Which Shadow Program and Why?

Deciding which shadow program to use but would like to hear your input on what you like about the one you have chosen. I am considering the following choices

1. Returnil
2. Deep Freeze
3. Shadow Defender
4. Shadow User

Regarding stability, ease of use, support, what are your thoughts on any one of these or one not listed. Instead of testing software, I am now more concerned with running a stable system shadowd and using imaging program Shadow Protect. I will assume that most of these shadow programs would have to be taken out of shadow mode to do successful image of C drive. Thanks for your input.

Gary

 

These programs all work as advertised, but they have rather different capabilities so you need to define the desired feature set. At least my quick take on them:

• Returnil
  • Free for personal use
  • Excellent timely support
  • Currently only shadows the system partition (typically C), but on most systems that's the key one.
  • Can enter a shadow session without reboot
  • Shadow sessions not carried across restarts
  • Can create virtual partition on systems with one partition systems to allow material to be saved during a shadow session if needed
• Deep Freeze
  • $36 (with 1 year maintenance)
  • Cleans on reboot, so items not carried across a reboot
  • Really designed for systems that will be typically run under a shadowed state in which quick wipe/restore capabilities are the key target
  • Faronics provides excellent support
  • Rock solid from all reports I've see, have not used it
• Shadow Defender
  • $35
  • Support has been variable, but not a support intensive product, so don't be too put off by that
  • Product seems quite solid
  • Can define partitions to be shadowed, as well as locations to be excluded
  • Can enter shadow mode without restart
  • Shadow sessions not carried across restarts, probably the prime real difference between ShadowDefender and ShadowUser
• Shadow User
  • Most expensive of the bunch $70
  • Can define partitions to be shadowed, as well as locations to be excluded
  • Requires restart to enter shadow mode
  • Can carry a shadow session across restarts - only one of the list that currently does this - generally needed if you want to use shadow sessions to test software
  • Somewhat aged user interface, could use a few quick touchups, nothing major

Now, what traits are must have and which ones can you live without? That may drive your decision. Like I said, all work as advertised, but they advertise different capabilities.

Blue

 

Hi Pete,

Didn't we decide it was pointless to test with Deep Freeze, since Killdisk wipes the entire disk, which would include Deep Freeze itself, since DF doesn't work with a virtual, or shadowed, partition?

-rich

 

To add to Blue's informative summary:

Deep Freeze

• You can select which partitions to freeze
• Must reboot to unfreeze (Thawed state) to make changes.

If you are considering evaluating Deep Freeze, I can comment further on my experiences in a home environment.

-rich

 

Hi, folks: Oh, No! I am still under the impression that DF along with some others have passed killdisk test, when killdisk became a topic here.

 

You are correct, Perman:

https://www.wilderssecurity.com/showpost.php?p=1023380&postcount=7

I must be thinking of something else - maybe Pete will remember...

-rich

 

If you intend to use ShadowProtect, and money it's not an issue, ShadowUser comes from that same maker Storagecraft, which means no conflict for sure.

I personally think that ShadowUser is the most complete out of the list. It hasn't been updated for 2 years (Storagecraft hasn't made any announcement about discontinuing the application), but like Blue mentioned there isn't anything that needs to be urgently corrected.

I've been running SU for two years, without any malware whatsoever, but I must admit, I've tried Returnil, it is a fine application and free for personal use. Moneywise the combination of ShadowProtect and Returnil is very tempting.

 

Using SP/Returnil on my systems and sofar smooth sailing.
Laptop has Powershadow on it and work perfectly,sad its not free anymore.

 

Pete,

Are you saying you would or would not image with any of them in shadow mode and thanks again.

And, thank to all for input so far.

Gary

 

Hello,

Pete, a quick question:

Why do you consider KillDisk to be a standard by which the shadow programs should be tested? In that regard, all shadow programs are useless if operations are performed on the disk itself rather than os itself, including boot CDs, damage etc.

Cheers,
Mrk

 

Just a quick addition to Blue's post.
Shadow Defender can continue Shadow Mode after reboot.

Also have a look at Power Shadow - not free any more but very solid in both 2.6 & 2.8 incarnations.

 

What, you mean changes will not be lost on reboot if you do not wish?

 

Could you clairfy what you mean by this? I understand ShadowUser is the only program that will allow a restart and have all changes retained which would allow for install a program for your testing that reuqired a reboot. I don't think ShadowDefender can do this, can it?

Gary

 

My bad -
I wasn't clear.
Shadow Mode can be maintained in Shadow Defender after a reboot- but it is a 'new' shadow - i.e. the previous session won't be carried across as per Shadow User.

 

Power Shadow can be dangerous.....see this thread https://www.wilderssecurity.com/showthread.php?t=188392

 

Down to choosing between DeepFreeze and ShadowDefender. Like the price of both and their features covering more than one partition when needed. Only thing I see DF does not have is a commit now feature like SD along with exclusions of SD. Don't know which one to choose yet. Has anyone tried both and chosen one over the other for any particular reason?

Gary

 

I have bought Shadow Defender for the following reasons:
1. You can enter in shadow mode withought the need of rebooting your pc. If I am not mistaken with DeepFreeze you have to reboot if you want to exist the Thawed mode.
2. You can select which drives partition you like to protect before entering in shadow mode. With Deepfreeze you can do that only during the installation. If later on you change your mind you have to uninstall/reinstall deepfreeze.
3. It gives lifetime upgrades (although the support is not good). If you need support you better choose deepfreeze.
4. You can select which folders you want to retain after exiting the shadow mode(the commit by shadowdefender is also a very nice addition). In Deepfreeze you cannot do that.

Panagiotis

 

Hi, folks: I agree with Pandlouk's assessments; Shadow Defender dose have a better technical flexibility, but I also like to point out this: Deep Freeze has its ups and downs during those years(how many ?), during its down years, it has suffered "unfreezer"'s sabotage (version 5 and lower). Since version 6 in 2006, it has regained users' confidence. Whereas Shadow Defender is a new comer, has not faced its down hours/years yet, what if it would have suffered a sort of tech setback, would it have abundant resources to rebound ? DeepFreeze has been widely used by Internet cafe in China (SD's mother land), I like to see SD to take the rein from DF some day, given the home-field advantages. Pls keep in mind that both are excellent apps, just that little , little ... . Good luck.

 

Shadow Defender, as it stands now, allows you to update programs with shadow mode turned on and those updates will survive a reboot. This is done by use of the Exclusion List (Version: 1.0.0.116). A big advantage for me.

An example of this is updating AntiVir Personal Edition Premium. It updates the definitions fine but AntiVir's Status Window will show two different dates of the definition update upon reboot. The defs are up to date though. This difference is because there is a registry change and registry changes can not be excluded; only files and folders can be excluded. You can see this difference if you expand the Last update in the Status window. You will see the expanded "Virus definition file: V7....." has updated but just to the right of it it will show the last update date. This is because of a registry change. I give this example to illustrate a worst case or messy scenario.


For AntiVir, adding these two entries to SD's Exclusion List will allow the update to survive a reboot:

C:\Program Files\AntiVir PersonalEdition Premium\*
C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Premium\*


I believe this registry entry prevents both places in the AntiVir Status window from showing the same :
HKEY_LOCAL_MACHINE\Software\H+BEDV\AntiVir PersonalEdition Premium V 7 |LastUpdate

To check if you "really" have the latest AntiVir def update, just check for update. It will say your up to date. Checking will also make both places in the Status window show the same date. At least temporarily. No it's not perfect.

If a program has all of the update contained in a file or folder you should be good to go or reboot. You could exclude My Docs, downloads, favorites - what ever. Happy excluding.

 

If I would decide to choose one of these 4 ISR-softwares to replace FirstDefense-ISR, it would be a step back for me. I wouldn't have the same possibilities anymore and I would certainly miss my archives.

The only way to go back to the original clean state with these 4 ISR-softwares is restoring an original image and that isn't ISR anymore.

DeepFreeze is the worst of all 4, at least for a home-user and would cause alot more reboots, than any other ISR-software.
A reboot for Thawed and a reboot for Frozen isn't pleasant for doing changes.
DeepFreeze can only be good in a work environment with stable set of used softwares.