Author Topic: Attention! Returnil!  (Read 2940 times)

0 Members and 1 Guest are viewing this topic.

gdiloren

  • Guest
Attention! Returnil!
« on: October 07, 2008, 04:21:15 AM »
Hi friends,
I'm using Returning since 2-3 months and just did this test. With returnil ON I downloaded & installed the Comodo Registry Cleaner v1.0 final edition http://registry-cleaner.comodo.com/download.html (use at your own risk!) and rebooted with Returnil ON. Normally, the setup and the program shouldn't install. I found the setup was gone but the installation folder was still there with all the registry entries. This is to show that if it was malware it would still be menacing my privacy and my pc. The only way out is to restart with RETURNIL OFF:this erases the virtual disk Z:/ and all the datas it has.
But you have to know it ;D

Sesame

  • Guest
Re: Attention! Returnil!
« Reply #1 on: October 07, 2008, 06:11:37 PM »
I think Returnil is focused on security.  It uses both physical memory and the virtual drive.  Even if some files are "leaked" to the virtual drive, you can simply flush them with the whole virtual drive.  So, it's by design.

Personally, I manually turn on session lock after booting and updating applications so that there should not be any remain on the system partition from the last session.

gdiloren

  • Guest
Re: Attention! Returnil!
« Reply #2 on: October 07, 2008, 09:36:02 PM »
Well I may be confused on it. May be returnil works only on the SYSTEM (WINDOWS) not the rest. So while Returnil is On and you install something, may be the installation after you reboot with returnil still ON will be there (I thought rebooting was deleting everything), but by rebooting with RETURNIL OFF evrything is for sure erased in the VIRTUAL Z:/ drive. I was wondering about possible leaks. :o

Sesame

  • Guest
Re: Attention! Returnil!
« Reply #3 on: October 08, 2008, 04:26:39 AM »
Well I may be confused on it. May be returnil works only on the SYSTEM (WINDOWS) not the rest. So while Returnil is On and you install something, may be the installation after you reboot with returnil still ON will be there (I thought rebooting was deleting everything), but by rebooting with RETURNIL OFF evrything is for sure erased in the VIRTUAL Z:/ drive. I was wondering about possible leaks. :o
There should be no "may".  Returnil is designed to protect only the system partition[/u], which allows user to keep their works on any other partition.  However, if you installed the app on system partition, which is my initial understanding of your original post, then, I suspect possible leak, too.  However, even in that case, you can undo the changes simply by unloading the virtual partition, which is the strength of Returnil, IMO.  So, as you said, there shouldn't be a problem as long as you know it.  The possibility of leak is rather a common weak point of sandbox applications  but I think Returnil is designed to be more resilient.

Sesame

  • Guest
Re: Attention! Returnil!
« Reply #4 on: November 16, 2008, 06:37:26 AM »
My PC has been working perfectly but I got BSoD due to broken registry in the middle of this week.  This is still speculation but I think tha cause is most likely that I accidentally copied a file to Returnil partition, thinking it was USB partition.  Probably I should have hided the partition from Windows Explorer using a utility such as Twek UI.

In any case, now I admit the virtualization is not a child-play and should be dealt with care even if applications for it are getting easier to use.  :(

Irony here is, thanks to Returnil, I had moved all the deta to a different partition and it was very smooth to reinstall Windows XP on my PC, which is now working as if nothing had happened.  ;D