What exactly does Shadow Defender do?

I keep seeing references to Shadow Defender on this forum, but I'm not really sure what it does. Can someone explain this to me like I was five? Thanks!

 

Once you invoke "shadow mode", any changes to your system are temporary (virtual). Upon reboot the system reverts back to the state it was in at the time that "shadow mode" was engaged.

This means that any malware as well as changes to your system, new programs, emails, documents will be removed upon reboot unless you specifically exclude certain files or folders or "commit" (allow) files of your choosing to be saved to your "real" system.

This is not only a nice safeguard against malware which may have escaped detection by an antivirus, but also a way to prevent changes to your system by children, family or friends with access to your machine. Also a nice way to test new software that does not require a reboot to be installed.

A very useful software. Myself, I keep one folder "excluded" from Shadow Defender and store anything I want to save there. I do all updates out of "shadow mode" and then re-enter upon completion.

 

same as faronics' deepfreeze. but they're primarily for publicly accessible computers as in libraries, universities, schools, public institutions, etc. in order to lower the time and expenses spent for system maintenance.

 

How does Shadow Defender work then does it apply system changes to a temp file ?

And then I take it you reboot and its all gone, does it have a secure erasing system making any changes taken place to be unrecoverable ?

 

*taken from http://www.shadowdefender.com/help/work.html

afaik, there's no secure erasing way. so i believe every trace would be recoverable.

 

thanks for the break down, shame about the secure erase...

 

np

 

Imdb, Cat man, I might be wrong but if RAM is used for write cache, I think changes are gone and unrecoverable after rebooting.

Bo

 

It also has the option to encrypt cache I believe.

 

Hi Keter, SD is really nice and easy to use. You wont regret trying it out.

Bo

 

very good point, bo. didn't think of that.

btw, in a no ram for write cache scenario, do you think that it'd be implementable to use sbie along with shadow-d and have the sandbox securely deleted when the session is over? though i'm not sure how it can be set to have everything sandboxed system-wise.

 

it does?

 

Yeah http://www.shadowdefender.com/help/encrypt.html

 

Imbd, I let my sandboxes be deleted as they are deleted by default but you can set your sandboxes to be secure deleted.

http://www.sandboxie.com/index.php?SecureDeleteSandbox

Easy guide

http://www.ehow.com/how_8566367_securely-delete-sandbox-sandboxie.html

Bo

 

Actually late versions of Shadow defender have the possibility to mount the virtual volume (shadow mode) in RAM memory, namely “RAM used as Write Cache”. One can assign arbitrarily the amount of RAM deemed suitable according to the total amount of RAM available.

As an example my notebook has 8 GB of RAM, and when I use SD, I set the maximum RAM available for the Write Cache to 4 GB, but it could be 1 GB or 2GB. Obviously for a machine with only 1 GB of total RAM, it is not recommended to assign anything to SD as the OS would slow down as a result.

Once RAM has been assigned it means that the whole shadow mode session will be retained in RAM, and provided the virtual volume doesn't exceed the maximum amount assigned to the Write Cache, rebooting your computer out of shadow mode will effectively ERASE and not DELETE everything that took place in shadow mode. Excellent for privacy.

 

Good to know. Thank you!

 

thanks, bo. but what i'm asking is if it's possible to have "every changes made on the system snapshot used by shadow defender" sandboxed and to have it securely erased at the end of the session? so that no changes made during shadow defender session would be recoverable?
regards

 

What were trying to say is it is not needed...

 

yeah, i get it, but trying to figure out if there's any other way for those low on ram.

 

O I C!

 

imdb, read post 8 and 15. RAM as write cache is what you want to use for privacy in SD.

Bo

 

Yeah it would be slow to try to write to anything else (such as the disk)

 

alrite, convinced.

 

In my experience I've noticed that shadow sessions lasting 2-3 hours , produce in average virtual volumes of 1 to 2 GB (it depends of course on the type of activity) which means for machines with at least 2GB of total RAM, assigning 1GB to the Write Cache seems to be a good compromise, and if privacy is really the only concern, rebooting fairly frequently would ensure no recoverable data from shadow sessions.

Last but not least SD will show you in real time on its GUI the amount of memory used by the shadow session, therefore one could reboot exactly when the maximum RAM has been reached.

 

thanks wealth of info here, I was going to say bit strange if SD does not have some security and recovery is all but easy

Another silly question

I take it what ever happens during a Shadow defender session, nothing gets written to windows logs at all ?