Can Shadow Products Protect System Time ?

Hi, folks:

This question has entered my mind for quite some time now.

I am not a computer tech, I would like to hear more from the gurus.

A while ago, reports indicated that some viruses/worms are able to revert system time to a distant back (say, year 1990, or even 1999), thus rendering AVs/ASs and alike useless.

In theory, Under Shadow mode/freeze state, all drive or system drives are protected, could system time be altered as result of such attack ?

I read some saying that system time file is stored at BOIS, not at Harddisk, is this true ?

Looking forward to your replies. Thanks.

 

That's true. All the shadow products I've tried so far don't protect against system time changes.

It'd be horribly annoying if they did, though, since then your system clock would be reset to an incorrect time every time you exit shadow mode. If you're worried about malware that fiddles with your clock, you can edit your group policies and remove privileges for this, or simpler, use a limited account.

 

there are some HIPS which hook the ZwxxxTime can help you.

 

Hi,

such as ?

 

In china, as I know, there is a very popolar product Safe360. it has a time protect utility.

http://www.skycn.com/soft/43109.html

 

I download that and extract. Then I start 360TimeProt.exe. There are 2 option and if I understand correctly left side button is activate and right side deactivate. Now I only need to know what those options are?

 

There are 4 buttons in the main GUI like this:

1)Install the Time Protect - 2)Uninstall the Time Protect
3)Enable the Time Protect - 4)Disable the Time protect

Hope this is helpful.

 

Thank you.

 

ClamAV 0.92.1 2008.04.12 W32.Zloyfly
DrWeb 4.44.0.09170 2008.04.12 Trojan.DownLoader.49824
Ikarus T3.1.1.26 2008.04.12 Trojan-Dropper.Win32.Flystud.B
Prevx1 V2 2008.04.12 Generic.Malware
VBA32 3.12.6.4 2008.04.06 Trojan.BAT.KillAV.df
Webwasher-Gateway 6.6.2 2008.04.11 Win32.Malware.gen (suspicious)

You sure this is safe?