ShadowUser - What to do pre-installation?

After reading for hours and hours, I like the idea of ShadowUser. I read as much as I could find, just need some guidance on what to do before downloading it. What all scans do I need to run to ensure my computers are clean?

Also, once installed, what do I need to do right away?

Basically, just looking for any do's or don'ts that I need to keep in mind. I'll be printing out the information on their site, but I'm always nerverous when trying something new on a computer.

Also, once I'm all set and am surfing in shadow mode, what do I need to do to check any downloads I may have completed to ensure they're problem free (no virus, spyware, adware, trojan, etc) and safe to keep?

Oh, I'm really bad about knowing exactly what sort of system I have, so I can't give you as much info as you may need - I have two laptops and two desktops hooked on a home network (wireless router with built in firewall - step son set it all up). One laptop and desktop are older and running windows 2k, one set is brand spankin new and running xp home (according to step-son, the two computers have more space and speed than an idiot like me needs). If any more info is needed, I can either have step-son tell me the answer, or if you can tell me where to look within my system.

Thanks in advance for any information you can give! I'd darn near offer a kidney to anyone who can walk my hand through this process!!!

 

The majority of the work will actually be done prior to installing SU. SU can keep your system function nicely. For this reason, it's always best to have your computer running at optimal performance prior to installing SU (so that it stays that way)

If you are not reformatting prior to install, then to get the best results you will need to do a few things :

1. Make sure your computer is clean of nasties :

Scan online with the best online AV - kaspersky http://www.kaspersky.com/scanforvirus
Scan online with Ewido (anti-trojan) http://www.ewido.net/en/

Make sure you have the following anti-spyware programs on your system, update them, and run a scan with each of them :
Microsoft Antispyware http://www.microsoft.com/athome/security/spyware/software/default.mspx
Ad-Aware SE http://www.lavasoftusa.com/software/adaware/
Spybot S&D http://www.safer-networking.org/en/index.html

2. <optional> Clean your registry http://www.hoverdesk.net/freeware.htm
This particular registry cleaner is very effective, easy to use,and will backup any registry entries you delete (make sure the box marked 'backup deleted entries' is ticked). Entries need to be saved because as any registry cleaner will occasionally make a mistake (fixing the mistake is simply a matter of reinstalling the back file in regseeker...very easy to do).

3. <optional> Defrag your harddrive.

4. Install SU

5. Prior to activating Shadowmode, create excluded folders. This will include your email storage folder - should be something like C:\Documents and Settings\<your name>\Local Settings\Application Data\Microsoft\Outlook
You may also want to exclude your personal documents folders.

(you can choose to use either excluded folders or autocommit folders. Autocommit folders will commit the changes when you shut down, excluded folders aren't included in the SU 'image')

 

Ugh, am up way too late, and my eyes are about to bleed from being so tired!

I really appreciate your response - makes the process seem less scary. I will follow your directions, and make sure that my step-son is here to help me through the process.

I had read your response earlier and had planned to write some questions; got distracted and forgot, so I'll have more to ask later. The questions I did remember to write down are: - so, if I scan with all items you listed before installing, then I can assume my computer is clean enough to then install ShadowUser, correct?

Any before or after tweaking to XP or 2000 necessary (ie hardening files, show hidden folders, etc)?

Also, I've read that this program is pretty darn secure, but what are things that I need to do/not do in order to make sure I don't somehow fill my computer with bad things anyway? If there's a 1 in a million chance of killing my computer by doing something that isn't worth mentioning because nobody has ever done that nearly impossible thing, I'll be the one to do it, and I really don't need to give my husband and step-son yet another dumb computer mistake to use to ridicule me!

What sort of things should I put in my exclude/auto commit folder? I guess the process of acquiring something through determining if it's safe/harmful and finally to saving it is what's still confusing to me... I mean, let's say I play around online one afternoon and download a few things I may like to keep. Do I then do a scan with the usual recommended spy/ad/trojan/etc-killer stuff, and then save if the scans come out clean?

One last question before I pass out... this is mostly out of curiousity. I know that with any program there is an initial adjustment period while you get the hang of things... anything in particular that it took you a while to remember to do or not to do? I can just see myself spending a few hours working on something, getting it perfect, then forgetting about ShadowUser, and wind up losing all my work!

Again, I really appreciate the help.

 

Unfortunately it may be impossible to be 100% certain that your computer is clean without reformatting, but you can be 99% certain.

If you want to doublecheck things, don't forget to run your own AV scan, and I would download the trial version of
- TrojanHunter http://www.webroot.com/products/spysweeper/
And run the free spyware scanner of
- Webroot Spysweeper - http://www.webroot.com/products/spysweeper/

You should be 99.9% certain of being clean after those additional tests.

Gah, forgot about this. Yes there is. If you use IE, you will want to do a few things (to disable most of the vulnerabilities in IE). All these are free, and don't use any resources.
-harden your IE settings. See this link, half way down the left hand column
http://www.spywarewarrior.com/uiuc/main-nf.htm
-Download IE-SPYAD and install it
http://www.spywarewarrior.com/uiuc/resource.htm
-Use a HOSTS file (instructions on webpage)
http://www.spywarewarrior.com/uiuc/resource.htm
-Use SpywareBlaster
http://www.javacoolsoftware.com/spywareblaster.html

After you've hardened your IE settings, make use of your 'Trusted Sites' tab and 'Internet' tab (in your Internet Options, Security tab.) A lot of the things you disable to make IE more secure, you will need to use for certain sites (like microsoft sites, and also remember that any site with a forum requires that cookies be activated). This can be achieved by use of the Trusted Sites tab.

Alternatively, you could use a free opensource browser like Mozilla Firefox (which most people here recommend. I still use IE myself though) http://www.mozilla.org/
Just note that if you use firefox, you will still require IE for a select few sites (once again, mostly microsoft sites).

There's just one thing you need to realise about SU...it's VERY secure when you are in shadowmode...but if you are installing something...to make that install permanent, you have to deactivate shadowmode (requires a reboot). While you are out of shadowmode, ShadowUser cannot protect you.

There are a few main ways to 'possibly' get infected...most relate to executable files, or scripts :
1. Openning an email attachment
2. Openning a file sent via Instant Messenger
3. Drive by downloads while surfing the internet (IE hardenning or firefox should solve 'most' of this)
4. P2P programs (many have spyware built into them)
5. P2P programs (dowloading certain types of files, most notably executables, is very risky)
6. P2P programs (they act as a server, which may be vulnerable to hacker attack)
7. Downloading an unknown program from the internet (always try and find multiple reviews from sites you trust before running an unknown program)
8. Installing copied programs from burnt CD's. <any file from another computer is a possible source of infection>

A few things :
1. <as per above> search for reviews from sites you trust. Find multiple reviews
2. You could post in a forum like this, asking for advice
3. Run the file through an AV, and AT (anti-trojan), and an AS (anti-spyware)
After you scan the file with them, keep them running realtime when you do the install (because sometimes it's harder to read the packed file, than it is to read the exe as it's unpacking).

You could also run a program like Winpatrol http://www.winpatrol.com/ which is a free, and very easy to understand program. It will tell you if anything adds to your autostart programs list (among other things). Nice little management tool.

All of the above should help you make an informed decision on whether to run the program or not.

Anyfolder where you save 'work' to, should be included in your excluded folders list. Then none of this work can be lost.

 

Thanks again! I'll print this thread out to read over repeatedly until it all sticks in my brain. I've been reading enough over the last couple of weeks about spy/ad/malware/etc fighting, that it's making more sense, ditto stuff about the overall idea of the inner workings of computers.

After having been burned once, I am much more careful online. I never really downloaded much, but feel more comfortable with the idea after reading some excellent advice on how to lower the chance of damaging my system.

I have a short list of sites that I have heard over and over are generally safe, and I don't go downloading all willy-nilly. Any software that interests me, I do check a few safer sites and read reviews there, and I make sure to read ALL the negatives. I also closely examine the most recent reviews, in case a once-safe developer has gone bad.

If I'm reading a forum that I feel is legit and someone mentions some software, I take a hard look at that poster. If they're a guest or (like me) have made very few posts, I shy away.

I read the user agreement before agreeing to download something. I know what the red flags are with most. This isn't 100%, but it has saved my rear end before.

I have been considering switching to a new browser, but haven't made up my mind yet. I am curious as to whether you really need to still lock down IE so tightly if using ShadowUser. Well, the biggest attraction for me was that I just got tired of the hassle of all the spy/ad/etc programs... Kerio's firewall drove the hubby insane, and somehow it conflicted with something. Spybot and I never got along. I think it was that SpyDoctor (think that's the name) that wouldn't let me get online AT ALL...

Basically, I researched a ton and downloaded the anti spy/trojan/virus/etc programs that were consistently raved about, and wound up with conflicting programs that left me with too many alerts, confusing alerts, favorite sites that no longer acted right, mail I couldn't access, and sometimes unable to access the internet at all... in the end, it was just killing my enjoyment of surfing... that's why I wanted something where I could just relax a bit and feel like I enjoy my surfing without constantly panicking that every little thing I did would kill my system.

I had no issue with the idea of some things like blocking ads and pop ups, adding known dangerous sites to my prohibited list, and having certain safety measures in place, but some of the hardening tips I've read are just so intense... plus they make the husband gripe, which in turn makes me want to beat him about the head with a skillet.

Actually, some of what you warn against makes me think of something Spy1 had said a while back... I'm pretty sure he said that by using ShadowUser and the programs listed in his signature, his family could practically have free reign to do what they wanted online, and anything they wanted to keep, they had to make note of so he could examine and save, and the rest would disappear at reboot. In addition, I ran across a post where he commented that some of the other programs he uses are to cover his internet tracks, rather than for actually protecting his sytem from bad things. At any rate, I had walked away with the impression that by using ShadowUser and a few programs to make sure anythign he wanted to keep was safe, he could then forget about much of the hard core stuff that people who don't use ShadowUser (or deepfreeze) would need.

Anyhoo, I should be able to get this ball rolling today, and I'll report back with any questions.

Gah! Now I don't know if this post even makes sense! I'll go ahead and do some more reading to see if I can make this all a bit more clear in my own head.

Thanks again!

 

You're quite right, SU will keep your computer safe even if you don't harden your IE settings....it would then work this way "malware makes use of IE vulnerability to driveby download....computer reboot...malware gone"

SU was the last security program I got, so I had already done everything else to my system prior to it. If I had bought SU first, then it would not have been truly necessary to take the precaution of hardenning my system to such a degree with SU, but I like it the way I have set up...personal preference I suppose.

As for 'favourite websites not working' when you harden your browser settings...that isn't a problem...just add your favourite sites to your Trusted Sites zone, and they will work like they normally do. If for example, you want this forum to be in your trusted sites zone, you would use the syntax *.wilderssecurity.com

 

Thanks yet again!

I mentioned not being able to access sites only because it seems like on every "Do this or your system will be destroyed by bad stuff" site, the first thing they all say is to never add any sites to your list of trusted sites.

You've been so helpful! I will read over the hardening links you provided (and ones I'd found prior) again; some do seem worthwhile, even if not an absolute must. Some just seemed so intense, I'd rather never get on a computer again than have to go through the hassle involved.

I do have a question about how to add a trusted site; I've tried this in the past, and I usually am told I didn't format it properly. Anytime I want an entire site and all inner pages to be trusted, is it just an asterisk before the main domain name (ebay and all pages within = *ebay.com) - if so, that was my mistake, as I always assumed it had to be eBay.com*

Going further with the syntax, what if I only need to add one section of a complex site to my trusted list. Can you do that, or must it be the whole thing? Like with eBay, say my favorite discussion board can't be viewed without enabling activeX. If the url is www.ebay.com/community/discussionboards/htmlhelp and I only want to add the html board to my safe list, how would I do that?

Back to ShadowUser - and I apologize if I seem to be repeatedly asking questions you've answered, but there are a couple of key things I still don't feel I'm clear on

I read again your previous post addressing how I could still possibly get infected. Let's use the example of me downloading some freeware that I've done no research on, so it could be infected. Is just the simple act of downloading it risky, or is the danger in downloading and assuming it's all good, and keeping it in place permanently?

Assuming you can do pretty much anything you want and ShadowUser will make it all go away on reboot, and so the only risk is in not scanning before keeping i, then that then leads to another question. I don't know if I ever did see a clear explanation (a 4 y/o child could understand) of the process of saving something permanently. So, let's say I get all download happy one night and download 4 free programs that look useful. I downloaded in Shadow mode, so I'm cool so far no matter what, right?

Now, I start using these programs immediately to see if I like them. I hate download A, it turns out to be really stupid. So, I want to dump A whether it's infected or not. Downloads B, C, and D are pretty cool, I'd like to keep them, if they're safe. So, I gather that I scan my system to see if I'm infected; an all-clear from my scans is a pretty good indicator that none of the downloads were infected/bad.

----Here comes sort of a sidenote question... would I have been better off downloading one at a time, then checking my system after each download?

Assuming they all come out clean... will I need to reboot and come out of shadow mode and then redownload the programs? If I'm confident the programs are clean, can I just burn them to a disk and then install from that disk after rebooting instead - as opposed to going back online and risking picking up something bad on my way back to the download site? I have the latest and greatest CD/DVD burners on the two new computers. Oh, I also have a 1gb usb thingie that I got for my birthday; could I just copy to that, then copy back when I get out of shadow mode?

One last question - what if I want to bookmark a site? Is that a file I should have exempt? Not sure about that one, only because that seems like a vulnerable thing. Mainly asking because I like to use bookmarklets; the tiny bits of javascript that make my life easier. Any other site I wanted to save, I'd have no problem copying to a text file and saving that file to disk anytime I'm ready to sign off my computer.

So, I guess the key things I really need reassurance on is knowing whether or not ShadowUser will erase ANYTHING I download/get infected with in a given session. I did read what Spy1 said about info still being available forensically, but I'll worry about that later - I doubt the cops or my husband would be interested in where I go online.

Also, if I like this program, I'd be glad to do a short write-up from a "clueless about this stuff" point of view that you can just paste and say "read this first" the next time a newbie starts shooting off a million questions like I have!

Again, thank you a million times over! You've been able to explain things in a way that I understand - that's usually half the battle, so I really feel like I'm in good shape because of you!

ps I'd be interested to know what you personally feel is needed in addition to ShadowUser. In doing my internet security research, I had found the combination I thought would best protect me (and even installed much of it), but this was before finding out about ShadowUser, which I know eliminates some of it. Even if just to say what sort of program I need and make me decide which particular one to use. Actually, what sort of protection I may need both in and out of shadow mode would be helpful.

oops! one last thing, I swear. I think the only things I'd trust 100% at this point is stuff I create in word/text files, graphics (.jpg and .gif) I create or pull from sites. So, would it be smart to simply create one main folder that's to be excluded, then make sure I save my future text and graphic items to subfolders within it? If the main folder is excluded, then I can add/delete subfolders and items within subfolders and it'll all be left alone, correct? Like with .jpgs I pull from online... is it just a matter of using my editing program to make any wanted changes and saving the final copy to that excluded file?

Thanks again. After reading so much gloom and doom and being afraid to even look at my computer, it's nice to finally feel like I'll be able to enjoy myself without being afraid of losing it all!

 

There is apparently someway that spyware can trick the trusted sites tab, but I'd say it's very rare. For the balance between computer security and usability, this is the way I chose (over switching to firefox)

To add a Trusted Site, go to Internet Options, Security, Trusted Sites, then click on 'Sites'...in the page thats displayed, untick 'Require server verification (https for all sites in this zone' . If you don't untick this, you won't be able to add a lot of sites. The syntax *.<sitename>.com will cover everything that has <sitename>.com in it. So *.ebay.com will cover the whole ebay site. I 'believe' (because I've never tried it), that if you made it *.ebay.com/community/discussionboards that you would only get the discussionboards covered.

Those vectors of infection....on rebooting from shadowmode, any infection would be gone.

Not 100% certain of this. 'Normally' the download part isn't the risky part, it's starting the executable thats the risky part. Quite often, the malware is hidden inside a friendly looking executable.

A number of ways :
1. if it is downloaded to your excluded folder, it is automatically permanent
2. if it is downloaded to an autocommit folder, it becomes permanent at reboot
3. if you deactivate Shadowmode, whatever is done there is permanent
4. if you downloaded to a folder in shadowmode, and tried the program, made sure it's safe, and want to keep it...copy the original installation .exe to an excluded, or autocommit folder.

in relation to the first part, as per above 4 ways of saving them. In relation to the second part...no right or wrong answer, but it is probably easier to test them one at a time (so the results don't get confused).

as per above 4 methods of saving permanently ...plus your last method works fine also.

This is a bit tricky, because your IE favourites are actually stored to your computers registry. You cannot exclude your computers registry from shadowmode. What I do, is keep a word document called 'favourites' and save the web address there, until next time I deactivate shadowmode...then I add it to IE favourites.

simple annswer ? YES

The only things it wont protect you from :
1. anything that happens out of shadowmode (eg permanent installation of software has to happen out of shadowmode)
2. anything that happens in your excluded/autocommit folder (as AC folder commits on shutdown)

If you mean any sort of protection other than an antivirus...I would suggest one of two Host Intrusion Prevention Systems. Prevx1, or Online Armour. At this stage it looks like OA will end up the better product. However specifically in relation to SU, Prevx1 has some very nice benefits in how it works.

In SU, I exclude a number of my security products <ones that require updates> and computer games (to allow for saved games). Prevx1 prevents installation of executables to the Program Files and Windows folders (and a few other minor ones), and the modification of executable files in those same folders. Basically all my security and games are stored in the Program Files folder...allowing me flexibility with SU, but still a good degree of security.

There's an couple of thread on both Prevx1 and Online Armour here at wilders. Mike Nash, who is from Tallemu (read Tall Emu...aussie company that makes OA) has provided first class and quick responses to any questions relating to OA (which I have to say, is much much better response time that Prevx provides at their castlecops forum).

Correct. Don't forget to exclude your email folder too.

 

Vikorr,
Thank you too. You explain ShadowUser alot better than the official website of ShadowStor and the manual of ShadowUser.
My compliments !!!

 

Well, this forum is very different than the one I usually read, so I'll have to try to use the quote feature sometime when I'm more awake.

It's all becoming more clear, thanks to you! I really should get some sleep, but I want to post now so that I don't forget anything!

You said that a spy/malware/etc thing messing with your trusted sites is rare, but it has happened to me. I don't know if it had actually done it, or was somehow tricking my system into telling me it had. I'd been online without major incident for many years, until two weeks ago. Got careless one night, and got hit hard. Thankfully, had just installed a few things the step-son had recommended, and they were able to stop this thing from regenerating. Anyway, I think it was spybot that I then remembered was there, but not activated. Either way, it was a program that puts a long list of stuff in the restricted list. When I went to apply, I got a screen indicating these were in my TRUSTED sites list, and asking if I was sure I wanted to restrict/ban them all.

I wish now my step-son hadn't been so eager to help (he moved one file to the wrong place, brought on blue screen of death, decided to wipe and reinstall)... I was working my way through removing the problem myself, and was really learning alot in the process. I had just ran HiJackThis, and was about to use an online tutorial to see if I could spot all the bad stuff and figure out how to fix (was planning to post log somewhere for confirmation - bad experience with archivedll left me scared to mess with deleting files I don't know enough about!)

Here, you say how I can become infected:

"1. if it is downloaded to your excluded folder, it is automatically permanent
2. if it is downloaded to an autocommit folder, it becomes permanent at reboot
3. if you deactivate Shadowmode, whatever is done there is permanent
4. if you downloaded to a folder in shadowmode, and tried the program, made sure it's safe, and want to keep it...copy the original installation .exe to an excluded, or autocommit folder." (sorry for not quoting properly)

1. Excluded folder - In general, if I have my one excluded folder that I'm saving text files and jpg/gif images to, seems to me it's not a folder a bad download would attack, right? I mean, wouldn't it have to be that I wasn't paying attention, and I MYSELF TOLD IT TO DOWNLOAD THERE? Just wanting to clarify; from what I read, those things try to get your goodies, the files where they can really do some damage; not a silly little folder with only some text and image files.

2. Autocommit folder - isn't this a folder specific to ShadowUser, meaning it's something I create, then tell the program that whatever I put in it stays..?? (only asking, because I want to verify that I am actually learning something - I remember this term from before; only the excluded folder idea sounds more appealing to me)

3. Is there any reason to deactivate shadow mode, other than windows updates and to download a program I've verified is safe (or verified is safe and copied to disk or usb thingamabob). As with most victims of evil internet downloads, I'm thinking it'll be a while before my computer is anything other than OFF or in shadow mode!

Actually, if the USB thing or copying to disk works, I think that's how I'd handle any downloads until I feel more comfortable with SU. I think that's the way to best prevent any major screwups. Plus, if it's safe, I can then take the disk or USB and install it on my other computer easily. hmmm...

Oh, quick question about exluded and autocommit folders - so let's say I've played around with downloading anything I could get my hands on, and other risky internet behaviors. So, as a backup measure, I could do some heavy duty scanning on just my excluded and autocommit folders, right? Like with I think Ad-Aware; seems like it lets me scan specific folders. I would imagine that scanning them for the first couple of weeks would make me feel a bit more secure. Like having training wheels.. then once I've downloaded something that had bad stuff, but those folders scanned as being clean, some assurance that unless I specifically told something to go there, those files really are safe.

4. See, now I'm glad I asked! I was under the impression that my only option was to reboot and download, or else somehow save it to a disk or usb thing or save directly to an excluded file to begin with... as much as I've read about this program, I don't think I've seen mention of being able to copy/move something to that folder once I've downloaded it to another location. *yeah, I knew it could be done without the program, and have moved many things... just thought ShadowUser somehow eliminated this possibility

About bookmarks, I have no problem saving them to text. Actually prefer the idea, have been doing that since my stupid download incident - I also have no problem saving them to this dumb online bookmark keeper account I have, either. I could just open that account first thing, and use from there. I'll think about the bookmarklets, as I have an idea that will turn out to be either way above and beyond genius, or so stupid that I'll be glad I didn't post such a dumb idea for all the world to see!

I had actually read nearly everything on this site about the Online Armor program; but I thought it was still in testing..?? After reading something Spy1 wrote, I figured I'd need a similar type of program. I liked what I read about OA, but like I said, thought it wasn't available to the masses yet.

Hmmm, not sure if I'll worry about my email folder, in the sense that you meant it.. I've never been huge on emailing people, so I'll think about what I want to with emails.

Oh, now what about any adjustments I make to any kind of settings... I can disconnect from the internet, reboot and come out of shadow mode, make changes/save, then go back to shadow mode and the changes will stick, right? Is that the best way to do it?

I'm actually looking forward to doing some experimenting now! Not only have you made me feel much more prepared to tackle this program, but knowing that I can always come back and ask questions as they arise makes me feel so much better! Plus, my step-son can always just wipe my system if it came to that.

This makes me really eager to have him get the old desktop going again... he began to wipe it two weeks ago, then slacked off. I haven't needed it since, but had planned to keep it as a practice system... all sorts of ideas are popping into my head about things to experiment with now!

Really, I can't thank you enough! I finally am feeling like I'm computer literate again! Right before the infection, I had so greatly improved my coding skills that I was thinking I was hot stuff... after the infection, I felt like my brain had been zapped, and I'd been rendered a complete idiot. It was weird how much it affected my self-esteem, but that's a topic for Dr. Phil, not this forum!

As usual, I'm sure I'll have more questions. Think the step-son will be over this weekend and we'll walk through this... funny, I called him last night to ask if he'd heard of the program, and he said he'd just heard something about it the day before, and had been planning to look into it today!

 

Quote syntax (space added after the '[' to allow syntax to be seen)
To open a quote :
[ quote=name]
To close a quote :
[ /quote]
The '=name' doesn't have to be included
OR
There is a little icon to the right of the Bold Italics Underline icons, that allows for quoting, by highlighting the words you want quoted, and clicking the quote icon.

Your trusted sites are stored in the registry, so no changes made while in shadowmode will be saved.

Ah...that's a possibility, but a remote possibility.
Generally spyware wants to autostart. It does this via a few methods :
1. manipulating the autostart areas of the Registry
2. Infecting an autostart program
3. infecting .ini files
4. playing with autoexec.bat, msconfig.sys files (I think that was their names...old dos start files)
<may have missed a method here>

In anycase :

1. the registry ALWAYS protected by SU (except of course when you are out of shadowmode)
2. Most autostart programs are in the C:/windows folder/subfolders. For these the same protection applies as 1 (unless you added c:/windows to your excluded folders, which you should never do). Some other autostart programs (mostly security programs) are outside the windows folders.
3&4. - same as 1. (once again, unless you added c:/windows to your excluded folders)

Generally what I am saying is that...because of the way spyware works, it is VERY UNLIKELY that you will get an infection in one of your excluded folders (because they want to autostart).

right (as per above)

Spyware wants to autostart, so it doesn't want to sit as an executable in your excluded folder unable to selfstart.... so the makers generally disguise it as something you think you would like to install. Ie - it's not the download that is normally dangerous, but your running the installation executable. (see above paragraphs on autostarts too)

Re the autocommit folder. It is 'almost' like the excluded folder. The difference is that changes in the excluded folder happen immediately, and changes in the autocommit folder happen on shutdown.

Yes. Your registry cannot be excluded from Shadowmode. Any computer changes that require a change to the registry will have to be done out of shadowmode. This includes a lot of settings in IE, changes to your desktop, changes to some programs <even though you may include them in an excluded folder (a lot of programs use the registry to store their settings)>

That would be a good habit to get into

It's about to come out of testing in the next few weeks I believe.

It's not necessary to disconnect from the internet if you have a firewall (just don't surf the net), but the rest is right.

Actually, seeing as you have this facility, it would be a really good idea to test any new software you want to use on that machine first.

 

by the way, some of the links I posted in one of my earlier posts were wrong (double pasted).

here's the proper links

Hosts file http://www.mvps.org/winhelp2002/hosts.htm
TrojanHunter http://www.trojanhunter.com/

 

Well, I hate to jinx myself, but I think I have a 99% grasp on it all! You've been so incredibly helpful, and I really appreciate it.

Ok, so let me make sure I'm clear on a couple of things, this should be the end of my bombarding you with rapid fire questions!

So, if I understand correctly, an excluded folder and an auto commit folder are absolutely identical in every way, except that what you put in an excluded folder is saved IMMEDIATELY; what you put in the auto commit folder won't be saved until you reboot. No other differences at all. Correct?

Now, with the autocommit folder, just put stuff in there and you're done, it'll automatically save at reboot unless you go in before rebooting and delete it. No extra steps/processes to go through. Correct?

That makes me think I'd prefer the autocommit folder - almost like another out; if I put something in there, I have a chance to get it back out before rebooting and no harm is done. - It's been my experience that I find something interesting and save it, then 30 minutes later find something even better (especially when we're talking about graphics), so I'm thinking that's another reason why autocommit is good for me

Also, will I need to be out of shadow mode to delete anything from the excluded or auto commit folders? Just had a vision of sorting through a ton of images and purging several, only to have them come back after rebooting!

Moving on...

Let's say I get in the habit of installing programs as I had described before - install in Shadow Mode, drive it around the block a few times, scan like mad to ensure it's clean, save to USB thingie or disk... reboot and come out of shadow mode while NOT connected to the internet, install from USB/disk, then go back to shadow mode. Going a step further (yeah, I'm THAT paranoid!), never ever going online without being in shadow mode, ever - only exception is to update Windows, using link in start menu that takes me directly there. If done that way, I gather there's no need for any other security programs to be on my computer....

I know I need to scan what I download, but if I found enough sites that do online scanning for whatever may ail, I could actually stick to online scans, right? I figure that since I'd be looking for bad things in programs I just downloaded, no need for spy/ad/malware blockers; with ShadowUser, it's ok if the bad stuff comes in. The key advantage to this is the goob husband; he really hates the warning screens that come with many blockers. (though, I think I'd like to have a good pop up blocker, as pop ups drive me insane)

Not saying I'd go that route long term... just thought I'd experiment with the old laptop and see if that method would work for me. What it boils down to is I think knowing I have no other protection (except firewall in router) would really keep me more focused on what I'm doing. Also, if I tell my husband that the way I'm doing it is the ONLY way ShadowUser will let you do things, it'll keep him from messing up.

Now, with my excluded/auto commit folders, am I allowed only one of each? Since my husband and I both use each of our 4 computers and we have different interests, it'd be nice for each of us to have our own autocommit folder.

I remember asking before if I could create these folders on the desktop, but I now have a different idea - please tell me if it's not a good idea. I think I'd be most comfortable with my "keep" folders somewhere other than in the program files folder. Was thinking I'd just put them the next level under the C drive (ie C:\Excluded). Then, it's easy to access whenever I get online. I can actually create a shortcut for the main folder on the desktop - or even for any files in there that I'll be working with that day. Takes no time at all, so I don't care if the short cut gets deleted at reboot.

Oh, one other question; let's say I do have a download, or maybe email attachment that I need to make sure is clean. I do need to run a variety of scans, right? I mean, a scan for trojans, spyware, malware, etc. There's no quick and easy way to assure the safety of one file these days with one scan, is there?

Would having that Acronis True Image (or something similar) to use ever so often - just in case- be overkill, or is it maybe a good idea to have that extra level of security against having to totally wipe the computer and reinstall everything?

Darn- I had another, more general, question; but now I forget! I'll just post it later when I think of it. I think that will about cover it, though!

As always, I truly appreciate the help. I can't wait to get started with this program! If there's any interest, I'd be glad to give some brief updates.

If you don't mind, I'll be creating a document that has a link to this thread, plus a slimmed down version of our conversation. I already have several relatives that I had mentioned the program to, who are standing by with credit cards in hand... if this program works for me as effectively as I expect it to, they all plan to get it. I think they'd find it much easier to understand if I sent them my document about this thread to read over first!

Wait, I think this is the question I had forgotten... I have most email accounts someplace like gmail or hotmail, where it's all online. If I'm not mistaken, that's all online stuff, so I wouldn't need to worrry about saving it to a special folder, right? How about with outlook? Never mind about outlook... finally found something my husband is good for - he's the resident outlook expert, and says that opened emails can be saved as new, if I happen to have an email I want to read now, but don't want to deal with saving/deleting until later.

Think that's it for now! I really appreciate your patience. I honestly did spend at least 5 hours reading all I could on the program BEFORE doing that first post; but I still had some questions that I don't think had been answered before, or in a way that was crystal clear in my mind. Anyway, I appreciate you answering in a thoughtful way, as opposed to what people usually do to me... which is comment that maybe if I'd not been so darn lazy, I would have done a search and wouldn't be wasting their precious time now by asking dumb repetitive questions. All too often, people with more advanced computer skills forget that people like me still exist... above average computer skills, but very basic skills on the technical side.

 

Correct

Correct

You can delete from excluded/OC folders anytime.

Depends how paranoid you are I suppose. I run a number of security programs whether I'm in shadowmode or not...but, my setup doesn't use many resources, so it doesn't bother me that they are running. Strictly speaking it's not neccessary to have them running when in shadowmode, but it gives me a warm fuzzy feeling that malware can't get on my comp, even if just to be wiped by SU on reboot

Basically though, what you are describing in the rest of the paragraph (quoted last sentence) is quite a safe practice.

Yes. Just remember, because they aren't realtime, you need to use different habits with them. Anytime you are out of shadowmode, scan with them before going back into shadowmode.

I would suggest only other other things here...get a software firewall as well. This will prevent a program [loading, stealing your password] and dialing the information out , as only software firewalls provide outbound protection.

You can have as many as you like. Just don't put the same folder in both the Excluded Folders and the Auto Commit folders list - that would just be duplicating, and redundant.

There is no problem with keeping it where-ever you like. I would only suggest the putting them in the program folders if you have Prevx.

Create the shortcut out of shadowmode and it will stay on the desktop.

Correct. Kaspersky AV comes close, but no, there's no single scan guarantee...actually there's no 100% guarantee possible even with multiple scans...just as close as you can get to 100%.

If you've got the money, then a "backup" copy is always nice (For my own computer, it would be the only extra program I'd consider getting). Whether it's necessary or not...well, it's a "Just in case" program...just in case I wasn't thinking properly...just in case I didn't know I could get infected by doing that ...etc....it's 'nice' to have a backup.

Correct, if you only use webbased emails, they don't save to a folder on your computer, so you don't need to worry about them in relation to SU.

The Shadowstor website's explanation is long and confusing

And you can link whatever you like to this.

 

Meant to post today, but got all wrapped up in scouring this and other forums for all things ShadowUser, and now I'm about to pass out!

I did copy and save anything that raised any additional questions, but I'm too tired to go through it all. Plus, I think that if I wait until I'm more alert and re-read it all, I'll be able to save us all some time!

Will go ahead and ask a couple of things now, will do the rest later...

I do realize now where my key vulnerability is, don't know why I didn't understand immediately - if I have NO security programs, I can be sending out personal information during any given internet session (like tracking cookies). What will address and prevent that issue? I think I can wade through previous posts and find some links, but I don't know anyone said what the programs do; in the posts I found, SU users would state what programs they used, but I don't think it was made clear which ones prevented security leaks.

Any knowledge of encryption? I had a couple of general questions, but I can always post a new thread if you don't feel qualified to council me on some basics - and I do mean basics...

Also, in general, are jpg’s and gifs I find on websites safe, or do they also need careful scanning? I don’t mean pics in zip files that I download; I mean pics that I right click and tell it to save to a given folder. What about if using a program that will pull all images in a website, any more/less safe? I've never heard of infected images, but I'm cluless, so me never hearing of it doesn't mean much.

Now, say I download a program in shadow mode. I try it out, and it seems to be fine, meaning no crazy tool bars or boobie images slapping me upside the head. Do I still need to scan for every possible bad thing, or does the fact that it runs fine and causes no issues eliminate any categories (ie, if nothing obvious happens, does that eliminate the need to maybe scan for a toolbar hijack)? I’ve only had experience with that coolWebSearch thing, and I was obviously infected immediately, so I don’t know how other bad things act.

Do I do it so that my D drive is also secure, since my step-son has been known to install burned downloads onto my computer from my d drive? Will SU let me do that? Or, if I have nothing stored stored anywhere but on my c drive, can they (d drives) still be attacked? Any mention I've seen of other drives were by people who actually had data stored there. I will be likely using that drive for backing up files now, in case that affects your response.

XP system restore option is touched on lightly in other threads - I have NO experience wtih what this is. Something to turn off permanently if using ShadowUser? I plan to utilize the Acronis True Image program, if that makes a difference.

One more question - the link is only in case you wanted to read the thread I pulled the quote from

https://www.wilderssecurity.com/showthread.php?t=90907 Spy1 said -
"An important restriction is placed on the user while in ShadowMode if Exclusion Lists are enabled. With Exclusion List enabled, the option to do a Full System Save anywhere on the system is disabled."
There's more in his post, but what exactly is "Full System Save" - is that the term they use for creating your latest SU backup/image/whatever-it's-called? Also, I know the program was updated sometime this year, and so this post may regarding an older version.

One last thing for this post - found where you'd discussed a bit more about only ever installing programs into your program files (something to do with prevx being located there). Do you do your initial download into a file there, or just make sure that's where it's installed? What exactly does prevx do to make you only install there? Is that mostly for programs that need updated? Are you talking about stuff you're pulling directly off the net, or would it also apply if you did it the way I was thinking - download, test it out, scan like crazy, then keep or dump..?? If it's complicated, feel free to say "just do like I said and zip your lips, woman!"

OK, gotta quit, as I just had to break out some toothpicks to hold my eyes open!

I do have a few more questions, but I can't stand it anymore! I did get started on consolidating this thread into one single entry, and eliminating my off-topic ramblings to create something that will be easier for folks to follow. Actually, the only couple of questions I have left are more general and relate to utilizing SU in combination with an external hard drive and/or partitioned disks, so I think I'm in good shape now!

Thanks again... now I really can't wait to start! Oh, talked to the step-son, I think we will wipe the old laptop before installing SU. Just for fun, I think we're then gonna hit some porn sites and try to get good and infected to really see what SU can do.

*disclaimer - downloading porn with the step-son may sound like corruption of a minor, but he's my age, so don't anybody be calling children's services or anything! I don't think they'd be really care that some 31 y/o guy and his 32 y/o step-mom are downloading naughty things in effort to infect a computer.

 

Well, we took the plunge today!

Some of it is hard to get used to, but I think that within a day or two, I'll feel like an old pro! I mean, much of the technical stuff goes way over my head, but this was incredibly easy. The hardest part was to keep in mind that even if I did mess something up, it's not the end of the world; worst I could do is force myself to wipe and start again from scratch.

How well do I like this program? Well, let me just say this... if I was forced to choose between ShadowUser and my husband, well it's been nice knowing him, because there's no way I'd give up ShadowUser! I keep wanting to kiss my computer, I'm so thrilled!

Once I take time to really get down to business and get all my settings and processes in place, I will do a little write-up and post here, if anyone's interested. I'll write it in such a way that I wish had been available to me (without having to bombard Kvorr with a million and one questions); so straight forward and simple that a four year old could understand.

In case any lurkers have been following this thread and are still on the fence, I'll give a brief run down of today; maybe this will make up your mind, one way or another.

*****Disclaimer!!! I'm computer-stupid, step-son is a goob, so don't trust that the rest of this post is the correct way to do things. It's more to show how easy it is for anyone to figure this program out. Also, it's to point out a few possible mis-steps to be aware of.

So, step-son and I decided to install the program on my old laptop. If I'd been doing this myself, I would have gone the "scan like crazy" route instead, as I've never done a system wipe.

Before wiping the computer -

Saved any files I wanted to keep, just in case something went horribly wrong. ALSO - I dug into my c drive and located the folder that contained my bookmarks (aka favorites), and copied them too.

Next, I downloaded the 15 day trial version (*more on this later!). I DID NOT OPEN OR INSTALL! I downloaded it, then moved the download into a file accessible from other computer. I wanted to avoid going to any sites after wiping/before enabling shadowmode, so that's why I downloaded and moved it before the big wipe, and planned to install and set up BEFORE connecting my fresh and clean system to the internet.

Double checked everything, had backed up anything worth saving, and had the download ready to send back to the laptop when the reinstall was done.

Sidenote for those who have never reinstalled their system - MUCH easier than I thought it'd be, quicker too. I think I could have done it myself with very little time invested asking for advice here, first (easier than installing shadowuser, even!)

So, now I have a fresh system and I'm good to go. Still very nervous, I confirm I can access the internet, then disconnect from the internet to gather my thoughts and map out my next few moves. So, at this point, I've reinstalled my system (but haven't done the necessary Windows updates). I have NOT touched the ShadowUser program; it's still chillin' on my other computer while I work up the nerve to install and put it to use.

I began to doubt ShadowUser's abilities, so I decided to avoid wasting an entire day -- I didn't download the microsoft updates, didn't tweak any settings, or anything else you'd normally do after reinstalling. I didn't want to do all of that, only to have some infection stick in my system, and have to wipe it again the same day.

Had a thought that made me panic at this point... did SU do the creating of my excluded/autocommit folders, or did I need to create some and tell SU where they were? I decided to make some folders, just in case. I decided to just risk it and so I created one folder on my desktop and two in the Program files folder. To prevent confusion, each folder was named either Exclude_SU or AutoCommit_SU - names I knew I'd remember. This left two folders in different areas but with the same name, but I knew I'd delete one once I saw how SU worked.

Time to click on the Shadow User file I'd downloaded and get it installed. I'm assuming it downloaded to the proper place. Installs with no problem, and the ShadowUser screen opens on my desktop.

Getting more nervously excited at this point, so I jump on my other computer and re-read again the info I'd saved on how to use this program (basically, any mention of SU I found in this forum). I aso go to the company website and read their documentation again.

No issues yet, but I can't figure out exactly how to begin shadow mode. Click on the help file, which outlines the process better than most programs I've dealt with (but still a bit over my head).

At this point, I read something that really leaves me at a loss - I read that in order to activate shadow mode, I have to enter my registry key (or whatever it's called; basically a proof of purchase). Now, my brain is bleeding - I mean, I'd been promised a 15 day trial, and was sure I'd like and buy the program, but wanted to do that IN SHADOW MODE! Nowhere on their site can I find a code that allows me to activate my free 15 days!

So, that's what had me a bit irked! Step-son and I both thought I had to register using the computer I'd be downloading the program on. This meant I had to go online and pay with a credit card, all on a computer that had no protection at all.

Anyway, I'll say that's the easiest credit card purchase I've ever made online. Some online vendors want to know my entire life story, and verify everything to the point of stopping short of asking for a DNA sample. I would have liked it if my regristry key then appeared on my screen, but they emailed it to me. So, I hit my other computer and accessed that info.

At this point, my confidence is low; nothing has really gone as planned. I decide to keep at it, though.

So, I pull up the ShadowUser module (icon is in tray bar, simple to open!). I follow the steps they gave, and wind up at a screen asking for my registry key. Enter the letters/numbers, and hit send (or enter, whatever.)

NOT VALID! is my computer's response!!!!!

Ok, let's rewind a bit right now. At this point, I've WIPED my ENTIRE computer! I've LOST ALL the settings I had in place (like disabling those stupid smart tags in word!). WORSE! I WASTED a full hour trying to get my stupid cracked wireless card to work (yeah, forgot to mention that part)! oh, it get's better... I had bought and INSTALLED the FULL MS office suite less than TWO WEEKS ago, and I would have to DO IT ALL OVER AGAIN! FOR NOTHING! Let's not forget, I just sent those crooks a payment of SEVENTY FREAKING DOLLARS! What did I get for my time, trouble, and money? NOTHING! I'm ready to track down the Shadow-Stor people and make them regret messing with me!

Then I realize that maybe they do the one thing I hate - which is to have something be case sensitive and NOT mention it. Bingo. So, I'm miffed about that, too. If something is case sensitive, no problem, but TELL ME UP FRONT!

So, now I'm official, and can begin using their program. The way their documentation was worded, I was sure I'd missed my chance to either create proper exclude and auto-c folders or to use SU to protect the files I'd created already. I then regretted not asking Vikorr to walk me through that step in more detail.

More panicking; stomach begins cramping! Finally figure out how to tell SU what folders are excluded and auto-c. I also set the "my documents" as excluded (for my personal preference, I now regret this, and will change it tonight).

So, as far as I can see, I'm ready to enable shadow mode. Step-son and I both hold our breath and dig in.

Decided to drive SU around the block a few times and see what that bad boy could really do.

Decide to do some "safe" tests first. I find a sample .jpg that the system disk installed. I right click on it and copy. I then find every SU-protected folder, and put a copy of the jpg in each.

Next, I changed my wallpaper.

Now, I create a new desktop folder, new folder in program files, etc. (you get the idea). Give all the same name, to make ensuring they disappeared at reboot as simple as possible.

I don't remember everything I did, but I did go to a respected download site and download some dumb free program that allowed me to doodle on my desktop - the program put an icon in my utility tray, too. I downloaded MSN messenger, since it's tough to remove. Wouldn't install because I hadn't done my Windows updates, but at least the download file was firmly planted in my computer.

Hit a couple of sites that I know leave cookies. Saved a pic I found online. Changed some system settings on my computer. Renamed a couple of files. Changed the time zone of the clock, hid one of my toolbars.

Then went lookin' for trouble. Hit some porn sites, but didn't get hit like I wanted! I finally googled "crack software", knowing I'd could get good and infected on any cracking site I visited.

Let's just say I hit the motherload! I planned to download something, but didn't even get the chance! All I did was click a link on that page. Next thing I know, I've got a new toolbar. I've got pop-ups coming at me from every direction! I'm pretty sure I even had some porn show up along the way!

It only got better from there! Now, I'm getting warning from Windows! Messages that scream (literally) "YOU'RE INFECTED!!" in bold letters appear! I close out explorer, but it comes right back, bringing more messages about how screwed my system is, and saying my life basically sucks right now! Then, it's just too much for my poor computer to take, and windows shuts down. From there, a few odd happenings, and my computer is left crying "uncle!".

I reboot. My step-son tells me to get ready to wipe my system again; He's just sure that I've gone too far. Basically, he mocks me.

So, reboot happens, and I'm almost afraid to look. The clock has changed back to eastern time. That doodling program's icon is missing from the task bar, as is the message I created using it. My screensaver has gone back to the original. The folders I had created as a test - gone. No signs of this computer having even heard of messenger, much less having downloaded it. No cookies from where I'd been. I do a search, and can't find anything else I'd saved while in shadow mode. The changes I'd made to my various settings have disappeared.

I decide to start internet explorer. No crazy toolbar. No nothing, really. Did a couple of quick online scans, though I already knew the response - NADA. It had all gone away.

I had really dished it out, and ShadowUser just laughed and demanded "Is that the best you could do??!!" ShadowUser practically dared me to get rougher with it. It had a good laugh at my lame attempt!

All that to say this, ShadowUser absolutely blew my mind. I knew it'd probably work properly, but I still had that nagging doubt. ShadowUser rendered my step-son speechless, except for the sound of the drool hitting the table - I saw the look in his eyes, and I know I'll soon be paying for him to download it on his system.

I'll wrap it up now by giving a brief summary of high and low points of SU.

Hated that I couldn't figure out how to actually use my free trial without entering a credit card (mostly because I'd have taken care of that before wiping, had I only known). I hated that they didn't say the registration key was case sensitive.

I didn't appreciate that the "when" and "how" of making my excluded and autocommit folders wasn't absolutely crystal clear (since it's really important!).

Now, I haven't poked around enough, but I was expecting a prompt when I tried to shut Windows down asking if I wanted to boot back in shadow or non-shadow mode (though I'm guessing I have to go into the SU interface and it's easy from there; just had the impression from someone else's post that SU made it easy by prompting me instead of staying silent). That'd be a nice addition, just in case I forget I've made changes that I don't want to lose (like settings in Word or to my explorer toolbar).

A couple of things that may become major cons when I really dig in...

I excluded my documents file - but, when I downloaded something from a safe site, WinZip was planning to install it to that file. Had I not thought to double check the path, I could have regretted it. No biggie, I can change it, but that demonstrates that you need to be careful at first, really double checking everything until you find a system for SU use that works for you.

Something else of concern, but I think I can fix it myself - I have a 2 y/o son and a horse-sized cat, and both love to grab at, play with, and generally mess with my mouse while I'm using it. The auto-commit option appearing on a right click of the mouse seemed handy when I read about it, but now I know it's not going to work for me. I can't tell you how many times I went to click on "open in new window" and instead hit "save target as" in my right-click menu. In fact, I honestly do that at least twice a day. Having such an important decision being only a right click away is BAD for me.

It'd be ok if I had to maybe right click and click on (for example) "shadow options" and then go one step further and click on "auto-commit", or if I at least had a prompt asking if I was really sure I wanted to auto-commit it.

However, maybe that's an option they allow, and I'll find instructions for enabling that option when I go digging around. if not, I know programs that let you edit the right click menu are out there.

Think that's all I dislike at this point. Goobs like me need some extra prompts to prevent total computer meltdown. Would also be cool if SU would create some "newbie" exclude and auto-c folders on the desktop to allow less-adept beginners a better chance at avoiding any major errors the first week or two of using SU. Sort of like training wheels. Then, I could later begin creating my own folders and know what I'm doing.

But those minor quibbles don't change how much I LOVE ShadowUser!

Vikorr, if it's no trouble, I'd like to play a bit tonight and maybe tomorrow, while taking note of any questions that arise, and anything I need to make sure I've done correctly, and then post those questions.

For anyone who's interested in ShadowUser, I know for a fact that spending several hours reading previous posts, plus asking questions here before downloading SU - PLUS having the wonderful Vikorr kindly answer my questions, saved me a TON of effort, trouble, and frustration today. There are several major and minor mistakes I know I would have made if they hadn't been addressed in this forum or by Vikorr. Yes, SU's help page is better than many programs, but still was not nearly basic enough for me.

Sorry this post was so long, but there were so many points I wanted to touch on.

Finally, the price. I'm cheap. I hate buying software for any reason. Now that I've actually used it, I honestly can't believe it doesn't cost MUCH more! I'd feel it was a bargain even if the price had been alot higher.

It's not just about protecting your system. It's about giving you some freedom to surf without stressing out. It's about saving you the time involved with removing infections from a computer.

For that matter, it's about saving you the time required to keep up with all the newest and best anti trojan/virus/malware/adware/spyware/etc on the market, updating darn near daily, scanning non-stop, and then still never feeling 100% secure.

It's about preventing having to lock your system down so tight that nearly every site you visit doesn't load right because of your security software and settings.

Not saying to skip all security programs (I have chosen a few I plan to install soon!), just saying ShadowUser let's you kick back a bit and enjoy the ride, instead of "white knuckling" your way across the internet and praying you don't get slammed.

The end.

 

Glad you liked it