Interesting Shadow Defender Test

I really believed that Shadow Defender could protect against rootkits until I saw this video:

-http://www.youtube.com/watch?v=YRDRJjfNaWs-

Now, I'm not so sure.

SourMilk out

 

that is one of the main reasons why I use Appguard. I used SD 1.2 for a few days but it didn't run well on my machine. Currently I feel safer with Deepfreeze than with Shadow Defender because of the lack of communication and continued updates. But let's see how the new Version does that's coming out very soon. I might take a look at it again when it supports SSD's.

 

This may be relevant:
https://www.wilderssecurity.com/showpost.php?p=1706005&postcount=54

Without knowing what the host system was you can't really draw any conclusions from this 'test'.

 

Neither do I...

 

I've never been infected using SD using a clean system. As far as people doing these "tests",without knowing "their PC" is clean,I wont put much faith into what they do in their so called tests.

 

Was that a video of a Charlie Chaplin's silent film era? I certainly couldn't follow its fast infecting protocol.

 

Do you have any problem with the reproduction of this test at yours home? Currently, your arguments are truths revealed.

PS: MBR infection was confirmed on a real computer.

 

Someone should test AppGuard on High and Locked Down to see if there is any difference in protection since it comes on High by default.

 

Light Virtualization is not MBR Virtualization - tricks are tricks, not core engine!

And it is always a pleasure to see how the old [from 1986...] "Brain IBM-PC virus" potentiality, with their skilled performance, can to dance with the Microsoft'PatchGuard modern thing...

 

Yeap...That's true...

 

I've just bought and installed SD as a replacement for ToolwizTF,which replaced Returnil after many years,and I also had to give up drinking milk for a while as a dietary advice and now....now SourMilk is trying to ruin it all......!

I've seen the youtube piece,but ,quite frankly,i could not follow it very well,hence I didnt get the gist of it.

Could anyone please say something final about it -in real world and not in a VM environment?

SourMilk,are you sure now or you changed your mind?

 

Impossible to say since the test was conducted in a VM without knowing the host system operating system (O/S). Previous tests have shown that where the host O/S differs from the VM O/S then Shadow Defender doesn't 'protect' the MBR from malware. Where the host and VM O/S are the same it does protect.

Still, I wouldn't rely on Shadow Defender to protect fully from such malware. Apart from the author, I don't think anyone actually knows what mechanism is deployed by SD to prevent MBR-altering malware from surviving the reboot.

 

Scoobs72, your clarification much appreciated,any practical advice? like, for instance, what would you deem best to be installed along SD in order to be fully protected?

I didnt have much time to read Wilders threads about these matters during the past year so i've been trying to regain lost ground since a couple of weeks after i realised how vulnerable my system had become to recent MBR rootkits.
To counteract that I rely now on a combination of AppGuard+Sandboxie+ToolwizTF with AV,MBAM,Superantispyware on demand on my computer n°2, ( i thought at first conflicts would arise among these ,but after placing only Sandboxie in Power Programs all apparently is ok).

I've got to fix the situation for computer 1,which at the moment has
Comodo CIS 5+ShadowDefender plus the on demand ones, but,unless the new CIS6 is stratospheric in its greatness, I think the only program which could be coupled to SD -in order to fully protect from rootkits attacking the MBR- might declaredly be AppGuard with its MBRGuard.
What do you think?

 

If you are not using SD to protect from rootkits then why bother with SD in the first place? You can go with other software such as Rollback Rx which has much more functionality and is continually updated. Or even go with TTF. The point of using SD is to have best protection along with rootkits.

 

Toolwhiz time freeze has been shown not to fully protect against all forms of malware.There is a thread about this here somewhere.

 

I think you're suggesting the only reason to choose SD over other light virtualization/boot-to-restore software is the under-the-hood anti-malware capability? What about how well the application runs on your system? The ram cache, which speeds up browsing/system operation? The "Commit Now" feature? Boot time versus competitors?

If the only value in a light virtualization app was its ability to resist MBR modifying malware then we'd all just purchase Returnil and switch on it's Anti-Exec functionality.....and be similarly protected.

 

The approach you take sounds fine.....something such as Appguard/Sandboxie/Defensewall/CIS to protect in session/shadow mode, with SD to wipe the slate clean on reboot.

 

Does Secure Boot protect the MBR?