Toolwiz TimeFreeze vs Shadow Defender

I couldn't respond in the other thread, so that's why opened this one. But anyway, I'm planning to test software on my new machine and of course you can use VirtualBox for that but I want to experiment with light virtualization. So which of these tools would you recommend?

http://www.thewindowsclub.com/toolwiz-timefreeze-free-system-protection-restore-software-windows-7
http://www.techspot.com/downloads/5638-shadow-defender.html

 

I've tried both, but have been using SD exclusively for some time now. It's worked exceptionally well for me -- no problems at all -- I use it all the time for testing software. I did have some BSOD problems with TimeFreeze on my XP machine, but that was probably a few versions back, so it may no longer be a fair assessment.

 

One is paid, the other one is free, I think both programs are great. I used both and like both.

Bo

 

Been using Shadow Defender now for 5+ years with zero issues and 100% positive results, has never let me down. Never tried Toolwiz TimeFreeze so I can't comment on that software.

 

Another very satisfied SD user here.

 

Another vote for SD here.

 

And another one for SD, although I haven't tried the other one.

 

Another two thumbs up for SD. It would be interesting to see any reliable and verifiable documentation where (when, how, and why) users of either application were compromised.

 

Shadow Defender!

 

Toolwiz Time Freeze v2.2.0.3500 on Windows 7 x64 has worked fine for me so far. I mentioned an apparently undocumented feature here that the programs works fine without an explicit cache file.

 

I have both - TTF on Win7 (32) and SD on Vista (32)...SD more than 4 years and I think (actualy know) it gives more protection.

 

SD automatically virtualizes track0 + hidden boot partitions (whenever C: is placed into Shadow Mode)!
Furthermore, SD is not limited to just virtualizing C: - it is able to virtualize any/all disk volumes!

Can TTF do any of this?

 

-

I don't think so (you make an excellent argument there Wendi).

 

Thanks everyone for the feedback. Seems like SD is quite popular. To clarify, I wouldn't use these "light virtualization" tools for security, it's purely for keeping my system clean after installing software. Of course, I'm not going to test malware. But if I'm correct all other security tools keep working correctly when running the system "virtualized", I assume?

What are the advantages, I assume the first one mentioned is security related?

 

They should. You should be able to use the system in Shadow mode as you normally use it out of shadow mode. The only thing that I suggest is don't update programs in Shadow mode and try to exclude files and folders of shadow protection in order to save the updates. I think its best to update programs out of Shadow mode.

Bo

 

Yes they do (based on my experience). For example, I continue to run Norton Internet Security while in Shadow Mode, where NIS works flawlessly (and continues to execute its live updates during that time). LV's (including Shadow Defender) do not provide sufficient security measures on their own and should be complemented with other 'layers' of security!

While that assumption is correct for the most part, let's assume you decided to test an app which has to modify the MBR or other disk boot sectors in order to do what it does. In that case if an LV just virtualized the Program Files folder, Registry and Libraries-User folders, but not those vital boot areas, you could be in for a rude awakening when you restart your PC expecting it to return your operational state to where it was before installing that test program! So you see, protecting those boot areas is not entirely for security purposes.

Wendi

 

I've been using SD for many years after ShadowUser Pro (StorageCraft) was abandoned, I had hundreds of instances of real world malware detected in shadow mode via USB flash drives (I don't test malware), and nothing has ever eluded its virtual volume. Obviously data theft is possible in shadow mode, therefore combining SD with something like Sandboxie (configured with tight restrictions), or any anti-executable, your system becomes almost impenetrable.

 

I agree. Program updates may also involve changes to the registry which will be lost on reboot. Excluding program data folders runs the risk of inconsistency between the file system and the registry. File and folder exclusions are best reserved for user data IMO.

 

Hi Rasheed,

I have tested a wide variety of different security tools while running the system in Shadow Mode and the only program I experienced issues with was Panda Cloud AV due to the way it accessed the file system (most noticeably previously created firewall application file path rules in the pro version not recognised while in Shadow Mode: Reported to Panda at the time and confirmed as an issue). All other software tested worked flawlessly.

I agree Shadow Defender on its own doesn't provide security, but the protection of track0 and the ability to restore the file system to a clean state by rebooting while running in Shadow Mode during normal use do have security implications. The ability to virtualize data partitions while web browsing can also provide protection against file encryptors. Providing it is used alongside other security tools, Shadow Defender can form part of defense in depth.

Security apart, and in addition to software testing, virtualization during normal use can be used to ensure the system remains in a known stable state, allowing permanent system changes to be planned rather than constantly happening (this is how I prefer to deploy it).

I do have a concern about a potential incompatibility between reboot-to-restore tools like Toolwiz TimeFreeze / Shadow Defender and the rollback feature in WSA. From the testing I performed, WSA worked perfectly with Shadow Defender, but I never got to see the rollback feature in action. I have a system partition that is kept virtualized and a separate data partition that is not virtualized most of the time. It is unclear what state the file system would have been left in due to reboots had a WSA rollback occurred using a set of logs that had been compiled across more than one virtual session.

See here for a description of the issue:

https://www.wilderssecurity.com/threads/webroot-rollback-feature.368628/page-4#post-2418936
https://www.wilderssecurity.com/threads/webroot-rollback-feature.368628/page-4#post-2421110

Caveat: The assumption here is that anti-malware logging is done centrally, with changes to all partitions logged on the system partition (true for WSA). If the rollback logging in a multi-partition environment, where some partitions are virtualized and others aren't, were distributed across the volumes, with each log recording only the changes related to the volume it was located on, the use of partition virtualization tools shouldn't cause a problem for anti-malware rollback.

Note to all: I am not trying to denigrate WSA (I am a former Prevx user) and it is not my intention to bash any particular program or approach, only to highlight a potential issue with certain use cases.

 

OK nice to hear, because that's important to me, I wouldn't rely on SD for security.

OK I see, but HIPS should be able to protect the MBR. Still nice to have though. BTW, I did see that Toolwiz Time Freeze apparently does not modify the MBR, which is a good thing I suppose. What does SD do?

 

Thanks for the feedback. Like I said, I'm planning to use it mostly for testing software, so security features are not that important to me. To me it's most important that my system won't get all messed up. And about the issues that you encountered, luckily I don't use AV's. BTW, currently I'm using Sandboxie for testing apps, but of course not all apps will work sandboxed, because SBIE is mainly focused on security. So that's why I'm looking at other solutions.

 

Personally, I prefer Shadow Defender to Sandboxie for software testing because with Shadow Defender you can test anything that doesn't require a reboot, including software that installs drivers and services. Because an LV utility virtualizes the entire system partition at the disk sector level, the view that you get of the file system and registry is the same as it would be if you installed onto the real system, which is something I prefer when testing software.

I'm not currently using Sandboxie for either security or software testing but when I was using it, I found it to be fully compatible with Shadow Defender.

 

Shadow defender or TTF work great for testing programs that dont require a reboot. I never had a problem installing anything under either program. And both programs work great with SBIE. I switched to SD a couple of years back only because it is a program that's better known by other members here. My experience using the three LV programs that I have used in XP and W7 have been great, Rasheed, I recommend you pick one of this programs, you wont regret it.

Bo

 

Shadow Defender shows the genius of the person who developed it. The best programs are not only powerful and work, THEY ARE ALSO SIMPLE and easy to use.
Acadia