FIRST DEFENSE users: a concern

Please don’t get me wrong here, I still consider FD my all-time-favorite program, EVER. In fact, it is because of my love for this program that I am posting this: I wish to continue to have faith in this program.

FD uses the special qualities of the NTFS filing system to perform its magic, which is why FD is incompatible with OS that are not NTFS. The theory is that the special folders that FD creates, and uses to store its Snapshots, are "off limits" and protected from EVERYTHING, much like the GoBack bins, or hidden partition, or whatever GoBack is using these days.

In the past year I have used three security scanning programs that have been able to get inside of those supposedly protected folders and start scanning them; yes, those of you who know how FD works, it would be just like scanning an entire c:drive, because that’s basically what each Snapshot is. Trial versions of TrojanHunter, NOD32, and a purchased version of Webroot’s Spy Sweeper have all been able to get inside of those folders. OK, so that is probably no big deal since these are programs that are not out to do any damage to our systems. But I do have one concern: if these programs are able to get inside of those protected folders, could a virus or Trojan do the same.

I never had ANY program get inside of the GoBack bin during the five years that I used it, but I had never tried TrojanHunter or Spy Sweeper during that time; I did have NOD32 on my system during that time and it could never get inside the GoBack bin.

During the past year-and-a-half that I have had FirstDefense on my system, Norton AV and KAV have never been able to get inside of the "protected" FirstDefense folders.

So, what do you fellow FD users think, like I said, I love this program and just want to feel secure with it. Thank you.

Acadia

 

Not about his particular issue, no. (Don't know how much weight just one voice would have.)

Acadia

 

Hi Acadia .
I can tell you who to email as the " main " person there is a pain in the butt and will not care about what you say . The person you need to email is really a great person and will try to get things done
I will send you the name .

 

Peter, thanks for all the info. I'm just concerned that the three security programs appeared to so easily be able to get into those folders: you could see the folders that they were scanning within those secure folders. How did they do that without special permissions or whatever? Raxco tech support told me twice that it could be a problem if the scanners removed or moved a file within those Snapshots, so it must be possible that something like that can happen. Again, if a scanner can apparently get "inside" so effortlessly, could a virus or Trojan?

I'm planning on trialing F-Secure fairly soon, might be interesting to see what it can do.

Thanks again,
Acadia

 

Hi,

It might be interesting to see what an App like Rootkit Revealer or Blacklight etc etc could also discover ?


StevieO

 

Last night I ran a NOD scan on my old computer ,which has 2 snapshots . I am allmost positive it scanned both snapshots.

 

Raxco tech support told me to be cautious of these scanners deleting or moving a file, so I would think that it would also be possible to write to or modify a file. Anyway, you're probably right, why would a hacker bother writing a virus to penetrate those Snapshots when FD is only on a fraction of a percentage of systems, and there are gazillions of easier targets. Now I'm just concerned about those scanners doing something to the Snapshots that they should not be able to see into. Since NOD32 does not let me exclude the Snapshots from scanning, NOD32 is out of consideration, now I am going to try F-Secure. Webroot's Spy Sweeper does have a feature that lets me skip the Snapshots during scanning, it means that I cannot scan my ENTIRE system, but that does not concern me, I only obtained Spy Sweeper for its Real Time capabilities anyway. Thanks, Peter.

Acadia

Acadia

 

If it took exactly twice as long as it usually does, it scanned both Snapshots, plus NOD lets you see what folders are being scanned while they are actually being scanned and you will see the $ISR of FirstDefense being scanned and it will take quite a long time, as long as your normal c:drive. I use all ten FD Snapshots, so you can imagine how long it would take me to scan, which is why I'm glad that I trialed NOD instead of purchasing it.

Acadia

 

AdAware also scans all of the snapshots. Pete, I may try your test with the eicar.
Jim

 

Hmmm, interesting, AdAware does NOT scan all of my Snapshots. JW, what version of AdAware are you using, Pro, etc., and did you change any of the default settings? Thanks.

Acadia

 

It's SE 1.06r1 and set to Scan withing Archives, under Custom Settings.

And to Pete, I did copy my SATA to an IDE before doing the test, you saw this previously in the OA Beta forum....

Cheers,

Jim

 

I got the impression the snapshots were just hidden from view. If you uninstall FD and retain the snapshots, you can see the folder they're stored in. The fact some scanners can see these files and others can't is interesting tho.

It's the same with some Registry cleaners. RegSeeker picks up FD references in the Registry, which should be excluded for future scans otherwise leaving those entries and deleting them would cause FD to fail, but RegSupreme doesn't highlight the keys.

 

same here i wondere'd that if a virus can change it once i tried to revert back to a snapshot said dll missing? hymmmmmm cant we hide the folder or lock it with another program r md

 

Unfortunately i am not a firstdefence customer
but i dont see the link between NTFS rigth and target of firstdefence

I mean if there is one way to *ultra-hide* any file / folder with a lot of security permission, then that malware can attack those file no mather if they are created by firstdefense or not

it's not like if firstdefense installed a rootkit to hide those file or something fd specific.

sorry if i'm off the track but i don't see any such link as special NTFS rigth and fd specific

 

I have folder options to show hidden files and folders, but I can't see $ISR anywhere. [See attached.]

When I did a test uninstall, but retained the snapshots, I did see the $ISR folder.

 

My $ISR folder is the very first thing that I see when I open my C:drive.

Acadia