New release of Shadow Defender 1.1.0.237

Version 1.1.0.237 - February 23, 2008
New: support removable media
New: some GUI changes
Fix: some minor bugs

-{ Quote: "New release of Shadow Defender 1.1.0.237

Version 1.1.0.237 - February 23, 2008
New: support removable media
New: some GUI changes
Fix: some minor bugs" }-

Good news!

is there a list about the minor bugs?

-{ Quote: "Good news!

is there a list about the minor bugs?" }-

Hi QQ2595, I can't find any other info regarding bug fixes etc but it is nice to see it progressing. Has anyone tried it yet?

-{ Quote: "Good news!

is there a list about the minor bugs?" }-

can u test it if the bug u found in commit now was fixed?

cheers:)

-{ Quote: "New release of Shadow Defender 1.1.0.237

Version 1.1.0.237 - February 23, 2008
New: support removable media
New: some GUI changes
Fix: some minor bugs" }-

Awesome. Now I can protect my usb memorys too :D

-{ Quote: "can u test it if the bug u found in commit now was fixed?

cheers:)" }-

Yes, I will have a test soon8) .

Thank you.

Yes I'm liking the update. The new system status is good touch and the support for removable media is also welcomed...progressing nicely.

-{ Quote: "Good news!

is there a list about the minor bugs?" }-
Hi, what about Robodog problem now?

BTW I sent a PM to u.

-{ Quote: "Hi, what about Robodog problem now?

BTW I sent a PM to u." }-

Hi, just tested, The new SD release is not immune to Robodog, SectorEditor, CleanMBR. When enter the shadow mode, the original volume are hidden in these names "\Device\DpShadowX". I had a try, thrid party tool can still access the original volume with these symbol directly in shadow mode.:(

Thanks.

What about my samples?

-{ Quote: "Hi, just tested, The new SD release is not immune to Robodog, SectorEditor, CleanMBR. When enter the shadow mode, the original volume are hidden in these names "\Device\DpShadowX". I had a try, thrid party tool can still access the original volume with these symbol directly in shadow mode.:(" }-

does the new Deep Freeze Standard 6.30.020.1875 also immune to such attacks? just wounder :)

cheers :dry:

-{ Quote: "does the new Deep Freeze Standard 6.30.020.1875 also immune to such attacks?" }-
I'd say not. However, if you run LUA+SRP, HIPS, Anti-Executable or a sandbox (GeSWall, Sandboxie, Defensewall, etc) you should be protected (except from obvious mistakes)

-{ Quote: "I'd say not. However, if you run LUA+SRP, HIPS, Anti-Executable or a sandbox (GeSWall, Sandboxie, Defensewall, etc) you should be protected (except from obvious mistakes)" }-

lol i know mate... just wounder if DF the monster stand aginst it :argh:

-{ Quote: "does the new Deep Freeze Standard 6.30.020.1875 also immune to such attacks? just wounder :)" }-Sounds like something you should test...., and report back on.

Blue

-{ Quote: "Sounds like something you should test...., and report back on.

Blue" }-

dont realy have the "bad tools" like QQ2595 has..thats why i ask him to give it a shot :)

-{ Quote: "dont realy have the "bad tools" like QQ2595 has..thats why i ask him to give it a shot :)" }-In a way, this begs the question of the degree of worry you should have concerning these types of approaches. Naturally, one should be aware of the possibilities and how they might play out. However, as lucas1985 points out above, there are fairly straightforward methods of handling most of these creations in their current guise.

Cheers,

Blue

true blue, and I will dab a tad deeper to say I seem to see a consistent effort by 2 members to shadow,"no pun intended." Tony and his product.

If the latest release does fail in these areas, he is aware.

Let me also add, it was Paul who said how hard it is for the lone vendor to create, grow and support any new security product in this day. As he said, any intial excitement needs to be curtailed until a consistent line of growth is accomplished.

Tony, isnt Ilya, but he is continuing to grow along the lines that Paul spoke of. So he is still creating and correcting, and I commend him for it.

-{ Quote: "Let me also add, it was Paul who said how hard it is for the lone vendor to create, grow and support any new security product in this day. As he said, any intial excitement needs to be curtailed until a consistent line of growth is accomplished.

Tony, isnt Ilya, but he is continuing to grow along the lines that Paul spoke of. So he is still creating and correcting, and I commend him for it." }-

I think this is security forums for expert. You would like me only say "The GUI is cool", "It is smooth in my XP", "I like it", "I used it in 30 mins, no problem so far"?

By the way, The ISR products are installed in more than 50 millions computers in Asia since 1997. SD is a new security product ?:(

Why or what, is your obsession with SD, that is all I want to know. Why are your tests not run and reported on for other products, say like SafeSpace. Yhank you.:dry:

-{ Quote: "Why or what, is your obsession with SD, that is all I want to know. Why are your tests not run and reported on for other products, say like SafeSpace. Yhank you.:dry:" }-

my report about DF:
http://www.wilderssecurity.com/showpost.php?p=1167793&postcount=17
http://www.wilderssecurity.com/showpost.php?p=1167833&postcount=30

my warning about EZFIX:
http://www.wilderssecurity.com/showpost.php?p=1186730&postcount=50
http://www.wilderssecurity.com/showpost.php?p=1186955&postcount=16

my report about RVS:
http://www.wilderssecurity.com/showpost.php?p=1172117&postcount=104

my report about AE
http://www.wilderssecurity.com/showpost.php?p=1161421&postcount=9

my report about AE + SD
http://www.wilderssecurity.com/showpost.php?p=1158024&postcount=1

why not report the bugs if I can find them?

Ok, thank you. Can you run it against something like the AV for F-Secure.

lo QQ2595 u rocks man :dry: 10x for the great testin u did...

i just wounder about this test of DF version

http://www.wilderssecurity.com/showpost.php?p=1167793&postcount=17

was it Deep Freeze Standard 6.30.020.1875 ??

cool :wacko:

-{ Quote: "why not report the bugs if I can find them?" }-Reporting bugs and/or behavioral characteristics is a useful objective, but it's also useful to provide some sense of the scope of the issue and approaches that a user could employ (if any) to address the shortfall.

In the current case, as an example, what could a user do to handle low level disk access by a third party application to circumvent SD? As noted above, use of LUA or some type of HIPS could address the immediate issue. For various reasons, layering on a HIPS may be a nonstarter for some, so one might appeal to LUA.

I have noticed that SD will not launch using the "Start as administrator" facility under SuRun, while using the native OS "Run as" facility appears to work just fine. Obviously a bit of adjustment seems in SD appears in order. However, this (using the Run as facility and an account with admin credentials) should directly address the specific shortfall identified.

That's pragmatically useful advice if one is an owner of this (or any other) application since many are not able to jump between licensed products on a whim. These differentiating characteristics are certainly useful to keep in mind if you're on the market for one of these solutions, be it partition/application/system virtualization, or any security application in general.

Blue

Hi QQ2595,
Could you tell me which version you have tested with Robodog, SectorEditor, CleanMBR. I have tested SD with SectorEditor and Robodog, but it seems that these two tools can't bypass SD1.1.0.237.

and you mentiond "I had a try, thrid party tool can still access the original volume with these symbol directly in shadow mode."

Could you tell me which the third party tool is?

Thank you very much!

Best regards,
Tony

-{ Quote: "Hi QQ2595,
Could you tell me which version you have tested with Robodog, SectorEditor, CleanMBR. I have tested SD with SectorEditor and Robodog, but it seems that these two tools can't bypass SD1.1.0.237.

and you mentiond "I had a try, thrid party tool can still access the original volume with these symbol directly in shadow mode."

Could you tell me which the third party tool is?

Thank you very much!

Best regards,
Tony" }-

Is this fact? I mean you can confirm on version1.1.0.237 that SectorEditor + RobotDog for two in particular can't dislodge the driver that keeps this ISR active? Would the same apply to StealthMBR? KillDisk?

Important questions i think but as Blue alludes to some of us are going to have to take these apps to task ourselves and offer the results. DEEP FREEZE is a favorite of mine and it would be expected they could seal off such penetration from types as this seeing as they are very powerful units of virtualization from my experiences so far.

On a different note, one could i suppose short of trying Limited User to prevent kernel access employ another app like AE or even a HIPS as a substitute of sorts untill those issues can be announced as 100% resolved.

hi all , i'm a beta tester of SD
i like this golden piece of software
in fact this version of SD is amazing with so much new abilities and almost with no bugs
the SD is like the newborn infant , grows rapidly every month from VERSION TO VERSION
in my opinion ,sooner , it will be the world one virtualizing software , for the following unique features that present only in a small program does not exceed the 1 Mb

here i 'll compare shadow defender to other virtualizing softwares like shadow user , deep freeze , cleave slate

1- small sized " not exceeding the one Mb
2-very light wieghted , almost no effect on memory usage
3-can enter the shadow mode without restart
4-can exit the shadow mode without restart " except for the system drive"
5-u can easily set an exclusion list from the shadow mode
6-u can commit changes from the shadow mode
7-support vista
8-efficient password protection
9-woderfull support , the most efficient and fast support i 've ever seen

nice job tony
go on

Thanks for the feature list.

But as much as i might be tempted to try yet another one, i am completely pleased with the likes of DEEP FREEZE, POWER SHADOW, RETURNIL, etc.

Adding yet another especially newer program as SD for me would be inviting disappointment, so you know the old saying, if it works use it, if it ain't broke, don't fix it.

There will be even more improvements to these existing virtuals and so far they have served me very very well without issue.

-{ Quote: "Thanks for the feature list.

But as much as i might be tempted to try yet another one, i am completely pleased with the likes of DEEP FREEZE, POWER SHADOW, RETURNIL, etc.

Adding yet another especially newer program as SD for me would be inviting disappointment, so you know the old saying, if it works use it, if it ain't broke, don't fix it.

There will be even more improvements to these existing virtuals and so far they have served me very very well without issue." }-


hi easter, i think in less than 2 months u sure will be happy
and all of us will tell u "happy easter" ;D just 4 joking
then
DEEP FREEZE, POWER SHADOW, RETURNIL are woderfull virtualization softwares
i used the 1st two plus shadow user and clean slate
for me , deep freeze was some what heavier on my pc "i've only 512 mb ram"
and it has little flexibility
u can't set exclusion list on the protected drive
4 ex. if u protected the drive "c"
u can't exlude my documents and the antivirus from protection so that the downloaded files can not be lost after restart

also "power shadow" has the "all or none rule"
which means
either u protect the whole computer "all driver" or u protect the system drive only
u can't choose only 2 or 3 non system drive
also there's nothing called exclusion list in power shadow
the AV updates will be lost every time u restart
where will u save ur downloaded files during the shadow mode


not to mention the uninstall problems of deep freeze

i think if u tried all the features of SD for one day and feel the difference of ur computer speed
u will never leave it

best regards

-{ Quote: "u can't exlude my documents and the antivirus from protection so that the downloaded files can not be lost after restart" }-

Have you had a look at Faronic's free MAPPING TOOL?

-{ Quote: "Faronics Mapping Tool was specifically designed for use with Deep Freeze. Mapping Tool can dynamically change data in selected portions or specific folders in a Frozen partition. This tool can be used to keep entire user profiles in a Thawed state so individual users can retain their personal data, settings, and favorites, while keeping the operating system partition Frozen." }-


MAPPING TOOL (http://www.faronics.com/html/dfmappt.asp)


Consider this: My CPU is AMD 1250, small by today's standards plus also 512 MB memory like yours and i run DEEP FREEZE + ANTIEXECUTABLE + EQS + SANDBOXIE, and thats on top of RunMe, VistaMizer, and few other customizing apps like a talking clock. Maybe my MoBo is more bullish, i dunno.

;D

-{ Quote: "1- small sized " not exceeding the one Mb" }-
Yes, it is because the SD has such a small manual, only few pages.

-{ Quote: "2-very light wieghted , almost no effect on memory usage" }-
the speed of copy files slow down almost half when you enter the shadow mode.

-{ Quote: "3-can enter the shadow mode without restart" }-
Returnil and Powershadow had this function for a year, then SD come out.

-{ Quote: "4-can exit the shadow mode without restart " except for the system drive"" }-
?

-{ Quote: "5-u can easily set an exclusion list from the shadow mode" }-
Shadowusers has this function for years.

-{ Quote: "6-u can commit changes from the shadow mode" }-
RVS 2008 beta has this funtion first. and SD follow it after few weeks.

-{ Quote: "7-support vista" }-
Deepfreeze, Exfix, Rollback, Returnil support too.

-{ Quote: "8-efficient password protection" }-
which ISR does not support a password?

-{ Quote: "9-woderfull support , the most efficient and fast support i 've ever seen" }-
some chinese people said, tony work for a chinese ISR company and develop the SD at same time. it is good for him have so many time to support.

I know one thing,checking out DF on my system boots alot slower with him installed....uninstalls easily good thing.

On a side note i clicked Ya on every install of anything i could find not a trace before,then enabled SD nothing on system after SD reboot.Impressive to the laymen.Same results with DF.

I guess i am easily impressed Not.DF and SD accomplished the exact same things but differently...hmmmm

-{ Quote: "Thanks for the feature list.

But as much as i might be tempted to try yet another one, i am completely pleased with the likes of DEEP FREEZE, POWER SHADOW, RETURNIL, etc.

Adding yet another especially newer program as SD for me would be inviting disappointment, so you know the old saying, if it works use it, if it ain't broke, don't fix it.

There will be even more improvements to these existing virtuals and so far they have served me very very well without issue." }-

as Tony said in the chinese shareware forum cnsw.org, he once steal the manual of other ISR. I did not see there is any function in SD is the first invention. :(

-{ Quote: ";D


Yes, it is because the SD has such a small manual, only few pages.

" }-


deep freeze takes more than 30 mb for installation
does it has 30 Mb manual ???

-{ Quote: ";D


the speed of copy files slow down almost half when you enter the shadow mode.

." }-


this is not a fact
only on ur pc
i think this is not fair to accuse SD namely to slow any thing on pc
how can u compare SD with deep freeze " freeze"
look at the memoty usage of SD and compare it with any software

-{ Quote: ";D


Yes, it is because the SD has such a small manual, only few pages.


the speed of copy files slow down almost half when you enter the shadow mode.


Returnil and Powershadow had this function for a year, then SD come out.


?


Shadowusers has this function for years.


RVS 2008 beta has this funtion first. and SD follow it after few weeks.


Deepfreeze, Exfix, Rollback, Returnil support too.


which ISR does not support a password?


some chinese people said, tony work for a chinese ISR company and develop the SD at same time. it is good for him have so many time to support." }-



1st of all
i mentioned many features in shadowdefender
i know other virtualization softwares have these features
but all these features do NOT exist in a single product


u said shadowuser can commit the changes
but shadowuser misses many other features
1- need restart whether to enter or to exit shadow mode
2-files in the recycle bin remains even after restart
3-useless password protection " function present but does not work"
4-no vista support
5-computer can not boot if file system checking occurs" serious unfixed bug"

about powershadow
ok u said it can enter shadow without restart
that's good
but it misses other main features
1-need restart to exit shadow mode " new version of shadow defener can exit the shadow mode without restart for other drives not the drive where the windows installed"
2-u can not protect single drive "other than the system drive
either u protect the system drive or the whole computer
3-either u protect the system drive all the whole hard disc
4-no exclsion function "either u protect every thing or u protect nothing " this is a fatal missing of a main feature" how can u update ur AV during shadow mode
5-no commit function
"if u are protecting the whole system in a complete shadow mode , then u downloaded a movie from the net , where will u save this movie or u will loose it after restart ???
6-considerable memory usage
7-very slow boot time

best regards

-{ Quote: "this is not a fact
only on ur pc
i think this is not fair to accuse SD namely to slow any thing on pc
how can u compare SD with deep freeze " freeze"
look at the memoty usage of SD and compare it with any software" }-

;D
all the ISR soultuons are implemented in Windows driver(run in ring 0 in the kernel). you can quit their win32 GUI applications and the protection will be still on. how did you see the memoty usage of SD? in task manager? please tell me your way.

in fact, SD uses the file system filter driver to send two "copy" of every access to the shadow mode disk and original disk. this is how it implement the exclusion function. say if you create 1 MB file in the shadow mode. a mirror 1MB file also is created in the original disk. this will not slow down the system? :)

welp i think we all came to main point on all the virtual out there (SD ,DF,DU,RETURNIL....) .. how can we compare there speed in frozen mode ? (or shdow mode like SD)

all are plus minus gave as the same fanction..i think speed and protection agains clean mbr tools are the main isue in here. not the size of the progy nither the amount of the instalation... thoos aspects are unimportant

cheers8)

-{ Quote: "welp i think we all came to main point on all the virtual out there (SD ,DF,DU,RETURNIL....) .. how can we compare there speed in frozen mode ? (or shdow mode like SD)
" }-
Very interesting poit. Any benchmarks for this will be interesting to use.

-{ Quote: "Very interesting poit. Any benchmarks for this will be interesting to use." }-

I dont think there is a benchmark util which can prefom such task...we have to improvise something ;D

cheers :wacko:

-{ Quote: "6-considerable memory usage
7-very slow boot time" }-

Highly dispute these, running version 2.6 boot times are normal, no additional memory useage either. Depends obviously on machine/system and what else you are using in running processs programs.


-{ Quote: "5-no commit function
"if u are protecting the whole system in a complete shadow mode , then u downloaded a movie from the net , where will u save this movie or u will loose it after restart" }-

Power Shadow is not unfit for commit, so long as you tether another drive (dual drive) in order to transfer/store your downloads to and even USB Pen.

I consider this safety mechanism, others support need to commit to disk while frozen/shadowed, but this is Microsoft engineered O/S remember, not all is possible but much headway has been made in spite of limitations.



EASTER

-{ Quote: "I dont think there is a benchmark util which can prefom such task...we have to improvise something ;D

cheers :wacko:" }-
Yep. A simple benchmark may be copying a larger amount of mixed data( different type of files, documents, videos, exes etc), say 1 GB, from one shadowed partition to other one.

It will be interesting if anyone can do a test like this to compare these products.

I doubt that shadowdefender supports windows vista fully....

I tested from 1.0 onwards till this final version was a disappointment.

Current using Vista Business Edition

1. Install Shadowdefender

2. exclude some folders

3. set it to shadow mode.

4. restart the computer to test booting up of my system...

5. Bang! there it is.... the loading time takes more than 7 minutes as compared to no shadow mode.... when it load completed.... I checked the disk volume which shadow mode is using... 5xx.MB.... then I realize something is really wrong with shadowdefender on my computer.

Anyone having this problem as me having loading time takes like 7 to 8 mins to load when in shadow mode ?

-{ Quote: "16: I still don't understand how to exit shadow mode without restarting. It's possible, right?

We are developing an advanced version for PowerShadow. The advanced version can quit shadow mode without rebooting computer." }-

Still waiting on this myself.

ShadowDefender appeals enough for some but it's not full up either with all the features i expected (just yet), but for most it should serve just fine in it's current release. It's the next versions i'm curiously optimistic about.

I couldn't find this info anywhere so I'm asking here - does Shadow Defender have some sort of persistent shadow mode so it retains its state across reboots? In other words if I wanted a maintained sandbox which does not get deleted at reboot but only when I manually exit shadow mode?

-{ Quote: "I couldn't find this info anywhere so I'm asking here - does Shadow Defender have some sort of persistent shadow mode so it retains its state across reboots? In other words if I wanted a maintained sandbox which does not get deleted at reboot but only when I manually exit shadow mode?" }-At the present time, ShadowUser Pro is the only product of this genre (partition virtualization) that I know of which has that functionality.

Blue

Ah ok, I thought I read somewhere this was going to be added to Shadow Defender but was not sure if that was the case or if it had been added yet.

Here it is from your comparison post about various "Shadow" programs

-{ Quote: "
Effectively replicates the ShadowUser Pro feature set aside from the ability to maintain a shadow session across restarts. This capability is being worked on with a very provisional completion date estimate of ~ 2 months - roughly the end of Feb 2008.
" }-

I guess it is not ready yet :)

-{ Quote: "Ah ok, I thought I read somewhere this was going to be added to Shadow Defender but was not sure if that was the case or if it had been added yet :)" }-Not yet, don't know if they've figured out needed details. Similar comment applies to Returnil, and although they mentioned it as a future possibility, there are obvious security issues particularly as it relates to the primary functionality that this type of product provides.

Blue

-{ Quote: "At the present time, ShadowUser Pro is the only product of this genre (partition virtualization) that I know of which has that functionality.

Blue" }-

There are many products have that functionality.

-{ Quote: "There are many products have that functionality." }-In terms of the qualification of the specific genre I mentioned (partition virtualization), which would you consider as providing that functionality? I realize that one could note applications such as Rollback Rx/FD-Rescue, full VM's, etc., do provide this facility. So, in terms of base functionality, yes, there are choices, but which of these are in the discussed genre?

Blue