Toolwiz TimeFreeze vs Shadow Defender

Discussion in 'sandboxing & virtualization' started by Rasheed187, Dec 16, 2014.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
  2. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,003
    Location:
    USA
    I've tried both, but have been using SD exclusively for some time now. It's worked exceptionally well for me -- no problems at all -- I use it all the time for testing software. I did have some BSOD problems with TimeFreeze on my XP machine, but that was probably a few versions back, so it may no longer be a fair assessment.
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    One is paid, the other one is free, I think both programs are great. I used both and like both.

    Bo
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    I use Shadow Defender, and it works great. Right now I am testing(Read beating on it) AX64. They are getting close.
     
  5. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Been using Shadow Defender now for 5+ years with zero issues and 100% positive results, has never let me down. Never tried Toolwiz TimeFreeze so I can't comment on that software.
     
  6. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,024
    Location:
    USA
    Another very satisfied SD user here.
     
  7. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Another vote for SD here.
     
  8. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    And another one for SD, although I haven't tried the other one.
     
  9. StillBorn

    StillBorn Registered Member

    Joined:
    Nov 19, 2014
    Posts:
    162
    Another two thumbs up for SD. It would be interesting to see any reliable and verifiable documentation where (when, how, and why) users of either application were compromised.
     
  10. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,016
    Shadow Defender! :thumb:
     
  11. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Toolwiz Time Freeze v2.2.0.3500 on Windows 7 x64 has worked fine for me so far. I mentioned an apparently undocumented feature here that the programs works fine without an explicit cache file.
     
  12. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    I have both - TTF on Win7 (32) and SD on Vista (32)...SD more than 4 years and I think (actualy know) it gives more protection.
     
  13. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    522
    Location:
    NY, USA
    SD automatically virtualizes track0 + hidden boot partitions (whenever C: is placed into Shadow Mode)!
    Furthermore, SD is not limited to just virtualizing C: - it is able to virtualize any/all disk volumes!

    Can TTF do any of this? :gack:
     
  14. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,024
    Location:
    USA
    -
    I don't think so (you make an excellent argument there Wendi). ;)
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Thanks everyone for the feedback. Seems like SD is quite popular. To clarify, I wouldn't use these "light virtualization" tools for security, it's purely for keeping my system clean after installing software. Of course, I'm not going to test malware. But if I'm correct all other security tools keep working correctly when running the system "virtualized", I assume?

    What are the advantages, I assume the first one mentioned is security related?
     
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    They should. You should be able to use the system in Shadow mode as you normally use it out of shadow mode. The only thing that I suggest is don't update programs in Shadow mode and try to exclude files and folders of shadow protection in order to save the updates. I think its best to update programs out of Shadow mode.

    Bo
     
  17. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    522
    Location:
    NY, USA
    Yes they do (based on my experience). For example, I continue to run Norton Internet Security while in Shadow Mode, where NIS works flawlessly (and continues to execute its live updates during that time). LV's (including Shadow Defender) do not provide sufficient security measures on their own and should be complemented with other 'layers' of security!

    While that assumption is correct for the most part, let's assume you decided to test an app which has to modify the MBR or other disk boot sectors in order to do what it does. In that case if an LV just virtualized the Program Files folder, Registry and Libraries-User folders, but not those vital boot areas, you could be in for a rude awakening when you restart your PC expecting it to return your operational state to where it was before installing that test program! So you see, protecting those boot areas is not entirely for security purposes.

    Wendi
     
    Last edited: Dec 20, 2014
  18. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I've been using SD for many years after ShadowUser Pro (StorageCraft) was abandoned, I had hundreds of instances of real world malware detected in shadow mode via USB flash drives (I don't test malware), and nothing has ever eluded its virtual volume. Obviously data theft is possible in shadow mode, therefore combining SD with something like Sandboxie (configured with tight restrictions), or any anti-executable, your system becomes almost impenetrable.
     
  19. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I agree. Program updates may also involve changes to the registry which will be lost on reboot. Excluding program data folders runs the risk of inconsistency between the file system and the registry. File and folder exclusions are best reserved for user data IMO.
     
  20. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Hi Rasheed,

    I have tested a wide variety of different security tools while running the system in Shadow Mode and the only program I experienced issues with was Panda Cloud AV due to the way it accessed the file system (most noticeably previously created firewall application file path rules in the pro version not recognised while in Shadow Mode: Reported to Panda at the time and confirmed as an issue). All other software tested worked flawlessly.

    I agree Shadow Defender on its own doesn't provide security, but the protection of track0 and the ability to restore the file system to a clean state by rebooting while running in Shadow Mode during normal use do have security implications. The ability to virtualize data partitions while web browsing can also provide protection against file encryptors. Providing it is used alongside other security tools, Shadow Defender can form part of defense in depth.

    Security apart, and in addition to software testing, virtualization during normal use can be used to ensure the system remains in a known stable state, allowing permanent system changes to be planned rather than constantly happening (this is how I prefer to deploy it).

    I do have a concern about a potential incompatibility between reboot-to-restore tools like Toolwiz TimeFreeze / Shadow Defender and the rollback feature in WSA. From the testing I performed, WSA worked perfectly with Shadow Defender, but I never got to see the rollback feature in action. I have a system partition that is kept virtualized and a separate data partition that is not virtualized most of the time. It is unclear what state the file system would have been left in due to reboots had a WSA rollback occurred using a set of logs that had been compiled across more than one virtual session.

    See here for a description of the issue:

    https://www.wilderssecurity.com/threads/webroot-rollback-feature.368628/page-4#post-2418936
    https://www.wilderssecurity.com/threads/webroot-rollback-feature.368628/page-4#post-2421110

    Caveat: The assumption here is that anti-malware logging is done centrally, with changes to all partitions logged on the system partition (true for WSA). If the rollback logging in a multi-partition environment, where some partitions are virtualized and others aren't, were distributed across the volumes, with each log recording only the changes related to the volume it was located on, the use of partition virtualization tools shouldn't cause a problem for anti-malware rollback.

    Note to all: I am not trying to denigrate WSA (I am a former Prevx user) and it is not my intention to bash any particular program or approach, only to highlight a potential issue with certain use cases.
     
    Last edited: Dec 20, 2014
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    OK nice to hear, because that's important to me, I wouldn't rely on SD for security.

    OK I see, but HIPS should be able to protect the MBR. Still nice to have though. BTW, I did see that Toolwiz Time Freeze apparently does not modify the MBR, which is a good thing I suppose. What does SD do?
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Thanks for the feedback. Like I said, I'm planning to use it mostly for testing software, so security features are not that important to me. To me it's most important that my system won't get all messed up. And about the issues that you encountered, luckily I don't use AV's. BTW, currently I'm using Sandboxie for testing apps, but of course not all apps will work sandboxed, because SBIE is mainly focused on security. So that's why I'm looking at other solutions.
     
    Last edited: Dec 20, 2014
  23. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Personally, I prefer Shadow Defender to Sandboxie for software testing because with Shadow Defender you can test anything that doesn't require a reboot, including software that installs drivers and services. Because an LV utility virtualizes the entire system partition at the disk sector level, the view that you get of the file system and registry is the same as it would be if you installed onto the real system, which is something I prefer when testing software.

    I'm not currently using Sandboxie for either security or software testing but when I was using it, I found it to be fully compatible with Shadow Defender.
     
  24. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Shadow defender or TTF work great for testing programs that dont require a reboot. I never had a problem installing anything under either program. And both programs work great with SBIE. I switched to SD a couple of years back only because it is a program that's better known by other members here. My experience using the three LV programs that I have used in XP and W7 have been great, Rasheed, I recommend you pick one of this programs, you wont regret it.

    Bo
     
  25. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Shadow Defender shows the genius of the person who developed it. The best programs are not only powerful and work, THEY ARE ALSO SIMPLE and easy to use.
    Acadia
     
    Last edited: Dec 21, 2014
Loading...