Shadow Defender alternative ?

[batsec]

@JRViejo Thanks for informing; I didn't know that.

[BlueZannetti]

Quote:

Originally Posted by TheMozart

Hey Blue, do you think in such situations it's best to get software from Softpedia?

It all comes down to trust and potential risks incurred.

My personal preference is to download directly from a vendor site where I've been able to observe or experience good support first hand. Sites such as Softpedia are decent resources, but they lack focused product centric support or, in fact, any indication on the state of the product being downloaded. To me, that's a major deal. There's plenty of stuff there which has languished in an effectively abandoned state for years. If you're looking for that specific program/version and know that detail, then great. If not...., do you really know what you're getting into?

To minimize risk, I always recommend going with current supported options, there are plenty to choose from.

Blue

[kareldjag]

hi,

A few alternatives listed in an old thread:
http://www.wilderssecurity.com/showp...&postcount=147

Or why not an hardware alternative:
http://www.juzt-reboot.com/

A reliable solution requires to be immune from malwares and attacks, that is unfortunatelly very difficult to obtain (even with a code that relies BIOS and HPA).

I guesss that Rmus and Blue were quite in advance with these solutions as a line defense

Rgds

[Crane_Mann]

Quote:

Originally Posted by kareldjag

hi, ... Or why not an hardware alternative:
http://www.juzt-reboot.com/ ...

Sounds interesting. The site doesn't give a price quote.
But I wonder if the files IT creates would be subject to hacking too?

[caspian]

Quote:

Originally Posted by SLE

No. Because it is a rebrandet Returnil it virtualisation can't protect against TDL3/4.

What is TDL? And are you sure that Returnil has not more recently found a way to protect against this?

[The Shadow]

Quote:

Originally Posted by caspian

What is TDL? And are you sure that Returnil has not more recently found a way to protect against this?

TDL3 and TDL4 are third and fourth generations of the very nasty TDSS rootkit (which infects drivers like atapi.sys, iastor.sys and some others).

Of all the light virtualizers out there only SD's Shadow Mode has been able to contain TDSS (it is gone after rebooting)!
While RSS has an added security layer which may be able to stop TDSS from executing, to my knowledge RSS can not contain it within the virtual space and therefore it isn't removed by rebooting. So while RSS may prevent the rootkit from doing harm, it still lurks in your system (unless removed by other means)!!! These statements are based on the following references:

http://www.wilderssecurity.com/showp...05&postcount=1
http://www.wilderssecurity.com/showp...1&postcount=52

[kareldjag]

hi

there is may alternatives to JUST-REBOOT device which is one of the most ancient on the market.
Return Star recovery solutions are also very interesting:
http://www.iqboard.net/index1.html

Of course hardwares solutions needs software interface to rely with the OS, and by this way are theoretically hackable.

Rgds

[FreddieMercury]

Quote:

Originally Posted by Pliskin

System Revert 2011
http://www.softpedia.com/get/System/...m-Revert.shtml

Quote:

Originally Posted by Arcanez

Is this a legit software?

Yes, it is. I'm already using it for a few months and it works very well.

Quote:

Originally Posted by Ech0

I've tested but I don't know somehow something was going wrong.
For me Shadow Defender was the number one. if it goes like that I'll be obliged to use Deep Freeze.

What's going wrong in your case? It works for me like a charm without any problems.

[Arcanez]

Quote:

Originally Posted by FreddieMercury

Yes, it is. I'm already using it for a few months and it works very well.

Does it support SSD drives, cause I already got a shadow defender license but not using it right now cause I read there are problems with SSD's and that TRIM function etc...

[FreddieMercury]

Quote:

Originally Posted by Arcanez

Does it support SSD drives, cause I already got a shadow defender license but not using it right now cause I read there are problems with SSD's and that TRIM function etc...

Unfortunately I don't have SSD drives. But you can try System Revert free for 30 days and see whether it works for you.

[CyberMan969]

Quote:

Originally Posted by caspian

What is TDL? And are you sure that Returnil has not more recently found a way to protect against this?

Here's a link that explains this family of rootkits in detail:
http://www.prevx.com/blog/139/Tdss-r...s-the-net.html

Also posted here two years ago:
http://www.wilderssecurity.com/showthread.php?t=258757

I have been using SD x64 v325 on all my systems for the last two years and it has been great. No problems at all with Win7 x64. I have also tried it on the Win8 developer preview and it still works great. Two full years have passed since this version was released and it still eliminates rootkits upon reboot, a testament to Tony's brilliant coding skills. It's a true shame that such a great piece of code is now owned by ...shady unknowns who silently keep selling the software without responding to any e-mails or providing any form of support whatsoever... You guys go ahead and pass your credit card details to the unknown hacks who have potentially highjacked the product. The rest of us will be just fine with the good ol' 325/326 for as long as its rootkit undoing ability lasts...

I also use Comodo Firewall (which has a great HIPS/anti-execution function), avast! antivirus (which provides the least amount of false positives IMO), Malwarebytes' Antimalware (good for auto-blocking access to dodgy websites among other things), and Sanboxie with experimental x64 protection enabled (great for browser and application isolation). Overkill? Maybe, but for me each one of these programs provides its own functionality and layer of security.

I also use Rollback RX in order to test and then easily remove software that require reboots. I have different snapshots saved to fit different computer usage purposes: For example:

• A strictly off-line Benchmarking snapshot with internet access disabled and a totally clean Windows install with only drivers and the benchmarking apps added. Benching hardware is better this way without any additional software loaded to the system disk/RAM.

• A Gaming snapshot where a lot of Windows services and other processes that are not essential for gaming are disabled.

• A Multimedia Editing snapshot with my scanner drivers installed and all my favorite photo, audio and video editing tools added.

• An Everyday Use snapshot which includes all my security apps including Shadow Defender.

Another invaluable purpose that Rollback RX serves is when I'm trying new overclock settings. There is no need to run ChkDsk after a system crash to correct possible file system errors. I just reset, enter the Rollback RX pre-boot menu, restore a previous snapshot and the crash is undone in seconds! It does save me a lot of time when trying to establish the ceiling of CPUs, RAM, or graphics cards.

For me Shadow Defender and Rollback RX really complement each other. Shadow Defender gives me that extra layer of rootkit resistance, and then I have Rollback RX to undo system crashes, test and then easily remove software that needs reboots, and define different software setups to fit different usage needs.

[Cutting_Edgetech]

Use Appguard on locked down mode with Shadow Defender, and your about as likely to win the Power Ball as to get infected as long as you don't disable your protection. Appguard protects well against rootkits.

[Osaban]

Quote:

Originally Posted by CyberMan969

For me Shadow Defender and Rollback RX really complement each other. Shadow Defender gives me that extra layer of rootkit resistance, and then I have Rollback RX to undo system crashes, test and then easily remove software that needs reboots, and define different software setups to fit different usage needs.

Interesting, I haven't thought about installing SD in one snapshot. I've always thought that somehow SD wouldn't play well with RBRx (problems with the MBR). I hope I won't get any problems with Vista. Thanks

[CyberMan969]

Quote:

Originally Posted by Osaban

Interesting, I haven't thought about installing SD in one snapshot. I've always thought that somehow SD wouldn't play well with RBRx (problems with the MBR). I hope I won't get any problems with Vista. Thanks

I haven't tried SD+RX in XP or Vista, let me know how you get on.

[The Shadow]

Quote:

Originally Posted by Osaban

Interesting, I haven't thought about installing SD in one snapshot. I've always thought that somehow SD wouldn't play well with RBRx (problems with the MBR). I hope I won't get any problems with Vista. Thanks

Quote:

Originally Posted by CyberMan969

I haven't tried SD+RX in XP or Vista, let me know how you get on.

Fwiw, I ran RBX with SD without any issues. The only reason I discontinued using RBX was because I got frustrated having to ask HDS to reset my serial number everytime I would uninstall it in order to run a boot-time defrag!

[eskro]

another alternative to SD is CLEAN SLATE http://www.fortresgrand.com/products/cls/cls.htm

basically same protection as SD gives you, but lets you also exlude desired --> Registry Keys/Files/folders

Oh and, Discard unwanted change by simply Logging OFF and re-Logging ON! (reboot also works, just like SD)

[pegr]

Quote:

Originally Posted by eskro

another alternative to SD is CLEAN SLATE http://www.fortresgrand.com/products/cls/cls.htm

I believe CS and SD are implemented using different technical approaches, which is just something to be aware of when choosing light virtualization software.

SD works at the disk level, below the level of the Windows file system, which is why it cannot offer the same feature set as CS. The disk level technique is often used by developers to implement light virtualization programs because it is considered to be a more robust approach that is superior from a security perspective.

When I tried Clean Slate 6.5 a while ago, I found it promising but buggy. Here's a recent review of CS, which suggests that it still needs further work: -

http://todd4tech.blogspot.com/2011/0...iew-found.html

[Osaban]

Quote:

Originally Posted by pegr

When I tried Clean Slate 6.5 a while ago, I found it promising but buggy. Here's a recent review of CS, which suggests that it still needs further work: -

http://todd4tech.blogspot.com/2011/0...iew-found.html

Thanks, after reading this review to say that CS is buggy sounds more of a euphemism for a real nightmare. I wonder why nobody offers to buy Shadow Defender's code, the program is simply unique, what a pity.

[pegr]

Quote:

Originally Posted by Osaban

I wonder why nobody offers to buy Shadow Defender's code, the program is simply unique, what a pity.

I agree. I'd love to see Shadow Defender taken over and developed further.

[The Shadow]

Quote:

Originally Posted by pegr

I agree. I'd love to see Shadow Defender taken over and developed further.

Apparently SD has been taken over (from Tony) - the question is by whom?

[sdmod]

If Shadow Defender has been "taken over" I challenge the "new owners" to post here to show their credentials and prove their legitimacy. People are still buying this software without any confidence that the new software is not just a hijacked, reconstituted, cracked version of the old software from a hacked site.

Patrick (ex Shadow Defender mod)

Quote:

Originally Posted by ShadowDefender

Apparently SD has been taken over (from Tony) - the question is by whom?

[pegr]

Quote:

Originally Posted by ShadowDefender

Apparently SD has been taken over (from Tony) - the question is by whom?

I agree that the fundamental issue is one of trust. Without a communication from the original developer confirming that he had transferred the program rights to another developer, we would never know for sure whether we could trust any further versions of the program beyond the last official release.

As SD hasn't had any bug fixes or new functionality added since Tony went missing, it seems likely to me that whoever has taken over SD does not have any genuine intent to develop the program further, which increases my suspicion that the website and the program may simply have been hijacked.

SD appears to be a dead product and has looked that way ever since Tony went missing. My previous post was just wishful thinking and I am fully aware of the current situation. I still think it's a shame though.

[The Shadow]

Quote:

Originally Posted by sdmod

If Shadow Defender has been "taken over" I challenge the "new owners" to post here to show their credentials and prove their legitimacy. People are still buying this software without any confidence that the new software is not just a hijacked, reconstituted, cracked version of the old software from a hacked site.

Patrick,

While I completely understand your feelings about this issue I find it difficult to believe that Tony's source-code and website were both hijacked (or the like). But I have no clue whatsover as to what actually transpired.

I purchased my license from the new website and promplty received a valid key. On the other hand, I submitted a technical question to their support address shortly thereafter (about 2 months ago) and have yet to receive any kind of reply!

[The Shadow]

Quote:

Originally Posted by pegr

As SD hasn't had any bug fixes or new functionality added since Tony went missing.....

I can see that no new functionality is evident, but playing the devil's advocate here, how do you know that there has not been any bug fixes?

[pegr]

Quote:

Originally Posted by ShadowDefender

I can see that no new functionality is evident, but playing the devil's advocate here, how do you know that there has not been any bug fixes?

I don't for sure and I agree that none of us know exactly what happened when Tony went missing; but as no change list was ever published for the only version released since Tony went missing (1.0.1.331 on 31st March 2011), it's reasonable to assume that there probably weren't any bug fixes.

You would have thought that any bona fide developer would want to advertise their presence with a change list for 1.0.1.331 to show that they were serious about continuing to the develop the program. As that didn't happen, I prefer to exercise caution and stick with the last official version 1.0.1.325.