Hello World!

Discussion in 'other security issues & news' started by damnageplan, Jan 31, 2013.

Thread Status:
Not open for further replies.
  1. damnageplan

    damnageplan Registered Member

    Joined:
    Jan 31, 2013
    Posts:
    2
    I have long adored the people here at Wilders, and I'm happy to finally join the community. I'm just starting school for networking and hope to become certified as soon as I can, although I think that might take a while. ;)

    I come to you not bearing gifts of wisdom but rather newbish stupidity.. I'm about to nuke my Windows 8 PC and survive on live CDs. Although I am inexperienced, some of my communication is mission-critical, and I have been attacked before.. My current crisis is probably not a real threatening snitchuation but rather most likely run of the mill sadware.

    Let me start with my setup. Win8 64, AVG (Bitdefender soon?), Comodo FW, WinPatrol, Zemana AntiLogger, Secunia PSA (can't open UI for last couple weeks), on demand MBAM, Hitman Pro, Superantispyware Tor/Dragon/FireFox (usually sandboxed)

    For the last 2 weeks I have experienced some irregularities, such as unusual clicking, hanging on startup, starting up without or delayed security processes such as AVG and Comodo FW not starting or start frozen.. No crazy paranoia stuff like I have had in the past, such as obvious reaction when in view of webcam and once *lol* visible command prompt open with misspelled commands and bluetooth hack download page history left in internet explorer (get your own browser lol) but anyways I have a few questions.

    I have Windows 8, should I have the virtualapp/didlogical credential from Win7 that caused so much noise? Well I removed it and I'm waiting to see if it comes back.. but I hope I didn't loose a lead on it if it was something bigger.

    All of my connections to webpages have no ownership info, no verification, no certificate and https gives my a warning of untrusted connection wherever I go.. even here.

    AVG has not done me much good, I am primarily concerned with attacks that don't go by the books from the definition library.. good heuristics and zero day, I also don't like to be left in the dark as to whats going on, I like good strong birthing HIPS.. What kind of setup would any of you recommend, if it sounds good I'll switch to anything, obviously I don't know what I'm doing.


    Its good to be here and I'll be sure to pay any help forward, thank you!
     
  2. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    Welcome to the forum damnage! Personally I couldn't do without light virtualization and Shadow Defender in particular. Along with DiskShot (which is available only in Korean language ATM), Shadow Defender is currently the only other light virtualization app that can withstand and can instantly undo even sophisticated malware infections with just a reboot. The latest version supports SSDs and Windows 8 as well, and it can use RAM for the virtual system. It can virtualize all disks attached to the system and provides a great overall safety net for cases where sturdy 0-day malware have somehow managed to bypass all your other levels of protection.

    While Shadow Defender protection is active (it's called "Shadow Mode") all changes on protected disks happen in a virtual environment and nothing touches the real system. The program works at sector level and uses RAM or the protected disk's free space for its buffer. Upon reboot the program actually discards all changes by default (safer this way) - but you can also commit any changes if you want to. If you want to save the changes that have happened in the meantime you have to open the Shadow Defender interface and explicitly click on a protected disk and choose to exit Shadow Mode. You will then be asked if you want to discard or commit the changes that have happened since the disk was put in Shadow Mode. Obviously once you commit changes in this manner there will be no turning back to the previous state; so you have to be careful at what you will be commiting, only do it if you are sure that all changes that have happened in the meantime are safe to write to the real system.

    The program also allows you to define files/folders which can be permanently excuded from protection (so any changes on them will stick no matter what). Frequently modified files or folders like your Favorites/Bookmarks or any folders that contain antivirus definitions, can be permanently excluded this way. You can also commit individual files/folders on any protected disks in real time by right-clicking on those files/folders and selecting to commit them from the context menu.

    This program has been a lifesaver for me, and I'm constantly surprised that many experienced security-consious users are still not aware of it, or they just fail to realize the value of light virtualization when it comes to system security. Why cleanup/repair infections or any other unwanted system changes (malicious or not), when you can just undo all those problems with just a simple reboot?
     
    Last edited: Jan 31, 2013
  3. damnageplan

    damnageplan Registered Member

    Joined:
    Jan 31, 2013
    Posts:
    2
    Thanks CyberMan, is there any advantage with Shadow Defender over Sandboxie? I could of sworn I saw a Shadow Defender process in process explorer a while back, maybe it was integrated in Zone Alarm? idk..

    Anyway my first post was a bit long winded, but I'm really concerned that every page I visit is not verified, even Google is an untrusted connection.. help?
     
  4. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Hello :)

    Just FYI. No, SD has no connection to Zone Alarm ;)
     
  5. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589

    Like Swex said, there is no connection with ZA and ASD.

    Sandboxie only virtualizes individual programs or folders, whereas SD virtualizes the whole OS as well as any disks or USB sticks connected to the system. I use both programs, having multi-layered protection never hurts!
     
Loading...
Thread Status:
Not open for further replies.