What exactly does Shadow Defender do?

Discussion in 'sandboxing & virtualization' started by Keter, Nov 6, 2013.

Thread Status:
Not open for further replies.
  1. Keter

    Keter Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    12
    Location:
    USA
    I keep seeing references to Shadow Defender on this forum, but I'm not really sure what it does. Can someone explain this to me like I was five? Thanks!
     
  2. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    858
    Location:
    Blue Ridge Mountains
    Once you invoke "shadow mode", any changes to your system are temporary (virtual). Upon reboot the system reverts back to the state it was in at the time that "shadow mode" was engaged.

    This means that any malware as well as changes to your system, new programs, emails, documents will be removed upon reboot unless you specifically exclude certain files or folders or "commit" (allow) files of your choosing to be saved to your "real" system.

    This is not only a nice safeguard against malware which may have escaped detection by an antivirus, but also a way to prevent changes to your system by children, family or friends with access to your machine. Also a nice way to test new software that does not require a reboot to be installed.

    A very useful software. Myself, I keep one folder "excluded" from Shadow Defender and store anything I want to save there. I do all updates out of "shadow mode" and then re-enter upon completion.
     
    Last edited: Nov 6, 2013
  3. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    758
    same as faronics' deepfreeze. but they're primarily for publicly accessible computers as in libraries, universities, schools, public institutions, etc. in order to lower the time and expenses spent for system maintenance.
     
  4. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    How does Shadow Defender work then does it apply system changes to a temp file ?

    And then I take it you reboot and its all gone, does it have a secure erasing system making any changes taken place to be unrecoverable ?
     
  5. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    758


    *taken from http://www.shadowdefender.com/help/work.html

    afaik, there's no secure erasing way. so i believe every trace would be recoverable.
     
    Last edited: Nov 6, 2013
  6. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    thanks for the break down, shame about the secure erase...
     
  7. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    758
    np :thumb:
     
  8. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Imdb, Cat man, I might be wrong but if RAM is used for write cache, I think changes are gone and unrecoverable after rebooting.

    Bo
     
  9. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    It also has the option to encrypt cache I believe.
     
  10. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    Hi Keter, SD is really nice and easy to use. You wont regret trying it out.

    Bo
     
  11. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    758
    very good point, bo. didn't think of that.

    btw, in a no ram for write cache scenario, do you think that it'd be implementable to use sbie along with shadow-d and have the sandbox securely deleted when the session is over? though i'm not sure how it can be set to have everything sandboxed system-wise. :doubt:
     
  12. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    758
    it does?
     
  13. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
  14. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
  15. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,215
    Actually late versions of Shadow defender have the possibility to mount the virtual volume (shadow mode) in RAM memory, namely “RAM used as Write Cache”. One can assign arbitrarily the amount of RAM deemed suitable according to the total amount of RAM available.

    As an example my notebook has 8 GB of RAM, and when I use SD, I set the maximum RAM available for the Write Cache to 4 GB, but it could be 1 GB or 2GB. Obviously for a machine with only 1 GB of total RAM, it is not recommended to assign anything to SD as the OS would slow down as a result.

    Once RAM has been assigned it means that the whole shadow mode session will be retained in RAM, and provided the virtual volume doesn't exceed the maximum amount assigned to the Write Cache, rebooting your computer out of shadow mode will effectively ERASE and not DELETE everything that took place in shadow mode. Excellent for privacy.
     
  16. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    Good to know. Thank you!
     
  17. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    758
    thanks, bo. but what i'm asking is if it's possible to have "every changes made on the system snapshot used by shadow defender" sandboxed and to have it securely erased at the end of the session? so that no changes made during shadow defender session would be recoverable?
    regards
     
  18. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    What were trying to say is it is not needed...
     
  19. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    758
    yeah, i get it, but trying to figure out if there's any other way for those low on ram. :thumb:
     
  20. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    O I C! :D
     
  21. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    imdb, read post 8 and 15. RAM as write cache is what you want to use for privacy in SD.

    Bo
     
  22. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    Yeah it would be slow to try to write to anything else (such as the disk)
     
  23. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    758
    alrite, convinced. :p
     
  24. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,215
    In my experience I've noticed that shadow sessions lasting 2-3 hours , produce in average virtual volumes of 1 to 2 GB (it depends of course on the type of activity) which means for machines with at least 2GB of total RAM, assigning 1GB to the Write Cache seems to be a good compromise, and if privacy is really the only concern, rebooting fairly frequently would ensure no recoverable data from shadow sessions.

    Last but not least SD will show you in real time on its GUI the amount of memory used by the shadow session, therefore one could reboot exactly when the maximum RAM has been reached.
     
  25. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    thanks wealth of info here, I was going to say bit strange if SD does not have some security and recovery is all but easy :eek:

    Another silly question

    I take it what ever happens during a Shadow defender session, nothing gets written to windows logs at all ?
     
Loading...
Thread Status:
Not open for further replies.