Light Virtualization - the first year....

Discussion in 'sandboxing & virtualization' started by BlueZannetti, Jan 12, 2009.

Thread Status:
Not open for further replies.
  1. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    A year ago I started a thread on Light virtualization: Returnil/PowerShadow/ShadowDefender/ShadowUser Pro. The objective of this thread was to pull together information on the partition virtualization solutions available at that time. Late 2007 had seen the release of a handful of new partition virtualization applications to the market. ShadowUser Pro from Storagecraft had been on the market for a number of years, but had languished for a number of reasons (piracy, pricing (at least IMHO), the need to restart to enter into a virtualized state, etc.). The 2007 class of partition virtualization applications allowed one to initiate a virtualized session without restarting the system. This minor enhancement removed a major usage inconvenience and brought this class of application to the fore.

    This post revisits the status of these partition virtualization solutions. This is an opportune time for a number of reasons:
    • First, the official Returnil Support Forums have recently relocated to Wilders.
    • Second, and this topic probably deserves separate treatment, but I believe that many users simply miss the boat on a key structural aspect of security. There's substantial energy, commentary, and emotion spent on unending quests for the perfect or strongest computer security solution. Ignoring for a moment that, due to the fluid nature of the existing challenges, this is a moving and unrealizable goal, I believe that it misses the mark conceptually as well. My own belief is that one should strive to achieve an appropriate threshold level of protection. That threshold is certainly dependent on the specific user, but I do believe that simple guidelines are applicable to the masses. Although this might appear to be a minor point, one's whole approach to solutions change when the problem switches from a mindset of maximization to one of thresholding. You simply need to exceed the appropriate threshold.
    • Finally, the various partition virtualization solutions - all of those originally covered - have been used by me for a full year under routine usage conditions. My usage of these programs have not been a sparing invocation of an infrequently employed application, but daily use. This is a point that I'd like to emphasize. Partition virtualization has become an integrated part of my own system usage. It has stood the test of time in my hands which so many other previously available solutions have failed to achieve. I believe that this, in large measure, reflects the products striking and maintaining an excellent balance between functionality and ease of use.
    My own usage of these products and straightforward and likely reflective of a mainstream casual user. Typically, I will initiate a virtual session when I believe that I may be treading on dodgy or uncertain territory. An example of that would be when I happen to check the status of a potential malicious link posted on this site. That's a useful metric to keep in mind, a single link check, that's a pretty low usage threshold. Invariably, the virtualized session will continue until I have to do work that needs to be retained in an existing virtualized location (download email for instance) or the day ends, then it's back to normal operations. That's the scheme I happen to follow. One could clearly opt for the converse. Rather than treat the virtualized session as the exception to jump into, configure the system to work predominately in a virtualized state (relocating folders as desired to provide account for "typically saved" content such as emails and documents in the process) and exit to a regular state on an as needed basis. Both approaches work quite well.

    Let's begin with With a brief recap of the main players and their current status (revisit the original thread for additional details which will not be repeated here)....

    • ShadowUser Pro V 2.5:
      • As was noted previously, this is the oldest option in the group and remains the only product that supports continuation of a single shadow session across system restarts. Unfortunately, it is also the only application that still requires a restart to enter a shadow session. However, development of this program is either suspended or has ceased.
      • Development of ShadowUser Pro has either ceased or is suspended at present. A comment in the ShadowUser forums dating from April 2008 (and repeated in June 2008 in another section) was that there were no near term plans for an update. If an update were to occur, it appears as though Vista support would be the first target addressed.
      • The current price is listed at $49.95, which is down from the price ($69.95) listed at the start of 2008. While an improvement, this remains among the most costly of the programs in this category from the perspective of initial outlay.
    • PowerShadow 3.0:
      • This program has been unchanged through 2008. Shadow sessions can be started in either a single (system partition) or full (all partitions) shadow mode.
      • The PowerShadow website is accessible, although not updated for quite some time. The purchase link on the site (via Share*it) appears to be active as well. The $39 price has been active since launch, even though it is listed as a time limited discount.
      • While activity for this offering in the English speaking world have been almost non-existent in 2008, I did have occasion to reinstall PowerShadow in December 2008 and the activation servers were still active at that time. Perhaps their focus has shifted to the local Chinese market.
      • Support, when required, has been quick and attentive, although I haven't used it since Jan. 2008. However, a somewhat causal note sent to Ensurebit support over the US Holiday season remains unanswered to this point (~ 2 weeks).
      • Supported OS's are Windows XP/2000/2003
    • Returnil V 2.0:
      • Available in free/personal and paid/premium versions. The paid version is a $25/year subscription.
      • Basic partition virtualization is provided in both the free and paid versions. An explicit feature set comparison is provided here
      • Version 2.0.1 (currently in beta) of the premium edition will have the following new features: Custom Virtual Partition installation path; Virtual Partition drive designation change support; File Protection; Returnil Tools: Anti-Execute and Real System Autoruns; Real System Registry Editor; Right Click Delete; Disk Cache privacy wipe; Right click Tray Icon and Toolbar control; Custom language and Help Manual installation support; User defined font support
      • Privacy mavens should note that in addition to the typical "drop changes" options allowed with this type of product, a "secure session erasure" capability is provided when disk caching is used and an option to "erase all change remnants from the real harddrive" is selected under the Advanced Options.
      • Supported OS's are Windows XP/2000/2003/Vista (32-bit)
    • Shadow Defender V 1.1.0.275:
      • User selectable protection by partition, specification of excluded files/folders, and commit to specific files/folders (selected or via context menu)
      • Attentive support and product updates
      • The current price is $35 as a one-time purchase
      • Supported OS's are Windows XP/2000/2003/Vista (32-bit).

    Which one..?

    In terms of basic functionality, no major changes appeared in 2008, nor should one necessarily expect major changes in this class of application. Shadow Defender and Returnil both incorporated mechanisms to prevent low level disk writes from occurring, which presented rather slight vulnerabilities in the early releases of these products. This by-pass of the protective elements of virtualization could be readily demonstrated through use of a low level sector editor, such as that provided by Julie Lau (see Sector Editor V 1.0.6.27, which is a recent release - Note: if you use this application and edit your HDD into oblivion, don't come crying to me). Neither PowerShadow nor ShadowUser Pro have been revised in 2008. The early versions of PowerShadow dealt with low level disk writes, while ShadowUser Pro remains vulnerable to this minor issue.

    Shadow Defender and Returnil have provided maintenance releases in 2008 which have solidified the basic functionality and incorporated some minor feature set extensions (primarily with respect to scheduling, file commit/exclusion, and so on). These features generally enhance user convenience. Returnil is also, as noted above, currently in the process of finalizing more significant feature set enhancements that, depending on specific needs, may be of utility to a user.

    None of these programs have displayed conflicts with any software that I use. In general, I'd expect very limited conflicts to exist. If these applications are used under a limited user account (LUA), I'd recommend the use of SuRun as well.

    Of the 4 programs used, ShadowUser Pro remains trailing in development and support despite the fact that it is the sole program in this group which allows a user to maintain a shadow session across restarts. It is also the only member of this set which cannot directly enter into a shadow session without a system restart. In terms of ease of use this is a major roadblock, at least for me. This barrier was sufficiently high to me that ShadowUser Pro is currently not installed on any of my systems while the other 3 programs are installed on various systems that I use. Even though this particular feature may seem like a minor issue (and if a user employs a usage model in which the system is predominately in a virtualized state, it is a minor issue), being able to jump into a virtual session on-the-fly is really what makes or breaks user friendliness of this genre of product.

    PowerShadow remains a very solid application. However, their market presence is low in the West. As mentioned above, I had occasion to uninstall/reinstall PowerShadow in Dec 2008 without issue, so the activation server was active at that time. I would exercise caution in using Powershadow if their support group continues to maintain its vanishingly low profile. When I initially installed PowerShadow, there was an issue with my system which prevented me from exiting shadow mode once I had entered it. I was never able to trace the root cause of this behavior and the only step which solved this problem was a bare metal reinstall of the OS and all applications (a repair in-place reinstall of the OS was tried and failed to resolve the problem - and no, it was not due to some uber-ninja rootkit embedded in the bowels of the system....). I mention this because there were only 2 ways to exit shadow mode when this occurred...., (1) a bare metal reinstall of everything (which is fairly trivial if you're prepared for it), or (2) use a utility provided by Ensurebit which generated a time dependent and somewhat rapidly expiring code which allowed one to disable the program and uninstall from a normal state. As long as the vendor is active..., this is not a major issue. However, if they are not...., see option (1). My overall impression of PowerShadow was that it was an impressive program and clearly in the lead in Jan 2008. If I could sense an ongoing presence in the Western market, I would recommend PowerShadow in a heartbeat.

    Of the 4 programs originally examined, my current feeling is that the top two contenders are Returnil and Shadow Defender.

    If one were entertaining using one of these products, which one to choose? Based on my own usage, both are operationally suitable. With respect to specific criteria....
    • If a free option is desired, Returnil Personal Edition is the sole option.
    • From a continuing support perspective, both Returnil and Shadow Defender have an ongoing presence on the Internet with positive comments regarding user support.
    • One comment that is occasionally made is that Returnil virtualizes the system partition only while Shadow Defender allows one to select any (up to all) of the partitions visible on a system. Personally, I've never bothered to go beyond virtualizing the system partition. While I could speculate on hypothetical scenarios in which virtualization of all partitions is desired, they're a bit of a stretch. Pragmatically speaking, this apparent lack is a complete non-issue. However, if being able to place an entire system in shadow mode is desired, Shadow Defender allows you to do this now. The current beta of the premium version of Returnil can accomplish this objective via the File Protection facility, so that comparative gap will be addressed soon.
    • Pricing strategies also differ for Returnil vs. ShadowDefender. Returnil employs a subscription model while the purchase of ShadowDefender involves a one-time fee. One can make cogent commercial arguments for either approach. At the end of the day, this difference obviously didn't factor into my purchase decisions since I use both and plan to continue on that path.
    • In the absence of specific goals, trial the options then decide.
    Additional comments:
    • ShadowUser Pro cannot enter a virtualized session without a restart, but can carry the virtualized session across restarts while Returnil/Shadow Defender/PowerShadow can enter a virtualized session without a restart, but cannot carry the virtualized session across restarts. So the Grail of many users (entering virtualization on-the-fly and carrying the session across restarts) remains unfulfilled. I really don't have a feel for whether this is an inherent technical barrier which cannot be reasonably attacked, but it is clear to me that on-the-fly entry into a shadow session is much more critical than being able to carry the session across restarts for the vast majority of users.
    • Usage issues that exist around this class of application generally revolve around user error. Obviously, one could fail to initiate a shadow session at the appropriate time and suffer the consequences. This is a trivial situation. Somewhat less trivial is the case in which a user acquires transiently available content (say email or a difficult to relocate file download) while in a shadow session. If this is realized in-session, the user does have recourse available to retain the transient content by some mean. On the other hand, if the user forgets the session is transient, and the system is restarted, that material will be lost. The key lesson - pay attention and maintain discipline, or use a judicious set of exclusions to prevent typically desired content (mail, AV signature files, personal documents, etc.) from being effected, or configure the system via folder relocation so that this eventuality is not germane.
    • One point to note is the very limited number and type of user based errors. That's partially a reflection of the very straightforward usage paradigm. If user based options are sparse, the types of problems that could appear are usually sparse as well.
    • Naturally, defragmenting a partition while in a shadowed state is a meaningless exercise and, depending on circumstance, may cause the system to crash. Recovery from the crash should be a simple restart, but it's best to recognize these types of conflicting operations up front and avoid them.
    • I've restricted my attention to a reprise review of the four solutions that I covered a year ago. In part, that's because these are the programs that I use. There are a couple of additional options in this genre that are available, including:
      • Comodo DiskShield: this is a beta level option at the moment, and I really wouldn't recommend it for that reason.
      • Disk Write Copy; Personal and Professional versions available, see here for comparisons. Produced by CCS Company Ltd., which appears based in Moscow, Russia. Tried a short spin with the demo version. Sticks me as effectively intermediate between the partition virtualization applications that are the primary focus of this thread and Faronics' Deep Freeze.
      • Microsoft Windows SteadyState: I believe this product is a bit of a mixed bag. Some users report performance issues, clearly this will be very machine dependent. Although one can mimic simple partition virtualization with WSS, the scope of this product goes well beyond that, and as someone looking for simple solutions, that's a problem. This product seems more akin to Faronics Deep Freeze, which finds utility in the shared PC arena and in institutional settings in which lockdown of the computer's configuration is often desired. For that type of setting, this is probably a good free solution.
      • A new player has recently emerged, HDGuard. I've not used this product, so I really can't comment on it at the moment.
    • I have not included a discussion of any of the paid or free full system virtualization products (VirtualBox, VMware Workstation, VMware Server, VMware Player, Microsoft Virtual PC 2007) since they really don't serve my needs. The advantage of this genre lies in being able to simulate all/most aspects of a complete machine, and they are therefore useful in tasks such as software testing. This is not something I tend to do. However, if you wish to use virtualization as a mechanism to trial software or experiment with malware, these are really the types of products that you should probably migrate towards.
    • In some respects, Faronics Deep Freeze is technically close to the partition virtualization products discussed above. However, since it's target market is in maintaining a machine to a predefined and static state, it is more geared to the institutional market that Faronics cultivates. It's a good product for that market, but seems somewhat constrained for typical home usage.
    • I have also not covered Sandboxie which has many traits in common with pure partition virtualization. For those considering the programs discussed above, Sandboxie is probably the only other application that I'd personally recommend a user also examine. The simplicity and ease of use of Sandboxie is similar to that exhibited by partition virtualization solutions. Sandboxie is extremely well supported by the author and has been extremely robust in my hands (yes - I'm also a licensed user of Sandboxie). Overall - Sandboxie is a very highly recommended application.
    • There seem to be a pair of truisms out there regarding malware....
      • Despite the seeming flood of malware out there, it's actually not that easy to fall victim to it. In my experience, garnered while trolling some rather nasty sites, it remains an infrequent event that can usually be handled by almost any reputable AV.
      • However, while infrequent, malware exposure does occur and no classical signature based AV is able to proactively guarantee coverage against the next threat to appear.
      These two facts present the user with an interesting dilemma. On one side, considerable effort can be expended in developing an impenetrable fortress. In other words, focus solely on prevention. On the other side, one can ignore prevention and focus exclusively on restoration/rollback and accomplish the latter objective by employing a discardable user environment. When one is presented with divergent solutions, the middle ground oftentimes provides a very fertile source of hybrid solutions, and this is really where the concept of designing for a security threshold starts to gain merit.

      To develop a sense of the potential threat base, one could examine any number of available metrics, I tend to use the current number of distinct signatures contained in the Kaspersky AV product as a reasonable measure of trending behavior of extant threats (see graph below). It's clear that the wave of threats challenging a user is not subsiding. At some point, it becomes an exercise in statistics as to whether an AV company is able to keep up with the emergence of threats. The flip side of the situation is that a user often has a sense of the situations in which their exposure is genuinely increased. Those situations include any surfing by a naive/young user, visiting unfamiliar sites, or visiting sites populated with questionable content (cracks, warez, pornography, and so on..). These tend to be discrete situations in which one can readily jump into a protected virtualized state. These are situations in which partition virtualization excel.
      KAV Dec 2008.png
    • If I were asked to create a wishlist of desired features (OK - some of these may present technical issues), my personal list would include:
      • Ability to carry virtual sessions across restarts (yes..., I'd like to see this feature as much as anyone else...)
      • Ability to restart a virtual session while within one (i.e. reset system to the session entry point, I realize that this is not a trivial technical objective)
      • Default exclusion of C:\Documents and Settings\*\"My Documents" (or present as a checkable box under exclusions). Yes, exclusions incur vulnerability, but malware needs to launch to be active and that typically involves a protected partition launch point.
    • A short comment on how I've configured my systems to use these applications. It is remarkably straightforward and simple: an AV/partition virtualization program/SuRun/LUA or AV/partition virtualization program. I have systems with both styles. I also believe one could also make a cogent case to dispense with the AV, although I choose not to go that route. Compared to many of security configurations discussed here, these are minimalist schemes. However, I wouldn't equate that leanness with being vulnerable. Certainly, as described above, I initiate virtualized sessions, and the need for me to deliberately initiate that session is arguably the largest vulnerability present. However, the basic setup could be configured to render the virtualized state to be the default logon condition, removing me almost entirely from the equation.
    • Finally, a general comment on personal computer security. I have a sense that all too much effort is spent on musing over the nuances of conjectured hypotheticals than addressing known problems. This class of applications (along with related programs such as Sandboxie) tackle the known issue of system contamination while visiting dodgy sites (or dealing with an habitual button clicker junkie) This is one path. I realize that there are other paths out there. I've tried some of those alternate schemes as well, and dropped them. Partition virtualization is simple. User guidance can be condensed to, quite literally, a few sentences (this trait is absolutely critical). It's an idea that has many/all of the qualities of being sticky...

    So..., that's where things stand a year in..., for one user.

    Blue
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    What an AMAZING & INFORMATIVE writeup!

    Thanks BlueZannetti for such intergral details and summaries.

    This is truly Copy/Paste excellent reference material for notes.

    EASTER
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Excellent analysis Blue. The choice between Returnil and ShadowDefender is really a tough one, and comes down to your particular situation. They both are excellent. Needless to say so is Sandboxie.

    Pete
     
  4. Montecristo

    Montecristo Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    72
    Very informative. Thanks :thumb:
     
  5. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    I feel like I just went back to school and enjoyed it.
    Thanks for the info.
    Hugger
     
  6. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Seeing as Sandboxie and Returnil received a good review Blue's post should be a sticky! :D

    Just kidding, excellent and informative posting. :cool:
     
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    No exaggeration. Blue is very well educated and experienced and really has a gift for bringing across from the most basic of details as well as the complex.

    In that light, i must highly agree that it really should be a mainstay sticky as it's a very vital realistic and extremely useful report that deserves that attention.

    EASTER
     
  8. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I had to read that awsome post twice to let it all sink only becasue I forgot half of what I read, my dilema.

    Returnil and Shadow Defender are both great apps.I Have Returnil premium free for 1 yr So obvious that made things easy for me for now

    I find the only time I use returnil is OD Since sandboxie covers mostly all my needs.Protection from Internet Facing dodgy Stuff.

    IMO what makes Sandboxie that best Virtualization for me Is I can recover something from the Box with ease and rid everything else or all with out the need of reboot.


    What I also like about Sandboxie Not only does it provide a virtual enviroment it Can be a very restrictive virtualization. Drop My rights,Excutable restriction,Resorce restriction etc.


    IMO Sandboxie can be a more restrictive virtualization and perhaps easer to maintain a none static OS.


    I Think it can be used with a wider varity of users from begginers to Advanced/Experts.
     
  9. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    What an informative write-up on programs that deserve to be mentioned as much as the common AV. Thanks BlueZannetti. :thumb:

    Virtualization complements other security programs (AV/firewall etc) and I think there is always a time, whenever that may be, a user will experience a situation where they 'hope' a file, whether legitimate or possibly dangerous, does not cause them hours of grief and ongoing system problems. Virtualization removes that uncertainty.
     
  10. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    Very nice post :). Virtualization is certainly an interesting development.
     
  11. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Superb run down of these fine products! A couple of comments:

    A situation comes to mind involving testing malware, where I let it run in order to catch the outbound connection.

    The executable (I believe a Bagel variant) wrote across all of my 4 partitions, more than 200 ftp links to mostly pornography files. Only my C partition was frozen by Deep Freeze, which restored it to previous good state. The link files on the other partitions were easy enough to delete manually.

    While this was not a serious situation, you can imagine how other damage could be done - with a file injector exploit, for example. I've concluded that malware testing should really be done in a VM nvironment, which I believe you mentioned.

    Whether or not virtualizing partitions other than C is necessary would be an individual consideration, of course.

    I think this is a fair assessment. Complaints about DF by many in these forums concern committing changes and rebooting. Putting the computer into a Thawed state requires a reboot. The theory behind this is that it prevents any unknown changes made during a Frozen state from becoming permanent. That is, the system reboots into a previous good state before it can be Thawed. While this seems constrained, yet it is a bullet-proof function which is really necessary in institutional environments.

    Frankly, I'm glad that Faronics has not yielded to the temptation to create a less constrained product for the home market.

    I have another use for the reboot-to-restore product: While it is certainly possible that malware could somehow install remotely on my workstation, and Deep Freeze would protect my system partition, I was attracted to DF more for its ability to keep my system partition always in a clean state -- as a maintenance product, if you will -- rather than being concerned about malware. This after observing how effective DF was in the education environment where I worked. 300+ workstations and never a single problem with unauthorized changes to a system.

    I've used it on my Win2K workstation for almost 5 years now and have never had to do any repair/maintenance to my system partition during all these years. This is one of the least-mentioned uses for these types of products and the most valued for me.

    ----
    rich
     
  12. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Interesting...., seems a waste of programming effort when the ability to use those links gets lost on the cleaning of the system partition, although the file injector example you note is quite correct. This example actually provides a reasonable case to consider regarding maintaining a threshold of security vs. maximizing a configuration against all conceivable permutations and yields some concrete items that one can weigh in approaching the problem as a single user.

    Absolutely, for Faronics' target market their design is spot on and for large scale institutional use. The enterprise level product also has the tools for centralized administration of the product, again solidifying their utility in this market segment.

    Blue
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Very comprehensive post by Blue but let me say that ordinary users still don,t accept this type of security for their system. They want a running system without loosing their data, downloads etc on reboot and yes, they don,t want the hassle of moving things around. It,s not my opinion, rather it,s my experience with my friends, fellows etc who use computer just like an average user, atleast in my Country.

    Others might have different experience.
     
    Last edited: Jan 13, 2009
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I can,t say that it,s a complete non-issue. If user faces a file infector virus then it will become a serious issue. Now how common are file infectors, this is anther story. I have seen a friends laptop taken over by a file infector few months back, means that file infectors are not vitually non-existant now a days.

    Just my own opinion.
     
  15. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Very good write up Blue. Almost as good as, Twas the Night before Christmas.;)

    But I totally agree and use your advice.
     
  16. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi,

    Thank you Blue for this great post, a valuable introduction to the year of virtualization

    Regards,

    MaB
     
  17. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Thank you Blue for your instructive post. Coincidentally, I just registered my copy of Shadow Defender. After using it for a few weeks on trial, I liked its simplicity and the fact that it works well for me. ;)
     
  18. deanmartin

    deanmartin Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    231
    Location:
    USA/KY
    I enjoyed that read. Thanks Blue
     
  19. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Thanks for the update.

    ShadowUser was the first of the lite virtualization I used and purchased. I have licenses for the others but would really like to see an update for SU - I would probably then install it again somewhere.
     
  20. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Excellent.

    I especially liked:

    Although I have several licenses for DeepFreeze and used Returnil for a while I have now settled on Shadow Defender. It does all I want. I would have no objection to being able to continue a virtualized session but can't help thinking that the requirement has taken on a life of its own with many people wanting the option without having questioned the real need. So if the devloper can add the option without ruining the program then fine - but not if SD becomes overly complex or buggy.

    If I could have one improvement to SD it would be to have a one click session solution rather than the current 4 clicks
     
  21. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    My wishlist suggestion (beside already mentions) will be registry exclusions and I think there is really risky to exclude my docs. (like default option) especially when we have ransomware around which encrypts my docs. (by default also)
     
  22. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Great post, +1 to the sticky motion

    I used Returnil always enabled for several months, and found absolutely no downsides to it. Just 1 wish (added to the "out of virtualization on the fly" and the "keep virtualization across reboots" wishes):

    Opt-in checkbox for "always keep changes to this folder/files". Usefull for example, for keeping browser bookmarks. I had that folder in the save list, but you had to go and manually "save changes". It's safer, but I also lost several bookmarks in the process of getting used to it. Also it delays the shutdown process with additional steps and that's not good when you are in a hurry.


    Also, once I had to delete and set my IMAP account from scratch and save my contacts again from my phone (gladly I keep stuff always sync'd) in Outlook 2003, baceause a "save changes" went wrong. Outlook was running so the files were in use and Returnil could not store them. Instead of closing Outlook and then press "retry", I pressed "ignore (not recommended)" and figured out why this option is "not recommended". Some stuff got saved, some don't and this lead to Outlook crashing, freezing, and other problems.
     
  23. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Nice summation. Thanks for taking the time (I'm sure considerable) to write this.

    Later...
     
  24. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Thanks to all for the feedback and kind comments.

    The work involved was trivial if it gets a few users to reassess how they go about securing a PC and perhaps trying some alternate approaches (light virtualization, sandboxing, etc.) without viewing them as a pure add-on to the existing system.

    We all spill a lot of electrons examining the latest offering, with near infinite configurability. Many times the most robust solutions emerge from approaches that are simple, readily understood by anyone, and don't provide for infinite levels of fine tuning.... I happen to believe that's the case with this genre of application (and that comment extends beyond the 4 examples that I focus on here (5 if you include Sandboxie))...

    Blue
     
  25. BazileCCS

    BazileCCS Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    15
    Location:
    Moscow
    We have updated our comparisons today.
    Now it is true.
     
Loading...
Thread Status:
Not open for further replies.