Returnil's half baked solution

View previous topic View next topic Go down

Returnil's half baked solution

Post by Rico on 3/7/2010, 05:41

I've read on wilders about Returnil's supposed upcoming feature thats supposed to serve as a continuation of a shadow session across reboots; http://www.wilderssecurity.com/showthread.php?p=1706111#post1706111

so my question is: Is that a real final anwser to the feature most wanted by the people?? I mean is that the way ShadowUser Pro used to function when continuing extending a shadow session after boot? -- Somehow I think all returnil did was jump the gun and provide a half-baked solution...

Your thoughts..

The RMSE will be able to do the following:

1. Restore malware damaged, corrupted, or missing system files from any appropriate source (Windows installation disks, factory restore images, and Returnil snapshots)

2. Snapshots can be created automatically (every hour) or manually

3. Allow recovery of missing files from an existing snapshot. You restore to snapshot "A", but it does not contain the WORD document you had in snapshot "b" for example.

4. Allow snapshots to be stored/backed up for compliance or troubleshooting purposes

Rico
Advanced Member
Advanced Member

Posts : 118
Join date : 2010-06-18

View user profile

Back to top Go down

Re: Returnil's half baked solution

Post by noorismail on 3/7/2010, 07:12

Half baked? pretty much! Stick a fork in it it is done!!

They just keep trying to add more and more things,and further complicate
a class of protection,one of who's most appealing features was simplicity of operation.

Thanks to the AV ,you now have to deal with updates.

The snap shot feature seems likely to bring in the RollBack/CTM type issues,at least for the early life of the product.

They will get it right,in just as most of the lockup problem,100% CPU use,and other bugs that plagued the early release of 2010,were finally fixed.
In the meantime,how many MBR's will be corrupted?

We are already deep into the kernel,lets muck about in the MBR!!

I am a light virtualization guy. I love it.
But I want a simple,secure,supported product,with a evolutionary rather than revolutionary development.

Put Returnil 2008 on sale,same price as 2010,and watch the at least quasi-tech guys chose!

You can keep on the bleeding edge,without doubling program weight and impact.

Tzuk does with Sandboxie,and while I am no great fan of DefenceWall,the 3.00 version seems a reasonable growth of the 2.56 version.

They like big things.
The AE module on Returnil 2008 would have been exactly what you were looking for in another thread,but they were afraid people were going to compare it to a full blown HIP's and complain that it was not D+ or
MalwareDefender.

I knew what it was,another layer of protection that was light,and became virtually silent after a short period.

At one time it took "layering" too many of security programs to grind your machine to a crawl.


noor


_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Returnil's half baked solution

Post by ssj100 on 3/7/2010, 07:12

I'm not sure, but it sounds like Returnil is becoming more and more like EAZ-FIX, Rollback Rx, or Comodo Time Machine?

And yes noor, I agree with you. Returnil is starting to become a huge security suite - it's probably one of the reasons why I moved away from CIS (version 4 introduced the sandbox and apparently they are working on integrating a behaviour blocker in future releases too!). I think having a security suite is fine, but there should at least be an option not to install certain components. I hear Returnil may be releasing some sort of "light" version in future, so perhaps they are listening to their customers?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Returnil's half baked solution

Post by noorismail on 3/7/2010, 07:18

They are talking about snapshots,that sounds like the Rollback class.

Do you agree that this will add a hideous degree of conflict risk?

I thank if the can get it all to play well with itself,using anything else with it,
like Sandboxie,will be asking for trouble.


ooops! Typed over you there.
Like I said they are alreadying offering a version called "labs",that you can PM Coldmoon about,and try out with
your existing license.

It is sans the AX=good,and also the AE=I would like to have it.

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Returnil's half baked solution

Post by ssj100 on 3/7/2010, 07:22

noorismail wrote:They are talking about snapshots,that sounds like the Rollback class.

Do you agree that this will add a hideous degree of conflict risk?

I thank if the can get it all to play well with itself,using anything else with it,
like Sandboxie,will be asking for trouble.

Yes, I suspect there will be some very unstable computers out there, and worst of all, some very unhappy people haha. I'm not a fan of Rollback software, period. Not only do I feel that it is intrinsically unstable, but recent testings have shown that many worms and rootkits can bypass it. I'd really like to know what demoneye feels about this (he swears by EAZ-FIX), but unfortunately, he seems to have completely disappeared (much like Tony!).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Returnil's half baked solution

Post by noorismail on 3/7/2010, 07:30

I don't know how old Demon-Eye is,but he is another guy like Tony,who may have regular National Service commitments.

If so,its "Hey!! Hey!! Your in The Army Now!!"

no time to compute!!

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Returnil's half baked solution

Post by Rico on 3/7/2010, 09:52

whats the difference between imaging software and rollback? do both use images or does rollabck only rely on a special buffer rather than snapshop imaging techniques.

I.e. lets say you get infected by tdl rootkit, does restoring an image woth drive snapshot wipe infection? If so then why not a product like rollback rx, returnil nd the like? what makes them fail compared to a pure imaging solution (if its indeed successful at disinfection)

Rico
Advanced Member
Advanced Member

Posts : 118
Join date : 2010-06-18

View user profile

Back to top Go down

Re: Returnil's half baked solution

Post by ssj100 on 3/7/2010, 09:57

Rico wrote:whats the difference between imaging software and rollback? do both use images or does rollabck only rely on a special buffer rather than snapshop imaging techniques.

I.e. lets say you get infected by tdl rootkit, does restoring an image woth drive snapshot wipe infection? If so then why not a product like rollback rx, returnil nd the like? what makes them fail compared to a pure imaging solution (if its indeed successful at disinfection)

Those are good questions. I'm afraid I don't have the knowledge to answer you in detail, but hopefully someone else will.

All I know is that the key difference with Imaging (eg. restoring an image with Drive SnapShot) is that the entire partition/drive is formatted prior to restoring the image. Clearly, software like Rollback Rx, Returnil, Shadow Defender etc don't do this. Thus, restoring an image is always going to be more secure, but it certainly takes longer (about 20 mins for me).

Also, restoring an image is byte for byte (it's identical to when you created the image). Returnil, Shadow Defender (not sure about Rollback Rx etc) do not restore your system byte for byte.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Returnil's half baked solution

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum