Returnil freeware

Hello LIZ1954,

...Download from softpedia.com rss-2011. I do not want to turn on it's real time protection as I use MSE,

RSS is designed to be compatible with most 1st and 2nd tier Antiviruses and works well in combination with Microsoft's Security Essentials. This means that you can use both RSS and MSE together at the same time without issues. I actually have a DELL 3000 series desktop here in my office that I use this very combination on and it has been working well with this setup since beginning the testing with RVS 2010 with MSE.

...I would be able to run all over the internet and not worry about infections? What is ya'lls opinion? Appreciate any assistance rendered. Liz.

There is no such thing as a silver bullet Liz, but we are working to make the RSS series as close as humanly possible to this ultimate goal. All approaches have gaps in their coverage for one reason or another:

1. Antivirus (scanning technology): All AVs, AMs, ***, etc have a core competency: Detection of malicious and/or potentially unwanted content. This serves as both warning that something is wrong and some form of remediation capability for what was detected. The problem here is many-fold. False positives, false negatives, poorly coded signatures, partial/improper removals, deactivation by specially coded malware, etc. They also suffer from update lag as samples of the malware and/or behaviors need to be obtained for proper research analysis, updating, testing, and then eventual distribution which can leave your system open to infection for varying periods of time. This becomes an even larger problem when the bad guys routinely test their "creations" against the top and secondary players in the AV market.

2. HIPS/Anti-executables: In the hands of an expert, HIPS can be a very powerful tool. Some are even able to deploy them as their sole security solutions (though restrictive Windows policy is often used in combination). The problem here is that if you are a new computer user or even a somewhat seasoned one, the questions asked by the programs tend to be cryptic to say the least and it is very easy to answer them incorrectly or to create a rule that makes you more vulnerable than if you had not created it in the first place. In other words, answer the wrong way and the game is up.

3. Boot-to-restore virtualization: While this works to ensure that you can simply restart the computer to drop any/all changes, there are still a couple of issues with this technology; regardless of whether your are using a disk filtering or file system filtering technique (RSS/RVS are in the disk category):

• ISR/Boot-to-restore can only do three things natively: Drop all changes, save some changes, or save all changes. The technology however is not able to make decisions about what should or should not be blocked or removed.
• Until the computer is restarted, programs (including malware) can do what they were designed to do and as a result, still do malicious or unwanted things until you restart the computer.

4. System Restore: While it is a valid method to take your computer back in time to a point before the infection, incompatible program installation, or badly configured Windows settings; malware developers also realized this a long time ago and thus many types of malware work to infect your restore points to ensure their programs survive and you remain infected.

In the past, (ref Symantec's approach in the early 00's) the approach was to bundle a number of different programs (full programs) into a "suite" that could be used as a primitive attempt at layered security. The problem here is with overlapping feature sets and the negative impact on system performance while still having at least some holes on their protection. Whether due to not having a feature to address the hole or because overlapping features caused a "mini-conflict" that resulted in the same issue is irrelevant.

In RSS we strove to strip the component parts of everything except their core functionality and then use that to cover a portion of the overall security that the other components were not competent to cover:

1. The Virus Guard is your canary in a coal mine. Its core function is to warn you that something is wrong and you may need to restart the system to allow the Virtual Mode protection to ensure the changes are dropped and the system can back to productive use quickly.
2. The Virtual Mode protection is there to ensure that malicious and potentially unwanted changes are lost at restart of the computer even if it goes undetected or blocked.
3. Anti-Execute (Virtual Mode > Settings > Additional Protection Options): Has only three settings, no rules to configure, and no questions to answer:
   1. Allow programs to do as they will
   2. Allow only known services from the real system
   3. Allow only known programs from the real system
4. System Restore (paid versions only): Restore your entire system or specific files from the previous system state following ANY restore while RSS is installed. As mentioned above however, SR can be compromised and this is why our version in RSS is closely tied to Virus Guard so you can scan then prior to applying them rather than apply and hope the SR is clean.

As you can see, all the components back each other up and work towards a concept we call Time to removal rather than the problematic scan, detect, remove, and/or restore method that can take time to complete. In our model, even if the malware goes undetected (completely unknown) or unblocked (maybe you had the AE in "allow programs to do as they will mode") you can still be reasonably assured that your computer will be clean and ready to go to work (or play) the next time you start it up.

For our RVS Pro and Lite 2011 series, the design goal is to be a part of an intelligent layered approach by providing a strong Virtual Mode protection and Anti-execute foundation for your current strategy without the need to uninstall or loose your current licensing for other security solutions you may be using (exception is another boot-to-restore solution in the mix. To note here however, RSS, RVS Pro, and RVS Lite are fully compatible with Tzuk's SandboxIE solutions).

With Kind regards

Mike

Returnil Support