Shadow Defender alternative ?

Discussion in 'sandboxing & virtualization' started by Ech0, Oct 16, 2011.

Thread Status:
Not open for further replies.
  1. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
  2. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    Hello,

    I understand that tests have shown that SD can fend off malware that all other alternative 'light-virtualizers' can not. Is that an accurate statement? :doubt:

    If that is the case, while I would prefer going with a product that is still under development and supported (such as Returnil), it's hard to ignore the very strong security inherent with SD.

    Wendi
     
  3. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,160
    Thanks for pointing members to these posts.

    I just want to make some points about the product Shadow Defender generally (not including the 1.1.0.331 version)

    I have used most versions of Shadow Defender and now I personally use 1.1.0.325 (32 bit version) on xp 2 which seems very stable for me and other people seem happy with it and I have not heard any bad things but I want to remind people that there were two releases of 1.1.0.325 . Initially Tony released it and I found a bug straight away (I can't remember what is was now) and told him later the same day and he very quickly made some changes that fixed the problem but didn't change the release number.

    Some of the earlier versions had conflicts with other software and were at times buggy...nothing major generally. (for me and others), things like missing tray icons, antivirus losing settings after coming out of Shadow Mode and Nero Burning Rom becoming unregistered) after coming out of Shadow Mode.
    The version 1.1.0.278 was a stable earlier version for me.
    There were bad conflicts in earlier versions of Shadow Defender with the softwares (Alcohol 120%) (Daemon tools) that were very popular at the time of the mid development stage but Tony fixed it.

    After 1.1.0.325 there was a version 1.1.0.326 but it had some problems and many members went back to 1.1.0.325 as the last, good, stable version.

    I hope that this is helpful in some way to members and newcomers to the software

    Patrick (ex Shadow Defender mod)


     
    Last edited: Jan 7, 2012
  4. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    Hello Patrick, I have two requests...

    1. Can you supply a download link for the 2nd (updated) v3.25 (which you refer to above)?

    2. I would appreciate receiving your expert opinion about the issue/question in post #77. SD seems to be the best choice re system security, but as it's no longer being developed does it work with Windows 7 64-bit?

    Thank you,
    Wendi
     
  5. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,096
    Location:
    QC
    Hi Patrick,

    you got me interested because I run the .326 version from the time it was publicly made available (edit 7x64) and if there are some possible problems I just cannot see them. And I don't remember reading about any regression at time, or was it from personal communication with some users? So, could you please elaborate a bit more as I would like to keep an eye opened on this and test those bugs before possibly fall back to .325...
     
    Last edited: Jan 7, 2012
  6. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,160
    Wendy,

    1: I think if you do a search of the forum there are some links to Shadow Defender downloads that members seem to regard as being safe etc.
    I have a copy of the 64 bit version SD1.1.0.325_Setup(x64).exe if you get stuck.
    checksum 35EDF53C0B4D3B8960047CFBFCBAE7E3


    2:as far as I know this has widely been discussed on Wilders and as I remember Shadow Defender passed tests that many other softwares of the same time didn't (regarding boot sector attacks etc) and is still regarded by many as being the safest in it's category.

    There was the 64 bit release SD1.1.0.325_Setup(x64).exe and I believe people are using it on Windows 7 64 (although I haven't used it myself)

    So I'll ask that question here to Wilders members
    Are Wilders Shadow Defender users able to use SD1.1.0.325_Setup(x64).exe without problem on Windows 7 64?

    I must say that I am not an expert in any respect.

    Patrick

     
    Last edited: Jan 7, 2012
  7. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,160
    As far as I remember there were problems/glitches/bugs experienced in version 1.1.0.326 maybe not widely... but enough to make people revert to 1.1.0.325 as the last stable version...it may have been in icon missing problem again...something like that...something not quite right but significant enough to those who were looking for a stable, secure version.

    checksum I have for the 32 bit one that I'm using SD1.1.0.325_Setup.exe

    101CDC867F7771FAAE6810483EF16439


    checksum I have for the 64 bit one that I've got SD1.1.0.325_Setup(x64).exe

    35EDF53C0B4D3B8960047CFBFCBAE7E3

    I'll look in my back disks for other versions


     
    Last edited: Jan 7, 2012
  8. Crane_Mann

    Crane_Mann Registered Member

    Joined:
    Apr 2, 2009
    Posts:
    46
    Location:
    United States
    That's interesting. I've been using Shadow for a very long time (V1.1.0.325) and did not know that. Thanks!
     
  9. Crane_Mann

    Crane_Mann Registered Member

    Joined:
    Apr 2, 2009
    Posts:
    46
    Location:
    United States

    I am using x64 on win 7 - still works great. I've never had any problems that I am aware of. Any time I get stuck, I just re-boot and it goes away.
     
  10. batsec

    batsec Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    26
    Location:
    Germany
    shadow defender is the number one in its category, unprecedented. But the problem is, there are two different 32-bit SD1.1.0.325_Setup.exe installers:

    First one(former version): MD5: 101cdc867f7771faae6810483ef16439 (1270611 bytes) and the second one(latter version): 4ed0f50233680ffc37fbe5cf8057c634 (1141856 bytes)

    The second installer has been first seen after 23.Feb.2010. which one more reliable, former or latter version of 1.1.0.325 ? o_O
     
  11. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,160
    I remember now, when Tony first released 101cdc867f7771faae6810483ef16439
    I tried it and found a problem and Tony made some changes but as it turned out later I discovered it was a problem that I was having on my Windows 2000 system so I contacted Tony and told him that I didn't think the problem was with Shadow Defender after all.

    I think that is why I still have the 101cdc867f7771faae6810483ef16439 version of 1.1.0.325 setup stored as a on my drive and as I'm using it regularly now without problem. I guess I must have discarded the later one because any later changes would have been unnecessary. I can't remember clearly the exact details of the situation but I think it was something like that.




     
  12. batsec

    batsec Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    26
    Location:
    Germany
    Thanks for the reply @sdmod. I'm thinking of installing Shadow Defender to another machine and I'll try the first one(former version) with MD5: 101cdc867f7771faae6810483ef16439 setup file. :)
     
  13. crapbag

    crapbag Registered Member

    Joined:
    Mar 14, 2011
    Posts:
    145
    So nobody seems to have mentioned SafeShield.

    http://www.filestream.com/safeshield/

    Been using this for over a year now. Lifetime license and never had a single problem. I believe it's Returnil's visualisation tech but without all of their guff.

    Very straightforward.

    Use Shadow Defender on my laptop and SafeShield on my desktop. Totally easy and very similar.
     
  14. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    SafeShield?...OK...but waht about some infection's tests? Is SS the same secure as SD?
     
  15. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    No. Because it is a rebrandet Returnil it virtualisation can't protect against TDL3/4.
     
  16. kakaka

    kakaka Registered Member

    Joined:
    Oct 5, 2009
    Posts:
    84
    Former version actually was wrongly packed, which included a file named Setup.exe.0.

    See the attached picture.
     

    Attached Files:

  17. batsec

    batsec Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    26
    Location:
    Germany
    WOW !.. Then does it mean we should use latter version of 1.1.0.325, the fixed one ? :doubt:
     
  18. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,160
    I checked last night through my back cds up to when Shadow Defender 1.1.0.325 was released and all the versions that I can find are checksum 101CDC867F7771FAAE6810483EF16439 so I must have rejected the other version for some reason, I know I had it at the time so if it had turned out to be the correct one I would have kept it.

    Looking inside the exe I see

    Setup.exe.0 482 KB filetype 0 Date Modified 07/01/2010 03.11

    and

    Setup.exe 483 KB filetype Application Date Modified 09/2/2010 02.36

    ..............................................
    Commit.exe 474 kb 2010/02/09 02:37
    Daemon.exe 247 kb 2010/02/09 02:37
    Defender.exe 809 kb 2010/02/09 02:36
    Diskpt.sys 186 kb 2010/02/08 05:24
    Diskpt2k.sys 187 kb 2010/02/08 05:24
    Eula.rtf 9 kb 2008/01/21 05:26
    Files.txt 0 b 2012/01/10 06:33
    Help.chm 184 kb 2009/12/21 07:32
    Res.ini 7,795 b 2010/01/18 02:28
    Setup.exe 483 kb 2010/02/09 02:36
    Setup.exe.0 482 kb 2010/01/07 03:11
    ShellExt.dll 206 kb 2010/02/09 02:37
    Uninstall.exe 288 kb 2010/02/09 02:36

    ...............................................
     
    Last edited: Jan 10, 2012
  19. crapbag

    crapbag Registered Member

    Joined:
    Mar 14, 2011
    Posts:
    145
    Won't pretend to know what these are but they haven't shown up in any regular malware scan.

    Out of curiosity, in the face of these flaws has Returnil not released some kind of patch or new version for them?
     
  20. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Folks,

    Just a bit of a reality check here.... it's unfortunate situation but as soon as you start to lose your ability to trace software back to a trusted source, you open yourself up to all sorts of unknown eventualities.

    Shadow Defender was a great product when the download site was active and clearly controlled by the product developer. That's no longer the case. If you have a legacy copy that's diretly traceable to the original author, that's great. However, anyone coming onto the scene now is really not in that position.

    My own recommendation would be to stick to supported/currently developed options that can clearly be downloaded from a site with known integrity. For myself, I remain a Returnil user. It's stable, supported, and works well on the systems I use.

    There are other similar options out there that fulfill this rough criteria as well if your own preferences tend towards other directions.

    Blue
     
  21. crapbag

    crapbag Registered Member

    Joined:
    Mar 14, 2011
    Posts:
    145
    Copied this from the SafeShield help doc (my italics):

    'System Guard is a very targeted antimalware to protect your Windows from exposure to malware designed to circumvent virtualization. It is independent of Virtual Mode. For total protection, it is highly recommended that you turn on both Virtual Mode and System Guard.'

    Not sure if Returnil has this tool too?

    Hopefully this will prevent the nasties you mentioned.
     
  22. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    SafeShield should be the same as Returnil Lite.

    I testet both (SafeShield and different Returnil products (only virtualisation!)) 2 or 3 month ago: They were not able to protect against TDL3/4.
    Shadow Defender is still the only program of this type where you see no leftovers from TDL3/4.
     
  23. crapbag

    crapbag Registered Member

    Joined:
    Mar 14, 2011
    Posts:
    145
    :eek:

    Looks like SafeShield is indeed just Returnil Lite. Thought they might at least have tweaked it or something.

    If that's the case then why haven't Returnil managed to come up with a patch for this?

    Seems odd when the product is still active.
     
  24. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    Hey Blue, do you think in such situations it's best to get software from Softpedia?
     
  25. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,452
    Location:
    U.S.A.
    Removed Post Full of VirusTotal Results as Per Policy.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.