SSDs and "Light Virtualization"

Discussion in 'sandboxing & virtualization' started by daray, May 12, 2012.

Thread Status:
Not open for further replies.
  1. daray
    Offline

    daray Registered Member

    I currently run Shadow Defender (.325), but recently picked up a SSD (OCZ Agility 3). Has anyone had any experience with how various "light virtualization" products (particularly Shadow Defender) perform on SSDs (with, for example, TRIM support under Windows 7)?

    I could forsee some potential conflicts/issues, and hope some here can share their longer-term experiences over stability in such cases.

    Thanks.
    Last edited: May 12, 2012
  2. Arcanez
    Online

    Arcanez Registered Member

    I would like to know as well, I have a valid license for shadow defender but not using it because I purchased a Crucial M4 some time ago and replaced shadow defender with Sandboxie. I heard that shadow defender has some problems with solid state drives. I haven't even tried using Shadow Defender with my solid state drive but I would like to know as well if anyone experienced any issues.
  3. LockBox
    Offline

    LockBox Registered Member

    I think this is one area where SD not being actively developed is a problem. I can't use SD on my desktop with SSD. However, I can use 'Drive Vaccine'. This is because DV has added support for TRIM and UEFI BIOS. I don't know about Returnil or Deep Freeze as I've never tried them with SSD, but use them on two different laptops. For what it's worth, if all you need is the simplicity of boot-to-restore, Drive Vaccine is a great product from Horizyn DatsSys, the makers of RollbackRX.
  4. CyberMan969
    Offline

    CyberMan969 Registered Member

    I've been using SD with a Vertex 3 Max IOPS on a new Win7 Ulltimate x64 system (i7 3930K, Asus P9x79 Pro, 32GB RAM) and it works as well as it did on my older system. I use Rollback RX, Shadow Defender and Sandboxie together and there are no problems. Each program provides me with differenent functionality and they all really complement each other. Have a look here for details of my chosen setup and its uses/benefits:

    http://www.wilderssecurity.com/showpost.php?p=2020687&postcount=111
  5. daray
    Offline

    daray Registered Member

    So I had a go at installing Shadow Defender to my Agility 3 (on Windows 7 with TRIM enabled).

    There were no issues running the system in non-shadow mode after the install (and no issues relating to stability with the driver). Going into shadow mode and working in shadow mode was fine too.

    However, there seemed to be an issue when exiting shadow mode. Some of the programs I had worked with / run (while in Shadow Mode) seemed to reset back to their default settings (e.g. Firefox), some complained about corrupt databases (e.g. Winamp).

    Needless to say, I had to restore my system to an earlier image. I admit that my test wasn't extensive at all, but it does seem as if SD has some issues (which I suspect won't be addressed).

    So I suppose my question is, has anyone noticed similar behaviour when running other similar light virtualization apps? My second option at this point might be DeepFreeze (even though it is a little more annoying to use), but I would be willing to try others if some people have been able to confirm there are no issues.
  6. Arcanez
    Online

    Arcanez Registered Member

    as far as I can remember DeepFreeze officially supports solid state drives so you shouldn't have any problems.
  7. LockBox
    Offline

    LockBox Registered Member

    I know that Drive Vaccine specifically states that it supports SSD w/TRIM. Also, as I said in a post above, it works well with my desktop SSD.
  8. CyberMan969
    Offline

    CyberMan969 Registered Member

    Shadow Defender and Drive Vaccine operate in very different ways: DV is not a light virtualization app. It is more like a cut-down edition of Rollback RX, it is snapshot based and as such it requires explicit compatibility with TRIM, just like Rollback. SD on the other hand is a light virtualization app and I don't think that TRIM matters to its functionality. With SD there are no saved snapshots on the drive's free space (as is the case with RB and DV), so there is no need for the program to be TRIM aware.

    I'm sorry to hear of your troubles daray. I'm lucky and SD works well for my brand new system and all the apps I use. BTW I don't use Winamp and I use a portable version of Firefox and never had any probs with it either.
    Last edited: May 13, 2012
  9. Cutting_Edgetech
    Offline

    Cutting_Edgetech Registered Member

    There is a known bug with SD, and SSD's. Particularly with the trim. I would not recommend SD with SSD's. Unfortunately Tony the developer of SD when missing shortly after SSD's were introduced to the market, and he had not added support for SSD's. It would be easy to add support if he was only around to do so. We all just hope he is ok, but it does not look good since no one has heard from him in over 2 years.
  10. LockBox
    Offline

    LockBox Registered Member

    I beg to differ. Where do you think the live activity, not committed to the disk, goes? The answer is a large cache file that is a "virtualized" operating system. Returnil works in the same way with one large .cache or .dat file. I think we're letting semantics get in the way.

    As for SD's "virtualization," is it ALL kept in ram or is some of it sent to a .dat file?

    Either way, you're not dealing with the actual operating system when it is frozen.

    EDIT TO ADD: I just checked and SD does, indeed, use a cache file. It is deleted at reboot. Same with Returnil. Same with DV. Same with Deep Freeze.

    _
    Last edited: May 13, 2012
  11. CyberMan969
    Offline

    CyberMan969 Registered Member

    I use SD on two PCs. One is a Z68 i7 2700K system (ASRock mobo) with a Patriot Wildfire SSD, the other is an X79 with i73930K C2 (Asus mobo) and an OCZ Vertex 3 Max Iops. No problems so far running SD, Rollback RX and Sandboxie together on either PC, everything works well, I've had no file corruption or errors whatsoever. My Z68 system had been runing with this config for 10 months now with a Crucial M4. I've only added the Patriot as system drive three months ago, again with no issues. My brother is using SD on an Z68 system (Gigabyte mobo) with a Crucial M4 SSD as well for almost a year now, again with no problems whatsoever. My wife has an older Athlon system (DFI mobo) with a Vertex 2 SSD, she has no SD problems either. Four times lucky? I don't know... From my personal experience and from the experience of people around me it looks like the people who have problems with SSDs and SD are the exception, rather than the rule. Either that, or my wife, my bro and myself are all very lucky.

    I know that four cases is a very small and practically negligible statistical sample, but think of this: If this is indeed a mainstream problem then what are the odds that out of the four machines that belong to me my wife and my brother none have experienced an issue? And all four machines have different brand mobos, very varied hardware/software setups, plus four different brands of SSDs.

    I also have seen only very few reports online from users who have similar problems - and I have searched even on chinese sites with the help of translating tools. This lack of online problem reporting by SD users is further indication that the people who do face such problems with SD and SSDs are the exception, and not the rule. It's either that or it could be that the vast majority of SD users are still using spinners - and that me and my family are very lucky SOBs to be able use SD on our SSDs without any ill effects...
    Last edited: May 13, 2012
  12. CyberMan969
    Offline

    CyberMan969 Registered Member

    As far as I know only Wondershare Time Freeze uses a RAM buffer for the virtual system, but to my experience its implementation is buggy. The program hasn't been updated for ages, and it takes forever for the RAM buffer to be initialized. It's a shame because a lot of modern systems have ample RAM and a virtualization buffer that is RAM resident would speed things up a lot and would also save any protected SSDs from a lot of unecessary hits.

    SD is a bit of a mystery regarding where it stores its virtualization cache. Most of its competitors operate at file system level and create a buffer file that has either a pre-allocated fixed size (e.g Toolwiz Time Freeze), or a variable size that inflates as the virtual system is being used. With SD there is no evident buffer file, all related SD files are tiny in size.

    To this day only Tony seems to know the inner workings of his program, but from all the info we have so far it looks like SD works at sector level. I suspect that when Shadow Mode is activated SD creates a hidden temporary partition within the protected drive, and all system changes are redirected to that partition and do not affect the real system. When a use chooses to discard changes upon reboot the hidden partition is simply deleted. If a user chooses to commit changes then SD uses a small file (a sector map) to compare changes, and then commits the changed sectors to the real system upon reboot.

    I can't see how TRIM can be a problem here since there are no saved snapshots on the drive's free space as is the case with Rollback RX. TRIM compatibilliy with RX is essential because the OS is snapshot-agnostic. The RX driver has to intercept and re-direct every OS write that is directed towards sectors which contain snapshot data - sectors which the OS sees as empty. With SD this is not needed because all changes take place on the hidden partition, therefore there are no snapshot data to be overwritten. Of course I don't know if this presumption is correct, it is just a semi-educated, semi-wild guess. :)
    Last edited: May 14, 2012
  13. pegr
    Offline

    pegr Registered Member

    SD protects disk partitions, not physical drives. If it creates hidden partitions, I assume there must be a corresponding temporary hidden partition for each permanent partition on the physical drive that is in Shadow Mode. I have checked my system - 3 partitions (C, D, and E) on one physical drive with C and D in Shadow Mode - and can find no evidence of any hidden partitions, only the hidden diskpt0.sys files in the root directory of the two partitions in Shadow Mode.

    I believe that changes to file and folders in the Exclusion List are written to the real system while in Shadow Mode without redirection. AFAIK Commit Now also writes redirected disk sectors for files and folders in the Commit Now list to the real system immediately without leaving Shadow Mode. On the other hand, the option to commit all changes when exiting Shadow Mode causes the changed disk sectors to be committed when the system is rebooted, outside of Windows.
  14. LockBox
    Offline

    LockBox Registered Member

    Hi, pegr. I think he's actually pretty on target with that. They all seem to use the (very small) hidden partition in which the cache is written. With most of these programs you can't find the partition with basic system utilities. However, with Returnil (for example) some people do have problems seeing the partition which appears as a phantom drive "Z." The one plus for Returnil is they have a wipe option for their cache as opposed to a simple delete as most have (which adds a privacy feature on top of the security).

    .
  15. pegr
    Offline

    pegr Registered Member

    Hi LockBox,

    I'm not saying he's wrong; only that I have been unable to find any evidence of hidden partitions. I have tried Windows Disk Management with the option to "Hide protected operating system files" unchecked and also EASUS Partition Master Home 9.1.1 Edition; neither confirmed the existence of any hidden partitions.

    Any idea as to any other disk utilities I can try?

    Regards
  16. newbino
    Offline

    newbino Registered Member

    I for one have had problems to the settings of some of my programs since moving my OS to an SSD, upon exiting shadowmode, and decided to uninstall SD.
    Cutting_Edgetech I wonder if you could offer more details. Thanks.
    Last edited: May 14, 2012
  17. CyberMan969
    Offline

    CyberMan969 Registered Member

    SD seems to be the only light virtualization app to withstand certain very sturdy rootkit infections (like TDSS). This could be an indication that SD's hidden partition - if it exists - does a much better job of hiding itself from the rest of the system and from malware, than its competitors. As a result TDSS and other malware can't see the SD partition; they 'think' that they're infecting the real system when in fact everything takes place in that isolated environment that the malware can't see. I wouldn't be surprised if we found out at some point in the future that Tony has actually created a sturdy proprietary file system from scratch for his hidden partition. And if a potent piece of malware code like TDSS can't see it, then I seriously doubt that the OS or any partition managers will. Tony seems to have written a very smart piece of code after all. :thumb:

    The "Hide protected operating system files" in Folder Options is there mainly to protect the OS from user mistakes. Most modern malware can see the protected OS files regardless of that option being ticked or not. If the SD partition does indeed exist then I seriously doubt that there is a tool out there which can actually 'see' it.

    Thanks you all guys for your valuable input, it's great that we can discuss these things and at least try to draw some logical conclusions from the few clues that we have. I just wish Tony was still around. I'd like to think that he has sold the program for an exorbitant amount of money, possibly with a silence clause that may prohibit him from posting any comments. It is China we're talking about after all, and as I said before on another thread, there are certain business ethics that would be unacceptable in the western world but they are considered OK over there. I have had extensive business dealings with Chinese companies in the past so I speak from personal experience. Transparency of operation is not always important to them, and the way the westerners do things are often seen by them as a sign of weakness - just another part of the often complicated Chinese mindset. Maybe this explains the continued silence of the current SD owners. They may lack the coding talent to develop the program further but of course they would never admit that; so they just silently keep selling their own .331 version (which could be just a very basic recompile of Tony's work with no new features added, hence no changelog).

    Think about it: If those guys start answering the e-mails of their customers then they will eventually come into the very difficult situation of having to answer some hard technical questions from the public, questions that they possibly can't answer because of their (presumed) lack of knowledge regarding the inner workings of SD. This would result to a massive loss of face for them, and this is something that would be unacceptable to them. They would also have to answer questions about what happened to Tony; but that's a whole different can of worms. It is in their best interests to keep quiet and silently keep selling the software for as long as they can.

    Again it's all speculation on my part... I like to think that Tony lies on the beach on a Caribbean island with a tablet on his lap, smoking potent fatties and sipping cocktails with gorgeous babes all around him, and laughing his head off with our continued conspiracy theories and speculations :D :D
    Last edited: May 15, 2012
  18. Cutting_Edgetech
    Offline

    Cutting_Edgetech Registered Member

    Shadow Defender is one of the most ingenius security applications ever created. Its amazing something so resilient could be packed into such a small amount of code. Its just not that well known outside the tech community. I spoke to a couple of friends of mine that are admins over the network where I use to work, and they had never heard of SD. Does anyone know what language SD is coded in?
  19. aladdin
    Offline

    aladdin Registered Member

    Yes, I had similar problem on four computers with pure SSDs. Even on my wife's and son's laptops which both of them have hybrid hard disk, 8GB SSD on front and regular 500GB, it had the same similar problem.

    I am now testing DeepFreeze on four computers and it seems to be very stable.

    Best regards,

    KOR!
  20. huntnyc
    Offline

    huntnyc Registered Member

    Have not tested yet but have gone to SSD for my boot drive and hate the thought of having to give up my longtime favorie, SD. Will have to go to somereplacement if it does not work. I guess if I do an image before testing SD, hopefully can restore without any ill effects if any.

    Gary
  21. LockBox
    Offline

    LockBox Registered Member

    I've been trying DV and Deep Freeze on my SSD and you are right, Deep Freeze is very stable on SSD. Good to know others are having the same experience.
  22. ichito
    Offline

    ichito Registered Member

    Many thanks for all for very interesting, didactic...even more - illuminating...informations and opinions. Great thread :) :thumb:
  23. aladdin
    Offline

    aladdin Registered Member

    Yes, Deep Freeze is the best and in it I have found a good and light virtualization program for my SSD. It works like a charm.

    Best regards,
  24. Arcanez
    Online

    Arcanez Registered Member

    Just wanted to try out DF on my Crucial M4 but I can't even install it. It always crashes right away and I can't figure out why. It even crashes when trying to install it in safe mode. I really don't get it.

    Before I tried out WTF once again to see how the memory buffer works. I have enough ram on my rig so I offered 4GB ram to WTF but when I started system Protection my machine always froze and I had to reboot. Without memory buffer mode WTF works correctly. Seems like the memory buffer mode which is actually the most interesting thing about WTF doesn't work.
  25. Triple Helix
    Offline

    Triple Helix Webroot Product Advisor

    I tried many Light Virtualization software and never had any luck with them on my SSD's and needed to do a reinstall of the OS but that was a year ago maybe DF has overcome the problems I had, I miss using Shadow Defender the problem was coming out of Shadow Mode on reboot most of my programs were broken. :doubt:

    TH
Thread Status:
Not open for further replies.