The unofficial Shadow Defender Support Thread.

Discussion in 'sandboxing & virtualization' started by Cutting_Edgetech, Feb 14, 2011.

  1. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    439
    Does that happen with the latest version or with all versions? All the time or once?
     
  2. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    I just want to share something.
    I was in Shadow Mode, run Gigabyte utilty for driver & bios update.
    For fun I download new Bios version (F6) and my PC is automatic restarted, new version of Bios was instaled with no problem.
    I just want to share that here.
     
  3. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    That is as expected - because SD can not shadow (virtualize) the BIOS/CMOS. ;)
     
  4. n13

    n13 Registered Member

    Joined:
    Sep 17, 2016
    Posts:
    33
    Location:
    England
    Hey guys,

    I've taken an interest in Shadow Defender.

    Should I purchase, what version do you recommend downloading?

    Thanks
     
  5. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    It has happened only once (once in test period) because I've allways made allowing rule for it...versions?...I've installed the latest version of Jetico perhaps in April/May and then few times in last months and don't remember numbers of SD version...probably I could say v. 623, 636, 648...648 is currently on board.
     
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
  7. n13

    n13 Registered Member

    Joined:
    Sep 17, 2016
    Posts:
    33
    Location:
    England
    Thanks :)

    Another thing: I currently have Malwarebytes Anti-Malware, Malwarebytes Anti-Exploit, and Avira AV installed. Would these programs cause any issues running in Shadow Mode?

    Cheers
     
  8. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
  9. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    SD shouldn't interfere with other apps in system...they should work as the same as in the real system. One exception are apps which need to be constantly updated but bjm_ mentioned it already.
     
  10. n13

    n13 Registered Member

    Joined:
    Sep 17, 2016
    Posts:
    33
    Location:
    England
    Thanks for the support guys.

    Sounds like it would be a great addition to staying safe online :)
     
  11. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,793
    Location:
    .
    Oh boy, of course it is. As soon as you see anything abnormal or erratic behaviour just push the reset/power button, restart the machine an everything will be just fine.
     
  12. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,159
    Just a small caveat to that
    As I understand it Shadow Defender is not a firewall and will not necessarily protect you if you expose information about your real system during a shadowed browsing or online session.
    Shadow Defender is fantastic but you still have to be aware of what you are doing and saying on the net.
    These are my thoughts anyway, please feel free to tell me if I am wrong.

    Patrick

     
  13. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    That is correct Patrick. Nor can SD remove a certain class of trojans from your system after restarting, so SD users should also use a realtime anti-malware program!
     
    Last edited: Sep 23, 2016
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Wendi

    Could you explain that, relating to not removing a certain class of trojans.

    Thanks,

    Pete
     
  15. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,159
    Thanks Wendi,
    I didn't know about the trojan class, what is it?

    Patrick

     
  16. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    Hi guys, I'm on my lunch break, checked-in and saw your question. I'll try to explain what I meant above...

    First you need to recognize that SD only virtualizes Windows formatted and lettered 'disk' volumes (per your Mode settings). Early in 2014 I pointed out - in Patrick's (now defunct) Official SD Website - the importance of virtualizing Windows track0 / hidden boot partition whenever the C-partition was checked in Mode Selection. To Tony's credit he quickly implemented that concept. Afterwards I read about a number of trojan exploits (in the 'bootkit' class) which were capable of hiding 'below' Windows in unallocated HDD/SSD space. Tony didn't consider this a serious problem because he said those trojans were in a dormant state while hiding in some unallocated space and that SD would protect the system upon virtualizing the C-partition along with the boot sectors/partition. I just didn't (and still don't) see his point, especially for users who run SD on-demand, as there will be times when SD in not active and the system is then vulnerable!

    This would be of far less concern if Tony would have implemented The Shadow's request to provide an option to Drop Rights and Prevent Driver Execution within SD (as in Sandboxie), but that has not been done (so far).
     
    Last edited: Sep 23, 2016
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Wendi

    Since I never run without having SBIE on I am not worried, but I have to ask my favorite followup question. How did these trojan's get on my system in the first place?

    Pete
     
  18. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    Well Pete, if you are the sole user of your system, never run without SBIE with drop rights enabled, and never open suspect email attachments, you do indeed have a low risk of infection. But then again, that modus operandi probably isn't typical...
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Well I am not the sole user, but there are only 3 adult responsible users. Any browser is run in SBIE, and I don't use drop rights, but I do run Appguard and ERP along with EIS. And I suspect I am not typical, but you pay one way or another. Prevention is much cheaper
     
  20. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    Pete, both you and Patrick asked me to elaborate on the remark I made in post 4763...
    ...and I believe my reply (post 4766) elaborated on the remark in question.

    I was only trying to make the point that SD users should not totally rely upon it (alone) for protection against malware because SD in itself does not identify or block malware! Therefore, without anti-malware protection an SD user (particularly,one with admin privileges) is completely vulnerable to malware infection. It is true that if malware infects a system's C-drive or any other SD-protected volume that malware will be totally cleansed by a subsequent system restart. But if any such malware is capable of hiding in unallocated drive space it will survive a restart, lurking there for the first opportunity to complete its intended (nasty) mission. That opportunity would arise the next time the system volume (and boot sectors) were not being virtualized by SD!
     
  21. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,557
    Unless it´s supported by reliable evidence, I´d put this in the SD mith category.
     
    Last edited: Sep 24, 2016
  22. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    Robin, what (specifically) do you consider to be a myth?
     
  23. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,793
    Location:
    .
    With all due respect, I also consider this a myth unless a PoC available. If you have one please share it via pm please. The other day I tried Petya in my main personal machine and I survived to its payload. I want to see that kind of malware capable of making unallocated drive space in the first place cause I don't have space made by me in my drives, of course if they exist.

    TIA
     
  24. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,557
    In this case, the belief that malware can hide in unallocated space and from there infect the Windows partition when it´s in shadow mode.

    I think there is always some unallocated space in a disk, some of it "between" the partitions. Some partition managers show these spaces. Also, in a MBR disk Windows itself can store information in unallocated space in certain cases. In GPT disks this is not allowed, and this information is stored in the MSR partition.
     
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    This leads to another interesting question. To be truly hidden there would have to be some mechanism that allows windows to start it running. Something had to put it there and there has to be something that can accces this data.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.