So I tried Returnil 2010

The logical extension to this is the addition of firewall and anti-spam in RVS 2011, then the suite will be complete. If part of the point of adding AV to Returnil is to increase the appeal to the mass market, I doubt it is likely to have the desired effect. The average person who uses a suite is not likely to have heard of, let alone be interested in, lightweight virtualisation applications.

On the other hand, the kind of people who do use applications such as Returnil will probably already have an AV as part of a layered defence, and are unlikely to want a second one embedded within an application deployed for an entirely different purpose. The anti-execute features within RVS on their own should be enough to prevent the virtual layer from being penetrated. I would have preferred to see further extensions and improvements to the core functionality of Returnil, rather than adding an AV with the consequent drain on resources of maintaining it with up-to-date signatures. This coupled with the fact that, from a preventative point of view, blacklisting is somewhat hit-and-miss when compared with the default deny of an anti-executable.

Comodo are going down the same road with the proposed inclusion of Comodo Time Machine in Comodo Internet Security. The difference though is that the design of CIS is modular, and the various components can be installed individually as required. Turning off the AV in RVS 2010 is an option, but will the AV component be unloaded from memory and the RAM it uses released? I suspect not.

Please don't take this as a criticism of your post, Blue. I'm merely stating an alternative point of view from a different perspective.

 

This is easily dealt with via an uninstall or boot to a second partition. This is an inconvenience.

I have had new product issues blow away an OS installation. That is quite untoward. As would be items such as file corruption, being unable to gain internet access via Winsock corruption, and so on.

Blue

 

I understand that, and believe that we really need to get a sense of true performance dimensions of RVS 2010 first. That's still an open question.

I agree that a modular design which basically eliminates deselected product functionality from installation in the first place is the preferred way to go. However, this does present a somewhat more complicated design challenge.

I really wouldn't compare the inclusion of CMT into CIS in the same category. As I've noted elsewhere here in the discussions of CMT type solutions, there's a degree of inherent instability in the approach used by CMT that any user of that technology really needs to fully appreciate before pulling the trigger on use. Inclusion of that type of module into a general use product is fraught with issues.

Here we have a minor product feature set extension. I do think you can make a good case on either side of the argument. That itself says that either perspective needs to be served well. What this means is that you cannot have any conflicts emerge. There can be no significant performance or realtime resource consumption hits. The feel in use needs to be very similar to RVS 2008. In my testing with the early betas, on my machines (which are older P4's running XP Pro), at least that appeared realized.

RAM usage from what I've seen thus far is in the noise in a typical current configuration (~ 1-2% on a 1 GB - 512 MB system) and I tend to ignore that. I don't ignore system responsiveness at the keyboard. This really can't suffer a perceptible drag, and I hope it doesn't.

If the evolution were towards a complete suite (antispam, firewall, etc.) with light virtualization becoming one of many functionalities, I agree, that would not be a direction that I'd recommend.

Blue

 

Hi Blue,

Yes, I agree with the main thrust of your post. As always, your posts are constructive, helpful, and of a high quality.

The only reason I drew the parallel with Comodo was to illustrate how a modular design within a security suite can permit a choice of components during installation. I wasn't trying to imply that Returnil is in any way similar to CMT. Personally I would be nervous of trying CMT due to the potential for data corruption implicit in the approach used by CMT, as you correctly pointed out.

It's interesting that you found the increase in RAM to be insignificant. On my XP Pro system the RAM went from around 6-7 MB for RVS 2008 to over 20 MB for RVS 2010. RVS 2010 also conflicted horribly with AntiVir Premium, although I believe that Coldmoon has already said that a reason for the conflict has been identified, so maybe this won't be this won't be an issue for users of other antivirus solutions.

In the end, it does come down to a matter of user perspective. Some people will no doubt like the incorporation of an AV in RVS 2010, while others won't. I agree that what does matter is the quality of the implementation. For many users, RVS 2010 will be installed alongside an existing antivirus, so it is important that Returnil cooperates with other security software without conflicts or performance issues.

 

Hi pegr,
Firewalls and anti-spam technologies are not target features. The next step in the evolution is simplification and optimization. There was a need for a slight increase in complexity for 3.0, but this is only due to a "first generation" situation.

Mike

 

I see the same numbers, but on a 2 GB RAM system, a 13 MB piece of RAM is less than 1%, hence my qualifier of insignificant. In one sense, fluctuations of ~ 1% are lost in the noise (watch Firefox with a number of tabs active). I do realize that a bunch of increases among a collection of running processes, each individually "lost in the noise", can sum up to be an issue of net RAM utilization.

Blue

 

By the way...., at least from what I see on my machine, the CPU utilization issue appears resolved (at least for me).

Blue

 

Hi Mike,

I was being slightly ironic. I didn't really think you were trying to build a full-blown security suite.

Seriously though, if you could manage to solve some of the key technical issues that make Returnil slightly inconvenient to use: e.g. extending virtual sessions across reboots, being able to exit virtual mode without a reboot, etc, IMHO that would be a big step forwards.

Regards

pegr

 

Hi pegr,

In internal testing - look for it at some point in the 3.1 series (tentative).

Still working on this, but may be a consequence of the virtual sessions across restarts. Don't hold me to that however as there is still a great deal of testing to do.

Mike

 

Fantastic

There will be a new build available next week that should provide relief for others who may still be affected following the fixes from today. Stay tuned

Mike

 

Apologies Blue, I misread your post. I thought you were saying that the increase in RAM usage on your system was only 1-2%. I didn't realise you meant the new version uses 1-2% of the total available RAM; so yes, we do indeed see the same numbers.

Regards

pegr

 

Hi Mike,

That's great news! Awaiting 3.1 with keen interest.

Regards

pegr

 

What would be the difference between "extending virtual sessions across reboots" and the current option "on computer shutdown - save all changes"?

 

Hi Robin,
The concept is basically allowing you to test a program that requires a restart of your computer to install for example and follow the results through the initial restart or over many restarts. Then when you are done with the "session", simply dump it and you return to the state your system was in when you first turned on the virtualization.

Saving content at shutdown commits the changes to the real disk immediately as though RVS were not installed without a similar means to return the real system to the same state as above.

HTH
Mike

 

Hi folks

It's quite a debate going on here. I'd like to add my side as a relatively novice user. The inclusion of an AV on RVS 2010 seems to me a good idea. I am currently running it alongside Avast with no issues. The excessive cpu usage and stalling updates seem to have passed. The AV has already picked up a number of malware/virus items that Avast missed so it would seem to have justified it's use already. Good realtime protection plus the security benefits of virtualisation provide a real boost to non tech-savvy users.

Thanks to all the folks here and at Returnil.

Uli

 

Where did you find such performance? On Vista SP0 ?

 

I think that to get full suite returnil must add such functionality:
- firewall
- antikeylogger

But why do you need Antispam? Do you really think that any user tries to have personal mail server on its PC? I think that antispam must to be privelegy of dedicated servers. If your mail provider do not protects you from spam than I don't see any reason to not use gmail as default...

But I'm really agrees with you that RVS installer must include options to do not install default AV.

But as for me - than I think thah RVS AV is must to have with any defferent AV's. Currently I using KAV + RVS

 

I wasn't suggesting that RVS should develop into a full suite, but if it is the view of the developers at Returnil that adding an AV is beneficial to securing the main function of RVS as a partition virtualisation application, in order to help detect and prevent malware penetration, then so be it.

Personally, I would have preferred a different approach but the important thing is the quality of the implementation, which means that RVS Virus Guard needs to be compatible with other security software (including other vendor AVs) that the user may have installed without causing any conflicts or performance issues.