Interesting Shadow Defender Test

Discussion in 'sandboxing & virtualization' started by SourMilk, Dec 13, 2012.

Thread Status:
Not open for further replies.
  1. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    I really believed that Shadow Defender could protect against rootkits until I saw this video:

    -http://www.youtube.com/watch?v=YRDRJjfNaWs-

    Now, I'm not so sure.

    SourMilk out
     
  2. Arcanez

    Arcanez Registered Member

    Joined:
    Oct 5, 2011
    Posts:
    396
    Location:
    Event Horizon
    that is one of the main reasons why I use Appguard. I used SD 1.2 for a few days but it didn't run well on my machine. Currently I feel safer with Deepfreeze than with Shadow Defender because of the lack of communication and continued updates. But let's see how the new Version does that's coming out very soon. I might take a look at it again when it supports SSD's.
     
  3. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
  4. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Neither do I...:doubt:
     
  5. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    I've never been infected using SD using a clean system. As far as people doing these "tests",without knowing "their PC" is clean,I wont put much faith into what they do in their so called tests.
     
  6. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,213
    Was that a video of a Charlie Chaplin's silent film era? I certainly couldn't follow its fast infecting protocol.
     
  7. Space Ghost

    Space Ghost Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    52
    Location:
    Poland
    Do you have any problem with the reproduction of this test at yours home? Currently, your arguments are truths revealed.

    PS: MBR infection was confirmed on a real computer.
     
  8. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Someone should test AppGuard on High and Locked Down to see if there is any difference in protection since it comes on High by default.
     
  9. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    938
    Light Virtualization is not MBR Virtualization - tricks are tricks, not core engine!

    And it is always a pleasure to see how the old [from 1986...] "Brain IBM-PC virus" potentiality, with their skilled performance, can to dance with the Microsoft'PatchGuard modern thing...

    :cool:
     
  10. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Yeap...That's true...;)
     
  11. karad

    karad Registered Member

    Joined:
    Sep 10, 2008
    Posts:
    237
    I've just bought and installed SD as a replacement for ToolwizTF,which replaced Returnil after many years,and I also had to give up drinking milk for a while as a dietary advice and now....now SourMilk is trying to ruin it all......!

    I've seen the youtube piece,but ,quite frankly,i could not follow it very well,hence I didnt get the gist of it.

    Could anyone please say something final about it -in real world and not in a VM environment?

    SourMilk,are you sure now or you changed your mind?
     
  12. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Impossible to say since the test was conducted in a VM without knowing the host system operating system (O/S). Previous tests have shown that where the host O/S differs from the VM O/S then Shadow Defender doesn't 'protect' the MBR from malware. Where the host and VM O/S are the same it does protect.

    Still, I wouldn't rely on Shadow Defender to protect fully from such malware. Apart from the author, I don't think anyone actually knows what mechanism is deployed by SD to prevent MBR-altering malware from surviving the reboot.
     
  13. karad

    karad Registered Member

    Joined:
    Sep 10, 2008
    Posts:
    237
    Scoobs72, your clarification much appreciated,any practical advice? like, for instance, what would you deem best to be installed along SD in order to be fully protected?

    I didnt have much time to read Wilders threads about these matters during the past year so i've been trying to regain lost ground since a couple of weeks after i realised how vulnerable my system had become to recent MBR rootkits.
    To counteract that I rely now on a combination of AppGuard+Sandboxie+ToolwizTF with AV,MBAM,Superantispyware on demand on my computer n°2, ( i thought at first conflicts would arise among these ,but after placing only Sandboxie in Power Programs all apparently is ok).

    I've got to fix the situation for computer 1,which at the moment has
    Comodo CIS 5+ShadowDefender plus the on demand ones, but,unless the new CIS6 is stratospheric in its greatness, I think the only program which could be coupled to SD -in order to fully protect from rootkits attacking the MBR- might declaredly be AppGuard with its MBRGuard.
    What do you think?
     
  14. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    If you are not using SD to protect from rootkits then why bother with SD in the first place? You can go with other software such as Rollback Rx which has much more functionality and is continually updated. Or even go with TTF. The point of using SD is to have best protection along with rootkits.
     
  15. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Toolwhiz time freeze has been shown not to fully protect against all forms of malware.There is a thread about this here somewhere.
     
  16. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    I think you're suggesting the only reason to choose SD over other light virtualization/boot-to-restore software is the under-the-hood anti-malware capability? What about how well the application runs on your system? The ram cache, which speeds up browsing/system operation? The "Commit Now" feature? Boot time versus competitors?

    If the only value in a light virtualization app was its ability to resist MBR modifying malware then we'd all just purchase Returnil and switch on it's Anti-Exec functionality.....and be similarly protected.
     
  17. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    The approach you take sounds fine.....something such as Appguard/Sandboxie/Defensewall/CIS to protect in session/shadow mode, with SD to wipe the slate clean on reboot.
     
  18. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,278
    Does Secure Boot protect the MBR?
     
Loading...
Thread Status:
Not open for further replies.