Shadow Defender alternative ?

Hello guys;
i have used shadow defender 1.1.0.325 since i got my computer; but now i can't find the download link of this version. That's why i want to try another product similar to shadow defender.
Briefly; my question: what's the alternative of Shadow Defender ?

Thaks in advance..

 

you can always start with this thread:
https://www.wilderssecurity.com/showthread.php?t=306091

 

Deep freeze from faronics. Closest thing I can think of.

 

Another possibility is Drive Vaccine:
http://www.drivevaccine.com/#overviewContent
$39, similar to DeepFreeze except it seems to be more versatile, I haven't tried it so I can't say much, but it seems to be potentially an interesting application.

 

IMO there is nothing like ShadowDefender its a one of a kind.That being said, DeepFreeze is IMO is a close 2nd.The installer of DeepFreeze includes the Igloo which allows to save work to a thawed partion.I have not used Igloo though so I can't comment on how well it works or the ease of use.

 

Wondershare Time Freeze:
-http://www.wondershare.com/pro/time-freeze.html

Clean Slate:
-http://www.fortresgrand.com/products/cls/cls.htm

 

How is it different form Rollback Rx?

Thanks,
Ziaul

 

Returnil Virtual System Pro 2011 or Returnil Virtual system Lite 2011. both are based on a strict Virtual Mode (Shadow mode) approach and include multi-disk virtualization and an inherently safer means for saving content to disk than any of the alternatives suggested so far in this thread.

Both versions also include default-deny anti-execute...

Kind regards
Mike

 

What is the safer means of saving content? Just curious.

 

Scheduled file commits rather than a file exclusion list. I think the theory is that this leaves no holes in the virtual system that could potentially be exploited by malware, while still providing a convenient way of automatically saving content.

 

Exactly

The process is as follows:

1. All content on the virtualized drive is protected by the virtualization (Virtual/shadow mode)

2. The authorized user pre-defines what content will be allowed to be updated with changes (NOTE: sub-folders included automatically with a folder selection). For those with an office scenario, Documents, Pictures, and databases can be added with interval saving to disk.

For the gamer, adding their gaming directories will allow for session saving without the need to drop the Virtual Mode protection and the File Manager can be set to autosave the action as quickly as every minute.

3. When a change needs to take place, the File Manager hands the file off to Windows for the save to disk process which has the effect of locking the file from being accessed or exploited by any potential malware.

4. Once the content is saved, the content is returned immediately to protection under the virtualization.

With an exclusion process (aka thawed volume), the content is left open to exploit because it is never virtualized. This makes the exclusion process itself less secure and inherently riskier in the long run...

Mike

 

Hmm. Good point. I might have to take another serious look at returnil. Didn't a recent test show that a trojan made it past returnil and into the MBR? I think it had said that it made it past reboot. Or am mistaken?

 

Please point me to that discussion so we can take a closer look just in case. The goal with RSS/RVS however is not to make any one component a silver bullet as no such thing exists; rather it is to make the whole a more secure solution.

If something were designed to effect the MBR in some way while in Virtual Mode, there are three ways to make certain it does not make it out of the virtual system:

1. Anti-execute (default-deny): In the TDL trojan discussions, it was shown that the A-E component blocked the thing from executing in the first place which kept the system clean.

2. Virus Guard: With a sample, we can get the VG updated if the content is not detected. This is secondary to the A-E in this scenario as an A-E block will provide the necessary notice to the user that something wicked this way came and was shut down before it could do anything.

3. System Restore in RSS Pro: Restore to an earlier time before the issue happened. With an update as in #2, the SR is further strengthened by being able to run the VG automatically to determine whether a RP was infected so you can make a better, more efficient choice as to which RP to deploy when required.

 

So I'll take that as a yes. A TDL did make it past reboot.

 

Wondershare Time Freeze...it's similar to RVS Lite.

 

If you test new samples this happens only if Anti-Execute is set to high - which is not the default setting and not a setting for average users. So for me it's only half an argument.

It's now known since more than a year that virtualisation part of Returnil can't protect from TDL.

So what can we expect: Will virtualisation part ever be improved in that way?

 

I got me a free license code and it works well.

 

I've used Faronics Deep Freeze for a few weeks.

So far, so good.

 

Same here.

BTW, do you use Buffer Mode? To start from OFF to ON it delays too much time? (here 1 min 30 sec ).

 

Good stuff! I used it for a year or so.

Wondershare Time Freeze works good as well,only used it for a short time.
Returnil,I used for a long time,never had an issue.

 

No I dont, I have not even tried it.

 

Thanks for the info. So all the writing and reading on your system occur in the disk.

 

System Revert 2011
http://www.softpedia.com/get/System/Back-Up-and-Recovery/System-Revert.shtml

 

Virtual Protect
Free 1.62 (installation file 370 KB)
-http://download.cnet.com/VirtualProtect/3000-8022_4-10902410.html-
paid 2.2.1 (installation file only 184 KB...the most expensive software in the world )
-http://www.softpedia.com/get/System/System-Plugins/VirtualProtect.shtml-

 

Firstly; Thanks for the replies to all of you.
I have Phantom Armor licence from Giveaway of the Day (i'd used it for some time; it looks identical to Shadow Defender). And i want try this product again but there's a problem; its domain had expired. Now; I'm having doubts about using it.