Many users nowadays are still oblivious of the benefits of light virtualization technology. For the benefit of such users I will outline some basics first.
With light virtualization software there is no need to start repairing things when bad things happen. Things like most infections caused by unsophisticated malware, installations of incompatible software that mess-up your settings, user configuration errors, even file system errors caused by crashes, THEY ARE ALL REVERSIBLE WITH A SIMPLE REBOOT.
When LV protection is installed and activated, any subsequent system changes always take place in a virtual environment which is isolated from the real system. When you restart the system all changes that have happened in the meantime will be discarded by default and the system will be reverted back to its previous state, unless of course the user specifically chooses to manually commit the changes that have happened in the meantime.
Light virtualization aficionados have been testing such programs for ages now, and the generally accepted consensus is that Shadow Defender is still the only one to withstand and fully undo sophisticated infections like the TDSS/TDL family rootkits. If you are new to this thing then there’s nothing that I can say right now that will convice you. I was the same myself, and it took me a lot of personal testing to come to the same conclusions that the more experienced users were telling me. If you are to familiarize yourself with the ins and outs of light virtualization you’ll know what I mean. A good place to start is here:
Most light virtualization apps work at file system level. With some of those programs you can actually see the buffer itself as a file. Shadow Defender works at sector level. The virtualization buffer resides on a hidden partition which uses its own proprietary file system and is totally invisible to the system and to any malware. In fact you can’t even see it with specialized software like partition managers. Other virtualizers also use a hidden partition for their buffer but none is as effective as Shadow Defender’s.
Some people have claimed that Shadow Defender has been bypassed by certain malware but such tests were always carried out in a VM environment and in my opinion such tests are useless. No such conclusions can be taken seriously, unless the tests take place on a real system, not within a virtual machine. I have personally tested it repeatedly on a real system with a wide variety of viruses, trojans, ransomware, fake antiviruses and TDSS/TDL rootkits and it has always managed to fully undo the infections. In the case of TDSS/TDL it was able to remove not only the rootkit itself, but also the rootkit’s file system. According to some users Toolwiz Time Freeze also managed to succesfully remove some rootkits in certain cases (not everytime), but the rootkit’s file system was always left behind. I am not sure if this is accurate or not since I have not tested the Toolwiz software. All I know is that Shadow Defender passed all my tests on a real system, with flying colors.
The only problem with Shadow Defender is that it doesn’t work well on SSDs. Also, most seasoned users still use the last known good version 126.96.36.1995. The program’s developer Tony abandoned the project two years ago, and it is testament to his coding skills that his two-year old version is still able to withstand and undo sophisticated rootkit infections. Since then a new version has silently appeared at the SD website (v188.8.131.521) but most Shadow Defender old timers like myself don’t trust it because it was released without a changelog by the current owners of the website who offered no support. A changelog for this version was added very recently after months of complaints from SD users at the Wilders Security forums. Most seasoned SD users doubt the objectivity of that changelog which could only have been created to pacify the SD die-hards.
It now looks like Tony is back after some personal problems (so we were told) and we were recently promised a new upcoming version that will be fully compatible with SSDs and Win8. I don’t know if this new Tony is the original Tony, or if it is a ploy by the current owners of Shadow Defender to cash in on Tony’s rootkit-killing fame. The future will show. All I know is that the good old v225 is still keeping at bay everything I ever threw at it, and that’s good enough for me. I have been using v184.108.40.2065 since it came out and still use it on all my systems and those of my clients. For more info on the whole Tony/Shadow Defender saga have a look here:
It is a massive shame that such excellent code is at the hands on inept people who for two years now have been selling the software without replying to any e-mails, and without offering any kind of support whatsoever. Imagine what Comodo could do with such code in their hands. If Comodo was to buy the Shadow Defender code, bring it up-to-date, and then integrate it into Comodo Time Machine, Comodo Internet Security, or even release it as a new Comodo product, then they would immediately grab a large share out of the hands of Faronics, Returnil, and other companies that specialize in light virtualization. Internet cafes, schools, universities, any place really where computers need to have a clean state restored daily, would make great use of the bootkit/rootkit killing features of the SD code. It would offer enhanced protection from malware infections, and reduce unwanted system downtime and maintenance caused by malware to a minimum. And all this could be in Comodo’s hands.
Melih, please buy the Shadow Defender code, bring it up-to-date, then plant it into one of the existing Comodo security apps, or release it as a brand new product!
Comodo fans, would you want Comodo to acquire the Shadow Defender code (if possible), and have its bootkit/rootkit killing abilities fully integrated into a Comodo application or released as a standalone product?