Shadow Defender alternative ?

Discussion in 'sandboxing & virtualization' started by Ech0, Oct 16, 2011.

Thread Status:
Not open for further replies.
  1. Ech0

    Ech0 Registered Member

    Hello guys;
    i have used shadow defender since i got my computer; but now i can't find the download link of this version. That's why i want to try another product similar to shadow defender.
    Briefly; my question: what's the alternative of Shadow Defender ? o_O

    Thaks in advance..
  2. moontan

    moontan Registered Member

  3. kjdemuth

    kjdemuth Registered Member

    Deep freeze from faronics. Closest thing I can think of.
  4. Osaban

    Osaban Registered Member

    Another possibility is Drive Vaccine:
    $39, similar to DeepFreeze except it seems to be more versatile, I haven't tried it so I can't say much, but it seems to be potentially an interesting application.
  5. Dark Shadow

    Dark Shadow Registered Member

    IMO there is nothing like ShadowDefender its a one of a kind.That being said, DeepFreeze is IMO is a close 2nd.The installer of DeepFreeze includes the Igloo which allows to save work to a thawed partion.I have not used Igloo though so I can't comment on how well it works or the ease of use.
  6. cgeek

    cgeek Registered Member

    Wondershare Time Freeze:

    Clean Slate:
  7. ziaul

    ziaul Registered Member

    How is it different form Rollback Rx?

  8. Coldmoon

    Coldmoon Returnil Moderator

    Returnil Virtual System Pro 2011 or Returnil Virtual system Lite 2011. both are based on a strict Virtual Mode (Shadow mode) approach and include multi-disk virtualization and an inherently safer means for saving content to disk than any of the alternatives suggested so far in this thread.

    Both versions also include default-deny anti-execute...

    Kind regards
  9. kjdemuth

    kjdemuth Registered Member

    What is the safer means of saving content? Just curious.
  10. pegr

    pegr Registered Member

    Scheduled file commits rather than a file exclusion list. I think the theory is that this leaves no holes in the virtual system that could potentially be exploited by malware, while still providing a convenient way of automatically saving content.
    Last edited: Oct 18, 2011
  11. Coldmoon

    Coldmoon Returnil Moderator

    Exactly :)

    The process is as follows:

    1. All content on the virtualized drive is protected by the virtualization (Virtual/shadow mode)

    2. The authorized user pre-defines what content will be allowed to be updated with changes (NOTE: sub-folders included automatically with a folder selection). For those with an office scenario, Documents, Pictures, and databases can be added with interval saving to disk.

    For the gamer, adding their gaming directories will allow for session saving without the need to drop the Virtual Mode protection and the File Manager can be set to autosave the action as quickly as every minute.

    3. When a change needs to take place, the File Manager hands the file off to Windows for the save to disk process which has the effect of locking the file from being accessed or exploited by any potential malware.

    4. Once the content is saved, the content is returned immediately to protection under the virtualization.

    With an exclusion process (aka thawed volume), the content is left open to exploit because it is never virtualized. This makes the exclusion process itself less secure and inherently riskier in the long run...

  12. kjdemuth

    kjdemuth Registered Member

    Hmm. Good point. I might have to take another serious look at returnil. Didn't a recent test show that a trojan made it past returnil and into the MBR? I think it had said that it made it past reboot. Or am mistaken?
  13. Coldmoon

    Coldmoon Returnil Moderator

    Please point me to that discussion so we can take a closer look just in case. The goal with RSS/RVS however is not to make any one component a silver bullet as no such thing exists; rather it is to make the whole a more secure solution.

    If something were designed to effect the MBR in some way while in Virtual Mode, there are three ways to make certain it does not make it out of the virtual system:

    1. Anti-execute (default-deny): In the TDL trojan discussions, it was shown that the A-E component blocked the thing from executing in the first place which kept the system clean.

    2. Virus Guard: With a sample, we can get the VG updated if the content is not detected. This is secondary to the A-E in this scenario as an A-E block will provide the necessary notice to the user that something wicked this way came and was shut down before it could do anything.

    3. System Restore in RSS Pro: Restore to an earlier time before the issue happened. With an update as in #2, the SR is further strengthened by being able to run the VG automatically to determine whether a RP was infected so you can make a better, more efficient choice as to which RP to deploy when required.
  14. kjdemuth

    kjdemuth Registered Member

    So I'll take that as a yes. A TDL did make it past reboot.
  15. ichito

    ichito Registered Member

    Wondershare Time's similar to RVS Lite.
  16. SLE

    SLE Registered Member

    If you test new samples this happens only if Anti-Execute is set to high - which is not the default setting and not a setting for average users. So for me it's only half an argument.

    It's now known since more than a year that virtualisation part of Returnil can't protect from TDL.

    So what can we expect: Will virtualisation part ever be improved in that way?
  17. Dark Shadow

    Dark Shadow Registered Member

    I got me a free license code and it works well.
  18. PJC

    PJC Very Frequent Poster

    I've used Faronics Deep Freeze for a few weeks.

    So far, so good.
  19. majoMo

    majoMo Registered Member

    Same here. ;)

    BTW, do you use Buffer Mode? To start from OFF to ON it delays too much time? (here 1 min 30 sec :mad: ).
  20. Boost

    Boost Registered Member

    Good stuff! I used it for a year or so.

    Wondershare Time Freeze works good as well,only used it for a short time.
    Returnil,I used for a long time,never had an issue.
  21. Dark Shadow

    Dark Shadow Registered Member

    No I dont, I have not even tried it.
  22. majoMo

    majoMo Registered Member

    Thanks for the info. So all the writing and reading on your system occur in the disk.
  23. Pliskin

    Pliskin Registered Member

  24. ichito

    ichito Registered Member

    Virtual Protect
    Free 1.62 (installation file 370 KB)
    paid 2.2.1 (installation file only 184 KB...the most expensive software in the world :))
  25. Ech0

    Ech0 Registered Member

    Firstly; Thanks for the replies to all of you.
    I have Phantom Armor licence from Giveaway of the Day (i'd used it for some time; it looks identical to Shadow Defender). And i want try this product again but there's a problem; its domain had expired.:doubt: Now; I'm having doubts about using it.
Thread Status:
Not open for further replies.