Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Ultimate Safety Net


  • Please log in to reply
43 replies to this topic

#1 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:48 PM

Posted 01 November 2007 - 03:56 PM

This is really, really handy. It's quite frankly beyond cool on at least 13 different levels.

There's a free (for personal use) app called Returnil that will allow you to perform any hazardous act in Windows without actually doing it. This is accomplished by setting up a virtual mirror of your system in memory. This sounds like it would really drag down performance on even the most robust machine, but they somehow (I'm not exactly sure how) have overcome this. Minimum requirements are as follows:

Operating System: Microsoft® Windows® XP/ 2003 Server/ Vista 32-bit

Processor by OS:
XP: 300 MHz
2003 Server: 750 MHz
Vista: 800 MHz

Memory by OS:
XP: 128 MB
2003 Server: 128 MB
Vista: 512 MB


Hard Disk: 25 MB free HDD space (minimal configuration)

Posted Image


Here's how it works: you start up the program and turn the protection on. That's it. The protection cannot be turned off except by rebooting. This means that even if you wanted to turn it off while you open that e-mail attachment from Nigeria, you couldn't (without rebooting).

I tested this rather extensively on (ironically) a virtual machine. I screwed with the virtual OS's registry, deleted critical files, exposed myself( :thumbsup: ) to a rather nasty virus sample that I happen to possess, et al ad nauseum. It was kind of weird attempting to wreck a system after spending years of my life preventing/cleaning up after such mayhem. I tried, I really tried, to sneak past the protective layer. No success. After getting to a point where I couldn't do any more damage (because the damage was too great already to interact with the system) I pulled the plug and rebooted. Windows came back to life unphased and undamaged.

There are some caveats and possible gotchas, though. For one, it only protects the volume on which Windows is installed. If you only have one volume/drive, then that's ok but those of us with complex partition set ups should take heed of that.

Second, the protection afforded to the boot partition is absolute; if you save a file to it with the protection on, it will not be there after the reboot. Period. The program provides for this by allowing you to create and mount a virtual drive wherein you can save things.

Definitely check it out!

BC AdBot (Login to Remove)

 


#2 Rustendrage

Rustendrage

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:18 AM

Posted 07 November 2007 - 08:39 AM

I use Altiris Software Virtualization Solution for the same thing.I find it better than Returnil since you can insteall each sofware whch you think may harmyour PC in it's own layer and then simply delete the layer to undo all changes that software made to your PC.This is better because it wil only undo the changes made the that software and not the other changes you might make while the capture is on.

FREE FOR PERSONAL USE

Altiris Software Virtualization Solution
Most people are only alive because it is illegal to shoot them.

"You will never walk alone"

#3 CTH_Tom

CTH_Tom

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 07 November 2007 - 04:15 PM

I think this maybe the answer I'm looking for given my bad luck with computers.
So if I run XP in the sandbox and screw it up like I always do, I can jump out of the sandbox and everything will be normal again?
X

#4 Andrew

Andrew

    Bleepin' Night Watchman

  • Topic Starter

  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:48 PM

Posted 07 November 2007 - 07:18 PM

I'm not going to say that it's totally foolproof; nothing is. But like I said, I couldn't make any damage stick, and I was trying. :thumbsup:

#5 CTH_Tom

CTH_Tom

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 07 November 2007 - 07:23 PM

I'll give it a try then.
If there's ever a fool out there that can break this sandbox, that"ll be me. :thumbsup:
X

#6 RknRusty

RknRusty

  • Members
  • 396 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:01:48 AM

Posted 09 November 2007 - 11:30 PM

Kind of like running Windows on the holodeck, safety protocols engaged. :thumbsup:

#7 Andrew

Andrew

    Bleepin' Night Watchman

  • Topic Starter

  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:48 PM

Posted 10 November 2007 - 12:59 AM

<Trek>Mortality Failsafes Engaged</Trek>

#8 freeborn

freeborn

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 13 November 2007 - 07:10 AM

I have a question regarding using Returnil & Altiris. Can I use both softwares at the same time? Can I install an application in its own layer using Altiris 9i.e. to try out an application for a period of time) and at the same time use Returnil for daily surfing and letting the children play on the computer (i.e. to prevent the children or viruses from messing up any windows configurations ) ?

Thanks

#9 MilesAhead

MilesAhead

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 16 November 2007 - 12:34 PM

I would recommend you try Sandboxie. I've been using it for a month or so. There's a good explaination how it works on the website. It runs individual programs in a sand box. The nice thing is you can configure it to automatically prompt you to copy a file from the sandbox to the regular folder. Say something you download that you are confident can't hurt your machine etc..

I'd use version 3.02 as the new 3.20 release still has some bugs. The only thing with Sandboxie, it installs a device driver and a service during the program installation. If it's not going to be compatible, it will crash right then. If it installs successfully, then it works fine. The good thing about it is you can set it up to run manually and turn the service off to avoid side effects(like interfering with DVD burns or whatever.) It's a good protection against those malicious sites that try to install a browser helper or plugin to hose your system. Also, you don't need to filter your stuff using a resident virus shield. It's much more efficient.

Plus the licensing is great!! You can use the free one for personal use on all the machines you own. The paid version
adds a few auto-cleanup features but the free one does all the important stuff. I bought for $25 mainly because I like the program. I hate using virus shields. Basically after a virus has already come out they stick it in a database.
If they don't rely on a signature and try to analyze stuff, that really slows your system down. Best just to intercept
the disk i/o like Sandboxie.

Sandboxie

The other good thing is there's a forum and you get feedback from the author and can make feature suggestions or find out how to manipulate the service or whatnot. The author seems open to criticism. It least I didn't notice him biting anyone's head off who said the program had a problem. :thumbsup:

Edited by MilesAhead, 16 November 2007 - 12:38 PM.

"I don't want to belong to any club that would have me as a member."
- Groucho Marx


#10 skyfuser

skyfuser

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:48 PM

Posted 26 November 2007 - 12:13 AM

Hmm... would it mean that people can have access to inappropriate sites and do what they want on there, and after reboot, POOF, no harm done? Seems like an excellent way for not-so-ethical people to go on inappropriate sites... :thumbsup:
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#11 skyfuser

skyfuser

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:48 PM

Posted 11 December 2007 - 09:41 PM

Hahaha, I have let curiosity get the better of me.
So I downloaded Returnil. So all I need to do is test it. I tried deleting the registry keys but the window would freeze. Then I tried removing the system32 components but I failed at that too.
If I were to go on a known malicious site and download MalwareAlarm, IE Defender or something, would that work too?
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#12 Andrew

Andrew

    Bleepin' Night Watchman

  • Topic Starter

  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:48 PM

Posted 11 December 2007 - 11:52 PM

You can still crash Windows with Returnil on. The difference is that none of the damage will be there after you reboot. Viruses will still be able to infect, but they won't be there after reboot nor any of the damage they may have caused. So basically anything that can happen to Windows can happen, it just won't stick!

#13 skyfuser

skyfuser

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:48 PM

Posted 11 December 2007 - 11:56 PM

Yes, a few hours ago I just crashed my computer XDDD
True to what the company claims, none of the damage stuck. Thank goodness :flowers:
Last question before I run off doing some more nonexistent damage to the computer: If I save a file to the system partition that's infected, will it be able to infect the real hard drive?
And thanks for introducing this wonderful program :thumbsup:
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#14 Andrew

Andrew

    Bleepin' Night Watchman

  • Topic Starter

  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:48 PM

Posted 12 December 2007 - 12:02 AM

No. Any file saved to the system partition while protection is active will disappear and not actually ever be saved to the actual partition. Viruses and dissertations alike will vanish as if they never existed.

#15 skyfuser

skyfuser

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:48 PM

Posted 12 December 2007 - 12:08 AM

Hmmm.
Well, scratch that, sorry. I meant the Z: Drive. If what you said applies to the Z: Drive, then is there something wrong with my computer? Because I downloaded something as an experiment and it's still in the drive, and the protection is off.
And when you use disk cleanup, is the Z: Drive included in the cleanup? I've only 1.86MB of total files in the drive, and the properties tab suggest that 20MB has been used up.
Thanks!
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users