Should Comodo include full light virtualization functions into CIS?

Many users nowadays are still oblivious of the benefits of light virtualization technology. For the benefit of such users I will outline some basics first.

With light virtualization software there is no need to start repairing things when bad things happen. Things like most infections caused by unsophisticated malware, installations of incompatible software that mess-up your settings, user configuration errors, even file system errors caused by crashes, THEY ARE ALL REVERSIBLE WITH A SIMPLE REBOOT.

When LV protection is installed and activated, any subsequent system changes always take place in a virtual environment which is isolated from the real system. When you restart the system all changes that have happened in the meantime will be discarded by default and the system will be reverted back to its previous state, unless of course the user specifically chooses to manually commit the changes that have happened in the meantime.

Light virtualization aficionados have been testing such programs for ages now, and the generally accepted consensus is that Shadow Defender is still the only one to withstand and fully undo sophisticated infections like the TDSS/TDL family rootkits. If you are new to this thing then there’s nothing that I can say right now that will convice you. I was the same myself, and it took me a lot of personal testing to come to the same conclusions that the more experienced users were telling me. If you are to familiarize yourself with the ins and outs of light virtualization you’ll know what I mean. A good place to start is here:

Most light virtualization apps work at file system level. With some of those programs you can actually see the buffer itself as a file. Shadow Defender works at sector level. The virtualization buffer resides on a hidden partition which uses its own proprietary file system and is totally invisible to the system and to any malware. In fact you can’t even see it with specialized software like partition managers. Other virtualizers also use a hidden partition for their buffer but none is as effective as Shadow Defender’s.

Some people have claimed that Shadow Defender has been bypassed by certain malware but such tests were always carried out in a VM environment and in my opinion such tests are useless. No such conclusions can be taken seriously, unless the tests take place on a real system, not within a virtual machine. I have personally tested it repeatedly on a real system with a wide variety of viruses, trojans, ransomware, fake antiviruses and TDSS/TDL rootkits and it has always managed to fully undo the infections. In the case of TDSS/TDL it was able to remove not only the rootkit itself, but also the rootkit’s file system. According to some users Toolwiz Time Freeze also managed to succesfully remove some rootkits in certain cases (not everytime), but the rootkit’s file system was always left behind. I am not sure if this is accurate or not since I have not tested the Toolwiz software. All I know is that Shadow Defender passed all my tests on a real system, with flying colors.

The only problem with Shadow Defender is that it doesn’t work well on SSDs. Also, most seasoned users still use the last known good version The program’s developer Tony abandoned the project two years ago, and it is testament to his coding skills that his two-year old version is still able to withstand and undo sophisticated rootkit infections. Since then a new version has silently appeared at the SD website (v1.1.0.331) but most Shadow Defender old timers like myself don’t trust it because it was released without a changelog by the current owners of the website who offered no support. A changelog for this version was added very recently after months of complaints from SD users at the Wilders Security forums. Most seasoned SD users doubt the objectivity of that changelog which could only have been created to pacify the SD die-hards.

It now looks like Tony is back after some personal problems (so we were told) and we were recently promised a new upcoming version that will be fully compatible with SSDs and Win8. I don’t know if this new Tony is the original Tony, or if it is a ploy by the current owners of Shadow Defender to cash in on Tony’s rootkit-killing fame. The future will show. All I know is that the good old v225 is still keeping at bay everything I ever threw at it, and that’s good enough for me. I have been using v1.1.0.325 since it came out and still use it on all my systems and those of my clients. For more info on the whole Tony/Shadow Defender saga have a look here:

It is a massive shame that such excellent code is at the hands on inept people who for two years now have been selling the software without replying to any e-mails, and without offering any kind of support whatsoever. Imagine what Comodo could do with such code in their hands. If Comodo was to buy the Shadow Defender code, bring it up-to-date, and then integrate it into Comodo Time Machine, Comodo Internet Security, or even release it as a new Comodo product, then they would immediately grab a large share out of the hands of Faronics, Returnil, and other companies that specialize in light virtualization. Internet cafes, schools, universities, any place really where computers need to have a clean state restored daily, would make great use of the bootkit/rootkit killing features of the SD code. It would offer enhanced protection from malware infections, and reduce unwanted system downtime and maintenance caused by malware to a minimum. And all this could be in Comodo’s hands.

Melih, please buy the Shadow Defender code, bring it up-to-date, then plant it into one of the existing Comodo security apps, or release it as a brand new product!

Comodo fans, would you want Comodo to acquire the Shadow Defender code (if possible), and have its bootkit/rootkit killing abilities fully integrated into a Comodo application or released as a standalone product?

Comodo has its own virtualization technology. Before CTM there was Comodo Disk Shield which did the same thing as Shadow Defender.

I tried CDS back in 2008. I seriously doubt that its code will be as effective as SD when it comes to reversing modern bootkit infections. The point of SD is that such an ability is already there. All Comodo has to do is buy the code from the Chinese one-man operation, bring it up-to-date with full SSD compatibility, then use it.

Why Shadow Defender and not software (code) like DefenseWall, Sandboxie or Geswall???

comodo V6 = DefenseWall (BB) + Sandboxie (VK)


I tought that Kiosk was equivalent to SD (KIOSK = Shadow Defender) or is it a wrong assumption from my part?

Sandboxie is a great program which I use myself, but it only offers application virtualization. Shadow Defender offers system-wide virtualization, this includes any or all the disks attached to the system at any given time.

Why not DefenceWall or Geswall? Simply because those products do not have the ability that SD has, to fully undo certain sophisticated rootkit infections. I have personally tried SD repeatedly with TDSS/TDL. With just a simple reboot it managed to bring the system back to the state it was when protection was activated, removing both the kit and its file system. No other software can claim this, and for a code that is now more than two years old it is pretty ■■■■ impressive.

Also, SD is being wasted at the hands of the unknown owner who for two years now has been selling the software without offering any form of support whatsoever, or answering any e-mails. Now at last someone has started responding again, so it could be the right time to try acquiring the code. For the right price I’m pretty confident that the owner would most probably be tempted to sell to a big company given the chance.

It would also be great if negative voters could leave a little comment explaining their reasoning. We have heard the arguments for it, now lets hear the ones against it.

My own experience has taught me that when people are readily rejecting something that seems logical, then this is often a good indication that they are either not familiar with it, or they are just misinformed. I cannot believe that anyone who would have experienced the benefits of SD on a day to day basis, would actually vote against its possible acquisition by Comodo…

I am against any SD merging as imho its a rather tedious task. I see how slow goes CTM development and it shows that resources of Comodo are not infinite.

Anyway only Comodo staff can correctly answer your question. You see no one has appeared yet. Maybe its a sign of negative answer.

Hi Solar, you have a valid point there, however I’m trying to think of the bigger picture. I imagine a time in the (hopefully) near future where LV tech would be pre-installed on every computer and any software damage could be fully reversible in seconds. The SD code deserves a proper development team behind it. Given the right resources such software can be taken to the next level and be kept current with times and evolving threats.

I would be happy to see CTM stable and released before adding features…
I’m waiting since last year for it…

Same here about CTM. I suppose I have to repeat myself: I’m talking about long term development of a good piece of code, and not something that can be done in a few months or a year…


Short and to the point I see Naren! ;D

I dont want Comodo to integrate any third party software. Acquiring SD, its their thing.

AutoSandbox, Kiosk, Upcoming infection reversal, etc are pretty excellent protection.

Any other new features from Comodo is always welcome

Waiting for CTM 3…

I dropped the second bit from my previous post because after writing I realized that it looked quite smartassey on my part. Sorry about that Naren.

I also can’t wait for CTM 3 - and to drop that darn Rollback RX from my setup at last…

To be honest I think I shouldn’t have voted. Coz I never tried Shadow Defender or read about it.

Now I read about it & it seems an excellent software but to understand it completely I will have to install it.

Is it suitable for average users too?

Theres no free version but trial for 30 days.

Where can I download the original version you mentioned in your first post?

Whether Comodo buy SD or make one of their own I would like it to be simple & easy that can be used by average users too.

The software is very light on resources and dead simple to use. If you have any questions the answers are here:

Get the last known good v1.1.0.325 here:

This is the original files that Tony himself released more than 2 years ago and I uploaded them recently at mediafire because a lot of people wanted the original v225. It can still fully undo modern TDSS/TDL infections, which is a testament to that guy’s coding skills. I’m really surprised that the likes of Symantec, McAfee, even Microsoft itself haven’t grabbed this code yet. Probably too isolated in their corporate bubbles to keep in touch with word within online forums. I suspect that the decision makers don’t even know of the existence and the unique properties of a small program written by a tiny one-man company in China…

Make sure you install the version appropriate to the Windows you have (x32 or x64). If after trying it you want to buy it, there’s no need to install the latest ‘suspect’ version; the code for the latest version will also work with previous versions. I use it alongside Comodo Internet Security and they work great together. I hope it’ll work well with CTM 3.0 too, can’t wait to test them together ;D

I just wish that this code was the property of Comodo! Such software deserves proper support and absolute transparency of development, values that the current owner of SD obviously cares very little about…

I have CTM installed. Do I have to uninstall Comodo Time Machine to install Shadow Defender or it can be installed alongside?

they should work fine together. i have used them in unison without problems.