New version of ShadowDefender

Re: ShadowDefender 1.0.0.130 Released

I left one computer in shadow mode for 4 days straight, visiting all the sites I wanted, let my kids do what they wanted and my daughter saved her games each time she played. I just booted out which took no time, ran a scan with the Kasperskys online scanner and AVG and nothing was found. This is really cool, my pc is completely free of everything and secure. I am sold and a license holder. All wrapped into a application that is only 578kb. .

 

Re: ShadowDefender 1.0.0.130 Released

Hi, Trjam

I am happy for you.

The functions of ShadowDefender you just described are the fundamental ones that a virtualization app (such as DeepFreeze, Returnil etc) ought to perform.

You like it, then it is a keeper for you. Future development and after sale support will dictate your continuing trust in this app for coming days/months.

Take care and good luck.

 

Re: ShadowDefender 1.0.0.130 Released

After seeing this thread I decided to give it a try, and I'm much happier using it rather than a AV.

 

Re: ShadowDefender 1.0.0.130 Released

Cant blame you. Solid protection, and you can still save information as needed. You wont regret it. I have tried everything here and this was what I was looking for and finally found it. I know my cheer-leading is getting old, but just happy. Thanks perman.

 

Re: ShadowDefender 1.0.0.130 Released

Erik, I have been informed tonight the developer is close to having this accomplished. Where you can save all changes made in shadow mode, reboot while still staying in shadow mode with changes made. Then choose to exit shadow mode on reboot and all will be gone. So you can test away with it. So it looks like the adult stage is close. He says he is close to accomplishing this and adding it to a future release...

 

Re: ShadowDefender 1.0.0.130 Released

I have asked that when in shadow mode the tray icon turn orange and when out keep its current color. That way you could disable the screen icon and know when you are in or out of shadow mode.

 

Re: ShadowDefender 1.0.0.130 Released

actually I was just informed both features may be here very soon.

 

My interpreting is not good and this is my fault not the vendors. I was just informed the ability to reboot and save in shadow is about 2 months away. So that one is my fault.

 

Re: ShadowDefender 1.0.0.130 Released

If this is implemented, i would consider switching from FD-ISR to Shadow Defender.

 

Re: ShadowDefender 1.0.0.130 Released

Hi there,

Out of curiosity before rebooting into normal mode did you happen to check the amount of disk used to store the virtual session (4 days is a long time without rebooting)? I have never tested this program, and I assume (like in ShadowUser) that you can monitor the amount of disk being used by the shadow session.

 

I think it was around 6GBs.

 

Re: ShadowDefender 1.0.0.130 Released

This new feature is indeed a big improvement, because there is no distinction anymore between trying softwares without reboot and softwares with reboot.
ShadowDefender can handle both in the future, while Returnil can handle only
softwares without reboot.

It's true that FDISR is the slowest one of all ISR-softwares and requires more space, especially when you use the feature "Freeze", which is the frozen mode of FDISR.
Speed and space are hardware-issues and I don't have these problems. Buy a faster CPU, more RAM and bigger HDD's and these problems are gone.

It's also true that FDISR doesn't protect you against malware, that damage your system partition by low level changes, like Killdisk, Robodog, ...
If I had such malware regularly on my computer, I would certainly do something about it, but I never met such softwares, since I use computers.
If both are executables, Anti-Executable will terminate them anyway.

So, I'm not going to ditch FDISR for that and lose the "archives" and multiple snapshots of FDISR, because these archives keep my computer clean and solve all my problems on a DAILY base.
Protecting your system partition against KillDisk, ... is not on a daily base, it only will save you, IF you have these malwares and when is this going to happen ?
ShadowProtect will save me in such situations, if my security softwares are not able to stop them.

Keep in mind that Killdisk, ... has been discussed, because some users infected their computer ON PURPOSE to test ISR-softwares and see what damage they caused, but not because it happened in reality.

I keep my FDISR as long as possible and then I will look at the other ISR-softwares.
Many of them will have more possibilities in the next 5 years.
Returnil and ShadowDefender are in full development and I can afford to wait ...
Only users, that don't have FDISR are forced to use another ISR-softwares, because FDISR is dead and can't be recommended anymore as a solution.

I'm quite surprised that some Returnil-users are still using scanners, while
Returnil doesn't allow any change on your system partition.
My frozen snapshot does exactly the same thing : no change = no change and that means no malware.
I ran all popular scanners to test my approach with the same result : no threats found, except false positives.
A reason can be that they don't use a frozen mode in the same way, like I do.
Another reason might be that they don't have archives to rollback to a fresh installed and unused system partition, like I do.

At this moment, it's too early for me, to replace FDISR with Returnil or ShadowDefender, it would be a step back in possibilities.

 

The one thing with Shadow Defender if you want to use a AV or other product that update
s, which I dont. But like with Avira you can exclude it, heck, you can go as far down as to a specific folder in the application to exclude, and allow for your software to still be updated.

 

Re: ShadowDefender 1.0.0.130 Released

As much as it looks like a big deal to have that extra feature, after several years of using ShadowUser Pro i've only really tested the possibility without finding any real practical advantage (I never test programs as a hobby, but when I do for real, I do it writing to disk as it might take 2 weeks).

I suppose this rebooting in shadow mode without loosing your session could be very helpful if you fear a system crash during a shadow session, whereby you would loose that session on reboot (3 times, I kept it in persistent mode because I needed to work on something potentially infected but very important at the same time).

If ShadowDefender is Vista compatible, it will certainly be my choice for my next computer.

 

In theory any exclusion of objects makes your frozen system partition more vulnerable.
Suppose a malware targets Avira and the folders of Avira are excluded, then this malware is able to do its evil job, whatever that might be.

 

Did you notice any slowdown of your computer speed, say after 2-3 days?

 

no I honestly didnt. And on one I tried different AVs just for the heck of it. Some played better with it then others, as far as responsiveness. The funny thing is, and I would not think I would be saying it, but Eset 3.0 worked best. Actually it was very fast in Shadow mode.

 

I agree that if the file exclusion is taken too far, then it's probably not worth using the software in the first place. I would exclude 1 or 2 folders only containing documents.

For my AV/AS updates, I would have to turn off shadow mode, perform the updates and turn it back on again. Although I still use scanners, I expect the frequency of updates and scans to reduce when I start using SD. I no longer see the point of daily scanner updates.

 

I was only saying you could. The only thing that I save are my daughters games. Also testing F-Prot with it. Downloaded the beta for vista, but the AV is really nice. I had forgotten about it. It works very well.

Mike, it is going to come out of beta isnt it. Just kidding. This AV to me has progressed faster then any other in stability and detection. Need to check and see if my license is good, if not I am getting it. I do think I will run F-Prot with Shadow Defender to provide added protection. Dont worry Erik, no scanning, at least scheduled.

 

The problem with scanners is that they suddenly start with updating their signatures at any moment of the day. If you are in frozen mode, those updates will run and stored, but you will lose them when you reboot.

I would turn OFF the automatic update of these scanners forever.
After the first reboot of the day, when your system is still clean, I would go in thawed mode, do all signature updates on demand, run the scanner and remove possible malware. Then refreeze and continue.

 

Shouldn't really be a prob, I would agree if it is possible to disable program updates as compared to definitions updates, as a program update will probably require a reboot, whereas definitions do not. Avast allows for this, so I have it set to alert if there is a program update and automatically download definitions. This ensures I have the most current definitions always, and am aware of any program update. I will lose a weeks worth of definitions when I reboot at the weekend, but as soon as I boot Avast checks for these and downloads them again, done in about 20 secs, and I can then re-enable Returnil protection, or update the program first also. Avast is the only active scanner I run.

 

Multiple Snapshots = 10 and the life saving measure of FD-ISR's "ARCHIVES" which are a mirror copy image of sorts of those snapshots/systems, is what gives the Genuine original FD the overwhelming edge over ALL other ISR's imho.

Given the fact i have literally corrupted all executables on purpose (during file infector research w/virus) without giving forethought to making an image beforehand, then having to rely on archives stored on another partition, a simple wipe/format/reinstall of XP then FD-ISR program is a very minimal inconvenience to bring everything completely back up to normal operations again.

FD-ISR's archives are VITAL! impressions taken from snapshots and when isolated stored to an alternative disk, there is no way to lose. Only rerun and run again just as before any serious problems which rendered ALL snapshots ill-affected.

I've proven FD-ISR and other circumstances beyond my control have proven it a superior technology. Only drawback is like Erik says, it's no longer available like before.

So most users are now left with less effective alternatives at this point in time.

 

I have to agree with you here. The same can be said about Resource access/exclusions in Sandboxie or any program. Anytime you make an exclusion/exception, your making a "hole" in your protection. Sort of like a Windows OS .

So everyone, which is the best... Creating "holes" in your virtual protection system or updating and making changes with protection off and then re-enabling protection?

 

I don't think it makes much difference. Far too many make far to much of an issue about security - some even claiming they only update their systems off line , with the internet cable removed in a room with dimmed blue lights ( just to be on the same side).

In practical terms the treat of infection is so low that I can't see that any one method can claim to add any real additional security. I use Returnil on some machines, DeepFreeze on others. I have used FD-ISR, software firewalls, Hips, Sandboxie .... and so on. When discussing these programs the focus naturally tends to the extreme - what if I'm attacked by some as yet unthought of, undetectable nastie ? well the answer in almost all cases is that you will probably get XXXXXXed. The probability of this happening is fortunately so low that we need not be concerned by either the science fiction writers or those who are constantly promoting their latest securicrapware.

Personally I prefer the second option - I make changes off line and then re-protect but I'm fully aware that this still leaves me exposed. every time I install a new program its an act of faith - fortunately the risks are much, much lower than some claim.

 

Darn... I've been using red lights . I agree, it probably doesn't make much of a difference.

From what I gather, the threat of infection is low unless your installing new junk all the time. Maybe some people need to have there systems frozen. My sis thinks she has malware and the machine is slow, but they are still using it .

You make your changes off-line or unprotected/unvirtualized/shadowed? I'm assuming you meant with protection off. That's what I have been doing. And I agree, it is an act of faith or trust when installing a new program. I do what I can like scanning the installers, but that's all the knowledge I have except for the good word of folks recommending a software and I'm now going to check for hashes. And that may be over the top. I'm now googling for blue lights and dimmers .