You do NOT need any other security software...

Hey Peter2150 while I appreciate your thoughts on the matter, I was not referring to you, but to Spy1 (Pete)

If you ask me, this is such a trival and obvious point (speaking from his own experience) that it hardly bears mentioning.

And yet It seems people think that if they explictly use qualifers and disclaimers such as *this is my opinion only*, or *i am speaking only from my personal experience* , that they are adding some extra info.

Perhaps they think it's a way to avoid any responsibility for their views, that with such disclaimers they cannot be construed as making a vote of approval for the softwae they are talking about, no matter how glowing their reviews are in the post.

Of course, any sensible reader, knows that the writer's opinions are patently based own on *his own* experiences and nobody elses, who else's could they be based on?

Saying or not saying it hardly adds any extra info, nor does it help anyone decide how best to weigh the writer's posting.

Though of course the extent and circumstances of the poster's experience IS information . Eg, I have used shadow user for years on all sorts of computers vs I have never even touched shadow user before, but I'm sure it's the ultimate solution!

Also you can put disclaimers and qualifers all you like, but the way you as a poster reacts to critiques about the security software you are (supposedly) not giving a vote of approval, is an obvious giveway to your real feelings despite your protestations.

To wit "I'm not recommending shadowuser, but if you dare say there are flaws in it, i'm going to argue against you in great detail against all comers"

So no matter how you care to put disclaimers, be aware that your postings and the way you respond to strongly defend your position WILL be read as votes of approval.

Anyone who thinks Erikalbert posts arent read as a strong vote of approval for shadowuser, must be kidding himself even if they are all followed by disclaimers , which they aren't anyway nowadays.

And the sad fact is they are based on zero experience on it. Something, I'm sure some casual posters might be surprised to know even the frequency he mentions it, and the way he defends it.

 

I don't know for sure of course. I suspect, all the arguments on this forum have pushed you into a much more radical and strongly held position then where you started from, because you think you have won all the theory arguments. according to you nobody can show you what is wrong with your reasoning.

I caution you that theortical arguments reasoning is one thing, and practice is another. I predict (from my limited experience with such systems), you will soon learn once you start using it,the drawbacks of a system like Shadowuser will be mostly practical (see for example Blue's arguments for user discipline as one example of such drawbacks) and not theortical like the CMOS viruses mentioned.

You rant now about the theory/practicial problems of HIPS and Scanners (well known to everyone), but that is from a position of ignorance about the problems of Shadowuser systems, so you see only the theortical positive points. Who knows if you will change your tune once you start using shadowuser.

Possibly shadowuser imposes even more requriements on 'ignornant' users then other approaches.

Obviously the grass seems greener on the other side when you have no experience of the other side.

Of course, you won't believe me, since you are a 'application analyst' who knows more about certain applications then the programmers themselves....

Then go for it, and tell us your experience. What use is it for you to defend the idea so strongly, when you haven't even tried it? Ideas always look good on paper....

If you really want to see it with your own eyes, you should try it, instead of continually arguing with people, all of whom don't believe in your approach. Why not try your approach so you can 'see with your own eyes', instead
of arguing theory on this board?

After all even if someone told you the idea didnt work because he has tried it, you still wouldn't believe him because you want to see with your own eyes.... How much more futile it is in the case, where no one has tried your idea?

With no results?? That is very irresponsible. So your plan is to imply that a certain idea or scheme is workable, argue very strongly about it against naysayers (despite having no proof it works), in the hopes that other people will believe you and try it first?

In other words you will strongly support the idea of SU alone as a viable solution for another 6 months without even trying it? Sigh.

 

I'm with ErikAlbert on this one. He's not impressed with the standard programmes used to secure his computer and is looking for an alternative. He's come up with an idea and by stating his intentions he hopes to draw some useful comments in the hope that someone may be able to show him the error of his ways. To date no one has come up with any arguments to convince him that he's wrong.

I came to Wilders looking for some advice on alternative measures. To me, the logic of using Deep Freeze and an anti-executable seemed unbeatable. However, I wasn't certain because I'm not a computer expert. I asked questions to check if there were any flaws in my logic. I couldn't get a definitive answer and decided to trust my logic. I have run with my setup for about 9 months with no problem.

Ultimately, I guess that EricAlbert will also have to trust in his logic.

 

There's the logic and then there's the reality. I've never used DeepFreeze or Shadowuser. The closest I've come is SandboxIE. On paper, it's a great idea. Build a wall between your browsing and the rest of your system. But in practice, that security can be breached. Intentionally, by manually moving something out of the sandbox, for instance. Or unintentionally, like downloading something onto a drive other than c: (this bypasses the sandbox). I've found a few holes in SandboxIE that wouldn't be apparent to people who just debated the concepts and hadn't actually used the program. I still think it's a great program, however.

Shadowuser may be the best single addition one can make to one's security. But there's only one real way to find out. And debating the pros and cons on this forum isn't it.

 

Exactly. Using a sandboxing program involved a great shift conceptually, and it is very easy to make a mistake. I myself have limited experience with a somewhat similar product like bufferzone and even i had problem at first trying to get used to the idea.

And yes, the decision to move things in and out of the sandbox or in the case of shadowuser deciding what folders to retain changes can be a highly challenging one, particularly for ignorant users who Erikalbert claims to be.

Say you download some game or program which requires persistant carryover data. All is well if you don't need to 'reset'.

According to erikalbert he intends to reset everytime, he goes online banking, now he is faced with a difficult choice, should he let the program he just downloaded out of the sandbox (commit changes in shadowuser level)*? How does he know if it is good or bad without scanners? Wouldn't that deciison be a coin toss as much as answering a PG prompt?

And say he chooses not to, even though he wants to, just to be safe.

Erikalbert has always protrayed other methods as being bad, because they stop him from doing what he wants to do. It seems to me that shadowuser is just as bad since it forces him to make a choice and restricts him from doing what he wants to do (eg keep program downloaded, and stay safe).

Sure shadowuser gives you almost 100% protection if you always reset, but at a significant cost. Scanners and HIPS are not 100% protection, but they at least don't restrict my behavior that much.

Shadowuser is great for public pcs, where the user doesn't expect to keep persistant data, but for many home users, they fully expect to do so, and they end up either fustrated, or they allow so much changes to be commited, they are effectively opening themselves up to the same dangers anyway.

I'm not saying that shadowuser is not a good solution, for the right kinds of users with the right mindsets it is a good solution. What is in doubt is whether it is a good match for Erikalbert, whether he is the right kind of user, after all despite all the 'reasoning' he hasn't tried it yet!

And as far as i can see , before this thread where as usual the ever perceptive Blue referred to it briefly, Erikalbert has never considered this point at all!

Instead he and everyone else worries about therotical problems of 'beating' shadowuser, when the main drawbacks of shadowuser have never had to do with such exotic methods.

Of course, even if someone did bring up this practical point explictly, and i think some have referred to it briefly in the past, Erikalbert can of course maintain it won't borther him, but the proof in the pudding, as long as he doesn't try it, he can maintain all sorts of thing.

I suppose that is partly also why nobody borthers to mention such practical matters, we won't know until erik actually tries it.

Just like how he answered a questionaire in this thread , "As a shadowuser" (by imagining himself in that situation i'm sure) in a certain thread

That is why i maintain it's futile for Erik to keep arguing for months on theory, where practical experience is what will decide whether it is right for him.

As much as Erikalbert wants to think he is a genius for being the first one to think of such a method, the fact that most people don't use it, does imply drawbacks....

To those who use shadowuser, let me repeat, I'm not saying shadow user is not a viable method or even that it's not the best method for you, I'm just objecting to Erikalbert supporting it (arguing against other methods and talking only about the good points of shadowuser), without having any experience with it at all. For all we know, by june 2006, when he finally tries it, he will say it sucks for all the reasons i state above.

1) Too difficult for 'ignorant users' to use , to decide what to save.

2) Doesn't let him do what he wants to do. He can't keep programs he wants.
He wants to use his computer for play, he doesn't want to be cautious limited to only one session... etc

etc etc

If after





* I don't know if shadowuser allows several different profiles/snapshots as Vmware/firstdefense does, but even if it does, this is not a complete solution since such snapshots do consume a lot of hard-disk space....

 

Sorry but discussions about ME is not what I'm looking for.
If some members aren't able to talk in a theoretical sense and always need scientific proof, based on a long experience, that's fine with me.
At work, I'm used to work this way, because my applications don't even exist when I start doing my job.
So my analysis starts always with a theoretical concept, because there is no practical experience and during my interviews with users, I adjust my theoretical concept until it's OK.

If you like the classical security solution, well stick to them and believe in them. I never asked to agree with me, I'm just looking for another possible approach and try to find out what other knowledgeable members think about that.
I'm more interested in posts, that try to destroy my new security setup with good arguments, than posts about ME.
I'm talking about softwares, not myself or other members.

 

Perhaps it really implies that we have all been brainwashed into a certain way of thinking.

Discussion of ideas whether theoretical or practical help to highlight flaws in ones thinking.

Indeed, comments by deviladvocate, in a previous thread, prompted me to reassess my thoughts about the block driver/service facility of ProcessGuard.

 

I agree. For one thing, there is a lot of misunderstanding about the products themselves. Deep Freeze is not a sandbox. It's far more than that and shows a basic misunderstanding of the product.

With that said, I am a little confused about such strong beliefs for a product by a person not even using the product. I don't mean that as a slam, it's just confusing. Is it the concept that is so highly regarded?

 

Sure, the idea of using ShadowUser alone is great if you truely have nothing to lose on that system, but the problem is that almost everyone says that they have nothing to lose, until it's lost. I've had far too many people that I helped to fix their computer, when their hard drive died or system needed formatting for whatever reason, that hand the system to me saying that it's no big deal, they didn't have anything of value on the system. After giving the system back with a fresh format, however, they inevitably call asking where their passwords and personal documents went, and they start worrying about if anyone else could potentially steal the data off the old hard drive if it's found in the trash.

I don't think there's anyone saying that ShadowUser is a *bad* idea, it's just not a complete security solution in itself unless you really know what you're doing, and recommending it as such to the world at large just doesn't seem to be a very responsible thing to do. Again, keep in mind, Erik, that this thread was started by someone that saw your posts and saw it as enough of a recommendation to announce that nobody needs any kind of security software, just SU, pointing to your posts as a reference. Although I don't agree with the way that DA is approaching the subject, I do agree that it's relevant that you haven't actually used SU yet. Unfortunately we do have to be careful about the way we present things here at times.

 

Perhaps. but we will never know until we try. Surely Erikalbert isn't the only one genius enough to be immune to this brainwashing effect and recognise the clearly positive points of this approach.

It might be surprising to some but my own personal philisophy is that as a first approxmiation not assume everyone is a idiot, and i'm the only smart one to see a solution where others havent..... I find in the long run that's a smarter strategy and is more often right on the money.

What i find chilling though is no acknowledgement about the problems, until explictly pointed out in this thread (based on using somewhat similar software), see my post #56.

And there is no response to them despite erikalbert's claim that he is looking for ways to destroy his argument.

And indeed as i have pointed out in my post, the problems are there, if you want to look for them. But as long as erikalbert remains in his world of theory, and i suspect he remains emotionally commited to the idea (because everyone thinks he's wrong... the rebel feels cool.." what do you security experts know, I'm a application analyst and i know more then you on what works" ) he can never see them.

Surprising and ironic really, that someone whose job is to chiefly access useability and functionality for 'ignorant users', prefers to talk about high level theory attacks that are beyond him anyway while missing out practical problems that should be within his area to look out for average users.

Here's a sample of the mantra he keeps mouthing based on ZERO experience.

Sure sounds confident doesn't it? A stronger vote of confidence then from any *actua*l user of the product.

Let me repeat again my analysis from an earlier post, that the above quote from Erikalbert is a far too starry eyed view of things, a view maintainable only because of ignorance.

1) "Simple"

Is it simple? Perhaps. But as Erikalbert has found out he needs to know all sorts of things about partiations before it can work. Say this isn't a barrier and the user is willing to pay a one off cost.

2) "Silent, time saving"

I don't know what silent means, but he probably means free of popups, okay granted.

But Is it truly time saving compared to using a scanner? All the things you do getting wiped out at each reboot? The need to reinstall progreams. But yes, you can choose to retain changes... but see later 4)

3)"that fits in the normal actions on a computer" (like reboot)

I argue that shifting from a normal approach to one where your system is refreshed on every reboot, is a very big conceptual change, and it certainly won't fit into the normal way a user expects his system to run. This adjustment cost is one that is hidden until you try it.

And is it really true, such a mode where you have to refresh a lot of things on reboot really less restrictive than traditional methods? Do you really like the idea of reinstalling all the programs on each reboot? But what if you try to migitate this by retains selecitve changes?

4)"that doesn't require any knowledge."

Sure, assuming the startup cost is paid. But leaving that aside is this statement really true? What if you want to mark changes for such directories as inevitably needed? Do you know what to allow? Is it really set once and forget? What about email clients? if you change them, do you know where the profiles are kept? where the mail folders are kept? what about p2p? other software? windows? Both are not necessarily in the same program folder?

And how do you know what is safe to keep anyway? particularly when you want to keep some new app?

Is it really easier to answering prompts to HIPS? Maybe if you are a advanced users but not if you are erikalbert's ignorant users.

Is it really easier than using a scanner? definitely not.

5) "foolproof"

Yes, it's almost foolproof, if the right user actions are done and barring exotic attack methods. I suspect like most people here Erikalbert has being sucked into thinking that this is the only and critical citeria, 100% or near 100% security without considering other factors.

This view leads him to underestimate or in fact totally overlook practical difficulties, leading him to think "nobody has proven him wrong" because nobody can whip up some zero day exploit that defeats it.

Add the wholly wishful thinking that hasn't being corrected because he has no practical experience at all and you can now understand why Erikalbert is so HIGH about this approach even though he has not tried it.

Again I don't wish users of such approaches to think i'm dumping on their software. I'm not. Though i suspect it's inevitable that supporters might think i am and hence feel the need to support their choice.

I'm just bringing up practical realities which erik albert does not see (but everyone who uses the software can probably attest to in some way) in his starry eyed view because he has never tried such approaches.

There is perhaps why there is a paradox where people who have used the software, even the most supportive ones, have never ever given shadowuser as strong a vote of confidence as Erikalbert. That's because they know better.

In fact, even I , DA is probably more qualified than erikalbert to talk about this, because i have used vmware, bufferzone for long periods which at least gives me a taste of how shadowuser is going to be like.

Erikalbert to my knowledge, doesn't even have any similar backgrounds to make such strong claims. The closest he has come to this is sandboxie, and i believe it didnt work well on his system so he didnt try it.

 

Discussion of ideas is one thing. Repeatedly Strong confident claims (in bold no less), without any supporting evidence in my view crosses the line even when occasionally accompanied by disclaimers.

When push comes to shove, what you actually write and the way you stress them is going to be take into account more than any occasional facile disclaimer.

I think What this discussion has shown is that while such discussions on paper can be helpful, it is equally likely for one to underestimate practical difficulties, because until you have actually put it into practise, you will tend to overlook them! My own comments for example was based on some practical experience with similar setups.

Erikalbert thinks that the flaws in his approach has to do with high level hackerish attacks, when the actual difficulties are practical and more down to earth.

You know what the most fustrating thing about this is? Even after this explict explaination of practical difficulties, we still don't know if erikalbert will eventually support or reject this approach, becuase such problems while easily articulated , the degree in which they impact each person cannot be predicted in advance even by the user, until he tries it.

So be prepared for erikalbert to continue telling the forum how this approach is "a simple, very silent, time-saving and almost foolproof solution, that fits in the normal actions on a computer (like reboot), without too many softwares and that doesn't require any knowledge." despite no experience about whether it is true for him.

At least until he tries it in the second half of 2006, then he can at least justify the above statement.... hopefully.

Which devil advocate is that? And what exactly is the argument? In any case, if the argument has to do with the user not knowing what he is actually doing when he is blocking the driver, it's hardly one based on theory.

It's one based on experience, after all in theory the idea of blocking unknown and untrusted drivers/services sounds great. But in practice... Something devil advocate could never have done or articulated if he didn't have experience with the practical difficulties.

 

BINGO!

 

devilish,

There are legitimate softwares and all the rest of the softwares are to be considered as suspicious. Legitimate softwares aren't a problem, so lets talk about the suspicious softwares.

SU allows me to install and try any suspicious software without getting infected.
I can even reboot and keep the suspicious software without getting infected. SU allows that.
I'm not going to install these softwares on my harddisk, because they aren't legitimate.
I only want to play with these softwares for awhile.
A reboot will remove every existing, new and UNDISCOVERED malware, including the software itself.
Much better than any scanner will be, because scanners are incomplete and have several time gaps in the updating.

A non-SU-user will install and try suspicious softwares and get infected, while his scanners don't guarantee that every infection is removed.
How many users like to try a screensaver, that could be infected and when they don't like the screensaver they remove it, but the infection is still there.
I can watch as many screensavers I want without getting infected.

Everybody surfs on the internet. Right ?

SU allows me to surf all night and visit any infected website, I want.
A simple reboot will remove every malware that was installed during my visits and I don't need to run a dozen scanners.

A non-SU-user will certainly get infections when he surfs like me and he is lucky, if every malware is removed by his scanners, because scanners aren't perfect. Will scanners remove UNDISCOVERED malwares ? Maybe heuristics will do it, but that isn't certain.

Who is lesser safe and who lost alot of time running his scanners ? The non-SU-user, not me because the reboot time is always the same, while the TOTAL scan-time increases every day.

Is SU that good ? In theory YES, let me find out if it is true in practice.
Are the classical solutions that good, that nothing else is better ?
I believe in SU, until the opposite is proven and SU never failed until now.
And of course SU will be compromised by the bad guys somewhere in the future, but you can say this about any OS or software.

 

I'm not sure what you mean by a sandbox but the basic idea for shadowuser at least is easy to grasp on paper but in practise it requires quite different mental models of operation. Full disk restoration except for certain selected folders. It's more like virtualization or perhaps 'fulldisk sandboxing'...

I think you hit the nail on the head with that question.

The grass is greener on the other side effect, everyone knows in *theory* the weaknesses of traditional methods, so this leads to an inflated view where another alternative method is considered superior just because it doesn't happen to have the same weaknesses. But that leaves out the problem of its own weaknesses which unfortunately are difficult to see.

We went through or in fact are still going through a same phase with all this talk about HIPS...

But at least in the case of HIPS, it's main weakness - the requirement for users to respond correctly, and the noisy of prompts was fairly obvious even without trying (and even then, for most people they actually need to try the specific product before they know the degree of noise they can put up with).

I suspect this is because HIPS or behavior blocker approaches are really not that different from antivirus scanners at least in terms of operational models.
Both scan for stuff ( in different ways), and stop them. That's it.

Switching to shadowuser/BZ/Deepfreeze etc etc is a completely different way of working, if you have no experience at all, all your mental models and hunches about how easy it is, how much time it saves etc goes out of the window, because it's a completely different.

As such Real life experiences in this case is even more critical, then if you just switch AVs or HIPS.

 

Unless I'm mistaken, you're a non-SU-user.

The examples you brought up are mostly predicated on you not keeping anything you downloaded. What if you want to keep that screensaver? I'd probably considering keeping some, or else I wouldn't be looking at screensavers in the first place. How do I ensure what I save isn't infected?

This belies your stance that you will be a "friendly enemy" to Shadowstor.

 

I think this whole thread can be summed up as, anyone who uses only ShadowSurfer and their firewall alone, without relying on any scanners as a backup, is a complete fool. Unless they are an advanced user who knows full well how to handle the software involved.

Disclaimer: All names of the actual parties involved withheld to prevent making anyone look like a complete fool.

 

Exactly, despite what Erik says or even perhaps he believes it himself, it's clear from any independent observer that he is clearly in love with the idea despite not trying it at all.

And btw, SU has never failled until now, for the obvious reason that he has never tested SU? Can we say someone is getting deluded abt the difference between actually being a SU user, and imagining being one in theory?

I really hope what he means by "SU has never failed until now" is that so far there has never being exploits for SU! Otherwise it's pointless to continue.

His "faith" in SU is truly amazing, but of course it's easy to have faith if it's untested. Since he hasn;t tried anything... no need to worry about actual problems as compared to idealised solutions in never never land.

All he does is to continually repeat general claims of the pros of shadowuser and the cons of scanners, something that everyone knows and does not dispute anyway. I predict he can do no other. On that ground, he claims he always win.... for obvious reasons.

I can continually claim victory by Scanners over SU, because scanners are way easier to use, because they don't use as much disk space. Because they protect me from malware all the time while you are unprotected in shadow mode.. etc etc And i keep bringing up these points all on theory as well. While refusing to discuss or minimise other disavantages, or better yet claim inability to answer based on ignorance..

I suppose if i could whip up an exploit like the recent vmware NAT exploit it might phaze him for a while, but seriously, is that really the sole citeria you use to decide if SU is superiror or not? It's absurd.

Early in this thread Blue corners him by pointing out that it's certainly not a perfect solution and that there are drawbacks depending on the user.

His response?

Contratry to what he is saying, he IS avoiding discussion. He is ready to talk theory about CMOS viruses which few here are qualified to do, but when someone wants to press him on the viability of SU in practice from different users he declines? Remember Blue is asking that not out of the blue (lol) but in the context of Erikalbert making wide bold and general claims in the earlier post.

And he follows up this claim with a boast of the generality of his claims for many 'average users'

[quote-erikalbert]I'm not a security analyst, but I certainly know what I and many average users want. That is one of my skills [/quote]

And now when someone asks you whether your solution is really that generalised to many users, you suddenly chicken out on the grounds what you have is all theory?

After all you are fighting a war on paper already, what harm is there to further discussion on possible practical problems?

Perhaps he senses it would burst his grand claims about SU?

He can't really in any way address any practical difficulties i've layed out, such as the difficulty of knowing what to autocommit, hard disk requirements, slowdowns perhaps, the problems of session malware leaking etc..

Because it's all theorical (he hasn't actually used shadowuser) he can win arguments by talking about how he's going to be the most disciplined user ever , even altough this belays his earlier claims about how SU gives him and other ignorant users the power to do what they want. But no "do what he wants freely" now apparantly mean ,it allows him to do some thing but not other perfectly naturally things that most users would want.

Heck he can even win an argument by saying he doesn't care if someone gets his data files.. Why not? It's all pretend anyway in the imaginary world where he is a SU user.

I wouldnt necessarily say that. The final truth value of his position is independent from the types of claims he is making now based on zero evidence.

I would maintain that anyone making bold extraordinary claims and stubbornly holding them despite zero evidence is certainly not wise to say the least






It's really easy

 

Hi guys,
Let's stop this discussions about me, because it's useless.
I have my plans for the future already and I stick to my plan, because I'm not convinced, I'm wrong.
If you don't see the difference between theoretical and practical statements, well that is your problem, not mine.
Formulating and defending my ideas isn't easy in English for me and all these translations of my posts take too much time.
I never expected that members would take my theoretical statements for REAL.

The classical solutions are the very best and any other approach is FOOLISH That's what you like to hear. Right ?
Well, I'm going to try something else. Who cares anyway ?

@devilsadvocate,
Stop calling me a genius, I'm a newbie and that was never a secret at Wilders.

 

You don't get it do you? The discussion is about YOU , because of the WAY you make your claims. Strong claims with no evidence. The topic doesn't matter . You could be promotingthe use of some new AV you have never used before, and everyone would still be discussing you , but to a lesser degree of course.

Of course the fact that you are making an extraordinary claim with no evidence, makes you stand out even more. Extraordinary claims require extraordinary evidence. And you have no evidence! Not even the normal kind.

Sigh. You might be right, you might be wrong in the end. No one (or at least not everyone) is trying to convince you SU is not a viable course.

But what you are definitely wrong in, which almost everyone agrees is your attempt to make bold, grand and broad claims without evidence.

That is what everyone is so upset about.

That is what this is about, don't try to change it into a 'classical methods has brainwashed you' plot, the participents in this threads combined have more experience with shadowuser and similar technology then you have. But of course X * 0 is still 0

Oh yes indeed, the native english speakers on this forum and thread are the ones with language problems, not the Belgium guy who claims he needs to use online translation (poor kid)... Right...

Since you play the language card, I'll cut you some slack and give you the benefit of the doubt that you don't know how strong your claims are coming across to others.

I don't really buy it given the coherent way you argue on these forums , but for the sake of closing this issue, i will accept it for now

Play victim all you want. Poor kid... He is picked on everyone despite the fact his english isn't so good. And the majority is so obviously brainwashed.

But Of course that's not the issue is it?

Let me repeat in simple english again. The issue is you making big claims with no evidence. That is what is drawing all the outrage.

Then again pretend you don't understand what everyone else is saying because of the language barrier shall we (though you defended yourself pretty well earlier on,,,,)?

Oh no you are no genius except

Well knowing much more about shadowuser then the programmer of shadowuser might not make you a genius, but it sure impresses me.

 

Ladies/Gentlemen and others,

It appears that this thread is slowly deteriorating into a slanging match, which will not be tolerated.

It's fine to argue against certain statements, right or wrong, in fact, it's healthy to put different views across a wide section of thoughts/ideas, BUT it's NOT right to start personality clashes.

The world has enough problems without any input coming into threads like I have started witnessing in this one.

I/we don't wish this to become personal. Everyone has a right to their own opinion and may express such, and of course people can/should refute any claims, but NOT on a PERSONAL level. Keep it professional, not personal, and we can continue having healthy debates on this or any other programs.

Thanking you for your co-operation

Cheers, TAS

 

No it doesn't. You can try download on a drive other than C, and it doesn't actually go outside the sandbox. In other words, you can't bypass the sandbox that way. I just tried it, and the file stays in the sandbox.