So malware operates untill you reboot?

Discussion in 'Returnil releases' started by owen35ny, Jan 15, 2009.

Thread Status:
Not open for further replies.
  1. owen35ny

    owen35ny Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    28
    So -- If i download a virus and my malware doesn't catch it it will operate normally as malware until I reboot? I thought I couldn't get anything but I think I can it just goes away after reboot. That's important if I want to download a tool etc that I am not sure of trusting.
     
  2. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    Returnil isn't an antimalware software, Its basically a virtual Image of your OS, so yes Malware will operate normally if you do become infected, this is why I recommend the use of an Antilogger along with your normal "HIPS" (host-based intrusion prevention system) so if you do get infected wile using your virtual OS and don't know about it, they wont be able to obtain your typed passwords ect!
     
  3. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024

    with all these light virt. softwares, basically your real system is write protected(some exceptions though) so anything on your real system can be read,logged and send out(keylogger etc.) So SBIE comes in handy to restrict outgoing connections.But a keylogger already on your system can find ways to send out circumventing SBIE. Beware of this !!
     
    Last edited: Jan 15, 2009
  4. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    As has been pointed out already, this is true. But if your AV, AS, AM, HIPS, or other does not identify the malicious content, that content will still operate as well...

    The important issue here is not really detection. Though detection is essential as a feedback mechanism in any security strategy, it is not critical. What is critical is that the malware be removed as quickly as possible (IOW: Time to removal). With RVS (or similar) that time is reduced to the time between restarts of your system whereas you may be waiting a much longer time for your other solutions to update their signatures...

    Mike
     
Thread Status:
Not open for further replies.