Shadow Defender 1.1.0.237 released today

New release of Shadow Defender 1.1.0.237

Version 1.1.0.237 - February 23, 2008
New: support removable media
New: some GUI changes
Fix: some minor bugs

 

Good news!

is there a list about the minor bugs?

 

Hi QQ2595, I can't find any other info regarding bug fixes etc but it is nice to see it progressing. Has anyone tried it yet?

 

can u test it if the bug u found in commit now was fixed?

cheers

 

Awesome. Now I can protect my usb memorys too

 

Yes, I will have a test soon .

 

Thank you.

Yes I'm liking the update. The new system status is good touch and the support for removable media is also welcomed...progressing nicely.

 

Hi, what about Robodog problem now?

BTW I sent a PM to u.

 

Hi, just tested, The new SD release is not immune to Robodog, SectorEditor, CleanMBR. When enter the shadow mode, the original volume are hidden in these names "\Device\DpShadowX". I had a try, thrid party tool can still access the original volume with these symbol directly in shadow mode.

 

Thanks.

What about my samples?

 

does the new Deep Freeze Standard 6.30.020.1875 also immune to such attacks? just wounder

cheers

 

I'd say not. However, if you run LUA+SRP, HIPS, Anti-Executable or a sandbox (GeSWall, Sandboxie, Defensewall, etc) you should be protected (except from obvious mistakes)

 

lol i know mate... just wounder if DF the monster stand aginst it

 

Sounds like something you should test...., and report back on.

Blue

 

dont realy have the "bad tools" like QQ2595 has..thats why i ask him to give it a shot

 

In a way, this begs the question of the degree of worry you should have concerning these types of approaches. Naturally, one should be aware of the possibilities and how they might play out. However, as lucas1985 points out above, there are fairly straightforward methods of handling most of these creations in their current guise.

Cheers,

Blue

 

true blue, and I will dab a tad deeper to say I seem to see a consistent effort by 2 members to shadow,"no pun intended." Tony and his product.

If the latest release does fail in these areas, he is aware.

 

Let me also add, it was Paul who said how hard it is for the lone vendor to create, grow and support any new security product in this day. As he said, any intial excitement needs to be curtailed until a consistent line of growth is accomplished.

Tony, isnt Ilya, but he is continuing to grow along the lines that Paul spoke of. So he is still creating and correcting, and I commend him for it.

 

I think this is security forums for expert. You would like me only say "The GUI is cool", "It is smooth in my XP", "I like it", "I used it in 30 mins, no problem so far"?

By the way, The ISR products are installed in more than 50 millions computers in Asia since 1997. SD is a new security product ?

 

Why or what, is your obsession with SD, that is all I want to know. Why are your tests not run and reported on for other products, say like SafeSpace. Yhank you.

 

my report about DF:
https://www.wilderssecurity.com/showpost.php?p=1167793&postcount=17
https://www.wilderssecurity.com/showpost.php?p=1167833&postcount=30

my warning about EZFIX:
https://www.wilderssecurity.com/showpost.php?p=1186730&postcount=50
https://www.wilderssecurity.com/showpost.php?p=1186955&postcount=16

my report about RVS:
https://www.wilderssecurity.com/showpost.php?p=1172117&postcount=104

my report about AE
https://www.wilderssecurity.com/showpost.php?p=1161421&postcount=9

my report about AE + SD
https://www.wilderssecurity.com/showpost.php?p=1158024&postcount=1

why not report the bugs if I can find them?

 

Ok, thank you. Can you run it against something like the AV for F-Secure.

 

lo QQ2595 u rocks man 10x for the great testin u did...

i just wounder about this test of DF version

https://www.wilderssecurity.com/showpost.php?p=1167793&postcount=17

was it Deep Freeze Standard 6.30.020.1875 ??

cool

 

Reporting bugs and/or behavioral characteristics is a useful objective, but it's also useful to provide some sense of the scope of the issue and approaches that a user could employ (if any) to address the shortfall.

In the current case, as an example, what could a user do to handle low level disk access by a third party application to circumvent SD? As noted above, use of LUA or some type of HIPS could address the immediate issue. For various reasons, layering on a HIPS may be a nonstarter for some, so one might appeal to LUA.

I have noticed that SD will not launch using the "Start as administrator" facility under SuRun, while using the native OS "Run as" facility appears to work just fine. Obviously a bit of adjustment seems in SD appears in order. However, this (using the Run as facility and an account with admin credentials) should directly address the specific shortfall identified.

That's pragmatically useful advice if one is an owner of this (or any other) application since many are not able to jump between licensed products on a whim. These differentiating characteristics are certainly useful to keep in mind if you're on the market for one of these solutions, be it partition/application/system virtualization, or any security application in general.

Blue

 

Hi QQ2595,
Could you tell me which version you have tested with Robodog, SectorEditor, CleanMBR. I have tested SD with SectorEditor and Robodog, but it seems that these two tools can't bypass SD1.1.0.237.

and you mentiond "I had a try, thrid party tool can still access the original volume with these symbol directly in shadow mode."

Could you tell me which the third party tool is?

Thank you very much!

Best regards,
Tony