The unofficial Shadow Defender Support Thread.

FWIW,

I tried the "newest" version of Shadow Defender,ran it for a few weeks as a matter of fact,didnt notice anything any different then my "older" version of SD that I have.

 

Does no one know if Shadow Defender makes changes to the mbr?

 

It's rare but it looks like it has happened (if one can trust the guy who posted on the following thread):

http://forums.malwarebytes.org/index.php?showtopic=79159

Also here:

https://www.wilderssecurity.com/showthread.php?t=276152 (read all the posts by Leach throughout the pages of that thread. His results were done using VM and were inconsistent and depended upon SD version and test system OS, so it's anyone's guess on that one. But with malware evolving so quickly and SD development at a standstill, this is a clear indication that it can happen, it's only a matter of time. Especially when taking into account the fact that SD is now very popular among warez and torrents sites, thus providing a good challenge for ambitious malware coders to bypass).

 

I use Comodo Internet Security and MalwareBytes AntiMalware alongside SD on all my systems for 2 years now and haven't had any infections whatsoever (and I do go places online...). Comodo's Defence+ feature has anti-execute, real time full system settings monitoring, and a decent sandbox (not as full-featured as Sandboxie, but good enough and fully comp with x64 Windows kernel). Together with SD Comodo offers very good protection, and it's absolutely free as well.

 

I'm sorry, I believe you, but I can't believe somebody saying my computer got bypassed without showing any screenshot or real proof whatsoever. I'm pretty certain that in due time without the SD developer active malware will eventually manage to damage the virtual volume, but we are still talking about a few instances (if any).

I also agree that to use a virtualizer like SD on its own is not recommended, as the few instances of malware that might affect it can be easily detected by an antivirus or an anti executable.

 

Hi Osaban, have a look here also, the whole thread makes a very interesting read. Especially the exchanges between ssj100 and Returnil's Coldmoon:

http://ssj100.fullsubject.com/t147-shadow-defender-bypassed-by-tdl-rootkits

You are right, the guy who posted at the MalwareBytes forum didn't provide any proof and I should have phrased my response better to allow for that. My post #303 is now edited to that effect. For all we know it could have been someone representing a competing security application, trying to tarnish SD's solid reputation. In any case my mind is not made up yet. For me SD still remains the best, especially when combined with a decent anti-execute application. Unless someone tries extensive tests on a real XP/Vista/7 install (in both x32 and x64 kernels without virtual machine software involved), then I suppose we'll never know for sure how effetive SD really is against some of the newest malware. I am quite tempted to try it myself since I always have up-to-date Acronis backups stored on Blu-Ray discs, but alas too much work and not enough time at the moment...

 

On the nice tests by dax123 on http://ssj100.fullsubject.com/t166-light-virtualization-software-partial-sandbox-test - The winner by far is SD



Re - SD v326

What does this mean *

And the -

Here's another set of results from a batch of tests, but not much detail

*

I see you've had quite a few suggestions I use Shadow Defender v326

 

v1.1.0.325

 

I'm satisfied ... I use the SD 0.325 also

 

I asked Tony the same thing ( before his disappearance ) and he told me that shadow defender doesn't modify mbr he just create a kernel driver .

 

Another thing that has always bugged me: After a bbsod and a hard reset is SD capable of fully restoring a protected drive to its pre-crash state? When I was testing Wondershare Time Freeze and Clean Slate I directed the same question to the techs of both programs. Although they have answered all my other questions, both companies ignored this one. So I assume the answer is no for WTF and CS, but what about SD? It looks like noone knows a definite answer to this...

 

Hi there,

It happened to me with ShadowUser, DeepFreeze, and Shadow Defender. They have always restored the system as if it had been rebooted normally. I'm not saying this is the rule, I'm only sharing my experience as far as what happened with my machines, and admittedly they are very rare events.

 

I looked at the links in this thread, and I still have not seen any proof that SD has ever been bypassed. It just seems to be hearsay. If it has been then it would be easy to prove since the code has not been changed in some time now other than the .331 version that no one want's to touch. I have been using SD for almost 4 years now without ever being infected. I have not been infected by anything that i'm aware of in over 15 years for that matter. Knock on wood! I think a good combination to run with SD is Appguard or Prevx or even both. Then whatever may possibly have a chance at bypassing SD would surely be stopped by either Prevx or Appguard. You could run Prevx, and Appguard together with SD, and it would still be a very light setup.

 

SD has been very reliable!

 

Exactly why the recent state of affairs makes me really sad. A great piece of code like SD deserves much better than its current unknown owners. If a serious company was to have acquired it after Tony's disappearance they could have turned it into a true market leader (and they would also make a sh*'load of cash in the process).

In any case SD should be able to persevere for a very long time even against zero-day malware, as long as it is paired with a good anti-execute app like Cutting_Edgetech said.

 

Thanks Osaban, I appreciate the input.

 

Anyone know if i can use one SD license on two machines? I tried to use it for a second machine and it looked to activate fine but then I got a load of BSOD's. Wasn't sure if it was getting angry or was just a configuration error.

Anyone tried this?

 

I installed it on a second XP computer and entered my key. It took fine. Then I just bought a new computer with WIN7x64, and installed from the web site and entered my key, and it took fine.

 

Totally agree. SD is straightforward, safe, light, easy to use and configure. Is a so good piece of software that unfortunately there´s no equal or better alternative among existing light virtualization programs (at least that i known),IMO.

Not that long, Shadow Defender may be incompatible with Windows 8...

 

Cheers! Just entered my key and it seems fine. If I run into more BSOD's after entering Shadow Mode I'll be back

 

Agreed.

 

As I've said previously, just because the new version "works" for some people at present does not mean that it can/should be relied upon. We don't really know anything about it apart from conclusions that have been arrived at through conjecture and desperation, we don't know who is developing it and there is no support or meaningful communication from Tony (or anyone else for that matter).
This is not the correct framework for security software, we have no idea where it is going or what the wall of silence is about.
As for the older versions, some people have experienced glitches/bugs (including myself) that occur right through until later versions. My own experience was that occasionally when re-booting from shadow mode certain software settings/ registrations etc that I had made were lost. I like/liked the program (a lot) and most of the time things were ok with it but an active developer (and some degree of "transparency") is essential for this sort of software
If you are just "toying" about then a re-format and new OS is no big deal but if your full system with all your important stuff etc might be at risk, that's different.

Patrick (Shadow Defender mod)

 

I fully agree with you, Patrick.
For the time being, one of my PC stays with 1.1.0.325.

I tried 1.1.0.331, and tested it against the Best Scanners...
BUT
I still canNot Trust the new version...

 

Silly question but if none of the antivirus pick this new version up would you consider the file to be clean or do you think it has some stealth malware hidden inside the file.. but it does has a valid digital signature.. i purchased the software along time ago and most of the old versions i had do what some other say i get BSOD..
I was maybe gonna hope for the best and use the new 331 ??

 

Exactly my feelings Patrick. It is safe to assume that the people currently in control of SD are blatantly unsuitable to adopt an established security-based application like SD, and to help it evolve. I don't know what kind of ...business plan lies behind their continued silence...