Shadowsurfer - any good?

Discussion in 'sandboxing & virtualization' started by jag1967, Jan 22, 2005.

Thread Status:
Not open for further replies.
  1. jag1967

    jag1967 Registered Member

    Joined:
    Sep 17, 2003
    Posts:
    68
    Hi All

    Came across this product, shadowsurfer
    http://www.shadowstor.com/default.asp

    Looks interesting - does it really do what it says? Anyone had experience of it - I'd be interested to hear you feedback

    regards
    jag
     
  2. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    spy1 is the resident Shadowsurfer/Shadowuser expert and I know he highly recommends both products;

    http://www.dslreports.com/forum/remark,10576071~mode=flat
    http://www.dslreports.com/forum/remark,10925985?hilite=shadowsurfer
    http://www.dslreports.com/forum/remark,10845586?hilite=shadowsurfer

    However, I would recommend trialing either one of these products first as neither program completely brought my machine back to 'clean' after coming out of shadowmode.

    Other similar products include;

    * CleanSlate; http://www.fortres.com/products/cleanslate.htm
    * DeepFreeze; http://www.faronics.com/
    * Drive Vaccine; http://www.horizondatasys.com/drivevaccine/support.html
    * Drive Shield; http://www.centuriontech.com/driveshield.htm

    All of which, except CleanSlate, performed better on my systems than Shadowsurfer/Shadowuser.
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Interesting - could you give me some details about that? Or could I just ask - was any behavior exhibited by your copy of the program that could have possibly resulted in your computer actually getting infected by anything? Because that's the bottom line, wouldn't you say? Pete
     
  4. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Hi Pete,

    Last summer I tried a number of these programs on two of my computers; one with XP Pro and the other with Win 2000.

    Coming out of Shadowmode after a reboot, should have completely cleared my SM session. However, I still had Favourites and some Downloads left that I had downloaded during ShadowMode. This behaviour was seen consistently both with ShadowSurfer and ShadowUser.

    Further, I tried to apply the exclude in ShadowUser to my AV updates but I was told by support not to attempt this as they could not guarantee the files would be saved!

    I did play about with both programs for 4-5 days and I contacted their support several times. Finally, because it was not doing what it was supposed to do i.e. revert back to a previously clean slate, relunctantly I had to 'drop' these 2 programs.

    In contrast, as mentioned in my above post, I had better luck with some other similar programs.
     
  5. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    after reading some post regarding Shadowsurfer and the other one, I installed it....I was never in shadowmode, even if I rebooted five times...never knew why...curious though
     
  6. jag1967

    jag1967 Registered Member

    Joined:
    Sep 17, 2003
    Posts:
    68
    Thanks for the info and further links folks
    Looks like it's case of trying them out (as usual).

    I didn't realize there's quite a few of these. Most seem to work on similar principals of creating a virtual drive.

    cheers
    jag
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Was that on the W2K system? The other? Both? I do know that some people had issues - it seemed to be a thing due to the various individual computer profiles, though, although it could have been OS-related. Guess I'll try adding some favorites/d/l's in SM tomorrow and see if they dis-appear like they're supposed to (at work right now).

    *Also, I would imagine that for every user that had problems with SS/SU, there's another one out there who had/has similar problems with DeepFreeze.

    Never had that issue here with SU (never tried it with SS) - all "commited" programs have always kept their updates - it's easy enough to check - just try updating again out of SM.


    Glad you found something that worked! Pete
     
    Last edited: Jan 23, 2005
  8. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Give DEEP FREEZE a try. It works in a vaguely similar way, but is much more bullet-proof. www.faronics.com
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    .

    Gerard - That's a totally un-substaniated statement on your part - an opinion of yours, IOW, not back up by any kind of concrete evidence (just so that jag1967 knows that). Where is that wonderful article you were going to write about DF?

    jag1967 - In any case, I haven't noticed where you've stated what your OS is - if it is not XP or W2K, ShadowUser or ShadowSurfer won't be an option because they don't work with any of the 9x series.

    Just in case you wanted some factual information. Pete
     
  10. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Excuse me, Pete. I think 80% or more of the posts on this forum are opinions. I didn't mean to send you into orbit by writing what I did. It is actually more "bullet-proof" in the sense that there are extra steps required to do things in Deep Freeze than what it takes to do the same with Shadowuser, all erring on the side of caution and the extra-step.. I didn't even mean it as a negative comment toward Shadowuser, none at all. The armour is, without question, heavier with Deep Freeze. It's just different ways of doing pretty much the same thing. If you see that as opinion, so be it.

    Pete I'll be brutally honest. I've read a ton of your posts mainly in the archives and you are a touchy guy when it comes to anybody daring to question any software choices you make. I'm not even doing that, I think Shadowuser is great! But wow, calm down. That's not an attack at all, just a very real observation that is pretty plain for all to see. It's not worth the cost of your blood pressure rising or any other health risk that comes from such sensitivity.

    You asked about the article I'm writing in a very antagonistic way. What's up with that? I am writing it and I didn't realize I had given expectations for a fast turnaround or had mentioned any dates.

    http://www.amazon.com/exec/obidos/tg/detail/-/0671723650
    All the Carnegie books are good, also more important than anything we write about here.

    regards,
    Gerard Morentzy
     
  11. jag1967

    jag1967 Registered Member

    Joined:
    Sep 17, 2003
    Posts:
    68
    Hey guys, thanks for your help, both of you. Hope u can sort out the differences :)

    I have XP. I'm the only user of my machine, and I'm prone to d/l freeware/trial software & trying things out

    Given the frequency of these kinds of activities, which progs are easier to use, switching between different states, or is it the case that all would require long winded reboots etc

    Security wise, I'd still keep my main progs, AV, anti-trojan, anti-spyware etc, and getting processguard soon.

    So I guess my main need is avoiding messing up my OS (and recovering from a screw up) when installing/trying out s/w. And also a totally clean slate after surfing.

    Perhaps I would only need a roll-back prog? I'm planing to install a 2nd hd, and could keep a cloned image of the C drive on this 2nd hd for quick recovery.

    Not sure now which type of prog would be better: DF/SS/SU etc or just a Roll-back

    thanks again
    jag
     
  12. ()--()99()

    ()--()99() Guest

    thank you Blackcat for the great information :)
     
  13. ;D ;D ;D

    ;D ;D ;D Guest

    I just use GoBack 4. It works just like SS or DF. It will auto revert (Auto Back) your hard drive back to a clean state after every restart. You can then recover any files/folders that you may have lost due to the Auto Back, if you want to. Or you can use features like Safe Try Mode which allows you to safely test out any software without any risk to your hard drive.

    GoBack 4 has many other features too like Disk Drive Compare, Advanced Disk Drive Restore, File & Version Rescue and much more. You can password protect GoBack too.

    Also you can just do a simple restore whenever you want to, just like older versions of GoBack. It is as good as any of these other programs, maybe even better. I got mine with NSW 2005 but you can get it as a stand alone package too. I wouldn't be without it.

    I may have tried some of the other programs listed here, i'm sure some of them are quite good, but I already have GoBack, and it works so good, and has so many great features, I can't see why I would ever need them. :D
     
  14. controler

    controler Guest

    D:D:D; ?

    Is Goback 4.0 like this software http://www.imaginelan.com/cpr/index.html

    in that you can use a USB device? Does Goback take along time to restore or is it a matter of min.'s?

    I have tried Shadowsurfer & Deepfreeze Standard.
    These two are the same in a way. With either of these two you are either
    in the mode or out of it.

    With Deepfreeze Pro or Shadowuser, you have options to safe info while in the mode.

    I could not get Deepfreez's EXE protection program to work on my machine.

    We should have a thread on the different programs which lists all the pros and cons of each program such as install-uninstall problems ect. Do they all work at the Kernel level? What self protection do they have?
    basic info like, always make sure you have a fresh install of Windows before installing one of these programs.
    And we would do alkl this without trying to say why I like this one or that one. I think we have come along way to date on this forum of providing info on things we think are important, such as, You should still run a firewall & AV-AT along side to protect before reboot.

    I am not sure of of this would be of benifit without some of the actual tech support people from each program inputing data on their product, without giving out too much propierty info.

    controler
     
  15. pamelajoy

    pamelajoy Registered Member

    Joined:
    Jun 29, 2005
    Posts:
    127
    Location:
    Fairbanks, Alaska
    I read this thread with interest because I am considering installing ShadowUser Pro 2.0. I have looked up all the links in this thread about this program and I searched the forum for other references to it.

    I also read this review at PC Magazine, and I have some questions. Are PC Magazine's reviews trustworthy?

    Will ShadowUser cover more than one harddrive?

    For example, I have C drive (and a partitioned D drive) on one physical drive. I keep my data on a separate E drive.

    If I am making graphics on Paint Shop Pro and save them to my E drive, would the graphics be really saved or saved only in the Shadow Mode?

    Sometimes Paint Shop Pro hangs and I have to reboot. Thus, I wouldn't have the opportunity to choose to save the work I had already done if it isn't really saved (if it is only saved on the virtual drive).

    Where is the virtual drive? Would it be on my C drive? or could I choose to use my D drive as the place for Shadow Mode to reside?
     
  16. controler

    controler Guest

    Hi Pamalajoy

    I am not the resident expert on shadowuser but can tell you that you can choose which partitions you want to protect. You can also choose if an application's info is always commited & not disguarded on reboot.

    I have now downloaded Microsofts free program which is suppose to be close to this type program. I haven't installed it as of yet but might try today.
    This might sound strange but on their download site they recommend, Deepfreeze if their program doesn't work out for you. I think it might be because MS's program only supports Windows XP.
    There are things I like about both Deepfreeze & Shadowuser Pro.
    I like the background screen of Shadowuser. I think that is really cool.
    I like the fact Deepfreeze gives you a 60 day trial & is cheaper.
    I have not tried Drive Vaccine as of yet but DO like their technical explanations much better on their sites much better then either Deepfreeze or Shadowuser.
    I think the Pro versions of any of these type programs are much alike & it becomes more of a user preference just like firewalls ect become.
    That is why I would like to see a dedicated thread to these programs.
    Questions such as,Do they all work with USB sticks ect.

    controler
     
  17. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Same thing here, at the moment i am running the trial (shadow User) version

    I did not see the problems mentioned above (yet).

    I am only curious if Deep-Freeze has no problems with reboot in mode,
    to test the just installed new prog(s).

    So you prefer Deep Freeze then ?

    It would be nice if some more people with write WHY they prefer one of these products.

    :doubt:
     
  18. controler

    controler Guest

    At this point I can't say for sure.

    I still want to try MS's free version and DriveVaccine.
    Like I said, I liked the technical info posted at DriveVaccine's site.
    They make a point of mentioning how it works in Kernel mode, down to the physical drive sectors, good & bad.
    This is the type info I like to know about a product before sticking with it.
    I have bought alot of software over the past two years. All of my ligit LIC.'s
    came from testing for various companies in the past. I currently only have one of those programs installed, since I still am a software junkie & love looking at the newest software. Now days it is tough since almost all venders are putting new Beta's out there every couple months LOL
    I will still say the best I tested for was Symantec. They actualy would send you a nice boxed version when the Beta finished.
    I think it is getting tugher on software venders these days since everybody wants to work at kernel level & we know that causes problems.

    I also think these VM programs are a bit tough on the common home user, since I believe thay need to be installed on a fresh system, this is something
    not all home users can do.
    Whenever I look at any software, I try to see it in the eyes of a nontechnical
    persons view. Sometimes I wonder how they survive LOL
    How easy is it to use without losing it's security funtions?
    How good is support after the product is installed?
    These are the things that need to be listed for the various products.
    If we from these forums got paid for all the support we have givin over the years, we would be rich LOL
    More support has been givin through forums like this then any vender ever did I am affraid. Yes most of the venders now have their own forums but have you actualy went to most of them?
    More support has been givin at this forum then say Shadowuser's
    How can you beat FREE support? LOL

    I love to see the software venders come here and post.
    It is always a learning experience.

    controler
     
  19. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Search these forums for SU and DF and you will get your fill of opinions :cool:

    I will just say that I opted for Deep Freeze based on observing at the school where I work, how bullet proof it is. It is not as user friendly as SU because you have to Thaw the partition (which requires a reboot) before making changes (and then another reboot to freeze it), whereas SU has the commit changes feature (not sure if I'm describing it corrrectly). This is because SU works on the virtual image concept, whereas DF does not.

    This is why in home use, having at least two partitions is necessary for using DF, where one partition is always in Thawed state for writing data, etc.

    My observation is that those who do a lot of installing daily, which requires Thawing and then Freezing C:\ find Deep Freeze a bit bothersome. After all, it was designed for public computers (schools, libraries, etc) where changes to the system are rarely made. For me, that's not an issue.

    Nice thing about all of these products is that there is a lot of variety in the interfaces. For home use, all provide excellent lockdown protection. Most provide trial periods in which to make a decision.

    Those thinking about such a program need to

    1) think through carefully how it fits into your computing habits

    2) read the FAQ on the web sites

    3) download the user manuals and read/study them carefully.

    These are not programs for the faint of heart, and need a lot of thought as to how they fit with your routine, before installing.

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  20. beetlejuice

    beetlejuice Registered Member

    Joined:
    Oct 12, 2002
    Posts:
    8,523
    I've had Shadowsurfer on my XP box since Dec, 04. I got it mainly because of my wife BeetleBoss' inexperience with computer security, and the way she likes to surf the net. The only problems I have had is that sometimes after shutdown, the ShadowMode screen doesn't appear on the monitor even though ShadowMode is active the next time the PC is restarted. But this is a rare occurance. Other than that, it has completely protected me from getting anything on my box. And it has returned my box to a clean state everytime.
     
  21. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Thanks for all the help, i have tested Shadow User for a while now and i have the same experiences as beetlejuice.


    But since Drive Vaccine is a bit cheaper, and i can't find any
    important differences from both products websites,

    I think i am gonne try DV for a couple of days, before i make my decision.
     
  22. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Sorry, it only took about an hour.. crashed my clean system completely,
    after repair de-install and re-install it just doesn't work?!

    So now i am running the Deep Freeze trail, and what i have seen for
    now (just a few hours) it gave me the best first impression..

    Let's see what it does the coming days, on a real system ...

    ;)
     
  23. pamelajoy

    pamelajoy Registered Member

    Joined:
    Jun 29, 2005
    Posts:
    127
    Location:
    Fairbanks, Alaska
    Beetleboss is the one who recommended the program to me. :D However, I know she has you to deal with the technicalities of it. I don't have anyone to look over my shoulder and make sure I don't wreck anything. I do it all by myself, so to speak (wreck things).

    I am not really interested in comparing a bunch of programs and then choosing one. At this point, I am considering ShadowUser or nothing. I realize that some users love to tinker with their computers and download programs just for the sake of testing them. I am not that kind of user.

    I want to do the work I use the computer to do. I can read a lot of technical information about a program and it's swisshhhhhhh (that's the sound of it going over my head). I have picked up a lot of knowledge about computers (more than I ever wanted to know actually) in my pursuit of using a computer, but I don't want to spend all my time on the computer learning stuff about how the programs work.

    For instance, I let another adult (who is more computer savvy than I am) use my computer. He managed to download some adware and a pesky virus that didn't execute, but still caused me to worry. In his efforts to erase his tracks on my computer, he managed to delete a bunch of important files. (He searched for all new files on the day he used my computer and deleted them.) I thought I was protected by creating a Guest user account and blocking access to the rest of the computer. Well, apparently this is not possible when you have several drivers. Since I keep my data on a separate drive it was not protected from access. Only the C:\Documents and Settings\PJ\My Documents folder was blocked. Access to D and E drive were not blocked.

    I spent days fixing this, and still weeks later little vestiges of the problem still exist. I was not able to recover the deleted files even with an undelete program and not saving anything on the data drive until after I tried.

    Here in Alaska, we have a lot of power outages. Just yesterday, I shut my computer down twice because of passing thunderstorms. I even unplug the cords from the UPS and disconnect the DSL just in case. I have had one power supply fried, a motherboard, and in March my C drive. When I hear thunder or even if the wind is blowing hard, I immediately want to shut down (before a transformer blows somewhere near here). I wouldn't have time to check off a list of programs to save or not save. Sometimes all I get for a warning is a light flicker.

    If I leave a whole drive unprotected, then what's the point of having the Shadow Mode? Is this program compatible with Paint Shop Pro? Will it use up so much RAM that I am handicapped using my graphics programs? (I have 1 GB of RAM.)

    I am preparing to reformat one of my drives, the C drive with the D partition. I need to know how big to make the C drive out of a 160 GB drive. Ideally I would want the virtual drive on the D drive. Is this possible?

    Also, if I find that ShadowUser is not for me, how hard is it to uninstall and remove all traces from my drive?
     
  24. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    The idea is that you can have drive c: as your windows drive
    and drive d: as your data drive (documents etc)

    (if you don't need to shadow-mode them both).

    That way it makes it possible to make changes to your documents
    even in shadowmode on your d:

    This is not a bad idea, i always use 2 drives (both physical and logical)
    because, if your Windows gets corrupted, you always have your data drive
    and can format your c: and reinstall your windows without effecting your data.

    And it is easy for backup, you can backup your data in a easy way,
    from d: (or so) to another removable media.

    The thing you must not forget is, to protect the d: (or data drive) with
    anti-malware programs of course.

    The best way to use Paint Shop Pro in shadowmode is
    to create a directory, which is allowed to change data.

    Or (2nd best) to have your data on another disk.

    I don't see that much difference in Deep-Freeze and Shadow-Stor.

    The Pro's/Contra's i've heard/seen are:

    1) Shadowuser is able to exclude certain directories from
    protection.
    2) Shadow User sometimes does not see that some data is changed
    (have not seen this meself/i saw it in some posts here at Wilders)

    3) Deep Freeze doesn't support 1)
    4) Deep Freeze has a better protection for Physical Memory and Passwords)
    5) There are differences regarding the price of both products.

    But to be honest, i just to know yet.

    And what i like to know is what happens if your system crashes,
    has anyone here experienced that with ShadowUser or DeepFreeze

    If you run a testprog in 'safe-mode' what happens if your systems crashes,
    is it restarted normally after a reboot.
    Because Drive vaccine certainly did not?
     
  25. controler

    controler Guest

    Decided to try out Microsofts Free for now program.
    I installed it on my existing test PC. It noticed right away i had no unallocated space so directed my to Terabytes page for downloading a full trial of their resize, restore, image partition program.
    You down two zip files and click on makdisk to make a bootable CD.
    You then go into matainance mode to resize your existing partion with unallocated space so that Windows shared computer toolkit will run.
    Works about the same as Shadowuser as far as I can see.

    Has anyone heard of any faults "exploits" in this software/

    controler
     
Thread Status:
Not open for further replies.