Comodo Time Machine users, is really good or is buggy?

[Buster_BSA]

The test was done properly. If you want I can send you a sample and you test it yourself, ok?

[mantra]

Quote:

Originally Posted by Buster_BSA

CTM was unsecure. Maybe that´s why its development got stopped.

Review this test I made about rollback software:

http://www.wilderssecurity.com/showthread.php?t=276210

interesting

in short only Shadow Defender works @ 100%

[Aaron Here]

Quote:

Originally Posted by Buster_BSA

The test was done properly. If you want I can send you a sample and you test it yourself, ok?

Buster,

First of all, I don't have a test-system, so it would be foolhardy on my part to do what you suggest.

Secondly, please don't take offense to my comment - I mean no disrespect. But when you said that you just rebooted your test-system in order to determine if that specific malware could circumvent an ISR-protected partition (thinking that a reboot should have cleansed the system), that was a mistake - ISR programs simply don't work that way!

This is not to suggest that an ISR-protected partition can't be bypassed by certain malware, it's just to suggest that the ISR-portion of your test appears flawed.

Aaron

[Buster_BSA]

I don´t remember the restoring procedure for each of the products because I did that long time ago. Before testing with the malwares I did a test to be sure that the restoring procedure was correct, and it was. After infecting the system, the restoring procedure could not remove the malware from system.

You can find other threads from different people that made the same test with similar malware samples and the results are the same.

Search the forum to find them.

[Aaron Here]

Quote:

Originally Posted by Buster_BSA

You can find other threads from different people that made the same test with similar malware samples and the results are the same.

Search the forum to find them.

After spending about an hour searching all that I found was the very same test posted by different people!

Aaron

[Buster_BSA]

Quote:

Originally Posted by Aaron Here

After spending about an hour searching all that I found was the very same test posted by different people!

It´s not the same test. Different people used the same samples and same version of products and everybody got the same result: almost all rollback software running under an admin account is unsecure. Period.

[Aaron Here]

Quote:

Originally Posted by Buster_BSA

It´s not the same test. Different people used the same samples and same version of products and everybody got the same result: almost all rollback software running under an admin account is unsecure. Period.

If you say so...

[Boost]

Quote:

Originally Posted by Buster_BSA

It´s not the same test. Different people used the same samples and same version of products and everybody got the same result: almost all rollback software running under an admin account is unsecure. Period.

Anything you say

I've ran CTM for almost a year now with no issues. I've ran SD for years no issues. I've ran Deepfreeze with no issues. Test all you want,it's not like using in the real world period.

[Buster_BSA]

Quote:

Originally Posted by Boost

Anything you say

I've ran CTM for almost a year now with no issues. I've ran SD for years no issues. I've ran Deepfreeze with no issues. Test all you want,it's not like using in the real world period.

Tests were done with malware samples in the wild, not POCs, but if you prefer to have a fictitious peace of mind it´s up to you.

Anyway I give to you the same offer I gave to Aaron: I send you a malware sample and you test it yourself.

[wtsinnc]

I've been using CTM for over a year and have it installed now (version 2.6.138262.166).
I like it and recommend it.

At first, CTM was buggy and I did lose data on two occasions, but one of those was totally my fault.

For at least the past six months, CTM has performed flawlessly for me.
It has, along with Sandboxie, WinPatrol, Keyscrambler, and Malwarebytes become a permanent member of my install.

[Boost]

Quote:

Originally Posted by Buster_BSA

Tests were done with malware samples in the wild, not POCs, but if you prefer to have a fictitious peace of mind it´s up to you.

Anyway I give to you the same offer I gave to Aaron: I send you a malware sample and you test it yourself.

Maybe you didn't understand what I already said:

Quote:

Originally Posted by Boost

Anything you say

I've ran CTM for almost a year now with no issues. I've ran SD for years no issues. I've ran Deepfreeze with no issues. Test all you want,it's not like using in the real world period.

It doesnt matter what YOUR TESTING shows.In the real world,it's highly unlikely to come across all these exploits. In all of my years using virtualization products and rollback software,I've had zero, "0" infections or problems.

[Kees1958]

Quote:

Originally Posted by Buster_BSA

http://bsa.isoftware.nl/frame4.htm

"Limitations:

Buster Sandbox Analyzer's limitations are imposed by Sandboxie's limitations, and of course, by my own limitations as malware analyzer and programming coder."

Seems like you didn´t read everything.

No I did not, but then they were not references on the same page. So you agree, why state something differently elsewhere on your website

[Buster_BSA]

Quote:

Originally Posted by Boost

Maybe you didn't understand what I already said:

It doesnt matter what YOUR TESTING shows.In the real world,it's highly unlikely to come across all these exploits. In all of my years using virtualization products and rollback software,I've had zero, "0" infections or problems.

It´s you who don´t understand: rollback software is not secure because it´s unable to stop certain malwares (not exploits). Just because you didn´t get a malware that bypassed CTM doesn´t mean that malware doesn´t exist. Maybe you didn´t experience an infection because you only download software from trusted repositories. Obviously with good and secure measures it´s pretty difficult to get a malware.

Resuming: you are talking about your experience and I´m talking about a fact.

To put it in simple words that anyone can understand: just because you never saw an elephant it doesn´t mean elephants don´t exist.

btw... do you want to hear my experience? In the real world a malware bypassed the DeepFreeze I had installed in my computer. If you google a bit you will find similar experiences.

[Buster_BSA]

Quote:

Originally Posted by Kees1958

No I did not, but then they were not references on the same page. So you agree, why state something differently elsewhere on your website

Because I don´t think they are related. My tool is limited, as any other software, of course, but when I say:

"A big advantage of Buster Sandbox Analyzer compared to other systems doing the same task is that BSA can be better, more accurate and report more or less information depending of the user, meanwhile other analyzers will be as good or as bad as their designers did it."

I mean that other tools are static, you can not improve the analysis by yourself. Meanwhile, BSA allows you to run other software that can help to improve the analysis.

I don´t see why that statement is over the top.

[Baldrick]

Quote:

Originally Posted by pegr

Agreed. It seems to be an inherent risk of ISR programs like CTM that are based on a disk sector mapping approach. I rather like the approach that Returnil are taking with their Multi-Snapshot utility, which uses the same underlying technology as RVS and RSS, rather than disk sector mapping. It looks like Returnil Multi-Snapshot might be quite promising when it comes out of beta.

Hi pegr

I am tending to agree with you, having used RB Rx for a number of years, having suffered a significant issue recently and now looking at the Returnil Multi-Snapshot beta...which does indeed look very promising as an alternative.

[Boost]

Quote:

Originally Posted by Buster_BSA

It´s you who don´t understand: rollback software is not secure because it´s unable to stop certain malwares (not exploits). Just because you didn´t get a malware that bypassed CTM doesn´t mean that malware doesn´t exist. Maybe you didn´t experience an infection because you only download software from trusted repositories. Obviously with good and secure measures it´s pretty difficult to get a malware.

Resuming: you are talking about your experience and I´m talking about a fact.

To put it in simple words that anyone can understand: just because you never saw an elephant it doesn´t mean elephants don´t exist.

btw... do you want to hear my experience? In the real world a malware bypassed the DeepFreeze I had installed in my computer. If you google a bit you will find similar experiences.

I'll speak fact with you.

If you rely on just CTM for security,you have a good chance of being in trouble. Fact:I've got Geswall,which is my primary defense.

Fact: I'll personally let you know when something defeats this setup.

[PJC]

@Buster_BSA

Since CTM (and the rest ISR software...)
can be bypassed (according to your findings...),
what do you propose/recommend (apart from Shadow Defender)?

[Buster_BSA]

Quote:

Originally Posted by Mr.PC

@Buster_BSA

Since CTM (and the rest ISR software...)
can be bypassed (according to your findings...),
what do you propose/recommend (apart from Shadow Defender)?

I recommend using Windows from a Limited User Account.

I recommend backup of system and important data using software like CloneZilla.

I recommend web surfing using software like Sandboxie.

I recommend downloading software from trusted repositories.

I recommend having a good antivirus installed and updated in a daily basis if possible.

Regards.

[PJC]

Quote:

Originally Posted by Buster_BSA

I recommend using Windows from a Limited User Account.
I recommend backup of system and important data using software like CloneZilla.
I recommend web surfing using software like Sandboxie.
I recommend downloading software from trusted repositories.
I recommend having a good antivirus installed and updated in a daily basis if possible.

Apart from these well-known practices, which have already been adopted by many members,
is there a particular Virtualization/ISR software (apart from Shadow Defender...) that you Trust?
-OR-
Shadow Defender should be rejected, too? (like CTM and the rest ISR Apps...)

[Buster_BSA]

In the case I wanted to use an ISR software I only would trust SD.

[ratchet]

Quote:

Originally Posted by Boost

I'll speak fact with you.

If you rely on just CTM for security,you have a good chance of being in trouble. Fact:I've got Geswall,which is my primary defense.

Fact: I'll personally let you know when something defeats this setup.

I guess I don't understand why anyone would want to rely strictly on any type of recovery as a defense. Of IRSs, performance wise, your system isn't even aware it exists. If something gets by your firewall, hips, anti-v and anti-spy, there is still no guarantee that should you select a previous state that you'll still be infected, so it could be a bonus. Anyway, imho the IRSs are there to conveniently recover from bugged hardware, software and system issues. I never really even give there anti-malware potential a thought. Besides, you can still use something else (standard imaging apps) and have a conventional image to restore to. I think it was beneficial (i.e. made some aware) you brought your point up, but seems a bit moot if the question was, "Comodo Time Machine users, is really good or is buggy?"

[PJC]

Quote:

Originally Posted by Buster_BSA

In the case I wanted to use an ISR software, I only would trust SD.

Fair enough...

[Buster_BSA]

Is SD´s coder still MIA?

[moontan]

Quote:

Originally Posted by Buster_BSA

Is SD´s coder still MIA?

unfortunately yes.