Discussion in 'sandboxing & virtualization' started by Ech0, Oct 16, 2011.
@JRViejo Thanks for informing; I didn't know that.
It all comes down to trust and potential risks incurred.
My personal preference is to download directly from a vendor site where I've been able to observe or experience good support first hand. Sites such as Softpedia are decent resources, but they lack focused product centric support or, in fact, any indication on the state of the product being downloaded. To me, that's a major deal. There's plenty of stuff there which has languished in an effectively abandoned state for years. If you're looking for that specific program/version and know that detail, then great. If not...., do you really know what you're getting into?
To minimize risk, I always recommend going with current supported options, there are plenty to choose from.
A few alternatives listed in an old thread:
Or why not an hardware alternative:
A reliable solution requires to be immune from malwares and attacks, that is unfortunatelly very difficult to obtain (even with a code that relies BIOS and HPA).
I guesss that Rmus and Blue were quite in advance with these solutions as a line defense
Sounds interesting. The site doesn't give a price quote.
But I wonder if the files IT creates would be subject to hacking too?
What is TDL? And are you sure that Returnil has not more recently found a way to protect against this?
TDL3 and TDL4 are third and fourth generations of the very nasty TDSS rootkit (which infects drivers like atapi.sys, iastor.sys and some others).
Of all the light virtualizers out there only SD's Shadow Mode has been able to contain TDSS (it is gone after rebooting)!
While RSS has an added security layer which may be able to stop TDSS from executing, to my knowledge RSS can not contain it within the virtual space and therefore it isn't removed by rebooting. So while RSS may prevent the rootkit from doing harm, it still lurks in your system (unless removed by other means)!!! These statements are based on the following references:
there is may alternatives to JUST-REBOOT device which is one of the most ancient on the market.
Return Star recovery solutions are also very interesting:
Of course hardwares solutions needs software interface to rely with the OS, and by this way are theoretically hackable.
Yes, it is. I'm already using it for a few months and it works very well.
What's going wrong in your case? It works for me like a charm without any problems.
Does it support SSD drives, cause I already got a shadow defender license but not using it right now cause I read there are problems with SSD's and that TRIM function etc...
Unfortunately I don't have SSD drives. But you can try System Revert free for 30 days and see whether it works for you.
Here's a link that explains this family of rootkits in detail:
Also posted here two years ago:
I have been using SD x64 v325 on all my systems for the last two years and it has been great. No problems at all with Win7 x64. I have also tried it on the Win8 developer preview and it still works great. Two full years have passed since this version was released and it still eliminates rootkits upon reboot, a testament to Tony's brilliant coding skills. It's a true shame that such a great piece of code is now owned by ...shady unknowns who silently keep selling the software without responding to any e-mails or providing any form of support whatsoever... You guys go ahead and pass your credit card details to the unknown hacks who have potentially highjacked the product. The rest of us will be just fine with the good ol' 325/326 for as long as its rootkit undoing ability lasts...
I also use Comodo Firewall (which has a great HIPS/anti-execution function), avast! antivirus (which provides the least amount of false positives IMO), Malwarebytes' Antimalware (good for auto-blocking access to dodgy websites among other things), and Sanboxie with experimental x64 protection enabled (great for browser and application isolation). Overkill? Maybe, but for me each one of these programs provides its own functionality and layer of security.
I also use Rollback RX in order to test and then easily remove software that require reboots. I have different snapshots saved to fit different computer usage purposes: For example:
A strictly off-line Benchmarking snapshot with internet access disabled and a totally clean Windows install with only drivers and the benchmarking apps added. Benching hardware is better this way without any additional software loaded to the system disk/RAM.
A Gaming snapshot where a lot of Windows services and other processes that are not essential for gaming are disabled.
A Multimedia Editing snapshot with my scanner drivers installed and all my favorite photo, audio and video editing tools added.
An Everyday Use snapshot which includes all my security apps including Shadow Defender.
Another invaluable purpose that Rollback RX serves is when I'm trying new overclock settings. There is no need to run ChkDsk after a system crash to correct possible file system errors. I just reset, enter the Rollback RX pre-boot menu, restore a previous snapshot and the crash is undone in seconds! It does save me a lot of time when trying to establish the ceiling of CPUs, RAM, or graphics cards.
For me Shadow Defender and Rollback RX really complement each other. Shadow Defender gives me that extra layer of rootkit resistance, and then I have Rollback RX to undo system crashes, test and then easily remove software that needs reboots, and define different software setups to fit different usage needs.
Use Appguard on locked down mode with Shadow Defender, and your about as likely to win the Power Ball as to get infected as long as you don't disable your protection. Appguard protects well against rootkits.
Interesting, I haven't thought about installing SD in one snapshot. I've always thought that somehow SD wouldn't play well with RBRx (problems with the MBR). I hope I won't get any problems with Vista. Thanks
I haven't tried SD+RX in XP or Vista, let me know how you get on.
Fwiw, I ran RBX with SD without any issues. The only reason I discontinued using RBX was because I got frustrated having to ask HDS to reset my serial number everytime I would uninstall it in order to run a boot-time defrag!
another alternative to SD is CLEAN SLATE http://www.fortresgrand.com/products/cls/cls.htm
basically same protection as SD gives you, but lets you also exlude desired --> Registry Keys/Files/folders
Oh and, Discard unwanted change by simply Logging OFF and re-Logging ON! (reboot also works, just like SD)
I believe CS and SD are implemented using different technical approaches, which is just something to be aware of when choosing light virtualization software.
SD works at the disk level, below the level of the Windows file system, which is why it cannot offer the same feature set as CS. The disk level technique is often used by developers to implement light virtualization programs because it is considered to be a more robust approach that is superior from a security perspective.
When I tried Clean Slate 6.5 a while ago, I found it promising but buggy. Here's a recent review of CS, which suggests that it still needs further work: -
Thanks, after reading this review to say that CS is buggy sounds more of a euphemism for a real nightmare. I wonder why nobody offers to buy Shadow Defender's code, the program is simply unique, what a pity.
I agree. I'd love to see Shadow Defender taken over and developed further.
Apparently SD has been taken over (from Tony) - the question is by whom?
The Shadow Defender Challenge.
If Shadow Defender has been "taken over" I challenge the "new owners" to post here to show their credentials and prove their legitimacy. People are still buying this software without any confidence that the new software is not just a hijacked, reconstituted, cracked version of the old software from a hacked site.
Patrick (ex Shadow Defender mod)
I agree that the fundamental issue is one of trust. Without a communication from the original developer confirming that he had transferred the program rights to another developer, we would never know for sure whether we could trust any further versions of the program beyond the last official release.
As SD hasn't had any bug fixes or new functionality added since Tony went missing, it seems likely to me that whoever has taken over SD does not have any genuine intent to develop the program further, which increases my suspicion that the website and the program may simply have been hijacked.
SD appears to be a dead product and has looked that way ever since Tony went missing. My previous post was just wishful thinking and I am fully aware of the current situation. I still think it's a shame though.
Re: The Shadow Defender Challenge.
While I completely understand your feelings about this issue I find it difficult to believe that Tony's source-code and website were both hijacked (or the like). But I have no clue whatsover as to what actually transpired.
I purchased my license from the new website and promplty received a valid key. On the other hand, I submitted a technical question to their support address shortly thereafter (about 2 months ago) and have yet to receive any kind of reply!
I can see that no new functionality is evident, but playing the devil's advocate here, how do you know that there has not been any bug fixes?
I don't for sure and I agree that none of us know exactly what happened when Tony went missing; but as no change list was ever published for the only version released since Tony went missing (18.104.22.1681 on 31st March 2011), it's reasonable to assume that there probably weren't any bug fixes.
You would have thought that any bona fide developer would want to advertise their presence with a change list for 22.214.171.1241 to show that they were serious about continuing to the develop the program. As that didn't happen, I prefer to exercise caution and stick with the last official version 126.96.36.1995.
Separate names with a comma.