Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Best Way For Defending Viruses And Spyware


  • Please log in to reply
16 replies to this topic

#1 unloaded

unloaded

  • Members
  • 398 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 25 November 2006 - 06:30 AM

I have tried returnil virtual system a few days ago, and I found it very powerful on reverting my system back to what it was like. It is a revolutionary program for me, has anyone else used it before?


(Moderator edit: added topic description. jgweed)

Edited by jgweed, 16 January 2007 - 11:15 AM.


BC AdBot (Login to Remove)

 


m

#2 Siggyman

Siggyman

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 25 November 2006 - 09:41 AM

Some free programs such as Ad-Aware do a pretty good job
http://www.download.com/3000-2144-10045910.html

Also you may somtimes need specific scanners or Trojans or Iluvyou virus but yah that is about it

Edited by Siggyman, 25 November 2006 - 09:41 AM.

Posted Image

#3 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:12:18 PM

Posted 25 November 2006 - 05:26 PM

Hey siggyman. Have you checked out our freeware library.

Freeware
"2007 & 2008 Windows Shell/User Award"

#4 Jim_Laos

Jim_Laos

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 16 January 2007 - 08:03 AM

I'm bumping this thread to see if anyone's tried Returnil Virtual System over a period time and have any more feedback or info.
They actually claim that with their system there's no need for a firewall or even a resident scanner. Whatever you do, surf blind, install whatever's going, all it needs is a reboot and your systems back as it was. I know just enough about this subject to be dangerous but these guys are either very clever or are sitting on the best piece of kit ever.
In my experience, if a thing seems too good to be true it usually is too good to be true.
What am I missing here?

Jim

#5 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:02:18 PM

Posted 16 January 2007 - 08:59 AM

Hi Jim_Laos

I have never heard of Returnil Virtual System, but I have used a similar product called Deep Freeze. In Deep Freeze's case, whatever is loaded, malware included, is wiped off at the next boot. That also means any documents, music or files that you want to keep. (Unless you provide a small "thawed area")

The two products sound the same.

I would never go without virus protection, or a firewall. Example: You read an infected e-mail from a friend and then forward it out to others. Since RVS doesn't clean anything, or warn of an infection, you have just infected your friends (If they don't have protection).

What I do like about this type of software is that you can allow others to use your computer and be fairly confident they will not cause any problems - wont wreck anything.

There are free virus programs and firewalls out there - as acklan pointed to. It just makes sense to be protected.

My two cents...

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#6 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:12:18 PM

Posted 16 January 2007 - 09:37 AM

I'm bumping this thread to see if anyone's tried Returnil Virtual System over a period time and have any more feedback or info.
They actually claim that with their system there's no need for a firewall or even a resident scanner. Whatever you do, surf blind, install whatever's going, all it needs is a reboot and your systems back as it was. I know just enough about this subject to be dangerous but these guys are either very clever or are sitting on the best piece of kit ever.
In my experience, if a thing seems too good to be true it usually is too good to be true.
What am I missing here?

Jim

I am by no means an expert on the type of software, but it's concept of "No need.." for security software disturbs me. I believe it is dangerous to recommend that you can safely venture onto the internet without the minimum of antivirus is reckless. All software can be defeated with time, and usually does not take as much time as you may think.
I do not like the idea and would not recommend it. Especially since you have to pay for it.
"2007 & 2008 Windows Shell/User Award"

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:18 PM

Posted 16 January 2007 - 12:24 PM

...but it's concept of "No need.." for security software disturbs me. I believe it is dangerous to recommend that you can safely venture onto the internet without the minimum of antivirus is reckless...

I totally agree.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Jim_Laos

Jim_Laos

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 17 January 2007 - 03:21 AM

Some very good points raised, I agree that 'no scanning needed' is a bit of a frivolous claim but, as someone who is surfing the net all day as part of my job, the notion of doing it in a 'bubble' makes sense - and sounds comforting.
The thrust of my post though was are they making false claims here or, technically, can this idea work.
As far as I can tell, only the system drive is protected, anything downloaded to, or changed on any other drive will be permanent.
I tried it for 24 hours and it operates invisibly, no noticeable slowdown. Then I exited the program using the task bar icon/menu. On the next reboot, it was there again so this time I deleted it. On the next reboot it was back! I read the documentation and saw that it was necessary to boot into safemode and then delete it - which worked. So it's not quite like a switch - which would be great - it's more of a chore, a bit like putting on a layer of protective clothing before surfing into uncharted cyber space. I still like the idea though.
Jim

Edited by Jim_Laos, 17 January 2007 - 03:22 AM.


#9 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:12:18 PM

Posted 17 January 2007 - 07:23 AM

Do not get me wrong, I would love nothing more than for it to work. It would solve countless problem. I simple have a hard time believing that such statements that are claimed could stand up to the weight of the entire hacker community. With a boast such as this you will have a segment that will thrust their best efforts into cracking this protection.
I have been using Puppy Linux for over a year now, and it works in a similar way. Loads to RAM (512Mb on the PC I have it on) and burns any chages to CD\DVD. I can run it on most any PC with out leaving a trace I was ever there. With the newer Dual Layer DVDs I can have 500MB ( GB) of DVD and 8 GB+ to Programs and data, and all on either a NTFS or FAT32 file format so it can be used with Windows. I never assume a virus cannot implant it's self onto the disk. I too spend a great deal of time on the net, 3 to 8 hours a day.
What I don't get is when you want to save a file it still has to go to the hard drive. Does it not? I mean if I download a utility (.exe, .rar, .zip,.) such as a pluggin for my favorite browser, could it not have a payload of malware onboard? It could be a ligit program and has been modified and placed on a ligit download site, by the time it is discovered as being tainted it could have infected countless. That is a real hole in the idea. Is it not. I mean you have to install it to the hard drive to use it?
I am not trying to ride you I just am expressing concerns that I and others have.
"2007 & 2008 Windows Shell/User Award"

#10 Jim_Laos

Jim_Laos

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 17 January 2007 - 08:11 AM

What I don't get is when you want to save a file it still has to go to the hard drive. Does it not? I mean if I download a utility (.exe, .rar, .zip,.) such as a pluggin for my favorite browser, could it not have a payload of malware onboard?
I am not trying to ride you I just am expressing concerns that I and others have.


Your comments are very welcome, I wish i had all the answers.
I've been and searched out what I could on the publisher's site, there is very little technical info and to submit a query you have to be a customer (they lose points for that i.m.h.o.). From what I can gather all activity is confined to operating memory. To quote their literature:

When you turn on Returnil it creates a clone of your system in partition memory. ..... When the Returnil protection is ON, your Windows system is running on a virtual partition meaning that every single change in the system partition actually takes place in the memory. Therefore all data and modifications will be lost after your system is rebooted. When the Returnil Protection is OFF, you can install or remove any programs, create documents or download your favorite music as you normally do. All changes in the system partition are saved to your real hard drive. By restarting you PC, Returnil will make your system partition identical and fully functional according to the original configurations.


What I have a problem understanding is where it all fits. They quote that it requires 25MB of memory (the prog itself occupies less than 2MB) so presumably it's loading into RAM and the paging file. My system partition contains about 8GB of programs and data - it can't be cloning all this because my virtual memory maxes out at 2.5 GB (1GB RAM, 1.5GB paged memory). So maybe it used the total virtual memory as a buffer.
All I know is I can't make changes to the system partition when this is running and I've tried - using admin privileges - I've even gone so far as to delete a hive of the registry (on a spare PC, I'm not completely daft) which crashed the PC but it rebooted back to normal! I'm a cynic but I was impressed by this.

If you want to download anything, it must be stored on a separate partition so things like email will take a bit of setting up and I presume that anything loaded to the PC outside of the protected system partition will need to be thoroughly checked. But, that aside you can do anything without risk.

If all this is true, even though it isn't free ($19.95/year), why isn't everyone using it? There must be a reason beyond lack of awareness that the program exists. I'd now love to know what that reason is.

#11 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:02:18 PM

Posted 17 January 2007 - 08:36 AM

Again, I don't use the same software, but...

Nothing is bullet proof.

Yes you can trash folders, change settings, and be mean to your pc, and it will return to its original state. But, there are still ways to be hacked. I felt real good about the protection we used in our labs - in fact, it took 3 years before someone finally breached it. But, it was still hacked. Given a long enough time, someone will find the keys to your system if you give them a chance.

The added protection is free - no disrespect meant - why not use it?

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#12 I_am_CanadianEh?

I_am_CanadianEh?

  • Members
  • 489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 17 January 2007 - 09:03 AM

The best way for defending viruses and spyware is obvious.....you need at MINIMUM: a firewall and an antivirus. For additional protection, you should have at least 2 or maybe 3 spyware scanners in which one of them should have real-time protection.

There are also other removal tools you can download as standalones for just making sure.

One thing that is often overlooked is locking down your browsers. I can't tell you how effective this can be.

For IE6 or IE7, make sure you over-ride cookie handling and blocking all third party cookies. You can allow session cookies and 1st party cookies. Make sure you set everything to "disabled" in the Restricted sites zone. In the Internet Zone, always "prompt" for installing any ActiveX and always "disabled" Scripts or ActiveX not marked as safe. Finally, use a utility like IE-SPYAD to add bad sites to your restricted zone.

In Firefox, you don't have the Internet or Restricted sites zone but you can still block 3rd party cookies by checking "Allow cookies from originating site only". However this is only available in Firefox 1.5. For Firefox 2, you can block third party cookies by following the instructions on this site:

http://www.elharo.com/blog/privacy/2006/11...s-in-firefox-2/

Here's what I use:

ZoneAlarm Pro (firewall) - IMO, the best firewall out there
Avast! Home Edition (free Antivirus)
Spywareblaster
Spy-bot Search & Destroy
Ad-Aware SE
AVG Anti-spyware (on-demand scanner)
Spy Sweeper (w real-time protection)
IE-Spyad
McAfee Site Advisor (for IE7 & Firefox 2)

Other utitilies I have:

Blacklight
CWShredder
HijackThis (I save a log and see if there are any unusual enteries)

Using these simple tools, will greatly protect you from most threats. Make sure you update often and ALWAYS keep Windows up to date as well by visting Microsoft Updates.

In an entire year, I may have gotten 2 or 3 tracking cookies that snuck through the cracks but nothing else.

My 2 cents. :thumbsup:

#13 Jim_Laos

Jim_Laos

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 17 January 2007 - 10:03 AM

I'm grateful to the last two contributors but I'm sorry to say that your posts missed my point.

I'm not advocating using this 'virtual system', I'm simply trying to understand it. Neither am I rejecting any other method of keeping my system safe - looking at my taskbar as I write this, I can see the icons of spybot-sd, antvir guard and Sunbelt kerio firewall. All three always running, firewall boots before any connections are established. There are other scans done on a daily basis and even more on a weekly basis. Definitions are updated daily.

However, if there is a system which will give even more protection than I have now, I want it - I don't care how much it costs - I just want to sit at my PC and use it for what I bought it for.

Since Christmas, I've spent far too much time doing stuff just to keep the d**n thing working. This weekend is a case in point. Following advice in this forum, I spent the best part of a day and a night downloading and installing software, having two web-based scans, posting Hijack logs, worrying myself crazy.

Why? Because an A Squared scan indicated that winlogon.exe was infected with trojan win32.patched.i - which in the end turned out to be a false positive. All the time spent on this wild goose chase lost me a day's work which, on this particular day, was about $500. (By the way A squared haven't offered compensation but at least they've admitted that it was a false positive.)

How many other 'iatrogenic' infections such as this happen every day?

I joined this forum to enlist folks like you, with greater knowledge than me, to help me make sensible decisions. Because, even with everything automated, I'm still spending hours every month trying to stay safe. I do more sweeping than your average janitor. And that's my point!

Before I get flamed, I repeat, I'm not knocking anybody's product here but things are in such a state that the 'cure' is in danger of being worse than the disease. If virtual protection works, even a little bit, I want it. So, let me repeat the question in a different way: Does anyone know of a downside to this sort of product and if so, what?

#14 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:12:18 PM

Posted 17 January 2007 - 10:15 AM

Before I get flamed, I repeat, I'm not knocking anybody's product here but things are in such a state that the 'cure' is in danger of being worse than the disease. If virtual protection works, even a little bit, I want it. So, let me repeat the question in a different way: Does anyone know of a downside to this sort of product and if so, what?

Naa... our bark is worst than our bite. It's all good. I understand you just want to explore the possibilities. Who knows it may be one more layer of a solid security system. No flaming from me.
I do agree that if it added a little more protection it could be one more tool. With todays computers 25mb of memory would not be that big of a pentelty if it works. You are just testing it and asking our opinion, not stating whether or not it is a good or bad product? Getting input from everyone.
"2007 & 2008 Windows Shell/User Award"

#15 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:18 PM

Posted 17 January 2007 - 02:03 PM

Don't really have time to post all that I would like to at the moment and I haven't tested Returnil but this new approach to security has been written about and I will just post some links that may answer some of your questions and I think are to the point:

LINK 1
LINK 2

That's one man's opinion and test method, but should give you an idea on what the drawbacks and advantages of using sandbox/virtual environment programs as a security strategy are. I agreee with the others that it is too early to discard conventional protection methods like AV's, Firewalls, etc., but the conventions may change soon, just not overnight.

Even tho Returnil wasn't tested, I would suggest giving Green Border and Sandboxie a trial also as the former apparently passed the testing with flying colors. And because Rigel recommends it. :thumbsup:

The fate of all mankind, I see

Is in the hands of fools

--King Crimson





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users