Shadow Defender verses Returnil

This has been discussed many times on numerous threads and forums, but I like re-inventing the wheel haha.

Here are noorismail's thoughts:

...why I very,slightly prefer Returnil 2008 (RIP),to ShadowDefender.

I thank the time to enter "Shadow/Protected" mode was a little quicker with the Returnil 2008.
The time to copy larger files to the real system was quicker also.

A big plus for ShadowDefender,is the right click commit to disk feature.
With Returnil it was all by path.

I don't thank I recall any of the minor(?) but still irritating bugs we have found in ShadowDefender,in Returnil 2008.

The anti execute module was default off,and was added as a stop-gap method to help combat a kind of
malware called "dog Trojans" that had been said to defeat light virtualizatuion.(At least Returnil,at the time)

Of course some users insisted on thanking it should function as a full-blown HIPS,and were displeased with it.
I used it as a neat little anti-executable that added no weight to running Returnil.

Coldmoon on their forum said LUA was a better option!

noorismail, I think you are right about the time to enter Shadow/Protected Mode being faster with Returnil. Fact is, it is already faster by default anyway right? With Shadow Defender for me, I need to perform the following steps to get into Shadow Mode:
1. Double click on Shadow Defender system tray icon
2. Enter my password (optional configuration of course)
3. Click "Mode Setting"
4. Click "Enter Shadow Mode"
5. Click "OK"

While for Returnil 2010, I only need to perform the following:
1. Right click Returnil system tray icon
2. Click "Enable"
3. Click "OK"

As you can see, with Shadow Defender, there's at least an extra step haha!

In saying that, Shadow Defender fits in perfectly with my security setup/approach. Also, Shadow Defender installation file size is 1Mb. Returnil's is 31Mb. It's interesting how the smaller security applications tend to be the best ones (in my opinion). For example, Sandboxie is only about 700kb (used to be 500kb several months ago) and Drive SnapShot is only about 250kb. Amazing stuff really.

Right,ssj100.
And I did not even factor any the extra clicks,just from the time the last one was hit,till I received "Returnil" or "ShadowDefender" floater,and icon change.

I did have a issue with Returnil 2008,that while not a deal breaker,I am happy say does nor occur in ShadowDefender.
From time to time I would install Avira (9 at the time), and run a complete scan in protected mode.
Install would go well,update etc.
However in the middle of the scan,Avira would freeze,and Returnil would show out of space on the virtual drive.

The symptoms are exactly what you get when all RAM and CPU are used up.
Cursor floats,text dims,your are unable to open start/turn off computer,or even task manager. Hard shut down was the only way to regain function.

I tried dramatically increasing the size of the virtual disk,all to no avail. the
space was gobbled,and the machine stalled.
I finally found a few items in the Returnil folder that I was able to exclude from the avira scans,and the scan would complete.

With ShadowDefender,there must be a radically different method of dealing with virtual "space",because I can download and run multiple on-demand scans,at once, if I am silly enough to,with only the limitations of my hardware showing. Not a peep from ShadowDefender.

noor

PS# please note all Returnil reference above are to the 2008 version.

Interesting. Anyway, you've tested Returnil 2008 much more than I ever have, so you'd know better.

With regards to the length of time to go into Shadow Mode, I must say that it would be nice if it was faster. I suspect simply having a smaller hard drive as well as a more powerful processor would improve the speed.

For example, in my 8Gb Windows XP VM, it only takes about 0.5 seconds to go into Shadow Mode with the use of only one of my 2 processors.
However, on my REAL system which is 320Gb in size, it takes about 5-8 seconds.

My drive is 250gb,and 5-8 seconds seems about right,there are times,when it will catch my attention that there is a little extra hang.

By the way,the file naming bug,where if you rename a file or folder in ShadowMode,save the change, and then reboot,and find two copies of the same file,one with the old file name, the other with new,seems to be cured,by checking the "commit deleted files"check box, in the dialog that opens when you right click commit.
I do not know if that is intentional on the programmers part or not.
nothing has been deleted,or has it?
Anyway,it works.

noor

Not sure, but glad you found a workaround by using Shadow Defender's own option.