Posted 05 July 2004 - 10:18 AM
Has anyone tried this - or been using it for any length of time? If it actually performs as advertised, it could go a long way towards solving the crapware problem for people.
The mechanism is certainly sound, if correctly implemented.
"ShadowStor uses a unique method called ShadowMode to ensure servers and desktops are protected. ShadowMode is the means by which computers can be protected. By placing a server or desktop into ShadowMode, users can feel confident the system is going to be protected no matter what happens. ShadowMode activates the snapshot technology where each new write is redirected to another location on the Hard Drive. These sector changes can be permanently saved to the Hard Drive, or completely discarded with a simple reboot of the system. With ShadowMode, there is no need to specify regions on the disk for backup, or use BIOS functions to reserve space on the hard disk for OS images. ShadowMode is the most efficient and intelligent way to protect servers and desktops from downtime."
"By placing your PC in ShadowMode, all changes that are being made to the computer are not really being saved to the disk. For example, if a spy ware application is accidentally or maliciously installed, with a simple reboot, all the sectors that changed during the period of time you were surfing the internet, they would all be discarded. This is the same for internet tracks, Cookies, viruses and worms. All of these changes can be discarded upon reboot and you are completely safe from harm to the computer."
"ShadowStor solutions have zero impact to the current configuration of your PC. There are no modifications to the Master Boot Record (MBR), Partitions or disk structure. ShadowStor technology captures a snapshot of your system and runs an exact duplicate of your PC in a virtual state. This virtual state, called ShadowMode, allows the user to use the PC without actually writing to disk. If systems changes and folder or files changes occur during a ShadowMode session, then these changes can be automatically or manually saved to disk or discarded. This gives full control back to the IT professional and PC user.
ShadowMode doesn’t allow viruses or worms to be written to the PC. If you run in ShadowMode, the virus may get written to the Virtual Volume, but it can be discarded before changes are committed to disk. This approach is the first line of defense to security, data protection and disaster recovery and prevents problems from ever existing. This method provides a disaster prevention layer to your system rather than trying to recover a system by applying virus or worm updates after the disaster has occurred.
The ShadowStor approach eliminates the ability for unwanted changes and intrusive and malicious files from ever being written to the PC. You can then install your operating system and applications and configure it once for maximum performance. Then, by only committing system changes, folders or files to disk when you choose, you control what actually gets written to the PC. This approach allows you to preserve the original optimal configuration of the PC.
By running your system in ShadowMode sessions, you can eliminate the need to track and manage what changes occurred at different points in time. By entering a ShadowMode session, saving files to a specific location on the disk or network, you can end a ShadowMode session and have your system in the exact state it was prior to the session with your personal data intact. This solution makes the management of shared systems and system change tracking very simple." Pete
Posted 05 July 2004 - 11:29 AM
I have not actually tried the program you mentioned, but have been looking into it. It sounds a bit like 'GoBack' and this program, called 'Deep Freeze', that i've also been looking into. Check it out here: http://www.faronics..../deepfreeze.asp
There is an interesting thread over to DslReports on Deep Freeze if your interested. Make sure you view the links by Ghost16825 and AllNew, they are very informative. http://www.dslreport...77993~mode=flat
ShadowSurfer sounds like a good program, may give it a try. I haven't decided yet if i'm going to try SS or DF. I'm still looking for other opinions. Hopefully someone around here has tried 'em.
Posted 05 July 2004 - 01:06 PM
I know already that the fixing methods aren't any better, maybe even worse and the damage is already done.
Why not spending more time on preventing tools and share our experiences with these tools ?
I'm planning to reinstall my harddisk very soon, a good moment to install one of these softwares.
Thanks for mentioning these products.
Simplicity is always brilliant.
Posted 05 July 2004 - 02:30 PM
1. GoBack: http://www.goback.com
2. SecurePC (was called Restore it) http://www.farstone....poverview.shtml
3. Acronis TrueImage: Used to backup your hard drive to cd/dvd in case of hard drive failure. All these other programs are useless if your HD fails. And who knows if something (or someone)could somehow disable ShadowSurfer, Deep Freeze, GoBack ect... http://www.acronis.c...ducts/trueimage
4. Norton Ghost: Another popular HD backup program. http://www.symantec..../ghost_personal
Posted 05 July 2004 - 03:00 PM
Make sure, when you're trying to enter your registration information, that you have "ShadowMode" disabled - otherwise, it'll be gone when you re-start the computer.
Start-up and shut-down are much slower than what they were with ShadowSurfer installed (doesn't seem to matter if "ShadowMode" is enabled or dis-abled) Of course, this might be due to the fact that I've got everything on my "C" drive (they recommend partitioning, probably just because of that).
Also note that, here, when I used Eraser to delete a couple of Desktop items that were un-needed - while in "ShadowMode - (zip files, deleting the zips themselves that were already installed) - that they showed right back up again when I turned "ShadowMode" off and re-started.
A couple of emails that I received also dis-appeared (I haven't quite figured out how to make it retain things yet! lol!), but that wasn't a problem in this particular case since I'd printed them out before doing the re-start.
It's going to take some getting used to, but it's still an intriguing little program. It's definitely "RTFM" all the way until you get used to it.
Also, they're absolutely right when they say that "Defrag won't work while "ShadowMode" is running (got to 14% and then hung). Pete
PS - Did I mention that you have to have the .NET framework installed?
Edited by spy1, 05 July 2004 - 03:15 PM.
Posted 05 July 2004 - 03:04 PM
Thanks for making the choice harder (just kidding)
Well, it will take some time to read all that stuff.
I'm wondering what these software really do.
For example : if one or more malwares ADD new programs to your harddisk, will these softwares remove these programs also ? The same remark for register keys and values.
I'm also wondering when these softwares detect changes and report them, will an ignorant user be able to make a distinction between good and bad changes ?
I have no idea and no experience how these softwares are working. Time for me to use one
I quote "Also, they're absolutely right when they say that "Defrag won't work while "ShadowMode" is running (got to 14% and then hung)."
This is the first little disadvantage for me.
I'm running Diskeeper that defrags my harddisk, while my screensaver is on.
Of course I can turn that off and defrag my harddisk when ShadowMode is off.
Edited by ErikAlbert, 05 July 2004 - 03:30 PM.
Simplicity is always brilliant.
Posted 05 July 2004 - 03:33 PM
You can pretty much just leave it in "ShadowMode" and not worry, from the looks of things. If you get "infected" with anything, just re-start the computer, and it's gone (assuming the computer was clean to begin with, of course) You're automatically back to your original "clean" configuration.. Pete
Posted 05 July 2004 - 11:57 PM
Edited by wawadave, 05 July 2004 - 11:58 PM.
Putting quotes around posts does not protect you from copy right infringement.</b>
<img src="http://img54.photobu...r_wawadave.gif" border="0" alt="IPB Image" />
Posted 06 July 2004 - 12:48 PM
Within the constraints I've noted, it works fine.
I've seen the things that I've d/l'ed while in "ShadowMode" disappear at the re-start - and that's the bottom line of what this program's all about, isn't it?
If you want the choice to keep any of the things you receive or d/l while using it, then ShadowUser (although pricier) would be the way to go.
IMO, either program is well-worth the money if they'll keep you from getting seriously infected with the new "hi-tech" malware out these days.
And I guess everyone's realizing that this applies to real malware, also - not just adware/crapware/scumware. Pete
Posted 06 July 2004 - 01:46 PM
Most people and I'm talking about non-professional users (the majority) are afraid of new software, especially of these kind of products, because they have a larger impact on your computer, than just a simple malware-scanner.
There is big difference between reading about a software and using the software in practice and most people won't take that risk, they don't want to get in trouble.
I work daily with non-professional users and it's very hard to change their attitude and habits.
Each time I install a new version of an existing software, they know about, they feel uncomfortable and start complaining when the new version has another layout or new functions. After awhile they stop complaining because they are used to the new layout and new functions, once you have explained them how they work and what they do with PRACTICAL EXAMPLES.
Practical examples are the very best way and sometimes the only way to teach non-professional people how software works and I always use examples that are very close to their job.
Once you have convinced a few users, they start teaching and helping other users and when this happens my job is done.
It will take a very long time, before people start using products like ShadowSurfer/ShadowUser or any other similar software.
Edited by ErikAlbert, 06 July 2004 - 01:58 PM.
Simplicity is always brilliant.
Posted 06 July 2004 - 02:18 PM
You got that right. I'm planning to use it, when I have re-installed my harddisk. I'm doing this twice a year to get rid of all the malware, that wasn't detected in spite of all my security softwares and settings.
I think it is very important to talk about this product in order to convince other people to use it. Once they read about the experiences with ShadowUser, more people will start using it without being afraid.
Simplicity is always brilliant.
Posted 06 July 2004 - 03:32 PM
Erik - Here, I'm generally found to be around the same sites, day-to-day (and it's relatively hard to get infected visiting security-related sites, so far). So, for my normal "rounds", I don't really need to run ShadowSurfer.
However, when I leave the "beaten path", as it were, that's when this program really starts to shine. There's simply no worries anymore - running in "ShadowMode", I can go where I want, do what I want, try out any little programs that I want - all without any fear of getting infected with anything that can stick.
If a program I've d/l'ed and installed while protected is a keeper - I'll just go back and get it out of SM. If it's a bummer, guess what? It's totally gone after a restart!. No worries about changed system files, no headaches with crap written to the registry that you have to hunt for if you don't get a "clean" un-install, etc.
Until and unless someone comes up with some kind of downside to this one (and I'm no rocket-scientist here - there could be a vulnerability I don't know about yet), then it's a definite keeper.
Or that's my take on it, at least. I'm really surprised that a lot more savvy people aren't taking advantage of the 15-day free trial. Every site I go to is filled with people crying for help with scumware - and people working themselves to death trying to help them. It really seems to me that a lot of the helpers would want to see for themselves if this is a product they can get behind to take some of the load off of them. God knows that if things don't slack off (which isn't likely), they're all going to burn out, eventually.
Oh, well - back to enjoying the Internet! Pete
Posted 09 July 2004 - 09:00 AM
Nothing you can do while in ShadowMode can get back to the original files in their parent directories - and when you "Deactivate" ShadowMode and re-start, that entire area of the HD that was used has all its' memory area returned to the "free/available-for-over-writing memory" state.
Now, if you're worried about forensic recovery of that space (which is possible) then you have to run a program such as "Eraser" or PGP to over-write your HD's freespace (ShadowUser will soon have another version out that will give the user the option to have whatever "ShadowMode" HD space that was used by the last session "erased", so it won't be recoverable).
The fact of the matter remains - nothing can "stick" to your computer's actual system files - nor can anything be changed, disabled, removed, added whatever - that won't be gone when you "Deactivate" ShadowMode and re-start into normal operating mode.
I've had exactly zero stability issues here - everything I chose to run in ShadowMode here runs fine, for as long as I want to run it.
You can see from the screenshot how much HD space ShadowVolume is using - that number constantly increases as time goes on, which is why it's necessary to do a re-start now and then (you never have to do one before the end of your computing day, but you should do one then to release the space and clear everything in case you tripped across anything bad during the day,night,session, whatever).
I'm quite happy with both programs, and I recommend anyone interested to try the 15-day free (fully functional) trial.
I'd like to point out that the screenshot I just made won't be in the MWSnap folder when I re-start - it'll be gone, just like everything else I do during this session. It's important to remember that - if you're a ShadowSurfer user, do not update any of your programs while in ShadowMode - the additions/changes won't be made to your programs/OS when you come out of ShadowMode. Pete