The unofficial Shadow Defender Support Thread.

Shadow, if you have any additional suggestions on how such SD options should be implemented, drop a line to Tony directly. If anyone else has any ideas on this lets share.

 

CM, I think Tony now has enough on his plate! What with the disappearing settings issue and the enhancement requests (1Click Shadow Mode and of course hardening SD against rootkits via options for Drop Rights to LUA plus disallowing driver execution).

TS

 

I meant if you or any other SD user may have any further input about the practical implementation of such options for Tony. Maybe eventually he can release a beta to us with such options so we can test it before a proper release. If he is game for it in the first place of course...

 

Gotcha.

 

If Tony wants to play ball and this is done right, it would be a major change. It could potentially be SD v2.0

 

A shot in the dark here: Would you ever consider buying hip black 'n yellow t-shirts with the SD logo at the front and "The Original Tony" logo at the back?

I'd have a t-shirt with the other Tony, Tony Montana, brandishing a huge Shadow Mode logo with machine guns attached to it, and underneath the immortal caption in size 72 Jokerman bold font: "Say hallo to ma litl' frend!"

 

Since I've been away a long time from the malware scene due to having children last year... how common is the Sinowal worm? How effective are the AVs at detecting it by heuristics/signatures? Considering we know light virtualization won't protect against it at the time being.

 

Returnil and Toolwiz Time Freeze passed Sinowal test, Shadow Defender and Diskshot failed. Although Returnil and Toolwiz Time Freeze failed TDL4 test. They could learn from each other.

 

Reply from Tony:

I will research DROP RIGHTS and BLOCK DRIVERS.
In fact, i plan to add Registry Exclusion List into V2.0 and i am doing this.
This function is time consuming and i can't give an exact time.

Best regards,
Tony

In a previous e-mail Tony has mentioned the difficulties of full Win8 x64 support for Drop Rights. Tzuk has faced similar issues.

 

I see. Thank you very much for your information and for researching!

So Tony is back for real? Wonder what really happened to him...

Anyway, for the users' best, they could probably share some ideas, although that probably violates their ideas of earning a profit from their own software.

 

Boy, Tony writes perfect English. I thought someone mentioned about his English being not so good.

The man is full of surprises.

 

Actually Patrick has communicated extensively with him in the past, and Tony himself was participating actively at the old SD forum. His level of english is more or less the same now as it was three years ago.

I understand your concerns. I think that Tony probably used the "English" excuse as an easy way out. Many users are still curious in regard to his extended absence, and Tony obviously doesn't want to talk about that period. Personally I also think that there should have been more transparency from Tony's side. At least the software is now back on track and improving.

If SD can be reinforced with Registry exclusions and DropRights/Drivers, then I'm all for it. With such options rock-solid, SD would become a more comprehensive security product. People won't need to run two or three different apps for such functionality; Parents could activate passworded Shadow Mode with drop rights and no drivers allowed and let their kids use the computers without worrying that the kid may visit an infected domain and allow a backdoor into the system. SD may be able to achieve this.

This is a challenge for Tony regardless if it is the real Tony or not. It will be interesting to see if/how he can rise to this challenge.

 

On this test that is being discussed, Shadow Defender failed but on what OS and was that 32 or 64 bit?

 

Language translation software is constantly improving!

Cruise

 

Definitely Win7 - but 32 or 64 bit is not evident.

 

Also (fwiw) the current version of Farnonics Deep Freeze failed the TDL4 test (but passed the Sinowal test).

 

OK, thanks for that info.

 

Is there anything that can be done to AG as to how or when it loads it's protection during the boot process to make it more secure? In theory I mean.

 

Maybe also post this in one of the AppGuard threads so that Barb_C will be sure to see it.

I've noticed that AppGuard's protection is not operational at boot time while the red cross on the tray icon is displayed. It takes several seconds on my machine for the red cross on the tray icon to disappear after start-up.

 

Is the appguard driver itself boot sector resident? This would ensure that its process kicks-in early during boot. Or maybe its implemenation is similar to Comodo's Defence+ enhanced protection module.

 

Don't know. Might be an idea to post the question in the following thread where the issue of when AppGuard protection kicks in is currently being discussed: AppGuard 3.x 32/64 Bit

Hopefully, Barb_C will be able to provide us with an answer.

 

Yikes, I meant to say SD instead of AG lol I was working on 2 post at the same time. I was actually pondering the same question with AG in my mind when I was working on the SD post. I guess that's why I accidently typed AG instead of SD. I guess i'm not doing so well at multitasking right now. Someone must have let Barb know about it because she answered it. I'm glad she did though because the funny thing is there is an issue that several other members have brought up about AG not activating it's protection early enough during the boot process lol

Let me try this again. Is there anything that can be done to SD as to how or when it loads it's protection during the boot process to make it more secure?

 

The only thing I can think of is for SD to have a boot sector resident driver, and this is something that I wouldn't want.

If Tony manages to properly incorporate Drop Rights and Block Drivers functions into the program, then I don't think that we would need the SD process starting earlier anyway. It will be a great peace of mind to know that kits won't be able to take hold under Shadow Mode.

Of course if users disable this protection in order to be able to install stuff under Shadow Mode, this would leave their systems potentially more vulnerable. Personally I would enable them and leave them on. I hope that Tony can hack this.

 

I wonder if this option will work the way, that under Shadow Mode you will be able to turn it on, and turn it off without necessity to reboot your OS, like a switch. Sometimes it is necessary to install some software, and it would be better if you don't have to restart your PC to do so