Light-virtualization programs and software testing.....urgent question

Discussion in 'sandboxing & virtualization' started by Zapco_force, Apr 15, 2016.

  1. Zapco_force

    Zapco_force Registered Member

    Joined:
    May 17, 2013
    Posts:
    84
    Location:
    Italy
    Hello, I would like to know if light-virtualization software (in particular Shadow-defender and TTF) can be used safely even to test programs that are installed as deep as antivirus or device drivers?.....can be used also to test large software packages (suites) such as Microsoft office, Adobe suite or 3DStudioMax, that install (unfortunately!) an infinite number of files and registry entries?
    All the created changes are totally deleted on system reboot or shutdown, even in these "complicated" cases?
    Thank.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    I can only speak to Shadowdefender. The only thing you can't do is install something that requires a reboot, as the reboot will uninstall it. But I can give you an example of things I've done. I needed to test bypass for one of the vendors involving Ransomware. My machine has 3 internal drives. So I shadowed my system, and turned the ransomeware lose, and it encrypted all the data type files on all three disks. Exited shadowmode and all 3 disks were clean.

    As far as large packages, if I remember right both office and the big adobe suites did require a reboot, so that wouldn't work. But it's the reboot that is the key
     
  3. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,282
    According to my experience, neither MS Office nor LibreOffice installations require reboot.

    I think the "complexity" of the software, that is, the number of files or of registry entries created, doesn´t affect the functionality of Shadow Defender, as long as there is enough free disk space to save the changes in the SD cache.
     
  4. Zapco_force

    Zapco_force Registered Member

    Joined:
    May 17, 2013
    Posts:
    84
    Location:
    Italy
    Thanks for the answers, but what do you think about software that is deeply installed as AV and system drivers?.....Shadow Defender and TTF are also strong
    in such event?
    In fact I would like to test a new AV but I fear that then remains some residual trace....:blink:
     
  5. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Hello Zapco, I don't have any scanners in my computers. In the past, I used Shadow defender (before SD, both Time freeze programs) for installing scanners. Last time was about 8 months but done it a few times with HMP and Malwarebytes. And real timers?....I installed Avast once. I also remember running a few times the Emsisoft scanner, TDSSKiller.

    If rebooting is not required, you ll be able to test the new AV, otherwise, it wont work too well. Whenever I installed programs of this type or any kind, as far as I can tell, when I reboot, all is gone. The times I searched and looked for signs that something survived the reboot, I never found nothing.

    Bo
     
  6. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I haven't experienced any reboot requirement when installing Avira, MBAM, and Hitman Pro. I'm pretty sure most AVs nowadays don't require a reboot, but I've noticed that my old Vista machine occasionally requires a reboot after an important AV version update whereas with my Windows 8 machine it was never required... Best way is to try...
     
  7. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    There won't be any residual traces, no matter how complex the software. The only thing you can't do, as Peter2150 said, is to use Shadow Defender to test software that requires a reboot.

    Shadow Defender intercepts all disk writes, below the level of the file system, and redirects changed disk sectors into a virtualization cache that is discarded at reboot. If nothing gets written to the registry and file system on the disk while in Shadow Mode, no traces of activity while in Shadow Mode can survive a reboot. That's why LV software in general can't be used to test software that requires a reboot to install.
     
    Last edited: Apr 22, 2016
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    If you want to test software that requires reboot then the only two solutions I depend on are 1) virtual machines, and 2) Good imaging software like Macrium.
     
  9. Zapco_force

    Zapco_force Registered Member

    Joined:
    May 17, 2013
    Posts:
    84
    Location:
    Italy
    Thank you all for the kindness (and especially to Pegr for the full explanation!):thumb:
    I know perfectly that light virtualization software are not appropriate to test programs that requires reboot, but I just have to check a few features..... so it's not a problem for me.
    the most important thing is that there remains no trace of installations!
    So in conclusion, with SD or TTF I can be tested safely even antivirus or large software packages, it's right?
     
  10. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    Right...no matter how big/complicated are apps or new data...in exiting from SM to normal mode SD always rejects all changes made in virtualised system. Even if you test 2,3 or more apps in one session...even if are AV/IS or ather kind of security software which make mess in files or registry...you always have clean system at the end.
     
Loading...