Shadow Defender Questions

How does Shadow Defender allow one to save any changes made? I know that there is an option to exclude protection for certain files/folders, and have changes to those written directly to disk but what are the other options? Ive also heard that there isnt an option to save the entire session, although the developer is supposedly working on this. Is this true?

Does it work in LUA? As in if I install it admin will it work correctly with other LUA accounts on my pc?

Also I heard sometime back that there was some kind of conflict with DW, has this been fixed?

Anything else I should know before trialling the software?

 

You can right click the file and then commit now. You can also save the changes made to the whole drive by: Entering Shadow mode, >Mode Setting>Check (tick) which partition you want to save all the changes made to it>Exit Shadow Mode>Commit all changes.

i haven't noticed any problems using shadow defender with defensewall, but u have to install shadow defender as trusted of course

 

Thanks for the response Hamzah!

Another question I have is: I know programs like SD are vulnerable to low-level disk access, but are there other vulnerabilities that SD or apps of its ilk have? What are some good options to complement SD? Thanks!

 

I read an article, something about how certain types of malware, eg dog trojans can use low level disk access to bypass virtualisers and hence make permanent changes. I assumed the protections incorporated by SD worked against the particular worm you are talking about, but did not prevent low-level disk access in general, hence opening it up to other possible exploits, theoretically atleast. If SD has been updated to prevent low-level disk access in general, then that is good to know!

 

Heres another question:

Does SD have some way to permanently save certain files, like returnil? Like a setting to ensure that certain files are always saved to the real system after every session, without writing directly to the disk?

How else can one save bookmarks and history without writing directly to disk?

Thanks!

 

Fix is specific for this worm, but it can be bypassed by another malware or a safesys variant.

You should read this:
http://www.prevx.com/blog/134/A-puzzle-called-SafeSys.html

It's a design flaw not a bug

 

So how to stop the damn thing? Maybe HIPS? Any recommendations?

 

Yup thats the article I was talking about!

 

Keep in mind that anything can be bypassed, it is a matter of the likelihood of the event, and for virtualizers is very rare, particularly used in conjunction with HIPS or AVs.

 

This is not just a theory:

then, you can look at the mj0011's work (XCon 2008 ).

Concerning SD, you can try latest variant of MBR rootkit and then analyze system partition after the reboot (not only the MBR/ sector 0 )

 

So whats a good defense against this developers? Defensewall?

 

defensewall yes