Coldmoon's thoughts on Returnil

View previous topic View next topic Go down

Coldmoon's thoughts on Returnil

Post by ssj100 on 8/7/2010, 01:30

Received via PM and I've been given the green light to reproduce/post it:

Coldmoon wrote:Hi ssj100,
I want you to understand that I am not astroturfing and my response to whether we reverse engineer competitor's products is true. We don't as this is unethical and not really needed. The reason it isn't required is that those who test these products are experienced engineers that are completely familiar with the underlying virtualization technology which has been a mainstay in Chinese network security for many years (Deep Freeze having been the top product).

This changed when the dog and other types of hacker inspired virtualization bypassing tools were first created but we expected this to happen, eventually. Though we started with a simple virtualization application in 2005 which was improved and upgraded through to the current day, the 2008 series was planned to be the last of the strict virtualization versions as we were confident in its stability and effectiveness as far as the virtualization was concerned (It is upgraded where appropriate. Ref: multi-state restore, multi-disk virtualization, and file/folder exclusions option).

We have always planned to move to where we are now with the AM and AE components as well as the soon to be added multi-snapshoting engine that will provide the ability to restore to a specific time. Once this stage is completed, we will be introducing our new AI engine that will support the next step of distributed immunity between RVS clients and close the gap where malware propagation is concerned. Detect suspicious activity or content and then update everyone using RVS with the same information ASAP. This would then provide a proactive means to minimize and then neuter that malware; brining an end to the profitability and effectiveness of industrialized malware.

I started my career as an angry man in the late 1990's after I discovered that one of my computers had been infected with Spyware without me knowing about it and my mission from that day has been to find a way to end spyware/malware period. To do this, we need everyone's help to continue the fight and not let the enemy sleep or relax...

Mike

This was a continuation of the discussion in this thread:
http://ssj100.fullsubject.com/shadow-defender-f3/shadow-defender-bypassed-by-tdl-rootkits-t147-30.htm#1075

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Coldmoon's thoughts on Returnil

Post by ssj100 on 10/7/2010, 02:10

By the way, I can't help but feel a similarity of Returnil's concepts to Comodo Internet Security (CIS) and Comodo Time Machine (CTM) - which are both completely free for life by the way. I guess instead of Defense+, Returnil have employed a much simpler (and arguably more effective for "noob" users) anti-execution mechanism. Also, CIS does not really have a light system virtualisation mechanism, although CTM probably trumps this. "doskey" (member of this forum, but he only seems to chat to me on MSN as opposed to post here haha) is CTM's lead developer and he has been in discussion with egeman (who is I think one of CIS's lead developers) quite a lot lately.

It's my guess that CIS and CTM are being co-ordinated closely together to complement each other to near perfection, much like what Returnil is trying to do (eg. by implementing snapshot features in future releases).

On reading the Comodo forums, it appears that Melih (CEO of Comodo) and other staff from Comodo are committed to creating a product that is highly co-ordinated and not just a loosely thrown together "suite" (as Coldmoon has emphasised a lot). Comodo are going as far as to implement behaviour-blocking technology in their next major release, as well as in-the-cloud AV technology.

However, as I have already voiced in the past, having so many "layers" of security by one company/program makes me concerned about the possibility of "mediocrity" in at least one of those "layers". For example, Comodo's Defense+ and Firewall are both very powerful, but their AV and Sandboxing technology (and even CTM) have been shown to have numerous holes and/or instabilities.

Will Returnil have the same issues?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Coldmoon's thoughts on Returnil

Post by Coldmoon on 31/7/2010, 05:06

Interesting, and encouraging to see that like others in the industry, they are beginning to see that it is time to move beyond the reactive suite approach. The current state of RVS/RSS is evolutionary in that we are working towards a goal that requires certain steps before it can be realized and will go far beyond what it is now.

Mike


Coldmoon
Security Professional
Security Professional

Posts : 15
Join date : 2010-07-05

View user profile

Back to top Go down

Re: Coldmoon's thoughts on Returnil

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum