 The Ultimate Safety Net, Run Windows in a Virtual Sandbox |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
  Nov 1 2007, 03:56 PM
Post
#1
|
|
 Bleepin' Night Watchman  Group: BC Advisor Posts: 1,762 Joined: 5-December 05 From: The City of Saint Francis, by the western sea Member No.: 43,307  |
There's a free (for personal use) app called Returnil that will allow you to perform any hazardous act in Windows without actually doing it. This is accomplished by setting up a virtual mirror of your system in memory. This sounds like it would really drag down performance on even the most robust machine, but they somehow (I'm not exactly sure how) have overcome this. Minimum requirements are as follows: Operating System: Microsoft® Windows® XP/ 2003 Server/ Vista 32-bit Processor by OS: XP: 300 MHz 2003 Server: 750 MHz Vista: 800 MHz Memory by OS: XP: 128 MB 2003 Server: 128 MB Vista: 512 MB Hard Disk: 25 MB free HDD space (minimal configuration)  Here's how it works: you start up the program and turn the protection on. That's it. The protection cannot be turned off except by rebooting. This means that even if you wanted to turn it off while you open that e-mail attachment from Nigeria, you couldn't (without rebooting). I tested this rather extensively on (ironically) a virtual machine. I screwed with the virtual OS's registry, deleted critical files, exposed myself(  ) to a rather nasty virus sample that I happen to possess, et al ad nauseum. It was kind of weird attempting to wreck a system after spending years of my life preventing/cleaning up after such mayhem. I tried, I really tried, to sneak past the protective layer. No success. After getting to a point where I couldn't do any more damage (because the damage was too great already to interact with the system) I pulled the plug and rebooted. Windows came back to life unphased and undamaged.There are some caveats and possible gotchas, though. For one, it only protects the volume on which Windows is installed. If you only have one volume/drive, then that's ok but those of us with complex partition set ups should take heed of that. Second, the protection afforded to the boot partition is absolute; if you save a file to it with the protection on, it will not be there after the reboot. Period. The program provides for this by allowing you to create and mount a virtual drive wherein you can save things. Definitely check it out! --------------------  |
 |
 
|
|
Nov 7 2007, 08:39 AM
Post
#2
|
|
 Member Group: Members Posts: 46 Joined: 24-September 07 From: India Member No.: 158,841 |
I use Altiris Software Virtualization Solution for the same thing.I find it better than Returnil since you can insteall each sofware whch you think may harmyour PC in it's own layer and then simply delete the layer to undo all changes that software made to your PC.This is better because it wil only undo the changes made the that software and not the other changes you might make while the capture is on.
FREE FOR PERSONAL USE Altiris Software Virtualization Solution -------------------- Most people are only alive because it is illegal to shoot them.
"You will never walk alone" |
|
|
|
|
Nov 7 2007, 04:15 PM
Post
#3
|
|
 Forum Regular Group: Members Posts: 295 Joined: 6-November 07 Member No.: 167,973 |
I think this maybe the answer I'm looking for given my bad luck with computers.
So if I run XP in the sandbox and screw it up like I always do, I can jump out of the sandbox and everything will be normal again? -------------------- X
|
|
|
|
|
Nov 7 2007, 07:18 PM
Post
#4
|
|
|
Bleepin' Night Watchman Group: BC Advisor Posts: 1,762 Joined: 5-December 05 From: The City of Saint Francis, by the western sea Member No.: 43,307 |
I'm not going to say that it's totally foolproof; nothing is. But like I said, I couldn't make any damage stick, and I was trying.
-------------------- |
|
|
|
|
Nov 7 2007, 07:23 PM
Post
#5
|
|
|
Forum Regular Group: Members Posts: 295 Joined: 6-November 07 Member No.: 167,973 |
I'll give it a try then.
If there's ever a fool out there that can break this sandbox, that"ll be me. 
-------------------- X
|
|
|
|
|
Nov 9 2007, 11:30 PM
Post
#6
|
|
 Forum Regular Group: Members Posts: 177 Joined: 31-October 07 From: South Carolina Member No.: 166,746 |
Kind of like running Windows on the holodeck, safety protocols engaged.
|
|
|
|
|
Nov 10 2007, 12:59 AM
Post
#7
|
|
|
Bleepin' Night Watchman Group: BC Advisor Posts: 1,762 Joined: 5-December 05 From: The City of Saint Francis, by the western sea Member No.: 43,307 |
<Trek>Mortality Failsafes Engaged</Trek>
-------------------- |
|
|
|
|
Nov 13 2007, 07:10 AM
Post
#8
|
|
|
Member Group: Members Posts: 23 Joined: 10-November 07 Member No.: 168,710 |
I have a question regarding using Returnil & Altiris. Can I use both softwares at the same time? Can I install an application in its own layer using Altiris 9i.e. to try out an application for a period of time) and at the same time use Returnil for daily surfing and letting the children play on the computer (i.e. to prevent the children or viruses from messing up any windows configurations ) ?
Thanks |
|
|
|
|
Nov 16 2007, 12:34 PM
Post
#9
|
|
 Member Group: Members Posts: 38 Joined: 27-September 07 Member No.: 159,527 |
I would recommend you try Sandboxie. I've been using it for a month or so. There's a good explaination how it works on the website. It runs individual programs in a sand box. The nice thing is you can configure it to automatically prompt you to copy a file from the sandbox to the regular folder. Say something you download that you are confident can't hurt your machine etc..
I'd use version 3.02 as the new 3.20 release still has some bugs. The only thing with Sandboxie, it installs a device driver and a service during the program installation. If it's not going to be compatible, it will crash right then. If it installs successfully, then it works fine. The good thing about it is you can set it up to run manually and turn the service off to avoid side effects(like interfering with DVD burns or whatever.) It's a good protection against those malicious sites that try to install a browser helper or plugin to hose your system. Also, you don't need to filter your stuff using a resident virus shield. It's much more efficient. Plus the licensing is great!! You can use the free one for personal use on all the machines you own. The paid version adds a few auto-cleanup features but the free one does all the important stuff. I bought for $25 mainly because I like the program. I hate using virus shields. Basically after a virus has already come out they stick it in a database. If they don't rely on a signature and try to analyze stuff, that really slows your system down. Best just to intercept the disk i/o like Sandboxie. Sandboxie The other good thing is there's a forum and you get feedback from the author and can make feature suggestions or find out how to manipulate the service or whatnot. The author seems open to criticism. It least I didn't notice him biting anyone's head off who said the program had a problem.  This post has been edited by MilesAhead: Nov 16 2007, 12:38 PM -------------------- "Why is half the world named after a guy I never heard of?"
|
|
|
|
|
Nov 26 2007, 12:13 AM
Post
#10
|
|
 Senior Member Group: HJT Junior Classmen Posts: 438 Joined: 23-November 07 From: California Member No.: 171,969 |
Hmm... would it mean that people can have access to inappropriate sites and do what they want on there, and after reboot, POOF, no harm done? Seems like an excellent way for not-so-ethical people to go on inappropriate sites...
-------------------- "If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell
|
|
|
|
|
Dec 11 2007, 09:41 PM
Post
#11
|
|
|
Senior Member Group: HJT Junior Classmen Posts: 438 Joined: 23-November 07 From: California Member No.: 171,969 |
Hahaha, I have let curiosity get the better of me.
So I downloaded Returnil. So all I need to do is test it. I tried deleting the registry keys but the window would freeze. Then I tried removing the system32 components but I failed at that too. If I were to go on a known malicious site and download MalwareAlarm, IE Defender or something, would that work too? -------------------- "If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell
|
|
|
|
|
Dec 11 2007, 11:52 PM
Post
#12
|
|
|
Bleepin' Night Watchman Group: BC Advisor Posts: 1,762 Joined: 5-December 05 From: The City of Saint Francis, by the western sea Member No.: 43,307 |
You can still crash Windows with Returnil on. The difference is that none of the damage will be there after you reboot. Viruses will still be able to infect, but they won't be there after reboot nor any of the damage they may have caused. So basically anything that can happen to Windows can happen, it just won't stick!
-------------------- |
|
|
|
|
Dec 11 2007, 11:56 PM
Post
#13
|
|
|
Senior Member Group: HJT Junior Classmen Posts: 438 Joined: 23-November 07 From: California Member No.: 171,969 |
Yes, a few hours ago I just crashed my computer XDDD
True to what the company claims, none of the damage stuck. Thank goodness  Last question before I run off doing some more nonexistent damage to the computer: If I save a file to the system partition that's infected, will it be able to infect the real hard drive? And thanks for introducing this wonderful program
-------------------- "If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell
|
|
|
|
|
Dec 12 2007, 12:02 AM
Post
#14
|
|
|
Bleepin' Night Watchman Group: BC Advisor Posts: 1,762 Joined: 5-December 05 From: The City of Saint Francis, by the western sea Member No.: 43,307 |
No. Any file saved to the system partition while protection is active will disappear and not actually ever be saved to the actual partition. Viruses and dissertations alike will vanish as if they never existed.
-------------------- |
|
|
|
|
Dec 12 2007, 12:08 AM
Post
#15
|
|
|
Senior Member Group: HJT Junior Classmen Posts: 438 Joined: 23-November 07 From: California Member No.: 171,969 |
Hmmm.
Well, scratch that, sorry. I meant the Z: Drive. If what you said applies to the Z: Drive, then is there something wrong with my computer? Because I downloaded something as an experiment and it's still in the drive, and the protection is off. And when you use disk cleanup, is the Z: Drive included in the cleanup? I've only 1.86MB of total files in the drive, and the properties tab suggest that 20MB has been used up. Thanks! -------------------- "If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 5th July 2008 - 04:59 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.