topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Monday November 11, 2024, 8:25 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: VirtualProtect  (Read 20556 times)

Zero3K

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 300
    • View Profile
    • Donate to Member
VirtualProtect
« on: July 11, 2009, 01:30 AM »
VirtualProtect is a free program similar to Retunil, etc. Here are links that can help you find more info about it and download it:

Homepage - http://www.vpcache.com
Download - http://www.vpcache.com/dl/vp/vp2.2.1.rar
Manual - http://vprotect.meib...帮助.rar
Thread about it on Wilders Security Forums - http://www.wildersse...thread.php?p=1500706
« Last Edit: August 09, 2009, 09:13 PM by Zero3K »

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #1 on: July 11, 2009, 06:05 AM »
What do retunil, virtualprotect etc do?

Zero3K

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 300
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #2 on: July 11, 2009, 08:35 AM »
They are programs that can help restore your computer to its previous state in case of a virus, etc.

Zero3K

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 300
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #3 on: July 15, 2009, 03:09 AM »
I've gotten a developer that's Chinese and knows English to translate it. After he did that, I went and fixed it up a bit. You can get it at http://www.mediafire...load.php?gkmoyjmgnwy.

Zero3K

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 300
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #4 on: August 03, 2009, 09:11 PM »
The developer now has a WLM account. Its [email protected]. Also, an English version of it can be downloaded from http://www.vpcache.c...glish/englishdn.html.

sajman99

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 664
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #5 on: August 08, 2009, 02:47 PM »
I was surprised when AntiVir Personal identified the download file vp2.2r5.rar as TR/Dropper.Gen Trojan. BUT with only McAfee-GW-Edition in agreement (2/41=4.88%) according to VirusTotal, I suppose I'll interpret the detection as a case of heuristics gone awry (ie. false positive). Thoughts?

EDIT: OK, I now see (in the Wilders thread cited by Zero3K) this virus detection is an ongoing issue. Earlier versions of VirtualProtect were detected, virus definitions were modified, later versions of VirtualProtect are detected, virus definitions are modified...and on we go. Gosh, I love my AV. :P

Good Day, sajman99


« Last Edit: August 08, 2009, 03:28 PM by sajman99 »

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #6 on: August 08, 2009, 04:42 PM »
Where is the free? The sites in the above links timed out, so I couldn't read, but the Softpedia entry shows v. 2.2 Trial download with $100 for the genuine item.

edit: here's the Softpedia link:

http://www.softpedia...VirtualProtect.shtml

Zero3K

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 300
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #7 on: August 08, 2009, 05:55 PM »
The majority of the functionality IS free. The cache function is only useful for Netcafes.

sajman99

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 664
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #8 on: August 08, 2009, 07:01 PM »
Where is the free? The sites in the above links timed out, so I couldn't read...
I share your experience and confusion. I really haven't found much specific information on this software so far. To say it's like Returnil indicates it is system virtualization software, but the devil is in the details. VirtualProtect may be brilliant software, but Zero3K (or somebody else) needs to provide more details before I will install it. I shouldn't have to email the Chinese developer to get these details, even if he were to speak better English than me. ;)

@Zero3K: Specifically, what's free and what's not free? The cache works for a limited time only? Details please?

Zero3K

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 300
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #9 on: August 08, 2009, 07:13 PM »
I'll have the developer sign up here when he gets on his MSN account and then explain what the trial license means.

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #10 on: August 08, 2009, 07:19 PM »
I'll have the developer sign up here when he gets on his MSN account and then explain what the trial license means.

The other info I'd like is if it supports 64 bit OS?  For 32 bit XP Vista and W7 I use Sandboxie.  For 64 bit Windows currently I'm at a loss for some easy to use system protection.  I'm not a fan of Virtual Box type solutions.  If I want to surf the net with nothing going on my HD at all I'll just boot a Live Linux CD.  What I'd like is something that lets you easily save stuff you want, but keeps malware from hosing the partition table or registry etc... Sandboxie is close to ideal for me, if not for the MS 64 bit PatchGuard issue.  So the developer will not support 64 bit.  I haven't found anything else that really takes its place. I notice Returnil has no 64 bit support either.

sajman99

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 664
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #11 on: August 09, 2009, 02:12 PM »
@MilesAhead: I think the Returnil folks are already addressing the 64 bit support issue.
http://www.wildersse...wthread.php?t=242742
http://www.dslreport...-Virtual-System-2009 (see bottom of page regarding The Returnil Virtual System 2010 Build 3.0.5118 where it is stated "RVS now compatible with 64-bit Windows Vista and Windows 7")

@Zero3K: Thanks, I look forward to having more specific information about VirtualProtect.
« Last Edit: August 09, 2009, 02:19 PM by sajman99 »

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #12 on: August 09, 2009, 02:52 PM »
I doubt Returnil will get very far.  There was a product called Disk Write Copy that has a personal edition for @$30 with supposed 64 bit Vista support.  Funny thing is, if you go to the web site, look at their forum, all activity and updates seemed to grind to a halt just about the time Vista SP1 with PatchGuard came out. No way I would pump my $30 into that dark pit!!

To me "we will do something in the future" is what used to be called Vaporware.

sajman99

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 664
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #13 on: August 09, 2009, 04:58 PM »
MilesAhead, I hear you loud and clear. Anybody who has ever gotten burned by a software developer's claim that a feature exists (or will soon exist) tends to be more skeptical regarding so-called plans and/or roadmaps.

However, the developer of Returnil has a solid presence at Wilders where he maintains an "official" forum. After reading through the threads a bit, I noticed he seems professional and responsive to user's questions, and he has stated 64 bit support is planned. http://www.wildersse...wthread.php?t=243202

Bottom line: only time will tell if Returnil's 64 bit support is realized.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: VirtualProtect
« Reply #14 on: August 09, 2009, 05:11 PM »
I wouldn't pay for the promise of 64bit support in something that sounds like it's hard/impossible to implement because of PatchGuard. There have been ways around patchguard, but since it's not exactly something MS supports (in other words, requires exploit kinda code) I wouldn't want to depend on a piece of software that has to use such tricks.

At the same time, I feel it's a shame that MS hasn't provided official & clean hooks for some of the stuff that PatchGuard makes impossible. 64bit drivers already have to be signed, so it's not like anybody could just write a driver and subvert the system protection.
- carpe noctem

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #15 on: August 09, 2009, 06:01 PM »
I'm not trying to say anyone is a good guy or a bad guy.  My frustration is with MS.  The approach they have taken is like if you put a burglar alarm on your house and say that no other security system may be used or it voids the contract.  Then come to find out, if the burglar doesn't feel like guessing the password number sequence but instead smashes the plastic cover and shorts the 2 wires to get a "valid" signal sent, well then you are stuck with crappy security.  With only one protection allowed, then there's only one for the malware to circumvent.

Kind of like if everyone was forced to browse the web with only IE or FF or Opera.  Once you learn to metastasize on that one browser, the game is over.  Better to have several moving targets.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: VirtualProtect
« Reply #16 on: August 09, 2009, 06:07 PM »
To be honest, with driver signing + UAC it's a lot more work than "shorting two wires" :) - getting a *serious* malware infection (ie, rootkit and not just something you can easily kill and remove) really shouldn't happen on vista/win7 unless you're stupid and run with UAC turned off.
- carpe noctem

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #17 on: August 09, 2009, 06:16 PM »
To be honest, with driver signing + UAC it's a lot more work than "shorting two wires" :) - getting a *serious* malware infection (ie, rootkit and not just something you can easily kill and remove) really shouldn't happen on vista/win7 unless you're stupid and run with UAC turned off.

As opposed to being stupid and running with UAC turned on?  I don't see the correlation.  If you only have one securty guard, once he's dead, then there ain't any.  With 32 bit it's a lot more guesswork to figure out which protection software I'm running than 64 bit where I can't run any.

Eóin

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,401
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #18 on: November 09, 2009, 04:11 AM »
With 32 bit it's a lot more guesswork to figure out which protection software I'm running

That's just security through obscurity though, hardly something one can rely one.

sajman99

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 664
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #19 on: November 09, 2009, 01:33 PM »
Not sure what happened to the details on VirtualProtect, but good to see Returnil has progressed with their 64 bit support.

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #20 on: November 09, 2009, 02:18 PM »
Not sure what happened to the details on VirtualProtect, but good to see Returnil has progressed with their 64 bit support.

I wonder how many layers of the onion they are going to use?  Seems like wearing a prophylactic under your rain coat.  Now they are running av programs inside the protected sphere.  Where will it end?

The thing that makes me uneasy about trying it is hooking into the rebooting process. I don't know how well that's going to work if you get hit with a real nasty.  First thing they target is the boot system.  For now I'm going to rely on image backups.

On the encouraging side I see on their forum that they have come out with some fix builds.  It looks like they make a conscientious effort to get the stuff to work.  I think I'll wait for more 64 bit experiences from others though. Yet another layer of virtualization just slows things down.  Already running most programs through WOW as it is.  So far I have one 64 bit compiler but the libraries for it don't seem very comprhensive.  Everything is still 32 bit running under WOW. Most of my "64 bit programs" are just GUIs that control a bunch of 32 bit command line programs.

« Last Edit: November 09, 2009, 02:20 PM by MilesAhead »

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: VirtualProtect
« Reply #21 on: November 09, 2009, 02:22 PM »
The thing that makes me uneasy about trying it is hooking into the rebooting process. I don't know how well that's going to work if you get hit with a real nasty.  First thing they target is the boot system.
How many pieces of malware have targeted the boot system since the 16bit DOS days? Adding itself to (some form of) autorun doesn't count, bootsector or NTLDR patching does :)
- carpe noctem

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #22 on: November 09, 2009, 03:41 PM »
The thing that makes me uneasy about trying it is hooking into the rebooting process. I don't know how well that's going to work if you get hit with a real nasty.  First thing they target is the boot system.
How many pieces of malware have targeted the boot system since the 16bit DOS days? Adding itself to (some form of) autorun doesn't count, bootsector or NTLDR patching does :)

Well, the one that got me deleted my C: partition.  It wasn't going to boot then.  The trick is to leave the machine in a state worth using.  Like most engineering problems, it's a two-edged sword.

sajman99

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 664
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #23 on: November 29, 2009, 01:31 PM »
Since VirtualProtect has apparently died on the vine, can somebody tell me if you're a satisfied user of the new Returnil Virtual System 2010?

Only recently have I realized what MilesAhead has indicated--Returnil has morphed into a much more substantial software. I'm still using a very old version which works well, but I'm curious about the latest version. Just seeking some feedback before taking the plunge.

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: VirtualProtect
« Reply #24 on: November 30, 2009, 06:56 PM »
You might take a look here to see if you can get an impression:
http://www.wildersse...rumdisplay.php?f=100

It's hard to say because naturally that's where problems collect.  I did note that they came out with a couple of fix builds, then it seems activity died down.  That may indicate it has stabilized.

I haven't tried it myself since I don't really want to install something that gets in the middle of my bootup sequence, esp. since I have an AMD Raid controller that I don't see mentioned much.  I don't want to experiment on my primary machine.  The other is running 32 bit so experimenting on it won't mean much.