ShadowUser- Update Please

Been thinking of trying out this software and from reading opinions in other threads, seems to be held in high reguard by many users.Could current users update us on this product such as, is it still definitely worth getting, noticed problems that you didn't before.I won't be starting with a clean install so how bout compatabilitiy issues with other software e.g., F-secure, Kerio.Are there any!.And for future reference, is it compatible with Rollback RX, Aconis T.I., etc.Thanks ahead of time for any replys!.

 

I have been using it for about 7 months and along with NOD32 I consider it one of my most important security softwares (even though SU doesn't really protect against anything).

It is basically designed to surf the Internet without any possibility to get infected from anything, and it just does that as advertised: Eversince I used it I had no malware, as a matter of fact I have NOD running to check for infected files just in case I might decide to save something from the next reboot (I presume you know roughly how this type of sofware works).

Lately people have been all excited about Rollback Rx and First Defense ISR, and I think they are excellent applications but they are not in the same category as ShadowUser, Deep Freeze, CleanSlate, Drive Vaccine (as a matter of fact Drive Vaccine is from the makers of Rollback Rx).

I wanted to try Rollback Rx, but their support advised me against unless I uninstall SU.

As far as problems running SU, I personally haven't had any, and I like the fact that (unlike with Deep Freeze for exemple) I can save files even in Shadow mode.

Reading various threads, I think that if you are really into beta testing you should perhaps consider something like Rollback Rx, but if it is the internet security your first target along with the comfort of a quick reboot SU is certainly a good option.

I hope this helps.

 

Thanks for the info Osaban.The only question remaining i have is backup software compatibility.I only have 1 drive which is partioned and am looking at getting something like Acronis T.I. to back my C partion.Do you know of any issues between these or other backup software?.

 

I'm not quite sure what kind of issues could arise backing up your drive.

My drive is not partitioned so I can't tell you much, although I don't think there are any real issues other that while you are in 'shadow mode' you cannot defragment your drive and obviously you should use your back up software when SU is disabled.

I have backed up my system to an external drive using Ghost 9, but honestly I haven't tried to restore.

When I first installed SU I had KAV, and there was a compatibility issue (whenever I activated the 'stand by' function, I would get a blue screen).

SU support (excellent if you are a registered user) said it was happenning with an old version of KAV but it was okay with late versions. They were right and I decided for other reasons to switch to NOD.

If you trial SU, a good way to suspect compatibility issues is to watch for two factors:

The virtual volume created by SU in shadow mode shouldn't be huge (It starts with 25 MB, and after 3-4 hours it gets to 100-150 MB depending on computers and activities).
When I had my problem with KAV, the virtual volume was starting at 100 MB and quickly reaching 500 MB.

The other telltale sign is a dramatic slowdown of your system, although this is most likely caused by a highly fragmented drive or lack of disk space.

 

I second Osaban.

I have ShadowUser, and I also use ATI for backup. I have not found any problem with them on my computer. However, this may be computer dependent. You get to try to find it out yourself.

I sometimes find that ShadowUser is not so convenient, as I have to disable it and reboot in order to install new software. But I think that is acceptable, and it is good for security. AV/AT and firewall forms one layer of defense, and ShadowUser is my another layer of defense. Two layers of defense with totally different approaches is better for me than running many AT/AV at the same time.

 

Thanks alot.Will try it out.

 

You mentioned that you would be purchasing an imaging solution for backup/disaster recovery.

The makers of ShadowUser are releasing a product similar to TI called ShadowProtect. You might want to look at it. I was told it would release this month.

 

You can also go through these threads. These are small threads so it,s easy to go through and will give you a quick review of SU, DF etc.

https://www.wilderssecurity.com/showthread.php?t=125604
https://www.wilderssecurity.com/showthread.php?t=125623

 

I've seen some say that you can save in shadowmode and some say you can't.Could someone clarify this for me.It would be great to save without rebotting into normal mode and installing again.Thanks.

 

The paid version (Shadow User Pro) allows you to commit changes at any time from the Context menu or manually/automatically at a restart. You can also carry a session through a restart, retain changes, but not commit them (for example, on an install that requires a reboot to complete) until later. A basic comparison of ShadowSurfer (free) and ShadowUser Pro (paid) features is provided here.

Blue

 

Crystal clear.Thank you.

 

Just one more option, though bit limited but good and free is Sandboxie.

 

When you install a new software, you quite often do not know where the changes are, so you do not know which files to be 'committed'. You can still 'commit' the whole disk/partition in order to save the new software installation. However, it is not recommended from security point of view, as this can also save possible undesired changes other than the software installation. That's the reason why I always reboot out of Shadow Mode to install new softwares, and then reboot back into Shadow Mode. Sorry for the confusion to you.

You would learn things faster by trying it instead of talking about it

 

I would like to add a few things: SU is not really an active security application, it requires a different approach to computer habits, a change to the modus operandi that we all have. Yes it is a pain to reboot and to reinstall a software that you have just tried successfully but like yahoo said, a very safe practice.

I personally very rarely try out a software in shadowmode, unless there's a strong possibility of compatibility, but I never surf without shadowuser and I often save from the virtual volume only pictures, some of my mail, and a folder for bookmarks and written material (that's where NOD is absolutely needed).

One has to create a new routine, and some operations might admittedly take longer, but I think this is a small price to pay towards having a system always in pristine condition.

 

While i recognize the security aspect of ShadowUser and find that aspect appealing, testing software in shadow mode would be equally important to me.I've installed a few programs like Prevx1 and Cyberhawk that have locked up my system and it took forever for windows to open to un-install them.If this happened in shadow mode, could i simply hit the reset button on my computer and everything is back to normal?.

 

Ya! u can, but remember that some security related appliances may not be installled in ShadowMode like I was not able to install System Safety Monitor and AntiHook, I don,t know the reason but might be related to their drivers conflicting with those of SU. If you want to do stuff like this, then try RollbackRx, you can download 1 month trial from their website.

 

Theoretically yes, whatever happens in shadowmode be it a rootkit or a program that is obviously conflicting, if you can reboot, it will be deleted for ever (unless you are in 'persistent mode'). I could always reboot either to a new session or into normal mode, and if that fails you can always hit the main switch and start a new Shadow session.

This is obviously my experience within my system, other people might have had different behaviours, and some users really do push these applications to the limit (when you install three HIPS programs, two spywares, several registry protectors, ATs, AVs, and God knows what else, you are really asking for troubles).

If you trial SU, it would be interesting to try installing Prevx1 and CyberHawk and see what happens...

 

Yes it would.I would like to try it again but do some tweaking with F-secure and/or Kerio first to see if it helps with the compatability issues.If you don't mind, i need further clarification on the reboot into normal mode option.In the event of another freeze up, can i simply hit the reset button on my computer and i'm back to normal, or do i have to select this option in shadowuser which would be difficult to do during a lockup?.

 

I installed CH without problems, however if I can remember well, I did get problem installing Prevx in Shadow mode.
Any abnormal boot in Shadow Mode( for example via reset button) will erase all data of ShadowMode and system will be clean again.( However If u have opted for persistant mode in the settings, ShadowMode will persist).

 

If your system hangs in shadow mode, you can hit the reset button and you'll be back into shadowmode (everything from the previous session will be deleted), at this stage you can disable (not exit) shadow mode from the SU icon and reboot into normal mode.

You might have a problem if you were in 'persistent' mode, as Prevx1 needs a reboot upon installation, therefore if the system hangs, you hit the reset button, reboot in persistent shadow mode and disable SU from the tray...(Like yahoo said it sounds complicated but once you try it should be okay)

Let us know how you go, I usually don't create a problem for testing reasons but if you are interested in Prevx1 we can all benefit from your experience.

 

Here's another question i haven't seen asked yet.Shadowuser says that it doesn't write to disk.After booting from shadow mode into normal mode, what about the data from the shadow mode session.Is there still a need for eraser software for this deleted infr is it just unrecoverable?.

 

As told above, while coming out of Shadowmode, u have 2 options,

1- Save all data and boot to normal mode( it will save watever u have collected in Shadow Mode, whether good and bad.
2- Boot to nornal mode and loose all data( it will go perrmanantly- no way to get it, so u should not think of erasing it). However if u have set some folder for commiting changes( saving the changes made during ShadowMode), that will be unchanged.

U can download a trial and see how it works. That,s the only way to understand it fully.

 

https://www.wilderssecurity.com/showthread.php?t=64145&highlight=ShadowUser story

It's a good question and an old issue (if you really want to have a comprehensive analyses of SU, you ought to read 'Spy1' thread above, I ended up buying SU after reading that).

As a matter of fact the virtual volume doesn't disappear after rebooting, it is only 'deleted' which means it still exists but cannot be accessed by Windows. It does however create a security issue as a hacker with suitable tools could recover the deleted info. Spy1 was running 'Eraser' (free software) every night, I do once a week (it takes about 3 hours to erase my 'free space').

 

Is it really needed. If so, even then it is a general issue of course, not specific to SU.

BTW, I think eraser will be needed only if you are going to sell your PC or HD. Isn,t it?

 

If you handle very private info like banking, credit cards, etc, and depending on your level of paranoia, it makes sense to run eraser every now and then.