What is the "antivirus" for?

Within the Returnil Virtual System Home 2010,
there is an ANTIRIVUS SOFTWARE.

Question:
1 .
Is it for protecting Returnil Virtual System?
And so also for the virtual partition?
2 .
Will this ANTIRIVUS SOFTWARE conflict with
other softwares of the similar classification?
3 .
If the answer to the question as above 2. is positive,
how to avoid this?

Thank you!

 

fuquen:

1. It's really for standard realtime/demand protection - think of it as an embedded standard AV for conventional coverage.
2. I've not seen that occur in my experience, but if you choose to run an alternate AV, I would recommend that realtime monitoring be disabled. The reason for this is not so much related to possible conflict but avoidance of duplication of coverage. Note - the demand scanning capabilities are still available.

Blue

 

Blue:

Thank you!

Really appreciate your explanations and recommendation.
Thanks again!

 

The Virus Guard (and the AI/machine learning engine/distributed immunity when ready) are for both self (RVS) and user protection, especially against malware that is designed to circumvent virtualization.

The design behind RVS is to enforce accelerated "time to removal" rather than detection AND THEN removal of malicious and/or potentially unwanted content. To do this, the virtualization is the key component that keeps the system clean over time regardless of whether the content is detected.

Ex:

1. 2 systems with the same specs, OS, and installed software (except as noted)
2. System 1 has RVS 2010 installed with System Safe "always on" and Virus Guard active
3. System 3 has a traditional security line up (simple for this example) of a top tier AV/AS, software firewall, and a supplemental on-demand scanner of some type.
4. Both encounter a new "zero-day" malware that is unknown to any installed AV or AS

Lets further assume both computer become infected. For the system in #2, the malware will persist until the scanners are updated to detect AND remove the infection whereas #1 with RVS virtualization always on will be clean after the computer is restarted regardless of whether the user even suspects an infection.

Mike

 

But wouldn't this be true for system #1 even if the Virus Scan were not on? The beauty of RVS virtualization is that whatever bad stuff gets onto the computer while Returnil's System Safe is active will be flushed upon reboot, yes?

 

In ~99.9% of the cases, yes. There is however a small subset of families that were designed to circumvent virtualization. In the past, when a new example was discovered, a new RVS would be released that was hardened against it. This becomes impractical in the long run.

With this said, it is also important to remember that ISR (Instant System Recovery) can only do three things:

1. Drop all changes
2. Save some changes
3. Save all changes

It cannot distinguish between what is good, bad, or indeterminate. Further, ISR cannot stop the activation of malicious content. This means that while the real system is kept clean, you may have an infection that is undetected while working in the virtual environment. The RVS VG is there to provide a means to warn the user that the malware is present, thus reducing the time to removal of said malware.

Mike

 

Thanks, Mike, for your quick and helpful response. However, I thought that my regular apps--including security apps--will work in the RVS virtual environment. If that's the case, why wouldn't my regular AV app or an app like Malwarebytes' Anti-Malware Pro detect baddies just as well as F-Prot (and without F-Prot's love of false positives )?

 

The goal is to eventually reduce the number of security solutions you think you need to what you actually need. Though you are correct in what you are saying, there is also a performance hit your will have to take by using multiple apps. RVS is designed to reduce that while improving your overall computer experience.

For example, on a new 64bit system I have, I only use the built in Windows features (Firewall and Windows Defender) with the latest version of RVS 2010...

Mike

 

Thanks once again, Mike. I'm glad to know that my understanding was correct. I agree that my system is likely to take a performance hit if I have too many security apps running at the same time, especially two antivirus programs. However, for me the answer is to disable RVS's F-Prot, which I have found to be very prone to false positives, and to depend instead on the antivirus program that has served me well for several years. Of course, if F-Prot works more reliably on your system, and if you're keeping Returnil on all the time, I can see how the arrangement you describe would also work well.

 

Coldmoon and cyberdiva

Thank you, both of you, very much for the informative discussions!
Fuquen