What should I choose, ShadowUser or ...?

Discussion in 'sandboxing & virtualization' started by aigle, Feb 14, 2006.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, just want some good advice.I want to buy a protective software( in addition to AV,firewall, Antispyware and HIPS) for my new notebook. I have quite a few options,

    ShadowUser
    Sandboxie( it,s free i think)
    DeepFreeze
    BufferZone
    Norton GoBack
    Acronis true Image
    ....? may be still more that I don,t know

    My main concerns are as follows,

    1- I am in habit of trying latest and new software, even sometimes beta, so I want a secure way of tryingr new sftwares.
    2- I am in the hbit of surfing everywhere on internet, even i would like to go to some known spyware sites just to test my security appliances( a bit crazy idea! but i am not the only one). So i want to secure my web surfing.
    3- Also I downlod software from internet, As downloads may be potentially dangerous,so I need protection against nasty downloads.

    I don,t keepany sensitive data on my PC, so data security is not a problem, however I put a lot of software with many personal configrations of it and with all available updates, so if I loose my system, it my take a significant time ti rebuild my system.

    So which one you think is the best option for me. At the moment I have used only ShadowUser and it has impressed me too much. It is strong, secure,and very easty to use with very little configuration required. Just a reboot and systemis clean again.

    Just one thing that is very important, I am on low budget, soi need something good but cheeper as well.

    Another related question is that which one of these two is better ShadowSurfer or Sandboxie( both are free I think).

    Many thanks!
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Re: Post your systray snapshot here

    Sorry to be off topic, out of DeepFreeze and ShadowUser which one is easy to use and better.
     
  3. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    If I were to pay for something on your list it would be Acronis True Image, nothing safer than a nice clean HD image. It also comes in handy for other non-security problems/testing.

    Then get Sandboxie/ShadowSurfer (free).
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I second that.
    An Image Backup software is never a waste of money and freewares like ShadowSurfer or Sandoxie allow you to surf safe on the internet without getting any existing or new threat.
    I would go for ShadowSurfer.
     
  5. divedog

    divedog Registered Member

    Joined:
    Jun 7, 2004
    Posts:
    265
    Location:
    Seabeck WA
    I use Shadow surfer and deep freeze. Tech support at deep freeze told me not to use it on nforce chipset motherboards. they both work quite well.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050
    I don't know. I do a lot of the stuff Aigle asked about and while I use ATI for imaging purposes, restoring and reimaging every time I wanted to try something would be a horrific waste of time.

    Rollback Rx has proved quite effective and is the quickest solution. Taking a snapshot is almost instantaneous and rolling back is not much more than a reboot. Another critical difference, is with Shadowuser if you forgot to commit a change it's gone. With Rollback since it saves a snapshot you can delete when you rollback, if you realize you need something from it you can reach into that snapshot and recover it.

    Just today I had a problem where the config files from Outlook got corrupted and it wouldn't retrieve email. Going to a previous snapshot all was well. I went back to my current one and since I really didn't want to lose any additions my first try was to reach into the earlier snapshot and retrieve the earlier config files. Solved the problem.

    In theory Go-back could also do this but it isn't dependable because the data isn't there permenently(or until you delete it)

    Pete
     
  7. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I say the same HD cloning is time consuming and is basically for HD crash, not for instant recovery.
     
  9. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    with shadowuser\surfer is their a need for as and avs?
     
  10. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    With Shadowuser there is not really a need that I can see for an AV or AS or any type of antimalware. But nothing can be saved with shadowsurfer. Although with shadowuser you can save certain things but then at that point you would want to use some type of antimalware or else you risk whatever you allow it to save to become infected and hence pass it on to your system when you come out of shadow mode.

    Same thing applies for Rollback Rx but you can save numerous snapshots which is great.

    Thanks,

    Chris
     
  11. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Hi Chris,

    So, with Rollback RX.....can you schedule times for it to take a snapshot (either through it's interface, or by using Windows Task Scheduler)? Or is it a "manual snapshot" only type option?
     
  12. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Yea you can schedule snapshots at times you want through it's interface or manually. Theres a free trial fully functional that you should try. I really doubt that you will be disappointed. Please feel free to ask more if you want but it really is a good program.

    Thanks,

    Chris
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    It's not correct.
    You can save things with ShadowSurfer. You just need more than one partition. I have tried it successfully. Protect the system partition (C), save data to another partition (K). Works superbly.
    Mrk
     
  14. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    The whole partition would be vulnerable at this point. I was assuming he was talking about protecting his PC in general not just one partition. So I guess the answer is yes if you leave partition(s) unprotected. Thanks for clarifying this Mrkvonic.

    Thanks,

    Chris
     
  15. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    NP. If it's a non-system partition what vulnerability is there? To take control of the PC, you need privileges, to have them, you need to take over the system, so there's no harm there. The only harm could come from you saving something offline and then execute it later on out of Shadow mode.
    Mrk
     
  16. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Something similar to the Blackmal virus http://www.securityfocus.com/news/11374 would seem to be such a file that could delete files on the unprotected partition. This is just one such example. Please correct me if I am wrong.

    Thanks,

    Chris
     
  17. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    For something to execute and run with schedule - it needs system privileges. Theoretically, you could execute this virus while in Shadow mode and damage your system, but this is true for both ShadowSurfer and ShadowUser and any virtualization software that allows writing in the 'shadow' mode.
    Mrk
     
  18. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    This is a good point, Chris. Also:

    Deja Vu - Snow.A

    "appends its code to all .EXE files in all drives, including mapped network drives and removable disks."

    So, while the protected partitions are restored on reboot, one can't be sure anymore what might happen on unprotected partitions. This applies also to Deep Freeze and similar programs.


    -rich
     
Loading...
Thread Status:
Not open for further replies.