Light virtualization: Returnil/PowerShadow/ShadowDefender/ShadowUser Pro

Discussion in 'sandboxing & virtualization' started by BlueZannetti, Dec 30, 2007.

Thread Status:
Not open for further replies.
  1. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    I fully agree with you.
     
  2. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Is there any point to use Heidi's Eraser with Sandboxie if I reboot computer every morning and I use Shadow Defender too?
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,295
    I would say no, but it depends on what you do, and your paranoia level. I don't use any secure delete.

    Pete
     
  4. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Here is that command (example):

    "c:\Program Files\Eraser\eraserl.exe" -folder "%SANDBOX%" -subfolders -method DoD -results -queue

    eraserl [Data] [Method] [-silent | -results | -resultsonerror ] [-queue] [-options]

    Data:

    -file....................data [-subfolders]
    -folder................data [-subfolders] [-keepfolder]
    -disk..................drive: | all
    -recycled

    Method:

    -method.............Gutmann | DoD | DoD_E | Random passes | Library

    Parameters:

    -file...................The data to erase is a file (wildcards may be used)
    -subfolders.........Include subfolders
    -folder...............The data to erase is files on a folder
    -subfolders.........Include subfolders
    -keepfolder........Do not delete the folder
    -disk.................The data to erase in unused space on a drive or all local hard drives (all)
    -recycled...........Erase all data on the Recycle Bin
    -silent...............Do not show any windows
    -results.............Show Erasing Report
    -resultsonerror..Show Erasing Report only in case of error
    -queue..............Wait until previous instances have finished
    -options.............Ignore all other valid parameters and show Erasing Preferences window
     
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,528
    Location:
    U.S.A. (South)
    Thank You Much

    That will prove very helpful.

    As suggested by Pete, the secure erase with ERASER is more an individual decision since it's been a normal routine of mine for years to wipe individual files/folders just to be sure they're unrecoverable.

    SandboxIE's use of Micro's delete is sufficient of course but i prefer to wipe the contents of the sandbox.
     
  6. boberang

    boberang Registered Member

    Joined:
    May 27, 2006
    Posts:
    11
    OK, I don't think this was asked earlier in the thread but a couple posts indicated that Shadow User Pro does NOT protect against low level threats....isn't that a major negative for it to still be considered functional? Maybe I am missing something.

    As an owner/user of Shadowuser Pro for a couple years I hadn't looked at the new kids on the block as I don't mind rebooting to enter/exit shadow mode.

    However, with the discussion of Shadowuser Pro missing low level stuff, would it be advisable to use Returnil during suspicious times (when you think you may be more at risk)? And if so, say I have 2 hours in Shadow mode then turn on Returnil because I am going to test or do something risky....will there be conflicts with what Returnil does and the exception list of Shadow User Pro on that first 2 hours?

    If ShadowUser Pro can still be my clothing in summer and I only need the parka of the free Returnil when I fly to Alaska for a short time, that is great. If I need the parka all the time as the clothes Shadowuser Pro provides are no longer sufficient, I have a headache of reconfiguration and re-training of users on my hand.

    Oh, and maybe I should use Sandboxie as mittens ever now and then, with or without the parka, depending on how cold or biter cold it is. ;-)
     
  7. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    I think it would be better to ask your question without using such analogies, and get straight to your point or are you looking for confirmation to something you already know?
     
  8. boberang

    boberang Registered Member

    Joined:
    May 27, 2006
    Posts:
    11
    The analogies came from the previous page, so it was just a continuation. No, I don't know the answer. Without the analogies the question is:

    A) Given that people have stated Shadowuser Pro does not protect against low level writes does that make it significantly more vulnerable for most use and one should look elsewhere for an updated product?

    B) Or for average consumer use is Shadowuser Pro still a good solution, but perhaps during times of more robust / higher risk use would it be advisable to use Returnil for additional protection and layer against low level writes? And if so, would it conflict in any way with the excepted files from the Shadowmode of Shadow User Pro

    I am hoping first and foremost the low level vulnerability of ShadowUser pro is insignifigant, in lieu of that I hope option B) is viable. I really do not want to have to migrate completely to another product as the main lightweight virtual defense as Shadowuser pro is what people are use to, and its exception capabilities and use on multiple drives is a benefit.
     
  9. Bollo

    Bollo Registered Member

    Joined:
    Feb 8, 2008
    Posts:
    13
    Location:
    Tarija
    First of all, I want to say HI to everyyone here in Wilders Security Forums...this is the FIRST site I visit to take a recomentation or advise about something I found in the web...

    I always entered this site as a guest, like many people here, but the diferrence it's that I made that a lot of times without even say "thanks" to somebody who had the same problem and another one solved it..

    Well, I'm replying here because I'm having some questions about this "light virtualizations" programs...

    The Thing or better say my DOUBT is about their way to protect the hard disk..

    Does this software can make you hard drives to fail!!? because at least I'm testing Returnil (beta) with my system and I got that doubt..

    It seems that some friends installed Deep Freeze or another virtulization program and they had problems with their hard drives. It seems that the program made exhaustive writes and reads in the disk in the same sectors, like Returnil do in a file that occupies a fixed size in the disk.

    So my question is if that kind of programs makes to many writes in the same location many times, causing the hard drive to fail.
    That's all for the beginning...i will be here from now on.

    Thanks in advance.
    Bollo
     
  10. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    At present, probably not. However, it really depends upon whether that approach becomes a significant generalized mechanism in the future. If you already own ShadowUser, it is a very decent solution. If you're currently looking, the more recently developed solutions will generally be better since they can and will adapt to recent developments.
    If you're talking of mixing multiple light virtualization products, I'd recommend against it. Go with the best single solution from the start.
    Of the current options, ShadowDefender is the closest in this regard, save for the inability to have a shadow session span across restarts.

    Blue
     
  11. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    If you mean fail in the hardware sense, no. If you mean fail in the driver sense, I've not seen that happen. As with any application, conflicts can and do occur.
    Fundamentally, this shouldn't be an issue. The situation is no different than any disk location which is extensively utilized. A hard drive, like any other device - particularly a device with moving parts - has a finite lifetime. But the activity connected to virtualization is really no different than normal use.

    Blue
     
  12. Bollo

    Bollo Registered Member

    Joined:
    Feb 8, 2008
    Posts:
    13
    Location:
    Tarija
    Thanks for the quick reply BlueZannetti...

    Well that was more a curiosity than an issue, at least, for me, because it's interesting how they save the changes in specific sectors and then "writes" it to a "virtual file" that will be descarted when you reboot the machine. That's what makes me think about the many overwrites in the same sectors where the Returnil's file is. :D

    Quite interesting these programs...
    Also, sorry for my english it's not native, but hope it's understandable. :p
    I'm from Tarija (South America) where we speak spanish.

    Bollo
     
  13. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Which is basically no different than what happens to a drive without Returnil or any of these other products.
    It's quite understandable, no problem at all...

    and welcome to Wilders as a member!

    Blue
     
  14. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi Bollo,
    The cach file is only created and used when you select the Disk cache method. You can switch to the Memory cache method at any time using the repair feature in the Uninstaller without having to uninstall/reinstall.

    Another aspect of the duality is that if the Disk cache were to ever become damaged or corrupt, RVS will switch immediately to Memory cache so you do not loose System Protection/Session Lock

    With kind regards
    Mike
     
  15. Bollo

    Bollo Registered Member

    Joined:
    Feb 8, 2008
    Posts:
    13
    Location:
    Tarija
    Thanks BlueZannetti for the Welcome and Coldmoon for the explanation, will be posting more curiosities at the Returnil's Beta Thread...

    Thanks.

    Bollo
     
  16. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell

    hi BOLLO and welcoem :thumb: i will put it short returnil can be trusted 100% its do its job , no HD MBR modification (also goes for SD and DF).
    and its good returnil developer (coldmoon) is all over here and can approve or override what we sys in here :D

    cheers:cautious:
     
  17. boberang

    boberang Registered Member

    Joined:
    May 27, 2006
    Posts:
    11
    Thanks Blue...that was my gut feeling, but I don't pay attention daily and didn't know if the low level threats had become more viable.


    Bollo: I agree with others here...these products shouldn't cause a hard drive to fail before its time. Having said that though, all hard drives are NOT created equal. Some fail more often than others, not because of products like these but just general use. So plan accordingly. :)
     
  18. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    My pleasure. The other option to consider, and it really depends on your usage style and application base, is to run your machine as a limited user with SU (or your preferred alternate) running with Admin credentials.

    Blue
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,528
    Location:
    U.S.A. (South)
    On the matter and concern of these type softwares and their impact on the hardware HD's, i often raised the same concern some years ago at the Heidi's ERASER forums and was "VERY" skeptical even when assured there was no real reason to be pessimistic that over time due to so many writes of a wiping program, one might expect their drive to eventually fail much sooner then expected.

    Well, in conclusion, i never stopped using ERASER, even when using the 35 Pass method, and after years of this routine no drive i own, even the oldest which housed Windows 98SE, is ever shown signs of or experienced a failure.

    I assume the same equally applies to the apps above just mentioned but on an even lesser basis IMO. No expert here on hardware and the impact of softwares on them, but i be willing to venture that my daily use of ERASER for years in a many passes mode far surpasses the writes any of those virtual programs could do.
     
  20. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,475
    Running SU with any HIPS (they all stop executables) or any reputable AV for that matter (if you feel uncomfortable with HIPS) will neutralize the danger of these 'low level threats'.

    Returnil, SandboxIE, ShadowDefender are more or less updated against these threats, because some people at Wilders specifically pointed out their existence to the developers.

    The bottom line is that no matter what solution one chooses, they can be defeated at any time in the future by new threats, if one relies on their protection alone. Perhaps a new animal should be created: A signature based virtualization program which would be the same as adding an AV to your system.
     
  21. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Welcome to Wilders Bollo. The more South Americans, the better ;)
     
  22. Bollo

    Bollo Registered Member

    Joined:
    Feb 8, 2008
    Posts:
    13
    Location:
    Tarija
    Thanks for the welcome to everyone.
    Will be glad aiding in whatever I know...

    See ya.
     
  23. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I was looking at deep freeze and some of the other programs out there but I absolutely love EAZ-FIX. At first I was interested in Rollback Rx but heard from a few seasoned people on this forum that it was somewhat flawed. Using eaz-fix and making a snapshot before installing a program is a lot better than relying on the uninstall program to remove everything which it won't. I have yet to see any problems with rolling back to a previous snapshot.
     
  24. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    apathy,

    EAZ-Fix and Rollback Rx are a little different than the programs which are the main focus of this thread, although many final results appear quite similar.

    The main potential issue with EAZ-FIX/Rollback Rx is that if one leaves the filesystem environment provided by these applications and makes any changes to the disk (for example, boot to a Bart PE session or something similar, defrag using a 3rd party application on boot, etc.), these changes will be unknown to the environment and will lead to it's corruption.

    That can be a bit of inconvenience in some situations, but the advantage of these applications is the enormous speed advantage accrued via use of this approach in making and switching between snapshots.

    Blue
     
  25. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    yo all

    after check this amazing EAZ FIX ... its actuley can be used for what we all were missing long time for now and its "continue shadow mode after restart" . can than test program np and ROLLBACK if something went wrong.

    for all of you who scream SU has it ..well it bugy and not work well under some systems

    i find it better to use also it can provide same abilty of SU SD DF and so on

    cheers:D
     
Loading...
Thread Status:
Not open for further replies.