[Windows] Shadow Defender removes all changes made to your computer, including viruses and malware, by rebooting

2013-04-30_213849When it comes to software, there are two types of virtualization: full virtualization and light virtualization. Full virtualization is when you have a fully virtualized operating system, such as installing Windows XP in VirtualBox. With full virtualization, you have a whole separate OS that behaves as if it were a real operating system. On the other hand, light virtualization is when you have a virtualized layer over your current system (i.e. no separate operating system) and changes made to your system are only temporary — they are removed upon reboot and/or close, depending on which light virtualization program you are using.

Last month we reviewed Reboot Restore Rx, a freeware light virtualization program that allows you to easily remove malware, viruses, and unwanted changes on from your computer by rebooting. Shadow Defender is a similar program. Let’s see if Shadow Defender is worth your time.

What is it and what does it do

Main Functionality

Shadow Defender is a light virtualization program that allows you to remove all changes made to your computer by simply rebooting. This includes removing all files/computes downloaded, modified, changed, created, etc. and malware, viruses, trojans, rootkits, etc.

Please note while Shadow Defender does help in keeping your computer safe by removing malware/viruses/etc., Shadow Defender is not a replacement for your anti-virus/anti-malware. No light virtualization program is 100% accurate in protecting you against malware/viruses, reglardless of if it is Shadow Defender, Reboot Restore Rx, Sandboxie, Returnil Virtual Safe, DeepFreeze, SteadyState, etc. Sure they are fairly effective, removing most malware/viruses/etc., but they are not 100% effective and some malware can sneak past. For example, SafeSys and TDSS are a trojan and rootkit that bypassed most light virtualization programs in the past, until developers were able to patch for them. So it is highly recommended to always have an up-to-date and modern anti-virus/anti-malware program installed alongside your light virtualization program, regardless of if that light virtualization program is Shadow Defender or some other soft.

Pros

  • Removes any and all changes made to all volumes (partitions/hard drives) you decide to protect with ‘Shadow Mode’. When you put a volume into Shadow Mode, Shadow Defender takes a snapshot of the existing state of the volume and reverts the volume back to that state after you reboot your computer (which results in deletion/removal of all changes made).
  • Allows you to select which volumes you want to protect; you can protect just your C:/ partition or opt to protect other partitions also
  • Protects MBR (Master Boot Record)
  • 2013-04-30_214343Allows you to set Shadow Mode to automatically enable every time you boot your computer (to enable this feature, select “Enter Shadow Mode On boot” when enabling Shadow Mode protection instead of “Exit Shadow Mode on Shutdown”)
    • Note: If you enable this feature, the snapshot taken prior to the first enabling of Shadow Mode is the snapshot your computer is reverted to every time you shutdown/restart your computer. This snapshot would only be updated if you were to ever manually stop and re-enable Shadow Mode.
  • 2013-04-30_214130Has an ‘Exclusion List’ that allows you to specify specific files and folders to be not protected by Shadow Mode
  • Allows you to easily save changes made to specific files and folders while Shadow Mode is enabled via ‘Commit Now’ feature (as opposed to letting Shadow Mode get rid of changes to those files and folders)
    • Note: Commit Now is different than Exclusion List. Exclusion List makes it so changes to the specified files and folders always remain — Shadow Mode never protects those files/folders. Commit Now allows you to apply changes to specified files and folders on a one-time basis. In other words, the files/folders you use with Commit Now are protected by Shadow Mode (i.e. changes are dumped upon reboot) unless you manually use Commit Now on those files/folders. If you want to save changes to files/folders multiple times while Shadow Mode is enabled, you will need to use Commit Now multiple times.
  • 2013-04-30_214151Adds an entry in the right-click context menu (‘Commit by Shadow Defender’) to allow you to easily use Commit Now for files/folders
  • Allows you to password protect the program, which prevents unauthorized access to Shadow Defender modes, settings, and features (e.g. you cannot disable Shadow Mode without the password)
    • Note: When enabling password protection, be sure to check the ‘Need password when committing files via shell context menu’ option or else people will be able to save changes made to specific files/folders without the need to enter a password
  • 2013-04-30_214241Displays a floating widget (“desktop tip”) that reminds you that Shadow Mode is enabled (this widget stays on top of all windows)
    • Note: If you don’t want to see this widget, you can disable it by unchecking ‘Enable desktop tip’ from ‘Administration’
  • Protects itself from being uninstalled while Shadow Mode is enabled
  • Extremely easy to use
  • Lightweight (uses roughly 5 MB of RAM and minimal CPU while it is turned on)

Cons

  • Does not display any sort of prompt prior to reboot/shutdown that reminds users all changes will be lost if/when the computer is shutdown or restarted. It does have the floating widget that reminds you that Shadow Mode is enabled, but that isn’t the same nor as effective as a prompt right before restart/shutdown. Without such a prompt, it is highly possible many users will forget Shadow Mode is enabled and be very upset when their files/folders/changes are lost and no longer there after reboot.
  • If you decide to exit Shadow Mode after enabling it, you can. However, there is no feature that allows you to tell Shadow Defender to save all changes made to computer, instead of remove all changes, upon exit of Shadow Mode; when you manually exit Shadow Mode, you must restart your computer and all changes, aside from the ones you manually committed via Commit Now, are dumped.
  • Protects MBR but developer does not provide details as to exactly what techniques are being used to protect MBR so it is hard to determine how solid that MBR protection is; the developer just says MBR protection is there
  • Developer of Shadow Defender has a sporadic history of issuing updates. Although the program has received regular updates every few months since Nov 2012, in the past there have been times when over a year has passed with no update to Shadow Defender. So much time between updates for a security program is unforgivable and really casts a shadow of doubt (no pun intended) for anyone that wants to use Shadow Defender. Why? Because all security programs, no matter how good they are, have bugs and loopholes that malware can exploit. Without regular updates, the holes in Shadow Defender are not plugged in a timely fashion.
  • Does not protect itself from being force closed via Windows Task Manager
    • Note: As per my tests, you can force close Shadow Defender’s daemon (the system tray icon — the interface you interact with Shadow Defender settings) but that does not disable Shadow Defender’s Shadow Mode protection, if it is enabled. In other words, force closing Shadow Defender does not mean Shadow Mode stops protecting you; changes are still removed upon restart/shutdown even if the daemon has been force closed.
  • Has the ability to exclude specific files/folders from protection and the ability to commit changes to files/folders while Shadow Mode is enabled. This is nice but I would like to see Shadow Defender have a feature that allows users to seamlessly integrate updates to the system while Shadow Mode is enabled, such as Windows Updates or anti-virus definition updates. Currently you need to disable Shadow Mode, update your computer, and re-enable Shadow Mode. How will the developer add this feature, if they add it at all? I’m not sure, but I do know it is possible because I’ve seen other light virtualization programs that have this feature

Discussion

2013-04-30_214052As already mentioned above, Shadow Defender is a light virtualization program that gets rid of all changes made to your computer — including malware/viruses downloaded/infected — by rebooting.

As you can see from the ‘Pros’ list above, in terms of features Shadow Defender is pretty good. It allows you to protect multiple volumes, has the ability to exclude specific files/folders from being protected, can save changes to specific files/folders while Shadow Mode is enabled, and has the ability to password protect itself. On top of that, it is very easy to use and lightweight. However, all that is useless if Shadow Defender doesn’t perform as claimed, right? So let’s take a look at performance.

As per my tests, Shadow Defender accurately and effectively gets rid of all changes made to your computer; this includes undoing changes made to existing files/folders/programs/registry entries/etc. and deleting newly added/downloaded/created files/folders/programs/registry entries/etc. However, that isn’t a surprise. Any light virtualization worth a salt can do that. The real test is if Shadow Defender is able to accurately and effectively remove malware/viruses/trojans/rootkits/etc.

Generally speaking, Shadow Defender is considered to be one of the better light virtualization programs when it comes to removal of malware/viruses/trojans/rootkits/etc. However, it is not 100% perfect. As I mentioned in the ‘Main Functionality’ section above, no light virtualization program is perfect (you should always make sure to use an anti-virus/anti-malware program alongside light virtualization) and Shadow Defender is no exception; it accurately and effectively gets rid of common and less sophisticated malware/viruses/trojans/rootkits/etc. but more advanced malware/viruses/trojans/rootkits/etc. may bypass Shadow Defender. For example, the Sinowal trojan bypasses Shadow Defender protection but the 1.2.0.383 version of Shadow Defender (which is currently in Beta at the time of this writing) renders Sinowal useless (Shadow Defender 1.2.0.383 does not completely remove all files associated with Sinowal but renders it useless by removing Sinowal execution).

My point of telling you this is not to rag on Shadow Defender or to say it is bad; the point I’m trying to make here is that no light virtualization will perfectly protect you against malware/viruses/trojans/rootkits/etc. The key when picking a light virtualization program is to pick one that is regularly updated so that holes like the Sinowal one for Shadow Defender are quickly plugged. That then brings up the question: is Shadow Defender regularly updated? My answer is a qualified yes.

You see Shadow Defender has been regularly updated since November 2012. However, Shadow Defender has a history of sporadic updates. There have been times, such as between March 2011 and November 2012, when Shadow Defender has received no updates for over a year. (See Shadow Defender’s official changelog for more details.) Not regularly updating a light virtualization program is completely unacceptable and puts users of said light virtualization program at risk to new and improved malware/viruses/trojans/rootkits/etc. So while Shadow Defender is regularly receiving updates at the time of this writing, what is to say the developer won’t again go back into his shell and stop updating Shadow Defender for long periods of time? That really is my biggest concern with Shadow Defender: the potential for lack of updates.

Conclusion and download link

Overall, Shadow Defender is a very good light virtualization program that will protect you from unwanted changes and malware/viruses/trojans/rootkits/etc. Of course, as I’ve mentioned over and over in this review, no light virtualization program is perfect in removing all malware/viruses/trojans/rootkits/etc. and neither is Shadow Defender. So do not uninstall your anti-virus/anti-malware program thinking Shadow Defender — or any other light virtualization program — will keep you safe. Generally speaking, however, Shadow Defender is a great program.

That being said, Shadow Defender costs $35, which is fine; I love freeware like everyone else but I’m not one of those people who insist that every program must be freeware. After all, developers need to earn a living, too. The issue isn’t that Shadow Defender is not freeware but rather the issue is Sandboxie, another light virtualization program, costs 29 Euros (roughly $38). If I were personally going to spend money on a light virtualization program, I’d much rather pay $38 for Sandboxie than $35 for Shadow Defender because Sandboxie is regularly updated, is more user-friendly because of the way it does light virtualization, and is overall better than Shadow Defender in my opinion. If you disagree with me then by all means get Shadow Defender; as I said, it is a good program. However, if you agree, then I recommend getting Sandboxie over Shadow Defender. The choice is yours.

On the other hand, I know some people are “freeware only” type of people. If you are a “freeware only” person, then check out the following free light virtualization programs: Reboot Restore Rx, ToolWiz Time Freeze, and Returnil System Safe.

Price: $35

Version reviewed: 1.2.0.376

Supported OS: Windows XP/2003/Vista/Win7/Win8 (32-bit and 64-bit)

Download size: 1.6 MB

VirusTotal malware scan results: 0/46

Is it portable? No

Shadow Defender homepage

Related Posts