Limits of ShadowUser?

Discussion in 'other security issues & news' started by sTickfigure, Dec 8, 2006.

Thread Status:
Not open for further replies.
  1. sTickfigure

    sTickfigure Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    12
    after reading through the recommendations of some of the users here at wilders, i decided to take shadowuser for a spin. so far, everything's gone smoothly but the experience also leaves me wondering about a few things. what are the limits of shadowuser? i read a lot of the documentation and FAQs at their site, but all i got from it was that all changes not "committed" are lost. what does this mean? does this apply to files only or to registry changes as well? what if instead of just adding new files i also modify and delete files that were already on my hard drive before i entered shadowmode? will those changes be reversed once i exit shadowmode? even more importantly, does shadowuser wipe out rootkits as well? for example, suppose i were to get infected with hackerdefender or some kernel based keylogger while in shadowmode. when i reboot and choose to "lose all changes" will the it be gone? i'm not exactly sure how shadowmode works; all i know is that shadowuser installed a driver when it was first set up. all help/comments/suggestions are appreciated. thanks!!
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    By definition, in Shadowmode you are working in a "snapshot" of the volume(s), meaning the partition(s). If C:\ this would include the Registry.

    See here:

    http://www.shadowstor.com/products/ItemPage.aspx?ItemID=116&ProductID=4

    "Malicious changes to your PC or server - ShadowMode doesn’t allow viruses or worms to be written to the server or PC. When you run in ShadowMode, the virus or PC may get written during the ShadowMode session, but it can be discarded before changes are committed to the system."

    -rich
     
  3. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    I'll take advantage of this thread sTickfigure began to pin point a few features of ShadowUser.
    I've been using both SU and ShadowSurfer (in another pc) and i was very happy i did it,as they both work flawlessly and effortlessly in my systems :
    SU enabled using at the moment i write 4. 192Kb and SS even less,practically nothing.
    SU uses very little percentage of the HD, at the moment mine is 1%.
    I got ShadowSurfer free of charge when it was offered about a year ago and later decided to buy SU because of its ability to 'commit' or save selected files at the end of each session. I never 'obeyed' to the suggestion of the factory to put some Doc & Settings directories on the Exclude or Commit list if you wanted to ALWAYS save some files, still the files i had set to be saved were always saved.
    Then i -even without any proof of it- decided to not have any file saved on a permanent basis, voided the Exclude section and proceeded to 'commit' by right clicking single files i wanted to save just before ending a session. Very easy and handy.
    I think now i could even go without this and have my saved files on a removable drive or pen, making ShadowUser rather similar to ShadowSurfer, which erases absolutely everything at each reboot.

    I wonder if this might make SU a bit safer to use, not involving a 'saving' facet which perhaps could -sometime,somehow- be used against the user....just wondering. Any ideas about this?
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I know of one other person who said she was going to use SU in this manner. I haven't communicated with her since then, but she outlined just about what you have said. It leaves no room for inadvertant mishap!

    I think it is a good way to use this product.

    regards,

    -rich
     
Loading...
Thread Status:
Not open for further replies.