Now that Shadow Defender may no longer be actively developed, I went searching for an alternative, both for personal use and for a product that I can recommend to customers. I see virtualization as the primary line of defense, leapfrogging the unreliable malware scanner. It is something that needs very little user interaction, other than the initial configuration. I have heard a lot of good things about Returnil, so I decided to check them out. I got a deal I just could not refuse, so I bought Lux 2010. I have used Shadow Defender for a long time. It remains my only frame of reference for whole-system virtualization. That being said, there were things I discovered about Returnil that I did not like: (If I am in any way wrong please point that out.) Returnil requires a yearly subscription for their products. If they are like most business models than the user doesn't actually pay to use the product, they pay for the right to upgrade the product. I prefer products that do not use such models, rather I prefer one time fees. There is also no renewal discount with Returnil, which is rather odd considering that most companies offer substantial renewal discounts. I tend to gravitate towards products created by individuals; Shadow Defender (Tony), Sandboxie (Tzuk), Drive Snapshot (Tom). All these products are one time fee because they are not responsible for employees that reinvent their product every year. Tweaking (and updating) is good. But there is not need to reinvent the wheel all the time. See the drastic differences between 2008, Lux 2010 and the beta 2011 to see what I'm talking about. That simply leads to greater expense, which gets passed along to the consumer. Oh yeah, those three products I mentioned earlier all are one-time fee. And as anyone around here knows, they are among the best at what they do. So, why, Returnil, why? Returnil uses a lot more system resources that similar products. Shadow Defender and Shadow user and both incredibly light, using under 10 MB. Returnil Lux 2010 is not, which can use around 90-100 MB when both processes are combined. Granted that is in part because it makes use of a malware scanner. Returnil 2010 Lux uses a malware scanner. Some might like that fact. After all, it adds another "layer" to the security 2010 Lux provides. I do not. It's a patchwork at best. This is still a virtualization product, right? Then I assume that the key ingredient here is virtualization. Is that element was so great there would be no need for other "layers". I view adding an anti malware scanner as an admission that it might not be up to the task. After all, who cares if Trojan X, Malware Y, or Rootkit Z come along and do their worst a simple reboot and revert should take care of that, right? Evidentially not. The same can be said for any application that puts inner-layers in their application. I agree with the security concept of layering, but that should not be done inside one single application. Think of it like the Windows/Linux relationship. Windows' is not that secure by itself, comparatively. Linux is. Windows needs patches and service packs in order to make their product more secure and more stable. Linux needs far less to be both secure and stable. I don't wish to get into an OS debate here. My point simply being that if something is done write their is not that much patching than needs to done to it. Returnil uses blanket exceptions. I dislike the idea of giving read/write permissions to an entire directory. This is a fault of all system virtualization applications. I have yet to see one that will allow the user to restrict read/write to a directory based on a process, ensuring that only that process is allowed to read/write to that directory. For the life of me cannot figure out why this would be a bad thing. Currently, the file Manager which was designed to force the user to make deliberate changes. Really? Manual exclusion is your rebuttal? Have you every used Opera? You try committing a single email to the real disk. It can be done but it's not easy. That, of course, is just an example. Okay. Tell me how that method is in any way better than the one I suggested above, which has already been previously suggested and dismissed. If they were to implement the above feature and place their priorities and resources to the virtualization aspect of the product, rather than in the patch-work that is inner-application layering Returnil might be worthy of being the giant in security virtualization. Until then I might just have to pass, and find other products to recommend to to my customers. I place real value and trust in a company in how well they listen to users and adapt, and with Returnil the jury's still out.