I have a question about ShadowUser Pro. spy1??

Discussion in 'other security issues & news' started by eleven, Jul 28, 2005.

Thread Status:
Not open for further replies.
  1. eleven

    eleven Guest

    Hi, maybe somebody else can help me but I really want to hear spy1's answer because I know he is the "shadowuser expert" 'round here :)

    Anyways, I have been using Deep Freeze Standard for a long time now but I want to try ShadowUser because it has some nice features that I think are useful, like resuming shadowmode on next reboot amongst other things.

    I have a question about two features in shadowuser. In the configuration there is an exclusion list and an auto commit list.

    The help file describes in great detail about how to add/remove items to the list (which is pretty self-explanitory) but it fails to fully describe what each list does. I have read through a couple of times and still don't understand how to use these lists.

    Can you please take the time to explain to me what each list does and how to use them properly?

    Thank you. Your reply is appreciated. :)
     
  2. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Hi Eleven

    I use SU, but I'm not an expert on it. In relation to the exclusion and the autocommit list, my understanding (from reading the help files) is that they achieve the same result in different ways...ie, you only have to use one or the other, not both.

    I use the exclusions list, because that is quite easy to understand what it does. Any changes made to a folder in the exclusions list will not be effected by SU (it will still be there on reboot).

    There is a catch to this though, if the change you make to a folder in the exclusion list requires a change to the registry...the registry isn't included in the exclusion list.

    SU is a bit friendlier than DF, mostly in that you don't have to do so much work to set it up (ie, you don't have to partition your harddrive or have a second harddrive, then copy your excluded programs there etc).

    Hope this somewhat answers your question.
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Hello, eleven. (I'll be glad when I can finally disabuse everyone of the notion that I'm an "expert" at anything - because I'm not ).

    That said, some of the major differences were, I thought, covered quite well in the "Help" files (although you had to kind of read several places to get it all).

    "An important restriction is placed on the user while in ShadowMode if Exclusion Lists are enabled. With Exclusion List enabled, the option to do a Full System Save anywhere on the system is disabled." (This is the main difference between the two, the other important difference being that "Exclusion List" changes are made "Real time" (as they happen) - while "Auto Commit" changes aren't finalized until a re-start/re-boot - Pete ).

    "The enabled box on the Exclusion List must be checked for invoke Exclusion List."

    "If the user wishes to protect his work but still have the option while in ShadowMode to make a Full System Save then the user should consider using Auto Commit lists. While these lists do not save changes real time to the disk, they will permanently save the changes to the files and folders in the Auto Commit list on a normal restart or shutdown and still allow the user to optionally use the Full System Save feature."

    You also have to realize that which one you choose to use (either "Exclusion List' or "Auto Commit") will affect what files/folders can be saved by a right-click "Commit" (the availability of that feature, IOW):

    "The Commit from the context menu can be used at anytime to save a file or folder permanently to the volume. The feature performs just like an exclusion file, but the action must be taken manually. To use the feature right click on the file or folder to save changes to the disk and select Commit.

    If subsequent changes are made to the file, the Commit must be repeated to permanently save those changes.

    The Commit from the context menu is not available to files and folders that are on the Exclusion List. Files and folders on the Exclusion List have their changes saved to the disk permanently as they happen (real-time)."

    Hope that explains what you needed to know. Here, I use the "Exclusion List" rather than the "Auto Commit" - if I absolutely have to save something that isn't covered on the "Exclusion List", I simply right-click it and "Commit" it. It normally isn't an issue because I just don't keep stuff.

    It's also simpler that way because you don't have to choose one of the three options: "1) regular shutdown or restart where only files and folders on the auto commit list are saved, 2) shutdown or restart where a Full System Save is requested and all changes to all files and folders will be saved permanently to the drive or 3) shutdown or restart where no files and folders will be saved to the drive, including files and folders on the auto commit list." that you have to choose when you use the "Auto Commit" route (which works out well for a simple, non-expert guy like myself! :D ).

    Whether that'll work for you or not - I don't know, as I don't know how or what you use your computer for). Pete
     
  4. eleven

    eleven Guest

    Thanks for taking the time to reply. My understandment of the two options have sparked a couple of other questions.

    I think I will use NIETHER the exclusion list NOR the autocommit list. I prefer to do the commiting manually (for security reasons). I have thought about it like this: Lets say I exclude my antivirus directory, and then one day I download some trojan that modified some files in my AV directory, those changes are now permanent (this is a security issue).

    Auto-Commit would be a better option, but it is still saving things automatically which I'd rather it not do. I think I will simply commit changes manually to files and folders that I need to save. So like, after an AV update I will commit the changes manually.

    Vikorr said something insteresting. What if I commit changes to something that also needed to save its changes in the registry and/or another location on the hard drive that I don't know about? Those changes would be lost and possibly mess up the program in one way or another.

    This has me worried in a way and I think that these types of programs (DF/SU/DV... ect) shouldn't have a way to commit a change while in the "secure mode". Because if you do commit the change, who knows if you are commiting the "full" change? The best way is to get out of shadow mode or go into thawed mode with DF and make the changes you need. This way you know all changes are complete.

    Look at what P2k posted here: https://www.wilderssecurity.com/showpost.php?p=344435&postcount=32

    He is right because those programs that he listed save changes in places other than their own directory.

    So what I am thinking of doing is to use SU in the same way I have used DF for the past few months. The only reason I like SU better is the ability to resume a shadow mode after a reboot (which is great to test software that requires a reboot)

    As far as commiting changes goes, I will only make changes that need to be saved while I am out of shadowmode.

    Aside from all of this, my switch from DF to SU is still questionable. spy1, you and Blackcat have an unfinished conversation here: https://www.wilderssecurity.com/showthread.php?t=63125

    This unfinished convo is keeping me from switching. Perhaps you can tell me what your results were when you tried what Blackcat said?
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    eleven - You go ahead and try it out your way and see how it works for you (let us know).

    The way I have it set up here suits me fine, and the "registry changes" issue really doesn't come into play here due to the fact that RegDefend runs in ShadowMode also (as well as PG).

    Other than to say I've never experienced any indication whatsoever of things not returning to the "clean" state with ShadowUser (born out by daily scans with all the things i run in my sig and things that aren't in there), I'm not "re-visiting" things right now because I'm busy with other things.

    Please bare in mind that what works fine for me does just that - works fine for me, my computer set-up, my other programs that run in ShadowMode, etc.

    I can neither tell you it will work as well for you (since your set-up and applications are totally different than mine), nor hazzard guesses or make pronouncements about things I haven't a clue about.

    If you want to try it and buy - go for it. If you want to stick with DF, that's fine, too. I just prefer SU because it's simpler yet more flexible. Pete
     
  6. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Hi Eleven

    I saw your concern about exclusion lists being vulnerable. It's actually the major reason I chose SU over DF (sounds silly but let me explain).

    All my programs are installed into my Program Files folder (I don't let them install anywhere else). I add the ones needed on the exclusion list. These excluded folders are then protected by Prevx (which prevents executable installation/modification of executables in the Program Files and Windows folders).

    I couldn't use Prevx to do the same thing with DF.
     
  7. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    My observations in the thread above were based on my use of ShadowUser 2.0.

    However, my very recent testing of ShadowUser seem to have gone a lot better. SU 2.5 seems to clean everything now when coming out of ShadowMode and it does roll back my computer to the "Clean" before state.

    Version differences or running the program on a new (different) machine may have accounted for the improved results with the SU 2.5! :doubt:

    Moreover, their support now states that;
    And I can confirm this. Further, this new version has the ability to continue a ShadowMode session across reboots:a great feature :cool:

    All in all, I am very happy with SU 2.5. Now if only they would consider a price drop :p
     
  8. eleven

    eleven Guest

    vikorr, I understand your point but I think you missed mine. First of all, it is insecure (by itself that is). You need to be using another security app such as prevX to fill in that insecurity, which is what you are doing. I am not really looking to purchase too many security apps and I hate having too many programs running at all times.

    Ok, so lets say that you use SU with PrevX. You have now taken care of the security issue. But, my other point was that lets say you make a change in one of your apps in the exluded list. Without you knowing about it, that small change has modified some registry values, modified some files in the excluded directories, and possibly modified some other files in the windows directory or some other file that this particular program stores outside the excluded directory. Now after your reboot, the only change saved was the one in your apps main directory (the excluded one). Which means that you have lost the registry settings that you modified and all those other things. This program may look for those reg settings later on or call upon that file it stored somewhere else on your system and find misleading info.

    That is my whole point. It will work fine when all changes are within that main directory. But you can clearly see how this isn't such a good way. After I thought about it, I realized that if you want to make a permanent change to the system, best thing to do is thaw or shut down shadow mode, make the change and then reload the security.

    Blackcat, thanks for clearing that up. Now if I do use SU, I would feel more comfortable with it.

    So basically now that I have ruled out all the extra things that SU has over DF standard, the only thing left is that nifty feature of resuming a shadowmode session.

    After I tested it that feature, I was disappointed to see that it doesn't work in the way you would think. You cant change the option "on the fly" so to speak. Allow me to explain:

    Lets say you are in shadowmode, and it is getting late and you need to wake up early in the morning, but you are doing something important on the computer that you don't want to start all over, and you know that if you shut off the PC you will have no choice but to start over.

    Another scenario: lets say you installed a new app that you want to test out in shadowmode first, before you permanently install it. You go to run the app and it tells you must reboot the PC before using it.

    In both scenarios, the simple solution would be: Go to options, and select resume shadow mode for the next reboot right? WRONG... :(

    You can't resume shadow mode while you are in shadow mode. You need to lose your changes and get out of shadow mode, come back and set shadow mode to resume on each reboot and then go back into shadow mode. And then from now on your shadow mode will indeed resume its session on each reboot with no way for you to change it on the fly unless you get out of shadow mode and do the whole process all over again.

    Pointless waste of time.

    I may be wrong, I only tested it lightly but from what I have seen, this is the case.

    So with that ruled out (for now until someone can tell me otherwise) I have decided to stick to DF.

    I like SU, I really do. But everytime I see a benefit for it over DF, it lets me down :( I wont purchase it until I can see myself getting something out of my switch from DF (which I already own).
     
  9. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Heya Eleven

    I know what you mean about the registry changes - I pointed it out remember :)

    In relation to that, both DF and SU suffer the same problem.

    And my point of mentioning how I use PrevX in conjunction with SU was this :

    -Excluded folders dont make SU less safe than DF - both have unprotected area's of the computer.
    -In DF you need a partition or 2nd harddrive to store your changes.
    -In SU you can use Excluded Folders.
    -I can't protect the partition or 2nd harddrive of DF with Prevx (which I already had), but I can protect the excluded folders of SU with Prevx.

    If I didn't have Prevx, I would probably have two harddrives, and DF C: and use D: for storing all my stuff :)

    Then again, I rather like how Prevx works with SU...I'd really have to think about it :)
     
    Last edited: Jul 30, 2005
  10. eleven

    eleven Guest

    Oh yeah, please accept my apology :)

    So tell me Vikorr.. you are obviously aware of the problem, why are you still using the excluded folders? Just curious. Because I know I would want to be certain that all my changes are saved when I make them and not just partially saved. Have you ever encountered this problem?

    Aside from that, I have only 1 hard drive with 2 partitions. I DF the c: and leave the d: thawed. All my apps go on the c: and the d: is used for random unimportant stuff. If I ever need to make a change on the c: (like update my AV) I thaw it, make the change, and then DF. I normally don't "permanently update" the AV regularly. I do it only about once a month. But my AV is always up to date as I update it on boot up and the updates will stay until my next reboot.

    I guess to each his own... this is the way I find to be most reliable and it has been working for me wonderfully. The only advantage I see to using SU is the resuming of the shadow mode on reboot (which seems to not work easily)

    Also, one thing I dislike about SU is that you can't really pasword protect it if you are logged in as admin. I am always logged in as admin and one of my purposes to using DF is to keep my friends who use my computer sometimes from destroying it. With DF I can rest easy. But with SU they can easily disable my security... they always like to mess around with me so that's why I can't trust em :)
     
  11. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Hi Eleven. I think you are getting a little confused <although I could be wrong here>

    SU Excluded Folders = DF D:\ drive <whether partitioned or second harddrive>

    In specific regards to this concept, there is no difference, either in security levels, or anything else. Perhaps the only difference would be how fragmented your C:\ drive can get.

    The only program I can't update without disactivating shadowmode is my AV. The AT, AS, and everything else updates. <this should be exactly the same procedure for DF if you stored your security software on your D:\>

    However to change program settings normally requires I deactivate SU <this should once more be exactly the same procedure as DF if you stored your security software on D:\>

    I don't think there's a great deal of difference between the two, except SU was easier for me to setup (don't have a 2nd Harddrive, and didn't know how to partition a HD), and the ability to use Prevx with it also made up my mind to go with SU - Prevx meant I could exclude my security software (for easy updates) while still having it protected, but that was only possible with SU (the last being a matter of convenience vs relative security I suppose)
     
  12. eleven

    eleven Guest

    SU Excluded Folders = DF D:\ drive is true.

    But the way I have my pc set up, everything runs off the c: (the d: is just random garbage and my email client)

    So we can pretend that my d: doesn't even exist. And lets make beleive you don't have PrevX. Just talking about plain SU vs DF. With that said, you have a system that unwanted/incomplete changes can occur on while I have a machine that is solid. (at least I hope so :) )

    So we can say:

    SU computer w/ excluded folders != DF computer
    -but-
    SU computer w/ excluded folders + PrevX == DF computer

    At least that's to my understandment.

    There are pluses and minuses on each side, but which hand outweighs the other? From this discussion I have come to the conclusion that it all come down to personal preference and how each individual wants to run his/her own PC.

    Anyways, you have taken care of the SU vulnerability with PrevX and now you have a system that is comparable to my DF system, but also lets you update basic things without the hassle of multiple reboots. So thats cool. But I don't think I would recommend using excluded folders to a user that doesn't own PrevX.
     
  13. eleven

    eleven Guest

    ^^I just wanted to add that this topic has gone way off course but that's cool because this discussion is fun and interesting :)

    My main goal in trying SU was to find a similar program to DF that will give me some useful bonus features. Sadly, all the bonus features of SU have been ruled out and the fact that SU has poor password protection makes it a vulnerability to let untrusted people use the PC. :(

    I just feel more secure with DF on all levels.
     
  14. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Yup, as you said it comes down to user preference. I like how the SU/Prevx setup is a balance between <as a comparison> the absolute (while active) security of DF, and the flexibility of being able to update most security programs (excluded folders/Prevx), and I can understand how why you feel safer with DF :)

    In your situation, I personally wouldn't change.
     
  15. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222

    Hi Vikorr,

    I've followed with great interest the whole debate about the differences between SU and DF. I must say that after reading SPY1's thread on SU, I've been running it for the last 3 weeeks without any issues.

    Today I downloaded Prevx 1 beta on 'shadow mode' with the 'persistent' feature enabled so that I could trial the program, and I was surprised to see that Prevx upon reboot (the program requires a reboot) disappeared leaving no trace of it (SU behaved as if it was in a normal reboot and deleted it).
    Very odd I thought, so I downloaded Prevx 1 beta normally (not in shadow mode) and once the program was installed(successful installation) I rebooted on shadowmode 'persistent' and got the dreaded 'blue screen of error'.

    Could you (or anyone for that matter) tell me whether this has something to do with a conflict of some kind (your system doesn't seem to be affected) or perhaps the beta version of Prevx creates the conflict?

    Any feedback would be appreciated thanks.

    (My system:KAV, OUTPOST FV,MS ANTISPYWARE, SU PRO 2.5, SPYWARE GUARD/BLASTER)
     
  16. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    EWww...no sorry, I don't know why you got the dreaded blue screen of death. I haven't heard of anyone else reporting that :(

    You should send an email to the Prevx support team. If you send it to the support area on their website, you usually get a reply within 24hours (although I don't know that they can fix the blue screen of death that quick).

    Don't forget to send them your OS, and other security apps (in case there is a known or unknown conflict with one of them)...it's usually a conflict with another security app.

    As for SU deleting it, that's what Eleven said happened, so it must be a bug, which I'd send to the Shadowstor team (really should work properly). Or there may be a technical reason for wiping things that install drivers that Shadowstor don't mention in their webpage (but that's just a guess).
     
Loading...
Thread Status:
Not open for further replies.