Returnil is a virtualized sandboxing application designed to prevent permanent changes to your system and thus lessen the longevity of malware. Under the right conditions, Returnil can offer an important additional layer of security and (again, in the right environment) can be an ideal solution for keeping systems pristine.
Some environments that could probably benefit greatly from Returnil include for public use systems in libraries, hotel business center computers, and classroom computers in schools. But in other environments, Returnil may prove to be more of a headache than it’s worth. Following are some of the pros and cons to consider when evaluating whether Returnil is the right solution for you.
Versions and Pricing
Returnil is offered in three flavors: System Safe Free, Virtual System Pro, and System Safe Pro (formerly known as Returnil Virtual System 2010 Home Lux). As its name suggests, Returnil System Safe Free is free for home / non-commercial use. Virtual System Pro retails for about $30 and System Safe Pro retails for about $40. Licenses are for one year only. Like antivirus software, you’ll need to purchase a new license to continue using the product. System Safe Pro will default to the feature set of System Safe Free when its license expires.
Both System Safe Free and System Safe Pro include antivirus software (Returnil uses the F-Prot engine). Each of the three provides a virtual mode that prevents permanent changes to the system files / partition and the master boot record (MBR). System Safe Pro is the only one of the three that provides a rollback feature that lets you select a restore point. Both Virtual System Pro and System Safe Pro offer a File Manager which lets you save files to a permanent (non-virtualized location); System Safe Free does not.
A core part of the Returnil functionality is to prevent unauthorized writes /changes to the system files, system partition, and the master boot record (MBR). When the system is rebooted, Returnil will flush any changes made during the session, thus restoring the virtual environment to the same exact condition it was in prior to use.
- On the plus side: A simple reboot is all it takes to return the system to its former state.
- On the downside: Returnil will be less effective on systems that aren't rebooted frequently, i.e. at least daily). Additionally, Returnil doesn't just prevent malware from making permanent changes - it also prevents users and legitimate programs from making permanent changes.
If you're an experienced computer user and very familiar with the Windows file system, you can configure Returnil and your applications to save files to specific allowed locations. However, these choices must be made on a case-by-case basis (which is why it's best suited for experienced computer users).
Of course, to save those files to specific allowed locations you’ll need access to the File Manager. This means users of System Safe Free won’t be able to preserve any changes – making the free version an impractical choice for full-time use.
Because Returnil prevents all writes and changes to the system partition,, Returnil will also prevent necessary updates (aka patches) from taking place. You can suspend the virtualization and get updates manually but that means you'll need to be very conscientious about getting and applying the needed patches.
- On the plus side: If you use the Pro versions, you’ll have access to the File Manager and in theory could configure the update paths to point to a non-protected partition.
- On the downside: Some programs, including Windows, reside on the protected partition and thus can’t be updated while the virtualized session is running, putting the user back at square one – i.e. manual patching.
Remember, too, it's not just Windows updates that you will need to worry about. You'll need to ensure you're also manually updating all your third-party programs such as Adobe Reader, Adobe Flash, QuickTime, Java, etc.
In other words, in addition to requiring a certain level of experience to manage your own files while using Returnil, you'll also need to have a fairly solid understanding of patch management and the necessary motivation to ensure it gets done at least monthly.
Additionally, because the virtualized system is so much harder to patch, it will be more vulnerable to malware exploiting newer vulnerabilities. However, that higher risk gets offset by the more protective features of Returnil so it’s almost a wash.
Unlike a traditional virtual machine, Returnil clones the existing operating system. The upside is that this can save you some dollars compared to a traditional virtual machine since you won’t need to license a second copy of the operating system. The downside to that approach is that if the operating system is already infected, that infection will be carried over to the Returnil sandbox.
Ditto for Returnil's MBR protection - it doesn't guarantee the MBR is clean from boot infectors, it just helps ensure no further changes / infections occur while the Returnil sandbox is running. In other words, you have to make sure the operating system is clean and free of any malware before installing Returnil.
In addition, some malware is able to detect and break out of virtualized session. Other malware can infect via the memory, without dropping files or making the types of changes Returnil would ordinarily protect against. As such, it’s possible that the Returnil virtualized environment could be infected. (This problem applies to all virtual machines and all virtualized environments from all vendors and is not specific to Returnil).
- On the plus side: Returnil can greatly reduce the longevity of malware by flushing it out when the system is rebooted.
- On the downside: Returnil is not a silver bullet; the system can still get infected and data can still be stolen.
System Safe Free doesn't have the features needed for full-time protection but it could be a great option for private and safer Web browsing. You’ll get the added benefit of having cookies flushed out of the system and your Web browsing history erased as well. On the downside, any files you downloaded and any bookmarks you created will be lost when you close the virtualized session or reboot your PC. You’ll also lose any email received in your inbox during the active session, but if you only use webmail this shouldn’t be a problem.
Virtual System Pro is a great option to consider for someone who does a lot of software testing. At ~ $30 retail, Returnil Virtual System Pro is less expensive than standard virtualization apps and it doesn’t require a separate license for the operating system.
System Safe Pro is the only one of the three truly viable for full-time use, since it includes both the File Manager and the System Restore / Rollback features. However, using Returnil System Safe Pro full-time means you’ll have to be vigilant and manually stay on top of patches. You’ll also need a pretty fair amount of knowledge regarding the Windows operating system and be able to navigate Windows files and folders effectively, at a minimum.
Under the right circumstance, Returnil can lessen the impact of malware and offer an important additional layer of protection. And (assuming a reboot is done at least daily), Returnil can greatly reduce the amount of time malware would otherwise have on a system which could – in the case of data theft trojans - help reduce the amount of data stolen.
Returnil System Safe Free lacks a file manager and rollback feature and thus is really only suitable as a virtual Web browsing environment. Returnil Virtual System Pro is an inexpensive option for software testers. Returnil System Safe Pro offers the most complete feature set and is particularly ideal for public use computers such as those in libraries, schools, and hotel business centers.