- dotTech - http://dottech.org -

[Windows] Shadow Defender removes all changes made to your computer, including viruses and malware, by rebooting

2013-04-30_213849 [1]When it comes to software, there are two types of virtualization: full virtualization and light virtualization. Full virtualization is when you have a fully virtualized operating system, such as installing Windows XP in VirtualBox. With full virtualization, you have a whole separate OS that behaves as if it were a real operating system. On the other hand, light virtualization is when you have a virtualized layer over your current system (i.e. no separate operating system) and changes made to your system are only temporary — they are removed upon reboot and/or close, depending on which light virtualization program you are using.

Last month we reviewed Reboot Restore Rx [2], a freeware light virtualization program that allows you to easily remove malware, viruses, and unwanted changes on from your computer by rebooting. Shadow Defender is a similar program. Let’s see if Shadow Defender is worth your time.

What is it and what does it do

Main Functionality

Shadow Defender is a light virtualization program that allows you to remove all changes made to your computer by simply rebooting. This includes removing all files/computes downloaded, modified, changed, created, etc. and malware, viruses, trojans, rootkits, etc.

Please note while Shadow Defender does help in keeping your computer safe by removing malware/viruses/etc., Shadow Defender is not a replacement for your anti-virus/anti-malware [3]. No light virtualization program is 100% accurate in protecting you against malware/viruses, reglardless of if it is Shadow Defender, Reboot Restore Rx, Sandboxie, Returnil Virtual Safe, DeepFreeze, SteadyState, etc. Sure they are fairly effective, removing most malware/viruses/etc., but they are not 100% effective and some malware can sneak past. For example, SafeSys and TDSS are a trojan and rootkit that bypassed most light virtualization programs in the past, until developers were able to patch for them. So it is highly recommended to always have an up-to-date and modern anti-virus/anti-malware program [3] installed alongside your light virtualization program, regardless of if that light virtualization program is Shadow Defender or some other soft.




2013-04-30_214052 [8]As already mentioned above, Shadow Defender is a light virtualization program that gets rid of all changes made to your computer — including malware/viruses downloaded/infected — by rebooting.

As you can see from the ‘Pros’ list above, in terms of features Shadow Defender is pretty good. It allows you to protect multiple volumes, has the ability to exclude specific files/folders from being protected, can save changes to specific files/folders while Shadow Mode is enabled, and has the ability to password protect itself. On top of that, it is very easy to use and lightweight. However, all that is useless if Shadow Defender doesn’t perform as claimed, right? So let’s take a look at performance.

As per my tests, Shadow Defender accurately and effectively gets rid of all changes made to your computer; this includes undoing changes made to existing files/folders/programs/registry entries/etc. and deleting newly added/downloaded/created files/folders/programs/registry entries/etc. However, that isn’t a surprise. Any light virtualization worth a salt can do that. The real test is if Shadow Defender is able to accurately and effectively remove malware/viruses/trojans/rootkits/etc.

Generally speaking, Shadow Defender is considered to be one of the better light virtualization programs when it comes to removal of malware/viruses/trojans/rootkits/etc. However, it is not 100% perfect. As I mentioned in the ‘Main Functionality’ section above, no light virtualization program is perfect (you should always make sure to use an anti-virus/anti-malware program [3] alongside light virtualization) and Shadow Defender is no exception; it accurately and effectively gets rid of common and less sophisticated malware/viruses/trojans/rootkits/etc. but more advanced malware/viruses/trojans/rootkits/etc. may bypass Shadow Defender. For example, the Sinowal trojan bypasses Shadow Defender protection but the version of Shadow Defender (which is currently in Beta at the time of this writing) renders Sinowal useless (Shadow Defender does not completely remove all files associated with Sinowal but renders it useless by removing Sinowal execution).

My point of telling you this is not to rag on Shadow Defender or to say it is bad; the point I’m trying to make here is that no light virtualization will perfectly protect you against malware/viruses/trojans/rootkits/etc. The key when picking a light virtualization program is to pick one that is regularly updated so that holes like the Sinowal one for Shadow Defender are quickly plugged. That then brings up the question: is Shadow Defender regularly updated? My answer is a qualified yes.

You see Shadow Defender has been regularly updated since November 2012. However, Shadow Defender has a history of sporadic updates. There have been times, such as between March 2011 and November 2012, when Shadow Defender has received no updates for over a year. (See Shadow Defender’s official changelog [9] for more details.) Not regularly updating a light virtualization program is completely unacceptable and puts users of said light virtualization program at risk to new and improved malware/viruses/trojans/rootkits/etc. So while Shadow Defender is regularly receiving updates at the time of this writing, what is to say the developer won’t again go back into his shell and stop updating Shadow Defender for long periods of time? That really is my biggest concern with Shadow Defender: the potential for lack of updates.

Conclusion and download link

Overall, Shadow Defender is a very good light virtualization program that will protect you from unwanted changes and malware/viruses/trojans/rootkits/etc. Of course, as I’ve mentioned over and over in this review, no light virtualization program is perfect in removing all¬†malware/viruses/trojans/rootkits/etc. and neither is Shadow Defender. So do not uninstall your anti-virus/anti-malware program [3] thinking Shadow Defender — or any other light virtualization program — will keep you safe. Generally speaking, however, Shadow Defender is a great program.

That being said, Shadow Defender costs $35, which is fine; I love freeware like everyone else but I’m not one of those people who insist that every program must be freeware. After all, developers need to earn a living, too. The issue isn’t that Shadow Defender is not freeware but rather the issue is Sandboxie [10], another light virtualization program, costs 29 Euros (roughly $38). If I were personally going to spend money on a light virtualization program, I’d much rather pay $38 for Sandboxie than $35 for Shadow Defender because Sandboxie is regularly updated, is more user-friendly because of the way it does light virtualization, and is overall better than Shadow Defender in my opinion. If you disagree with me then by all means get Shadow Defender; as I said, it is a good program. However, if you agree, then I recommend getting Sandboxie over Shadow Defender. The choice is yours.

On the other hand, I know some people are “freeware only” type of people. If you are a “freeware only” person, then check out the following free light virtualization programs: Reboot Restore Rx [2], ToolWiz Time Freeze [11], and Returnil System Safe [12].

Price: $35

Version reviewed:

Supported OS: Windows XP/2003/Vista/Win7/Win8 (32-bit and 64-bit)

Download size: 1.6 MB

VirusTotal malware scan results: 0/46 [13]

Is it portable? No

Shadow Defender homepage [14]