Shadow defender or returnil ?

Actually SD hasn't been beaten yet, if it has then I haven't seen anyone mentioning it or providing proof that this is the case. It is also my favorite for as long as it lasts...

Returnil is also a very good program. It also has an anti-execution module, so it's a solid program to use. There's no easy answer, it's whatever covers your needs really. BufferZone Pro and Deep Freeze are also preferred by some experienced users over here at Wilders; but it has been ages since I've tried them, so I can't really comment on recent versions.

 

SD has not been beaten, that's true. But the tests I've done myself and watched others do are from the era when SD was actively developed and kept up to date against the latest malware technologies. We cannot be entirely sure SD protects us well enough anymore. The malware become more and more sophisticated.

 

Putting the aspect of 'malware resistance' aside, I still find SD 'lighter' than Returnil on my systems and it hasn't caused any problems for me so far.

 

The OP is using Rollback Rx, and he want to know which is better SD or Returnil in combination with Rollback Rx.

Best regards,

 

iam the original poster and i use magicure which is a rebadged rollback clone (its open to debate exactly who rebadged what, but its fairly safe to say rollback and magicure use similar systems). i use win7 x64 and my main concern is security without too much hassle and it needs to be easy on resources and have little impact on the system. i have since tested both programs very briefly and i preffered shadow defender cos the system seemed a little more responsive. but rebooting between shadow modes is a minor hassle and i cant say for sure how long it would be before it becomes an irritation. thanks to everybody who has replied for taking the time and effort, but for now i will do more reading and testing and decide later.

 

Hi aladdin,

Yes, I am aware of what Panagiotis is saying.

If I've understood him correctly, he is saying that the Rollback Rx driver virtualizes the hard disk by means of incremental sector redirection in order to prevent locked sectors within snapshots from being re-used by Windows. That's different from the system virtualization that is performed by light virtualization programs where disk sector redirection is to a temporary buffer that is discarded later on reboot. This is why it's best not to confuse things by calling Rollback Rx a virtualization program; it is an invitation to less savvy people to make false comparisons between different types of programs. Shadow Defender and Returnil are virtualization programs and Rollback Rx is a snapshot/rollback program. The fact that they are different types of program, with different functionality, is precisely why they can be usefully deployed together if the user so wishes.

There has already been some discussion around the reorganisation of physical sectors that SSD drive controllers carry out, and how this might impact Rollback Rx. Although I don't have an SSD myself, from what I've been able to ascertain from reading, SSD garbage collection and optimisation routines reorganise the physical sectors, where the logical sector to physical sector mapping is handled by the SSD drive controller in a way that is transparent to Windows. If true, this is another example of disk virtualization but it too isn't the same thing as system virtualization. If I've understood correctly what you guys have been saying, Rollback Rx uses an upper filter to create a disk virtualization layer that sits between Windows and the drive controller.

I did previously say that, without knowing exactly how Rollback Rx worked, I thought it entirely possible that the Rollback Rx driver was virtualizing the disk in some way; but I also said that it shouldn't be classified as a virtualization program on that basis alone unless the purpose of the redirection is to isolate and contain system change within a temporary container: -

https://www.wilderssecurity.com/showpost.php?p=2078710&postcount=21

As somebody who has never used Rollback Rx, I may have misunderstood how Rollback Rx works, in which case perhaps one of you will kindly correct any errors I've made. What I am gradually gaining from participation in these threads is a better understanding of how Rollback Rx works, and for this I am grateful to all the knowledgeable people who are taking the time and trouble to post.

Kind regards

 

What if you add Wondershare Time Freeze 2.0 into this equation? Then what's the app of choice?

 

Sorry but I have to ask...is there in some app or maybe some developer give us such guarantee? I like Returnil and WTF but nowadays I don't see more secure LV app than SD.

 

Wondershare Time Freeze (WTF) is also not being actively developed, it stands at v2.0.3 for more than two years now. It also lacks certain useful features that SD has.

I really wanted to use WTF because so far it is the only light virtualization app that can use RAM for the virtual system - and using RAM for the virtual system would save my SSD a lot of hits - but I have to say that this feature is very poorly implemented.

I tried it last year and when I set the program to use system RAM and turned the protection on it took a full 10 minutes for the protection to actually kick in! This is absolutely ridiculous and shows how poorly written WTF is. I love the idea of using RAM for the virtual system but the WTF implementation leaves a lot to be desired.

Also, its interface has a bug on Win7 systems with custom font size settings: You can't see the lower part of its window (and you can't resize it either) so it's impossible to access most menus or controls, including the slider at the bottom that activates protection. Right-clicking the app and setting compatibility parameters doesn't solve it and there was no mention online of this issue anywhere. Setting the system font size at default (100%) solves it, but then the fonts look tiny and hard to read, a problem for people with poor eyesight especially on smaller displays. When a user chooses a larger font (125%) this problem occurs. I played around with the font settings and found that in order to see the whole window the user must go to Control Panel\All Control Panel Items\Display\Set custom text size (DPI), untick the "Use Windows XP style scaling" box (which is enabled by default) and log-off. The problem with this workaround is that the display looks fuzzy and crap overall. So WTF is a definite NO, at least for me.

I contacted them last year and mentioned these issues. A lady answered and it was obvious that she didn't understand what I was talking about (probably a member of their sales team). She said that she would pass my observations to the tech team and they would e-mail me back. Still waiting on that one...

It's dead obvious that Wondershare don't have staff with the coding talent necessary to develop the program further. They keep selling the same version for more than two two years now without implementing any fixes or improvements. I hate to say these things about a developer, but it is the truth and it has to be said.

If I couldn't use SD anymore then I probably wouldn't use Returnil anyway. The full version is not free, and it contains those extra modules (antimalware/antiexecution) which I don't need since I use more well-featured solutions for such functions. I would rather switch to Toolwiz Time Freeze, a new, free, and actively developed application. Its creators listen to users' suggestions and this is very important. A few months ago I contacted them and suggested the use of a RAM buffer for the virtual system and they thought it was a good idea. They are now developing this option which should appear in a future version.

 

This is not true as Returnil was the first to implement memory (RAM + disk) cloning which is still a major component of the overall dynamic caching system in the current versions. Also note that RVS was the fist to introduce creation of a virtual system where the cache itself could use all available, unused disk space as opposed to the competition that requires defragmented and contiguous disk space to create their caches which make them less efficient and harder on SSDs due to the overuse of specific sectors of the disk.

Though RVS/RSS may overwrite the same areas of the disk at times if there is little change to the system or other virtualized disks, this is fluid and may or may not start in the same sectors at each restart. Also note that with our dynamic caching technique, ALL caching starts in RAM and then moves out to the disk as required when space is used up in RAM.

Mike

 

Would you trust a traditional AV with 1 year+ old signatures? That's how far I'd trust SD with 1½ year old technology against malware that evolves every day. That's why I'd go for Returnil even though I'd prefer SD if it was updated.

 

Dear Shadek,

You opinion is always valued and you are one of those that I have learned a great deal from.

If SD is not updated for 1½ year, Returnil itself has not been updated for a year now. What makes you rely more on Returnil than SD, the ½ year difference or the AV component in Returnil.

With respect and regards,

 

Dearest Mike,

It is a joy to have you on this forum and then to participate in this thread.

I have four computers, all with Sods.

1. Is Returnil fully implemented to work with SSDs?

2. Would you advise someone to use Rollback Rx in combination with Returnil/SD/WTF?

Best regards,

 

I think the key word here is actively developed. Any loopholes malware find in software can be fixed as the developers behind Returnil are still active. That is not the case with SD, sadly.

If there's indeed a hole in security in any of the two software, there's a bigger chance Returnil's developers will fix it compared to SDs'. I don't say I don't trust SD, but if I had to choose between the two, I'd go for Returnil.

Also, and beware of my tinfoil hat, the developer behind SD vanished into the blue without a word. We don't know exactly for how long SD was in the hands of a rouge software company.

Regards,

 

The major sticking point with SSDs has always been the fact that the cache for the System Partition has always had to be created and maintained on the System Partition due to the limitations of Windows where disk level virtualization is concerned. For virtualized, non-system disks and partitions this limitation does not exist so the caches for these volumes can be moved to a sacrificial platter drive.

As you may or may not know, we have been working on a multi-snapshotting technology in our RMSU project (Returnil Multi-snapshot Utility beta) with the goal to eventually move it into the RSS line. We have also been working to make this technique an important part of the virtualization component.

I am happy to report that this has been achieved and is a major option in the new RSS 2012 series currently in beta testing. Like with our original project starting with the early RVS versions in 2005-2008, this process can take a while to get right so we apologize to all for the slow progress here - this IS a form of rocket science in some ways...

WTF is application based, but is also a redundant solution if used in connection with any other virtualization approach so you would need to play with it in a VM (VMWare, V-Box, etx) to test for compatibility or even appropriateness.

Keep in mind that "pilling on" is not always the most effective straegy so you need to choose the component parts of your overall, layered strategy with some forethought on just what you are trying to achieve and then monitor that strategy for future adjustments and line-up changes based on your real risk.

As for RB-RX, some have reported issues in the past, but this is not universal or consistent so you should approach this in as simple a way as possible. Ex: test just RVS/RSS with RB-RX and then SLOWLY add other portions of your strategy in a deliberate way to account for testing and monitoring the changes as I mention above.

Mike

 

you may also be interested in this brief thread

 

A very interesting and educational discussion, thanks for this.


I want to ask a brief question that may change the parameters of the choices (Returnil or SD) from the OP. I recently noticed that in the latest version of Chrome tabs are, in effect, each their own sandbox. This is a very nice idea I think. Would you say that using Chrome would negate, or reduce the need for either SD or Returnil (or Sandboxie for that matter)?

 

Thank you for clarifying this Mike. I knew that Returnil features this buffer. I just want to be able to have full control over the amount of RAM that the program can use, and so far only Wondershare gives this option (but it sucks anyway).

When you say that the RAM buffer is assigned dynamically, what percentage of RAM is reserved for the real system?

Personally I would prefer an option where a user can decide on how much RAM he/she wants allocated for the cache. The user should also be able to decide in advance which disk to be used for the buffer once the assigned RAM buffer is full.

Consider this scenario: A user has 16GB of RAM. He/she can assign 8 of this for Returnil's buffer, then specify a secondary disk as the target for the buffer when the RAM buffer fills up. This would offer much more control, plus it would save the system SSD from a lot of hits, not to mention of the benefits of working between disks rather than reading/writing on the same disk. You mentioned that the major difficulty with SSDs is the fact that the cache needs to be created and maintained on the System Partition because of Windows limitations where disk level virtualization is concerned. Would you care to elaborate on these limitations?

Is there any chance of a workaround in order to implement such options on SSDs in the future? Or at least to implement such options when the program detects a hard disk as system disk, then have these options greyed out when an SSD is detected. If Returnil could give me such detailed control over its operation, then I'd be using RVS in a heartbeat!

 

Hi Mike,

A couple of questions if you don't mind: -

1. Does RMSU enable software that requires a reboot to install to be tested within the Returnil virtual environment?

2. As RMSU is an extension to the virtualization technology, are there plans to include it in the RVS series for people like me who already have an AV and don't want to have to install another one, even if Virus Guard can be turned off?

Thanks in advance.

Kind regards

 

Good questions. Also, I wouldn't mind if the RVS installer would give us the option to select which RVS components to install. This would be ideal for people who prefer to use different solutions for antiexecution and antivirus, and would only need the virtualization component of RVS. I don't think that such an installer option would be that hard to implement.

 

I was still communicating with Tony up to version 1.1.0.326

Patrick (ex Shadow Defender mod)

 

Is it just me or has this thread been hijacked?

 

My Returnil 2008 Free Addition, which I have used for years and was very happy with, recently expired. I didn't use it that often but it surprised me because I believed it to be Free, no strings attached. I deleted Returnil 2008 (Revo) and downloaded Returnil 2011 Free Addition. But for whatever the reason, after the download and installation, when I start my computer it attempts to reconfigure my FrontPage. I deleted Returnil and my computer hasn't done this again since.

I downloaded Shadow Defender then checked the download with VirusTotal it detected 4 malware. Does anyone know of a link that I can download Shadow Defender and not worry about the software being compromised? I know that VirusTotal could have alerted me to false positives, but 4 different malware had me very concerned.

As always I will appreciate all replies and would thank you in advance.

John

 

Sorry to hear that you attempted to uninstall Returnil 2008. I, too, have used it for years. It's very simple, straight-forward, solid and stable, lightweight and it just plain works. However, even though it was free, it did expire annually. But, there were a couple of ways to reactivate it for another year at a time. So, you may still have the installer and could try installing it again.

I'm a little concerned, though, about what might have happened with your attempted uninstall with Revo. Possibly, that's why you had trouble trying to install Returnil 2011 Free. I learned the (very) hard way that when it comes to security and/or partition related software, it's definitely not a good idea to use Revo. You must only use the application's own built-in uninstaller -- that's it -- nothing else.

Anyway, hope you get everything fixed.

 

These are the files I have uploaded recently John. I got these myself from the SD site when Tony was still around.

http://www.mediafire.com/?k803c8qk739fy2o