Hello,
This is a mini-review of Shadow Defender.
WARNING ! If any malware is permitted to run while in Shadow Mode, then the entire Shadow Mode\virtualized session is infected ! Data may be stolen !
The above warning applies to all virtualization software including Comodo's virtual sandbox/kiosk, Sandboxie, Returnil, ToolWiz Time Freeze, etc and any virtual machines such as VirtualBox, VMWare, VirtualPC, etc. Virtualization provides no data protections.
NOTE: I will not provide in-depth instructions on how to configure as there already exists excellent "How To Configure" guides on this subforum - most notably by Umbra Polaris. His extensive guide explains how to properly configure and use Shadow Defender and how to use correctly under different scenarios.
Pros:
Cons:
Impression:
Shadow Defender is indispensable. I use it constantly - for quite a long while now. It is the very first item on my short-list followed by Emsisoft and Revo Uninstaller Pro.
It is simple, yet extremely effective and utilitarian. Operation is so simple that I cannot imagine anyone who would not be able to master its use for maximum protection\utility. The GUI is very simplistic and well laid-out. You can read-up on the technical specifications on the Shadow Defender website. In a nut shell, it mounts a virtual drive (Z:\) to enter Shadow Mode and then un-mounts a virtual drive to exit Shadow Mode. When the virtual drive is un-mounted everything that is on it vanishes. That's it.
When using any virtualization software the user should expect quirky behavior - both minor and\or intermittent. How Shadow Defender will behave is entirely system specific. So, in other words, you might perhaps see some odd behavior but, then again, you might not. The only way to find out is to use the 30-day trial ( http://www.shadowdefender.com/download.html ).
I have never experienced a critical issue on my system. Some minor quirks, but nothing that I would rate as a bug. Some quirks inexplicably disappeared, never to return, and only one will re-appear randomly on a consistent basis. This is IT stuff so I have a high tolerance for this sort of thing by now.
The quirks on my system are graphics or anti-virus full, deep scan related in extended Shadow Mode with large Write Cache. Other times I've run a full-system scan with 10+ apps open and experienced no issues whatsoever. I'm just relaying these infos so the novice will understand what to potentially expect.
Whereas Sandboxie is nothing but a headache for me Shadow Defender is very solid overall.
The most important thing to understand about virtualization software is to heed my warning at the beginning of this thread. For example, your Windows key could be stolen.
NOTE: Rootkits have purportedly bypassed Shadow Defender. That is based upon only one video and the test result was improperly interpreted by the reviewer. The Kaspersky TDSS Killer scanner detected a remnant of the rootkit and not a full-blown MBR infection.
Tony, the developer fixed this issue a good while back by virtualizing the entire boot sector.
So, in short, there is no verifiable evidence that any rootkit can bypass the more recent versions. However, like all security software I admonish anyone not to think Shadow Defender is bulletproof and that it can be used to test rootkits without impunity. Just be careful and do the right thing... don't intentionally mess about with rootkits.
A much less likely bypass was shown in a video posted on youtube.com. It alleged that an object was carried over from Shadow Mode to the physical system. The object shown was a file in the start-up folder. When people started to ask for the sample, the video author folded-up like a lawn-chair. What does that tell you?
I always run a good AV with real-time protection while in Shadow Mode. Even if I clean an infected virtual session I still treat it as if were infected. Better to be safe than really and needlessly sorry.
On my system Shadow Defender is extremely reliable and handy.
It's the best software that I use.
Bottom line... this one is a "must-have" in my experience.
This is a mini-review of Shadow Defender.
WARNING ! If any malware is permitted to run while in Shadow Mode, then the entire Shadow Mode\virtualized session is infected ! Data may be stolen !
The above warning applies to all virtualization software including Comodo's virtual sandbox/kiosk, Sandboxie, Returnil, ToolWiz Time Freeze, etc and any virtual machines such as VirtualBox, VMWare, VirtualPC, etc. Virtualization provides no data protections.
NOTE: I will not provide in-depth instructions on how to configure as there already exists excellent "How To Configure" guides on this subforum - most notably by Umbra Polaris. His extensive guide explains how to properly configure and use Shadow Defender and how to use correctly under different scenarios.
Pros:
- Protects physical system from any permanent infection. (Rootkits might be ble to bypass, but this has not been established as a fact with any verifiable evidence).
- Easy to use and master.
- High Compatibility.
- Very light on resources.
- Stable.
- Lifetime License, Unlimited Installs.
Cons:
- One-man development team ("Tony" - China); slow development.
- One-man support via e-mail only (poor English\communication problem).
- Support forums have little traffic (http://shadowdefenderforum.com and http://www.wilderssecurity.com/threads/the-unofficial-shadow-defender-support-thread.293075/unread).
- Use RAM for Write Cache may malfunction on AMD and/or low-RAM systems.
- Some applications, like anti-virus, might become unstable\mis-behave during extended Shadow Mode sessions where pagefile (Write Cache) size increases significantly.
Impression:
Shadow Defender is indispensable. I use it constantly - for quite a long while now. It is the very first item on my short-list followed by Emsisoft and Revo Uninstaller Pro.
It is simple, yet extremely effective and utilitarian. Operation is so simple that I cannot imagine anyone who would not be able to master its use for maximum protection\utility. The GUI is very simplistic and well laid-out. You can read-up on the technical specifications on the Shadow Defender website. In a nut shell, it mounts a virtual drive (Z:\) to enter Shadow Mode and then un-mounts a virtual drive to exit Shadow Mode. When the virtual drive is un-mounted everything that is on it vanishes. That's it.
When using any virtualization software the user should expect quirky behavior - both minor and\or intermittent. How Shadow Defender will behave is entirely system specific. So, in other words, you might perhaps see some odd behavior but, then again, you might not. The only way to find out is to use the 30-day trial ( http://www.shadowdefender.com/download.html ).
I have never experienced a critical issue on my system. Some minor quirks, but nothing that I would rate as a bug. Some quirks inexplicably disappeared, never to return, and only one will re-appear randomly on a consistent basis. This is IT stuff so I have a high tolerance for this sort of thing by now.
The quirks on my system are graphics or anti-virus full, deep scan related in extended Shadow Mode with large Write Cache. Other times I've run a full-system scan with 10+ apps open and experienced no issues whatsoever. I'm just relaying these infos so the novice will understand what to potentially expect.
Whereas Sandboxie is nothing but a headache for me Shadow Defender is very solid overall.
The most important thing to understand about virtualization software is to heed my warning at the beginning of this thread. For example, your Windows key could be stolen.
NOTE: Rootkits have purportedly bypassed Shadow Defender. That is based upon only one video and the test result was improperly interpreted by the reviewer. The Kaspersky TDSS Killer scanner detected a remnant of the rootkit and not a full-blown MBR infection.
Tony, the developer fixed this issue a good while back by virtualizing the entire boot sector.
So, in short, there is no verifiable evidence that any rootkit can bypass the more recent versions. However, like all security software I admonish anyone not to think Shadow Defender is bulletproof and that it can be used to test rootkits without impunity. Just be careful and do the right thing... don't intentionally mess about with rootkits.
A much less likely bypass was shown in a video posted on youtube.com. It alleged that an object was carried over from Shadow Mode to the physical system. The object shown was a file in the start-up folder. When people started to ask for the sample, the video author folded-up like a lawn-chair. What does that tell you?
I always run a good AV with real-time protection while in Shadow Mode. Even if I clean an infected virtual session I still treat it as if were infected. Better to be safe than really and needlessly sorry.
On my system Shadow Defender is extremely reliable and handy.
It's the best software that I use.
Bottom line... this one is a "must-have" in my experience.
Last edited by a moderator:
