Author Pegr @ Wilder Security!
Here are some points to consider that may help you decide. Sandboxie and Shadow Defender are different types of virtualization, and it helps to have an appreciation of how each works.
First a general note about virtualization. Virtualization prevents the system from becoming permanently infected by malware and ensures perfect cleanup, with no traces of any malware remaining outside of the virtual environment; but it doesn't, by itself, prevent malware from running within the virtual environment, with the possible risk of data and identity theft.
Furthermore, there will always be some files and folders that the user won't want virtualized (in case of data loss as a result of forgetting to save changes to data before exiting the virtual environment). These may be a potential target for ransomware, e.g. Cryptolocker.
Virtualization is a useful layer to contain system change but shouldn't be thought of as a complete security solution. Some kind of additional protection is also required. This can be real-time AV/AM, or can be HIPS, policy-restriction, anti-execution, etc, according to user preference.
Sandboxie
Sandboxie is an application sandbox that works at the file system level, but only for those applications that the user chooses to run in the sandbox. Sandboxed applications have all file system and registry writes redirected into the sandbox container folder, isolating them within the sandbox. Sandboxed applications also have to be isolated from interacting with unsandboxed applications in ways that would allow sandbox security to be breached. Isolating sandboxed from unsandboxed processes introduces some complexities.
1. Application software updates can sometimes break sandbox functionality, which means that Sandboxie has to be kept updated to cope with the consequences of software changes in applications that are candidates for sandboxing, e.g. browsers. Unless a lifetime license was previously purchased before the Invincea takeover, keeping Sandboxie up to date will mean purchasing an annual license.
2. Sandboxie compatibility settings may be required for Sandboxie to work smoothly alongside some other security applications and utilities. There may be also a few applications which simply aren't compatible.
3. Sandboxie has to prevent the installation drivers and services within the sandbox, and cannot be used to test software that installs a driver or service.
One of the major plus points of Sandboxie is that it also has a rich set of policy-restriction features that can be applied to applications running in the sandbox. It is much more than just application sandboxing, which means that Sandboxie can be used as a complete security solution for the containment of untrusted applications.
Shadow Defender
Shadow Defender is lightweight virtualization that works below the level of the Windows file system to virtualize entire disk partitions. As a minimum this should include the system partition. Changes are virtualized by redirecting all disk sectors writes on a shadowed partition to a hidden temporary cache. Shadow Defender can be thought of as sitting between Windows and the running applications. This has some consequences.
1. Providing applications are making normal Windows file system calls (direct disk writes are prevented), Shadow Defender will handle disk sector redirection without the application being aware of Shadow Defender's existence. This is a simple and robust mechanism. Shadow Defender does not need to be kept up to date to cope with software changes in applications. Furthermore, the license is lifetime, covering all future software updates.
2. No software compatibility settings are required for Shadow Defender to operate smoothly alongside other security applications and utilities. The operation of Shadow Defender is invisible to applications running at the level of the Windows file system.
3. As all system changes are discarded when rebooting to exit Shadow Mode, Shadow Defender restores the system to a previous known state in order to eliminate unwanted change from whatever cause: malware infection, system crashes, etc. It's about more than just protecting the system against infection by malware.
4. Because the entire system partition is virtualized in Shadow Mode, all processes are running within a system-wide sandbox. No process isolation between sandboxed and unsandboxed processes is needed. Software that installs drivers or services can be tested using Shadow Defender, providing that it does not require a reboot to complete the install.
5. Because Shadow Defender virtualizes the entire system partition, care needs to be taken to ensure that changes to data aren't accidentally lost when rebooting. If the data folders are located on the system partition, Shadow Defender can be configure to permanently exclude them from virtualization. Alternatively, data folders can be moved to a separate data partition, if there is one. (As an alternative to folder exclusions, changes to data files can be committed manually but it does mean remembering to do it to avoid data loss.)
Unlike Sandboxie, Shadow Defender does not have any added real-time protection features beyond virtualization. This makes it essential to supplement Shadow Defender with additional real-time protection.
Finally, because they operate differently, they can be used together. Sandboxie can provide the additional real-time protection for sandboxed applications that Shadow Defender lacks, whereas Shadow Defender enables the system to be kept in a constant state that can also be useful for software testing.
Hope that helps.
