shadowdefender vs returnil

i use same method but instead SD i use CTM , so after a rollback all DW reg gone and i always got it clean

cheers

 

Thanks Tony, I'll give that a try.

 

How do StorageCraft's products - ShadowSurfer and ShadowUser - compare to Shadowdefender and Returnil? (For starters, I know StorageCraft's products are not free.)

According to the documentation on ShadowUser, you can maintain a ShadowMode session accross reboots, which I think is a very valuable feature.

 

Hi LenC,
See these older threads started by Blue:

https://www.wilderssecurity.com/showthread.php?t=196103&highlight=BlueZannetti Light virtualization

https://www.wilderssecurity.com/showthread.php?t=230459&highlight=BlueZannetti Light virtualization

HTH
Mike

 

Since Returnil only shadows the system partition, that seems like it leaves a pretty big hole in the protection. What am I missing?

 

The same way as Tony has posted, work's nice.

 

Not really, at least on a standard configuration.

Automated links to execution will flow through the system partition, regardless of where the content is stored. These will be eliminated/broken on a restart from a virtualized state. In addition, if the basic antiexecute facility is enabled, execution won't occur during the virtualized session.

That only leaves the possibility of manual execution or decidedly pathological exceptions (example - autostart entry in an unprotected location that is replaced by malware) following exit from the virtualized state. I could probably create a hypothetical vulnerability, but I really can't create a pragmatically realistic scenario in which there is one, at least one that does not depend explicitly on operator initiated execution from a user based non-system location.

Blue

 

Thanks Blue. I did not realize that Returnil had an anti-execute function. I was concerned about malware executing during the virtual session and corrupting my data drive.

I'll give this a try for a few days.

 

It's a little hidden under the Virus Guard feature (see screenshot).



Naturally, there are other approaches that can be used to accomplish similar ends (implement a standard SRP for example). Each approach has advantages.

Blue

 

Thanks for the screenshot, I was just looking for that option.

 

I s there any feature that is present in returnil and is not present in SD.
I am using SD for a long time now.

 

There's a few....

• A free version is available (the File Manager is the absent)
• The antiexecute facility mentioned above
• Embedded F-Prot based AV (I know, good for some, a negative for others)
• Wipe virtual session information (i.e. overwrite virtual session content)
• Virtual disk
• Dynamic ability to access real disk/registry during virtualized session

Those come to mind at the moment. The main functional difference is system partition only (RVS currently) vs selectable partitions (ShadowDefender). One can make a reasonable case for either approach.

Blue

 

I agree Returnil is more and more moving in the direction of suites, stand alone applications, Shadow Defender is a pure virtualizer which needs to be used in conjunction with at least another application (my case I use SD + AE from Faronics which seem to complement each other perfectly).

 

I'd like to keep it simple and transparent hence SD+Sandboxie,work flawless.

 

Thanks .

 

Hi Ed_H,
In addition to what Blue said, we are working on integration of Multi-partition virtualization and file/folder exclusions in the RVS Labs version (see the applicable thread in our Betas forums). The feature sets are scheduled to be included in an engine upgrade for the main line products early next year (Q1).

In addition to this, we are in the late development stages for a new multi-state restore feature that still needs work, but should be ready for public testing in a similar time frame (ref: a type of virtual session across restarts...)

Mike

 

Thanks for the reply Mike. Sounds like some great enhancements are coming soon!

 

It would be a milestone in the light virt.world.
It sound akin to VMWare snapshot ability !!

 

Very interesting topic. When I tried returnil there was not an AV feature, so I considered SD superior as it shadows all discs. Now after Blue's post with the picture, I see that and other drives are protected. Does this have an impact on CPU comparing with SD?

 

I guess any additional module will add to the total amount of cpu cycles and memory space used by the application,so it becomes more heavy on resources.
I hope that on the other end SD will stay the way it is now,not bloated and tranparant and very light on resources.

 

I currently have licenses to both Shadow Defender and RVS 2010 (Home Lux with that free giveaway).

For what I use it for, Shadow Defender wins hands down. It is lighter, simpler, faster, more stable and does exactly what it should do (without trying to do other stuff like AV/AS).

The key "feature" that made the decision for me (even though I had the free license of RVS at the time), was the ability in Shadow Defender to exclude a list of files and folders (which RVS didnt have at the time, and afaik still does not). This was particularly useful since I tend to run in shadow mode the majority of the time (only exiting shadow mode to run any updates). Slightly less important was the ability to also protect other drives (I have a dual boot system with XP).

 

^^ You are right. I love the right-click feature.