If you think of a sandbox as a "virtual workspace" the concept has been around a long time. A RAM drive is a virtual workspace, since upon reboot, nothing written to that drive remains.

One of the problems with the early RAM drives was the limitation of 32MB of the windows ramdrv.sys. An interesting product I used for some time was vRamDir, a virtual ram drive that could be as big as your available free RAM. Also, you could remap directories to it. It was common to load temp and cache directories into RAM on startup. Running applications in RAM was really fast. This was in the days before fast CPUs. We didn’t think of it so much for security, as for speed. For example, I knew programers who compiled in a RAM drive.

In more recent times the technology has been incorporated as a security tool. A virtual PC is like a sandbox - any configuration changes on it have absolutely no effect on the host system, but are based on the host system's hardware.

A company called SoftGrid has its SystemGuard™ - "because applications bring their own set of configurations and run within a protective virtual run-time ‘sandbox,’ there is no dependency or effect on the configuration of the machine running them."

Windows Servers include this technology. From my WinServer2003 notes: "The new Software Restriction Policies (SRP) feature creates a virtual ‘sandbox’ that prevents unauthorized code execution."

Tiny firewall uses sandbox technology.

Another group of programs use the ‘sandbox’ idea to protect the system:

Sandboxie is a true stand-alone sandbox program. Their site diagrams nicely how it works:
http://www.sandboxie.com/

ShadowUser works on a similar principle, where the ‘ShadowMode’ creates a virtual volume:
http://www.shadowstor.com/products/ItemPage.aspx?ItemID=83&ProductID=4

Drive Vaccine (http://www.horizondatasys.com/product_page.html?page_id=1
) claims to write-protect the HD and create 'Scratch Space'

Yet another program - Deep Freeze (http://www.faronics.com/html/DFStd.asp) - 'locks down' the system but doesn't use virtualization.

These types of programs are becoming popular as the foundation of a security system. Each program works on different principles and levels of restriction.

In other threads some people write that they run such a program + firewall and little else.

It may be difficult to understand why one would not load up with detection software, rather, depend primarily on a sandbox or lockdown program with little else. I know four who have such a security setup. All came from the early days of Windows when there was very little anti-malware software, and one’s security was based primarily on making intelligent decisions. Today, more people are questioning certain types of detection technology, as ErikAlbert did in a recent thread (http://www.wilderssecurity.com/showpost.php?p=569364&postcount=26):

---------------------------------------------------------
Definition/heuristic-based softwares do NOT have a future
and I'm not going to repeat myself, I've explained this
already in other posts.
---------------------------------------------------------

Pretty strong language. But a friend who works in an institution that uses Deep Freeze on all of the work stations predicted several years ago that lockdown and virtualization (sandbox) technology would be implemented more and more in different ways as new programs develop, and eventually be the foundation for a security setup.

This evening in the AntiMalware by Trustware thread ( http://www.wilderssecurity.com/showpost.php?p=570651&postcount=27) Eyal Dotan, the author & CTO of AntiMalware, wrote:

----------------------------------------------------------
...what AntiMalware's BufferZone does is virtualize
untrusted processes "Write" access to FileSystem & Registry
-----------------------------------------------------------

For those who have experienced problems and conflicts with various ‘sandbox,’ ‘lock-down’ or ‘virtualization’ programs, most people using them (ShadowUser and Deep Freeze especially) stress starting with a clean system. I would uninstall all AV/AT etc programs, then install SU, AM, Sandboxie or whatever - use that as the foundation - and then add other programs to see at what point you have conflicts.

You may eventually decide you don’t need much above this foundation. See:

Rate your Security Software (http://www.wilderssecurity.com/showpost.php?p=569834&postcount=19)

For those that use one of the above programs (or something similar that I've omitted) I am interested in how you decided upon the particular program and how it fits in with your security setup.

regards,

-rich
________________
~~Be ALERT!!! ~~

I ran into Sandboxie over at Spyware Warriors forum and decided to give it a go several weeks ago.

ZAP,Winpatrol and Vet av are my realtime security agents along with a router firewall.Ewido and Giant(Msantispy) as on demand.Msvp hosts,Firefox and Spywareblaster also.

Sandboxie installed and runs no probs after an initial warning from ZAP.Executed Scoundrel simulator through sandboxie with all tests being constrained within the sandbox.

Regtest was able to reboot my pc but the reg changes seemed to be contained.Upon reboot Regtest and I think ZAP locked horns which resulted in a black screen.Booted from hdd-1 and restored from a ghost image made that day.

I'm not that tech savvy,but Sandboxie seems to do everything stated and I hope some of the spyware experts would give it a good workout and let us plebs know just how good or bad it really is.

Haven't tried any similar apps so can't comment on how they performed on my machine.

I quite agree...virtualisation/sandbox programs will gain more and more acceptance as the foundation stone of security setups.

I don't think the above will make AV's will dissappear, because :
-installations are still a weak point
-SU/DF etc allow infection until reboot

That said, for keeping my system clean during normal use (ie : when not installing) I trust ShadowUser more than an AV <that is...every reboot, any malware that has managed to install, is gone>.

I'm also running tests on AntiMalware, which is passing most everything I've thrown at it so far (I downloaded the following, which ran in the Bufferzone : 3x Finjan tests <data theft>, hook test from DCS, Ghost security's RegTest 2 and ProcX <termination>, and Zapass <dll injection> , plus a visit to a CWS site - AM didn't allow any driveby downloads through <there were definitely nasties on the site - and i had IE set to medium security> ) . AM didn't pass Ghost Security Suites RegTest 1...but it doesn't claim to, saying it allows programs to write registry keys <but apparently not autostart or dll injection ones>.

Using two sandbox/virtualisation programs together may not always work. There appears to be a glitch in AM while in Shadowmode. Send me a PM if you wish to know, I doubt two many people will try running the two together :)

Before this new hype gets overheated, can someone post the negatives points of 'virtualization' or sandboxing compared to other technologies?

From my observation there are at least 2

1. Vastly more complicated. Chances of causing system failures are high compared to other technologies. Given what virtualization aims to do, this isn't a surprise.

E.g Vikorr and Erik Albert's problems with antimalware, driver conflicts etc.

2. Virtualization is unpredictable, not all software work well in a sandbox can lead to unpredictable failures.

3. Different mindset for handling software

-{ Quote: "I don't think the above will make AV's will dissappear, because:
-installations are still a weak point
-SU/DF etc allow infection until reboot " }-

Yes, this is my understanding. Therefore, anything that can happen, in regards to malware, can still happen, between reboots. For this reason, Faronics (the publishers of DeepFreeze) also sell Anti-Executable. But merely having an Anti-Executable on-board is probably not enough, since each user will still have to decide "how much security he/she needs" to protect against very destructive malware.

Also, users need to get use to turning the sandbox products off and on (each product is different) when they want to load new software permanently. To the best of my knowledge, products like DeepFreeze are really targeted toward environments such as schools and libraries where the environment is under tight control and very few, if any, new software installs, are ever performed.

From my point of view, sandbox technology is more "adjunctive" as opposed to being a replacement for traditional products such as AVs, and even products like ProcessGuard, and should be considered "automated, total system restore products".

Rich

-{ Quote: "From my point of view, sandbox technology is more "adjunctive" as opposed to being a replacement for traditional products such as AVs, and even products like ProcessGuard, and should be considered "automated, total system restore products"." }-
I agree with this and it disappoints me at the same time. One of the reasons why I prefer to wait ... for solutions, based on another kind of philosophy, but NOT based on definitions/heuristics or (H)IPS.
(H)IPS solutions are for knowledgeable users only.
Definition/heuristic-based solutions, including Security Suites have too many other problems.

Unfortunately I'm an application analyst, not a security analyst.
One thing I'm sure about, definition/heuristic-based solutions are not the right way to solve security.
I would never collect malware objects in a definition-database, because they come from an unknown and uncontrollable source : the bad guys.
This is an endless/hopeless task and you even have to find the malwares first before you can do something about it, which makes it even worse.
If that's the way of fighting against the bad guys, you are doomed to lose in the very end.

IF and I repeat IF, I had to collect something, I would collect the good objects, because they come from a well-known and controllable source : the good guys.
If you have to solve a problem, you have to study this problem from different angles in order to find the right solution and always keep the less-knowledgeable user in mind when you choose a solution, because that's the one who really needs help.
If the first solution, usually the obvious solution, isn't right, find another one and another one until you find the best one.

(H)IPS is one solution, definition-based is one solution, sandbox is one solution, there must be other solutions, if you think LONG enough. :)

From my point of view, albeit very new to computer security and from a limited knowledge of computers in general, I agree with ErikAlbert. White lists (of aloowed applications, websites, processes) will always be more comprehensive than black lists which cannot protect against anything new. Heuristics are very clever but seem to miss the wood for the trees.

Sandboxes seem to me to be the way forward. I think the problems Pollmaster identifies could be considered one and the same. The unpredictable nature of these "virtual systems" is the biggest factor, but I think it will be a small price relatively to pay for assured security.

ErikAlbert says -{ Quote: "Unfortunately I'm an application analyst, not a security analyst." }-

but I think the solution will definitely come from someone thinking "outside the box" (forgive the pun), and sandbox concepts are that sort of "left-field thinking2 (Jebus - I've just used two of those corporate phrases I cannot stand, I must be passionate!)

I was wondering about some sort of all-encompassing idea, and thought something like a modified version of this VirtualPrivacydesktop (http://www.wilderssecurity.com/showthread.php?t=99645) may be the solution.

I am fairly new to this (as must be apparent) but it seems to me there must be a more effective approach than to download a dozen applications to run every day to ensure nothing gets through...

-{ Quote: "From my point of view, albeit very new to computer security and from a limited knowledge of computers in general, I agree with ErikAlbert. White lists (of aloowed applications, websites, processes) will always be more comprehensive than black lists which cannot protect against anything new. Heuristics are very clever but seem to miss the wood for the trees.
" }-

I'm trying to figure out the position so called virtualization tech should play beside behavior blockers and scanners.

It seems to me that a proper sandbox, would in many ways play just about the same role as a system wide behavior blocker. Many of the actions that restricted apps cannot do, are exactly the kind of behaivor we have PG and the like to monitor.

The only superiority I can think of in virtualization tech is that it allows you to "fake' or at least reverse the effects of software actions, so you can temporily allow certain changes so the software doesn't ground to a halt if you disallow this behavior.

This sounds very amazing, but it also sounds very complicated. By and large , I suspect this is possible only for simple actions maybe file writes, registry writes, but when it comes down to "deep actions" like kernel hooking, the defensive software won't be able to fake it, but will just block it, exactly like a behaviorial blocker (Process Guard for example)

If so, we are in the exact same situation as behavior blockers. You want to run this software, and it passes through all your scanners. What do you do next? If you run it through virtualization technology, it refuses to run because it requires driver installs. Again you are caught.

I'm also concerned about how tight the sandbox is. Does the sandbox restrict ALL behavior EXCEPT for some approved ones or does it do the reverse by allowing everything but blocking only some actions (enumerating badness).

Looking at some of the comments, I suspect it's closer to the latter than the former. If so , I highly doubt the effectiveness of such software being superior to behavior blocker/HIPS















-{ Quote: "
Sandboxes seem to me to be the way forward. I think the problems Pollmaster identifies could be considered one and the same. The unpredictable nature of these "virtual systems" is the biggest factor, but I think it will be a small price relatively to pay for assured security.
" }-

A small price to pay i suppose depends on whether you are suffering from BSODs. As vikkor found out, it is extremely unlikely for two virtualization tech to work together. Running vmware in vmware is possible but not recommended. Running 2 different virtualization packages together
is just asking for trouble.











ErikAlbert says

but I think the solution will definitely come from someone thinking "outside the box" (forgive the pun), and sandbox concepts are that sort of "left-field thinking2 (Jebus - I've just used two of those corporate phrases I cannot stand, I must be passionate!)

I was wondering about some sort of all-encompassing idea, and thought something like a modified version of this VirtualPrivacydesktop (http://www.wilderssecurity.com/showthread.php?t=99645) may be the solution.

I am fairly new to this (as must be apparent) but it seems to me there must be a more effective approach than to download a dozen applications to run every day to ensure nothing gets through..." }-

"Sandbox" software and the like sounds good in theory because it implies the use of two security concepts which have proven effective in the long term:

1) Least privilege and
2) Deny all that I do not explicitly allow / Whitelists

The problem is that it is difficult to determine the minimum privileges needed for applications not only in terms of OS system calls but the application function calls themselves. Testing based on common usage can come up with a preferred minimum privilege, but this is also dependent on this usage pattern remaining stable/relatively constant into the future. Essentially your applications have now moved from being trusted, with their actions only confined to the disk usage restrictions of the current user account, to untrusted apart from a small subset of all their possible function calls which are allowable.

Unfortunately many of these sandbox products have turned away from (2) because of the perceived difficulty in dealing with (1). Consequently, you may be surprised to learn that many 'sandbox' products emphasise the exact opposite in their design: Allow all that I do not explicitly deny
....rather than the other way round! Hence what made this class of products so different from the mainstream may no longer be there at all (in some cases).

I came in a little late in this thread, but I tried an AV called Norman Virus Control which claims to use a unique sandboxing technology.
This belongs in this thread I'm sure - anyone else tried this application?

Greets -

RMUS

Heck I still use a RAM disc along with other VPC software. As you know I have VMware on one pc and MS shared toolkit on another.
I use RAMDisk on the second. I load Firefox on boot. Now days the ramdisks load an img file on boot. Only problem is they load with windows and not seperate but
anyway your apps still run faster in RAM even with new CPU'S LOL
The thing I do like about MS shared toolkit is the ability to create limited user profiles for home or office. It is out of Beta now.
I like VMware because with DF SU ect , you can still make the mistake of saving
something you really didn't mean to. With Vmware or Microsoft's VC not the shared toolkit, you can just revert back to a differnt snapshot.
The downside to both is they do not detect a USB stick. Even this is not a biggy. You can still copy & paste or drag and drop files from the host PC to the virtual pc in vmware. not sure about MS's VPC.
Some security people are using VMware with RAMDrive and setting up honey pots. Cheapest I found was like 3000 dollars for 1 gig ramdrive PCI slot.
So this isn't something we small time testers can do LOL

controler

-{ Quote: "I came in a little late in this thread, but I tried an AV called Norman Virus Control which claims to use a unique sandboxing technology.
This belongs in this thread I'm sure - anyone else tried this application?

Greets -" }-

I'm not so sure it belongs in this thread. Correct me if I'm wrong, but when we talk sandbox technology in this case, we are talking about useing emulation as a scanning technique to detect malicious software?

Well, I still think it does, look here:

http://www.norman.com/Support/FAQs/Norman_Sandbox/17776/en

Here is stated that it uses a "safe virtual environment inside your computer" ...

Anyway - just wanted to add to the thread w/ positive info ...

Btw, maybe I should have posted it here, but I would also like to here about the negative side of this tech.

http://www.wilderssecurity.com/showpost.php?p=580411&postcount=72

-{ Quote: "In computer security, a sandbox is a security mechanism for safely running programs. It is often used to execute untested code, or programs from unverified third-parties and untrusted users.

The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices is usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization." }-

The above is a definition from WIKIPEDIA. Sandbox can be implemented in different ways.

In application like Tiny Firewall, a restricted environment is provided by the implementation of rules defined by the user. User can define rules to protect resources on the computer like sensitive registry entries, files, processes, and internet access and etc. So untrusted applications can not touch these protected areas, and the computer will not be damaged by such applications. The drawback is that the rule making is complicated. It depends a lot on the rule maker's knowledge and judgement.

In application like ShadowUser, a virtual volume is provided to excute applications. Computer systems and applications are 'imaged' and excuted in the virtual volume. In this virtual volume, applications work with the 'images' of files on hard drive instead of original files. When the computer shuts down, everything in the virtual volume will be erased without being written onto hard drive. The resource protected by virtual volume approach is the hard drive, and thus all the files including the registry file on it. The virtual volume method (ShadowUser) is easy to use as few user rules are needed. The drawback is that such system is mostly good for systems which need few modifications or software installation. This is because that all the changes or software installation will not be saved while the computer is in protected mode. To make the modifications or installations permanent,the computer has to be in normal mode, and the computer is no longer protected. One can exclude some partitions or folders from protection for easier configuration changes. Such partitions or folders are weak points on the computer too.

I use both ShadowUser and Tiny Firewall for double layered protection. After years, I have already settled down to a set of trusted software that I need to use. Once I have installed them and optimized the system, I want to keep the system in that way for a while. ShadowUser serves my purpose. I would no longer need to remove temporary files or defrag frequently. I have some partitions and folders excluded from the protection of ShadowUser. At the mean time, I may need to shut down ShadowUser to install or modify the system occasionally. Tiny Firewall protects my system in such cases.

I am a long time Tiny Firewall user, and I am still trying ShadowUser. I am wondering if any malware can ever break through my configuration:)

-{ Quote: "I am a long time Tiny Firewall user, and I am still trying ShadowUser. I am wondering if any malware can ever break through my configuration:)" }-
Thanks for your interesting post, because I'm going to use ShadowUser too in the near future and I don't care about the few disadvantages of SU, because it has more advantages, than traditional softwares until the opposite is proven. :)

ok let's chew the fat on this.

shadow user $69.95
sandboxie $0.00

so the question is what has SU got that sandboxie don't? - that makes it $69.95 better?

-{ Quote: "ok let's chew the fat on this.

shadow user $69.95
sandboxie $0.00

so the question is what has SU got that sandboxie don't? - that makes it $69.95 better?" }-

It all depends on what one needs. I have not tried sandboxie yet, so please correct me if I am wrong.

To my understanding, sandboxie applies to individual applications, internet explorer for example, while ShadowUser applies to a whole partition or disk.

The good thing for sandboxie may be that it is free and one does not need to reboot to make changes. The bad thing is that one has to specify what applications to run in 'sandbox' mode. This may be inconvenient for some users. Also, the execution of some applications may not be predictable in sandboxie.

The good thing for ShadowUser is that all applications just run as normal in the ShadowMode, at least on my computer. By applying to a whole disk/partition, the whole disk/partition is protected and one does not need to specify which application to run in 'sandbox' mode either. It is convenient in a sense. Well, the bad thing is that it is expensive and one has to reboot to make changes sometimes.

thanks for the reply yahoo. i've tried sandboxie for a while but it doesn't suit my style of surfing, i'm always downloading stuff and making book marks etc. it's always a trade off - more protection but more hassle. shadow user is a very safe way to go - gives you a chance to try stuff out before you commit which is sane. i presume if you want you can switch it off and revert back to normal mode of operation without any hassle?

-{ Quote: "i presume if you want you can switch it off and revert back to normal mode of operation without any hassle?" }-

One has to switch ShadowMode off and then reboot back into normal mode. This makes the system safer in a sense, but it is not convenient for users. Other than the reboot, no other hassles. (I perfer switch back into normal mode without reboot:( )

Toploader,
I already explained in this thread why I want SU :
http://www.wilderssecurity.com/showthread.php?t=100811
The title of this thread should have been "Firewall + ShadowUser", but I can't change the title anymore.

I mentioned 8 good reasons to use SU and I want my newbie time back, when I was unaware of any threat.
It's not only about security, it's more about myself and that's the only reason why I'm willing to pay $70.
I don't like to pay for the other (traditional) softwares and I explained why.
If I stick to the traditional softwares, I will pay alot more than $70, if I want quality and unfortunately SU isn't freeware, so I have to buy it.
I'm sicken tired of having so many security softwares on my computer and when I use only freewares, I need even more softwares and I'm too stupid to use pro-active softwares.

Sandboxie isn't enough, because it doesn't protect my complete system and I have a few other reasons not to use Sandboxie, which I don't like to mention in this forum, because they aren't based on facts.
I couldn't test AntiMalware because it didn't work on my computer. but I read every post about AM.
DefenseWall is good as additional software, but I won't need it when I use SU, until the opposite is proven.
:)

thanks Erik - for me it would be too much hassle - i prefer to surf naked and take my chances that my scanners are up to the job - it's not sane i know but it's just the way i am. :)

and anyway SU breaks my "use only freeware" rule - i would hate to pay $70 dollars for SU and find i didn't like it - if it's a freebie and you don't like it you just move onto the new kid on the block.

(it's a bit like buying a gym membership that costs a $1000 a year - it's seems the right thing to do but how many people just go to the gym once or twice and then give up)

-{ Quote: "One has to switch ShadowMode off and then reboot back into normal mode. This makes the system safer in a sense, but it is not convenient for users. Other than the reboot, no other hassles. (I perfer switch back into normal mode without reboot:( )" }-

This is possible:http://www.wilderssecurity.com/showthread.php?t=100573&highlight=winrollback

-{ Quote: "Toploader,
I already explained in this thread why I want SU :
http://www.wilderssecurity.com/showthread.php?t=100811
The title of this thread should have been "Firewall + ShadowUser", but I can't change the title anymore.

I mentioned 8 good reasons to use SU and I want my newbie time back, when I was unaware of any threat.
It's not only about security, it's more about myself and that's the only reason why I'm willing to pay $70.
I don't like to pay for the other (traditional) softwares and I explained why.
If I stick to the traditional softwares, I will pay alot more than $70, if I want quality and unfortunately SU isn't freeware, so I have to buy it.
I'm sicken tired of having so many security softwares on my computer and when I use only freewares, I need even more softwares and I'm too stupid to use pro-active softwares.

Sandboxie isn't enough, because it doesn't protect my complete system and I have a few other reasons not to use Sandboxie, which I don't like to mention in this forum, because they aren't based on facts.
I couldn't test AntiMalware because it didn't work on my computer. but I read every post about AM.
DefenseWall is good as additional software, but I won't need it when I use SU, until the opposite is proven.
:)" }-

ErikAlbert,

I'm not a computer expert in security like a lot of members at Wilders but i've learned a lot ever since i joined and i can tell you SU is my first line of defense first and foremost because of what you mentioned:"...and I want my newbie time back, when I was unaware of any threat."

This is exactly that, a gut feeling that your computer no matter what happens will come out unscathed from any major disaster situation. Yes i do have Nod, Outpost, PG, RG, MS AntiSpy among others, which will protect me in real time but if i had to choose ONE APPLICATION as the most important, SU would be the one.

People often mention the price at 70$ being expensive: it's one off, you don't have to renew it next year and support will reply to your e-mails within 24 hours. My only concern is, if the program becomes too popular, can it be hacked?

-{ Quote: " My only concern is, if the program becomes too popular, can it be hacked?" }-
I have no doubts that SU will be hacked one day, like any other software and ShadowStor will try to fix it, just like Mozilla is trying to fix Firefox when there is a security hole.
Most probably it will take some time before they start hacking SU. After all most users still stick to the traditional softwares. I'm not really worried about that.
Thanks for mentioning a few things about SU, I wasn't sure of.
I'm not in a hurry to buy/install SU, but the idea in my mind is becoming stronger and stronger every day. I just need an extra kick to do it for real. ;D

-{ Quote: "This is possible:http://www.wilderssecurity.com/showthread.php?t=100573&highlight=winrollback" }-

gergy, thanks. I have one more choice now:)

-{ Quote: "
I'm not in a hurry to buy/install SU, but the idea in my mind is becoming stronger and stronger every day. I just need an extra kick to do it for real. ;D" }-

No need to be in a hurry to buy/install SU at all. As time goes by, SU will be more mature, as well as other choices. I tried SU a couple of days. It seemed fine. However, I tried some software installation in ShadowMode yesterday, and I found some traces of the installation left after reboot. It means that my disk was not protected as expected. I still have not figured out what is the problem yet.

-{ Quote: "However, I tried some software installation in ShadowMode yesterday, and I found some traces of the installation left after reboot. It means that my disk was not protected as expected. I still have not figured out what is the problem yet." }-
If you ever find out, let us know and report this to ShadowStor, otherwise it will never be fixed.
What works fine, doesn't really interest me, but when something goes wrong, I'm all ears. :)

I hope it was indeed reported to Shadowstor...anything that slips through needs to be looked at :)

I tried the installation today again. No trace is found after reboot now. So no worry any more:)

I had the option "Continue ShadowMode session after reboot" checked yesterday. That might be the problem, but I am not so sure yet.

Hate to do such beta testing/debugging like things. As far as it works now, I am fine with it;D

That would explain it.

-{ Quote: "



...However, I tried some software installation in ShadowMode yesterday, and I found some traces of the installation left after reboot. It means that my disk was not protected as expected. I still have not figured out what is the problem yet." }-

If I were you i would double check. That's not supposed to happen. When I first installed SU, I had Kasperky 5 personal running, and had the opposite problem that is the trial program would disappear after a 'persistent reboot'.

Then I noticed that whenever i put my comp on standby mode i would instantly get a blue screen. The Shadowstor people said there was a known conflict with older versions of Kaspersky 5. Installing NOD 32 solved my problem.

I don't know what AV you are running but i would ask ShadowStor if they know of any problems running SU and Tiny firewall.

Osaban-

Thanks for your suggestion! Yeah, it is quite possible that Tiny Firewall has some effect on SU, and most likely some rules I made in Tiny. I will let SU and TF run together a couple of days and see how things go. I use KAV 5.0 too. But I have disabled the Stand by mode of my computer for some other reasons. So I did not get problem with SU.

I am still not quite sure about what the 'persistent reboot' means. To my understanding, when SU is in the 'persistent reboot' mode, the ShadowCache would not be wiped out at each reboot and would continue to be used after the reboot. If this is the case, what happened would likely be my bad, as I thought what I found was saved on the hard disk instead of ShadowCache.

Yes you are. Basically 'persistent' means the shadow mode session continues after rebooting without any loss of new data (very important when trialling programs requiring a reboot).

-{ Quote: "Yes you are. Basically 'persistent' means the shadow mode session continues after rebooting without any loss of new data (very important when trialling programs requiring a reboot)." }-

Thanks, Osaban. I was confused about it. I love SU more now:)

-{ Quote: "thanks Erik - for me it would be too much hassle - i prefer to surf naked and take my chances that my scanners are up to the job - it's not sane i know but it's just the way i am. :)

and anyway SU breaks my "use only freeware" rule - i would hate to pay $70 dollars for SU and find i didn't like it - if it's a freebie and you don't like it you just move onto the new kid on the block. paying for software only encourages them Erik. ;D
" }-
I thought exactly the same way and I would certainly not spend money on any AV/AS/AT/AK scanners, because I don't believe in that type of protection and these scanners have already serious problems and these problems will only INCREASE in the future.
I'm not guessing, the facts are there and it's predictable that it will become even worse in the future and I don't like to wait that long.
Besides that, the actual problems of scanners are causing another number of problems for the users, which is a very logical.
When something doesn't work very well, other problems will arise, it's a kind of chain reaction.
It's not only a matter of computer softwares, it's also about what happens afterwards and most computer people, don't even think or know about this, because their job is done.

SU has so many important advantages for me and I can't find any of them in the traditional softwares.
So I have no other choice than buying SU, because it isn't freeware, I want my freedom back and there is nothing better than sandbox softwares at this moment with the SAME important advantages.
Toploader, I'm not trying to sell SU to you, I'm only trying to make you think about this more thoroughly and to give you a picture of the actual problems and the near future.
If you like the freewares, no one will stop you from using them.

I have a few other reasons :
1. I never work for myself only, I have the indifferent user in mind when I try to find security solutions.
You won't find these users at Wilders, but my work environment is full of them.
These users earn money for the company and anything that keeps them away of doing their real job, irritates/angers them and malware and yes even anti-malware is certainly one of them. Anti-Malwares aren't quiet enough.
Each time something serious happens in one of our internet-connected computers our computer department is always the scapegoat, even when the user is guilty and these users won't stop blaming us, until the problem is fixed and they don't show any patience.
SU might fix our problems with these users. I'm not sure yet, because I'm not familiar with SU.

2. Our computer department doesn't know what userfriendliness really means, they still think that userfriendliness is nothing but a well-designed user interface. This was true in the past, but not anymore because most recent computer softwares do have a userfriendly interface, not always brilliant but good enough.
If one of our computer people will try to install a software like ProcessGuard on our pc's, I will stop them, because I know in advance that these users will hate ProcessGuard, no matter how good ProcessGuard is.
That's why I try to learn as much as possible at Wilders to stop our computer people from installing the wrong security softwares.
If I like SU, many other users will like it too, because I think like them.

3. There are enough members at Wilders, who really use SU in practice and they know alot more about malware than me.
If I don't understand something about SU, I can ask questions and Wilders has some very good posts about SU.
These members explain SU much better than the website/SU-help of ShadowStor.
ShadowStor doesn't know how to approach less-knowledgeable users and I had more questions than answers after reading their website and SU-help, but most of my questions were answered by the members of Wilders.
For the record : this isn't bootlicking. I'm not like that and one day, when I'm very familiar with SU, ShadowStor will receive a polite email from me with my opinion about their website and SU-help.
I don't care what ShadowStor will think about my opinion, I'm used to be ignored.
As long I can do what I like at work/home, I'm happy. 8)

Lol, Erik I think that one day, when you send ShadowStor that email, they'll think "F**K, never knew our website had that much wrong with it" ;D

By the way, I agree with you...their website really doesn't do a good job of explaining SU.

-{ Quote: "By the way, I agree with you...their website really doesn't do a good job of explaining SU." }-
I'm glad, you saw it too. That makes two of us. 8)

-{ Quote: "I'm glad, you saw it too. That makes two of us. 8)" }-

Count me in too;D

They listed the most frequently asked questions there. But when I cliked on the links, there is no answer displayed! I tried it on my own computer, and also some public computers. All the same.

Their user manual is funny, the first one-third of the manual is almost totally useless.

-{ Quote: "Count me in too;D

They listed the most frequently asked questions there. But when I cliked on the links, there is no answer displayed! I tried it on my own computer, and also some public computers. All the same.

Their user manual is funny too. Amost half of the manual is the legal statement, and only few pages left talking about how to use SU." }-

Jesus Christ, they changed their website completely and it's even worse.
I had to search for the FAQ and when I finally found it, I got nothing but blank screens with a search box.

So I searched with "ShadowMode" and I got a list of several FAQs.
For instance :
"15. How should I set up a public use computer with ShadowUser?
Public Use Computer with Strong ShadowUser Protection Description: Computer is ava..."

As you can see the answer isn't complete. So I click on the question to see more and I get a blank screen again with a search box ;D This help is a labyrinth. Pfffft

This web designer belongs in a strait-jacket. Take my word for it. ::)

Search this forum for DefenseWall - try it - if it fails on some point - try there support - outstandning - bug was fixed within hours.

Its in beta now but due for release soon.

Now the program runs smoothly on my PC and together with OP it will be "my main man" for keeps.

Ran Regtest from the untrusted/box and Regtest failed its purpose 100%.

Best Regards

If anyone is looking for simplicity, I'd suggest First Defence-ISR. I have 4 snapshots, which is like 4 OS, that I can boot to in the event of a problem-blue screen of death, software incompatability, etc. It has saved me several times.

I agree about FDISR. Also I think Rollback RX will do everything that ShadowUser will do, without "persistent" confusion.

-{ Quote: "I agree about FDISR. Also I think Rollback RX will do everything that ShadowUser will do, without "persistent" confusion." }-

I use both FD ISR and Rollback both do a great job - simple and effective