

Discussion in 'Returnil releases' started by John Bull, May 10, 2011.

Thread Status:
Not open for further replies.
  1. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    This is not really a thread as the subject has been discussed several times on the Forum. I just need somebody to answer my query, then it is all over.

    I have had SBxie fail suddenly for no reason I can tell after a long period of trouble free use, primary suspect = MS/Windows updates.

    I have put the problem on the SBxie Forum, but no answer yet and by the look of all the other hundreds of users threads who have had this kind of problem over the years, I will not get one.

    I have now unistalled every item of SBxie from my PC using Revo, following over a dozen tries with various versions with no progress and am utterly fed up with the entire matter.

    My decision now is to use Returnil and I would appreciate your comments on the following.

    As I use AVG 2011 and Zone Alarm, both of which I give 10/10 for performance and efficiency, then in order to use Returnil do I have to uninstall both of these programs ?

    If so - then goodbye Returnil, I will keep the Status Quo and duck.
    If not, then can I still keep these two programs running as normal ?

    Sorry to create a "thread" on this, but I did not know how else to ask the question.

    Thank you so much
    John
     
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi JB,
    Yes, you can use RSS with AVG and and ZA. To avoid any blocking of the RSS install:

    1. Temporarily deactivate the real time monitors in AVG (there is more than one, so to be sure, turn them all off until the install of RSS is completed: ref, restart)
    2. Do the same for the aggressive components in ZA
    3. After RSS is completely installed, reactivate the features you turned off in AVG and ZA

    You should be fine at this point, but if you run into an issue where a block in AVG and/or ZA caused the RSS install to fail; uninstall AVG and ZA then install RSS with complete restart. Once RSS is completely installed, simply reinstall AVG and ZA and all should be good.

    Mike
     
  3. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    WOW ! What an excellent reply and so precise, Mike.

    I can turn ZA off by the "Exit", but AVG I will have to disable every function. Windows will screech about having no AV, but I can put up with it for a few minutes or so.

    Having read up many Returnil pages on the web, I am impressed. It certainly reads good and I have bookmarked a few items for reference. They are long screeds dealing with all aspects of Returnil including FAQ`s.

    They seem extremely complicated, I do hope Returnil gives me an easy ride. I am only a mere kite flyer and do not wish to pilot a B-2.

    It looks as if Returnil is always enabled, even when FF is closed and various buttons have to be pressed in operation. It only shuts down on PC shut down.

    One point I noticed is that some elements of Returnil must be "closed" before Defragmenting (which I do all the time with Auslogics), otherwise it says hard-drive damage may occur. Just have to remember eh ? I did see that you can press some buttons to shut down the essentials before Defragging.

    I must confess Mike that whilst I am very impressed with the write-ups, I have a huge apprehension that I am about to step into a minefield backwards.

    Anyway "Who Dares Wins" and I`ll give it a swing.

    My grateful thanks
    John
     
  4. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    There are two modes for the Virtual Mode feature:

    1. Always on (the virtualization starts with Windows boot)
    2. "Session Lock" mode: This simply means the Virtual Mode is active during the current boot session (read: from when you activate VM to when you turn the computer off). It will be released with a restart of the computer rather than always being on as in #1

    Further, the Virtual Mode is in effect until you restart the computer for all users of the computer. IOWs, simply logging out of your account will not release the virtualization. This is for two reasons:

    1. Security: ensures that malicious and potentially unwanted content is dropped and that the protection cannot be circumvented by simply changing users.

    2. The nature of the beast: RSS/RVS virtualization is at the disk, rather than application level. This means our technology only cares about attempted writes to the disk rather than what happens within Windows itself. This has the effect of better control over changes to the System and performance as there is little need for a resource hogging file system monitoring component, but has little sensitivity regarding minute changes within your browser for example.

    This gap is covered by the antimalware (Virus Guard) and Anti-Execute (Virtual Mode > Settings > Additional Protection Options) where malicious and/or potentially unwanted content can either be detected and removed from the virtual system with a simple restart of the computer or blocked entirely by the A-E component to protect the real system from being effected by said content.

    This is further backed up through the System Restore component where you can take your system back in time as a last resort with the ability to recover selective files from the machine state just prior to the application of the restore point selected.

    RSS and RVS will automatically block an attempt to defragment when the Virtual Mode component is active for the very reason you cite: POTENTIAL file damage.

    This is also true for backups and imaging as the created image, when applied, could result in file damage due to lost changes which is the primary purpose of the Virtual Mode: to drop all changes at restart of the computer.

    When you deactivate the Virtual Mode, you can perform disk defragmentation and backups/imaging without issue. As the VM enforces the defragmented state of the disks, you should only need to perform a defragmentation rarely if you are running in "Always on" mode.

    Mike
     
  5. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Mike,
    I assume that Returnil will deposit an icon on my desktop so I can use it when I wish. Firefox has also an icon on my desktop and I want to action it without Returnil being involved. So I have an option of Returnil or non-Returnil.

    Can I do this ? I could with SBxie.

    John
     
  6. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    The core service is going to be active regardless of whether the Virtual Mode is on or not. This is in part to allow Session Lock mode - IOWs, RSS/RVS are always prepared to enter Virtual Mode when required. This "ready state" is essential for being able to enter the VM without a restart.

    RSS/RVS are not mobile applications like your average browser and not an application level solution where the focus is on the application being sandboxed right now. They can however be used in a demand approach, just that when you turn on the Virtual Mode, you cannot simply turn it off without a restart of the computer.

    Mike
     
  7. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Coldmoon/Mike has been so incredibly kind advising me on using Returnil both in the thread and by PM. His enthusiasm to answer our questions is astonishing and this goes for many other threads concerning Returnil on this Forum, most of which I have read.

    Another simple question that I hope he will answer is :-

    Can I install Returnil and still have Sandboxie, so I have two magnificent programs to select from as I wish ?

    I have come across one guy who has both, but would just like confirmation that they would not conflict in any way.

    John

    PS - I have placed this question here so that the answer may help other potential users.
     
  8. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi John,
    The question has been answered many times here in the Returnil forums and in other SBIE related topics in other forums here at Wilders. All versions of RVS/RSS are compatible with SBIE and there is no potential for conflict as each target a different area. SBIE is at the application level so it operates within the file system of Windows whereas RVS/RSS Virtual Mode works at the disk I/O level (IOWs, from outside the OS).

    In most situations this might be considered overkill, but where micromanaging the sandboxed application is a priority, the combination gives you that while also ensuring that nothing outside the sandbox (whether intentional or not) does not effect your real system.

    Mike
     
  9. Nekromantik

    Nekromantik Registered Member

    Joined:
    Dec 8, 2010
    Posts:
    107
    sorry to hijack this this thread but just wanted to know, does RSS slow boot times if its going to be launching a VM environment at boot?
     
  10. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I don't know but I felt my system sometimes launches faster during Virtual Session at boot.
     
  11. Nekromantik

    Nekromantik Registered Member

    Joined:
    Dec 8, 2010
    Posts:
    107
    ok thanks
    Im currently running KIS and Sandboxie at the moment.
    Would RSS Pro be overkill for my system?
    Should I just settle for RVS instead?
     
  12. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    depending on your needs.
    most people would tell SBIE + Returnil would be overkill.

    but those 2 can run alongside just fine. :thumb:
     
  13. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    It's not necessary if you use Sandboxie correctly. Also, KIS has a Safe Run, which uses sandbox technology.
     
  14. Nekromantik

    Nekromantik Registered Member

    Joined:
    Dec 8, 2010
    Posts:
    107
    thanks :)

    I not heard much about KIS safe run so thats why I stick to SBIE.
    I think I will give RSS a miss for now.
     
  15. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Welcome to the forums :)

    Before you decide this arbitrarily, why not actually test the different scenarios to determine the impact for yourself? KIS can be extremely resource intensive; especially on commodity and/or marginal systems, represents an additional application within your line-up, whereas with RSS you have ONE application + SBIE.

    In the case of KIS + SBIE you would be running two application level sandboxes together which is redundant at best as they are concerned with the same things. RSS virtualization is at the disk level so you have virtualization + default-deny Anti-execute + Antimalware + system Restore (with ability to recover files from the previous machine state following a restore) all in one, simple to use and configure program.

    Why would you need to strap a boat anchor around your computer's neck? Try RSS Pro 2011 for a while and see how it can reduce both complexity in your approach (which can have unintended consequences) and the sources of poor performance when you attempt to secure through "pilling on".

    Mike
     
  16. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    795
    Does Returnil have any kind of visual indication that the system is running in virtual mode?

    I'd hate to be in a situation where I forgot that I had switched to virtual mode and started to do a lot of work that needed saving. A visual indication on the desktop would be a helpful reminder that anything you do will be lost.

    Al
     
    Last edited: Jul 5, 2011
  17. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi Adric,
    Yes, you can adjust the option (preferences > Administration tab > Notify...section) to alert on which feature is not activated as far as the tray and toolbar shield is concerned.

    Either RED when the Virus Guard is deactivated or when the Virtual Mode is deactivated.

    Mike
     
  18. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    795
    Yes, I missed that. I somehow skipped reading the caption and thought it had to do with turning it off and on. :argh:

    Al
     
  19. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    795
    I've decided, I don't like that option because it is misleading. I get System Not Protected which is not quite true because the guard is enabled. To me, just because Virtual Mode is not enabled doesn't mean the system is not protected.

    I would prefer a desktop option to see that I'm in virtual mode. Something like the desktop bar except that it would show Virtual Mode On instead of RETURNIL.

    Al (my 2 cents)
     
  20. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    The option is designed to warn the user as to which feature is inactive according to their preferences and which one they feel is a security issue should that feature be deactivated. For a quick check as to whether the Virtual Mode is active or not outside these options, simply hover your mouse over the tray icon or toolbar and you will see a small note detailing the status of both features at a glance.

    Mike
     
  21. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    795
    OK, I understand that about the current options. The problem I see with the balloon pop-up is that you don''t always think about going there to check. For me, I need something in my face as a constant reminder; especially if you only occasionally run virtual.

    Anyway, thanks for listening and possibly taking into consideration of adding an 'in your face' option like a toolbar or something similar for virtual mode.

    Al
     
Thread Status:
Not open for further replies.