Switching in/out of virtual mode?

Discussion in 'Returnil releases' started by kwikwit, Feb 25, 2010.

Thread Status:
Not open for further replies.
  1. kwikwit

    kwikwit Registered Member

    Joined:
    Feb 25, 2010
    Posts:
    1
    Hi.

    New to this, so bear with me, please?

    I just came across RVS010 and installed it. Looks pretty good to keep the computer safe, but I was wondering if there was some way that there could be an "enable/disable" function built into the program so that you could just activate RVS when you needed it, without having to reboot the computer?

    It seems time consuming, particularly since I work on an old Compac with maximum 512 MB of memory, Window XP Home, and the machine is loaded with LOTS of programs to load up. Takes forever (probably 3 to 5 minutes) to completely bootup.

    BTW.... haven't had no probs with Avast! 4.8 or any issues with other software or hardware. Although, I haven't really been using it but for about a week or so, and primarily only when I get on the Internet. That's about all I really need it for, as I apparently have a learning curve to get through to learn how to save stuff that I actually WANT on my physical HDD.

    Would appreciate it immensely if a fix could be added to switch back and forth when needed.

    Thanks a bunch for any replies.
     
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hello kwikwit and welcome to the forums :)

    By default, System Safe is turned off when you first install RVS. Turning System safe on however does not require a restart of the computer, but turning it off does. This is due to limitations in Windows, not RVS.

    Further, System Safe can be used in two modes:
    1. Always on (configured to be on with Windows Start)
    2. Session Lock (on only until the computer is restarted)

    The best advice here would be to reduce the number of start up programs. There are a number of tweaking threads here in the wider forums where this is discussed in detail. You should do your research however to ensure that the suggestions are appropriate for your computer...

    The majority of users do not experience any issues. The forums tend to be like a fishbowl where reports can appear to be more prevalent than they actually are. If you do not have any issues now, it is highly unlikely that you will run into any going forward, given the same environment.

    Being able to leave System Safe without a restart is something we continue to research, but to date it remains a physical barrier that is universal for all programs in this space. This is directly related to the way Windows is designed and is a limitation that even Microsoft's software faces.

    This does not mean we will give up, but the solution is still lower priority to other things we are working on...

    Mike
     
  3. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Fortres Grand's Clean Slate appears to be a similar solution to RVS that claims to have achieved this, judging by the following quotes from their website: http://www.fortresgrand.com/products/cls/cls.htm

    "Clean Slate actually prevents the original files from ever being modified. Instead, Clean Slate caches all unwanted changes in a special folder that is hidden and protected from the users. When the computer is rebooted or a user logs off, Clean Slate merely discards the cached changes"

    "Quickly disable or enable security, no need to reboot"

    Any idea how they might have done it?
     
  4. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi pegr,
    The reason it can leave a virtual mode without a restart is that it is application based (like Sandbox IE) rather than disk (system) level like RVS. Also, their comparison information is inaccurate as many of the things they list as not available with "boot-to-restore" alternatives are actually available in RVS.

    Mike
     
  5. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Hello Mike,

    Thanks for your comments, but are you absolutely sure that Clean Slate is application based? There is no suggestion on the Fortres Grand website that applications have to be explicitly and deliberately sandboxed for the protection to operate; in fact quite the opposite: there is a clear suggestion that the way CS works is very similar to RVS. Take the following quote for example:

    "Clean Slate, developed and manufactured in the United States, is designed to protect public access computers from malicious or inexperienced users. While not restricting users’ activities, Clean Slate will scour drives back to their original state upon reboot or log off. Clean Slate takes only minutes to install and needs no attention, ever, for most installations. Clean Slate restores the computer to its original configuration discarding unwanted user changes: including erased files, installed software, downloaded spyware and adware, downloaded viruses and Trojan horses, and altered icons. "

    This description looks to me to be similar enough to what RVS does for a valid comparison to be made.

    I have in the past trialled CS and it was very similar to RVS in operation. All changes to the file system were lost on exit from the virtual mode and it was indeed possible to enter and exit the virtual mode without rebooting. With the virtual mode enabled, all changes to the file system were temporary changes that were lost on exit from the virtual mode. It wasn't necessary to configure it for individual applications unless you wanted to permanently exclude specific application folders from protection, such as the ability to retain AV definition updates, etc (I didn't test that feature though).

    I came to the conclusion that CS is probably better suited to enterprises than home users, and the feature set and price of CS reflect this. It was also somewhat unstable on my system. For home users, I definitely prefer and would recommend RVS over CS. I accept that their comparison information is inaccurate but then again, I think you would agree that RVS is a particularly sophisticated example of reboot-to-restore system partition virtualisation. ;)

    My reason for posting is that they do appear to have solved the problem of disk virtualisation without reboots, but I have no idea how they have accomplished this. I do know that CS was somewhat unstable (at least on my system) with the occasional BSOD, etc, so it's possible that they may have used techniques that Returnil experimented with, and dismissed as not robust enough. This is why I asked whether you had any idea as to what it is that they might have done.

    Regards
     
  6. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    When I say application based, it does not necessarily mean that it is designed to be exactly like SBIE. The distinction comes from what is being virtualized; the file system (application level) or the disk (system level).

    As with SBIE, you can enter and leave a virtualized state without a restart as the program is "filtering" the file system; for SBIE, the extent of this filtering is related only to the application being sandboxed. It is also the reason that MS updates can be applied without a restart.

    The approach is valid, but has performance issues (monitoring the file system constantly) and can be less stable on some systems (as you have encountered). System level virtualization is less complex in this respect, so is more robust over the range of potential uses and environments, but requires a restart to release the real disk for changes.

    Though this is a personal opinion, I look at the difference as similar to a good, solid mouse trap as opposed to a Rube Goldberg device. This is an extreme way of looking at it, but it does get to the heart of what is going on as far as complexity is concerned...

    Mike
     
  7. ratwing

    ratwing Guest

    Coldmoon said:
    "Though this is a personal opinion, I look at the difference as similar to a good, solid mouse trap as opposed to a Rube Goldberg device. This is an extreme way of looking at it, but it does get to the heart of what is going on as far as complexity is concerned..."

    I do not even pretend to understand the complexities involved,but I do know a beautiful analogy when I see it. Bravo!!
     
  8. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Hello Mike,

    Thanks for taking the time to post a detailed reply. As ratwing aptly said, I don't pretend to understand the complexities involved either. I slightly misunderstood your original reply because, when you said application level, I assumed you were talking about application programs. I didn't realise that you were using the term as a synonym for the file system. In order to check my own understanding, I have attempted to summarise below what I believe you are saying.

    From a functional point of view, both Clean Slate and RVS are monitoring changes to the file system, but the difference lies in the way this is achieved from a technical perspective.

    Clean Slate virtualises the file system. It monitors disk writes at the file system level, which allows for application program checking. This allows the virtual mode to be exited without a reboot but is less robust and may result in system instability.

    RVS, on the hand, virtualises the disk partition. It monitors disk writes at a lower level than the file system, which involves a degree of 'disk locking'. This means that the virtual mode can't be exited without a reboot to release the disk but is much more stable, robust, and difficult to bypass, as it is not dependent on application programs being well behaved.

    If this is a correct understanding on my part, then I think I now understand why it is not possible to exit a virtual session without a reboot. It also helps me to understand why the technical approach taken by Returnil is ultimately superior to vendors of functionally similar products who have chosen to sacrifice security and robustness for the added convenience of being able to exit the virtual state without a reboot (this doesn't apply to application sandboxing programs such as SBIE which are an entirely different class of application to RVS).

    If I have misunderstood something, would you please be so kind as to supply the necessary correction.

    Many thanks again for your time. :)

    Regards

    EDIT: Minor points of clarification added.
     
    Last edited: Feb 27, 2010
  9. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi pegr,
    No, and yes. The issue with the application level approach is with the constant monitoring of the file system for changes or to intercept a change. At this level you have to watch everything. The system level approach has only one thing to monitor, changes to the disk. So RVS does not really care what the programs do, just if they attempt to make a change to a portion of the real disk which is tracked in the virtual system.

    Mike
     
  10. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Hi Mike,

    Many thanks for the further elucidation. Whilst not fully appreciating all of the technical detail involved, I think I do now understand why the system level approach is technically superior to the application level approach, and why it is necessary to reboot the system in order to exit a RVS virtual session.

    Regards
     
  11. VanguardLH

    VanguardLH Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    96
    A bit late to add to the discussion, but Fortres Grand used to have their own sandbox program but abandoned it about the same time that Google bought GreenBorder 3 years ago and then that program disappeared (and several other sandbox utilities either disappeared or were abandoned). You can see their old web page at:

    http://www.fortresgrand.com/products/free/vsb_free.htm

    Their very ancient v1.0 is free but was so quirky that no one kept using it. I actually had thought that Fortres had pulled their sandbox from download access until I Googled and found the above URL. You can get a demo of v2.0 (http://www.fortresgrand.com/products/vsb/vsb.htm) but it is payware and I have heard of few users using it (actually I've only heard of users trialing it and then dumping it). It looks like they used that sandboxing technology to repackage into CleanSlate with a different spin on the use of sandboxing. Avast 5 (payware version) has its sandboxing to afford some protection as well as Comodo's Firewall which auto-sandboxes unknown applications (or you can add them to the list, like for Internet-facing applications). It looks like Fortres just rewrapped their old sandbox into an auto-isolating utility. Slap on a new product name, spiff up the UI, and enhance its behavior and, voila, you have a "new" product.

    It's been way too many years since Fortres had some exposure in the user community for their sandbox program to remember how it compared against GreenBorder, VMWare, and VirtualPC at that time. I remember looking at the Fortres sandbox for just a couple days and decided it wasn't worth using or possibly even hazardous to the health of my host. They might've improved the migration of their old sandbox code into their "new" CleanSlate program but they certainly are letting users punch a lot of holes in the CleanSlate "sandbox" or are doing that automatically, like for Windows Update, AV sig updates, etc.
     
Thread Status:
Not open for further replies.