Discussion in 'sandboxing & virtualization' started by dax123, Oct 3, 2012.
Toolwiz Time Machine has the same functionality and footprint.
Diskshot@Home 3.7.970 vs 5 MBR/VBR Rootkits
Hey, hey, pareces hispano escribiendo Español, te felicito, saludos desde Centro America.
I think an English translation of the program would be enough for most people, it would be nice if they put one out in the near future.
So it appears that Diskshot is no better than SD (re infections)!!! ...and so much for all of Diskshot's 'fanfare'.
ViVek, thanks very much for the link to the test.
Wow, that dude (testzabezpieczenpc) is exposing just about everything out there! Anyone know of an app that can translate Youtube videos 'on the fly' (from Polish to English)?
why translate anything from those Videos. He's not even talking there's just Music in the Background and everything important that you Need to know is highlighted in green and red which is basically "failed" or "passed"....
Also an interesting Thing is that the only malwares that get through are basically that TDL4 and Sinowal...All the tested light virtualization Softwares score a 4/5 because either the TDL4 or the Sinowal got through...
Not to 'hear' anything, but to 'read' the commentaries/messages as to what is happening and any impressions he may be sharing.
25sec he explained that because of that he doesn't know Korean he isn't sure if he's defined everything correct.
37sec because DiskShot modifies MBR, TDSSKiller shows this modification as malicious software. So he does quick scan with GMER
1min20sec GMER descried modification connected with DiskShot, and obviously it is a fals alarm.
1min44sec Thanks to this option each modification on the Hard Drive should be undo (cancel) after rebooting
3min05sec There is an infection (Sinowal) failure
Next attempts are passed
Unliess I'm mistaken, and this wouldn't be the first time, Diskshot modifies the MBR (similar to Rollback Rx and its clones), but not TTM + TTF.
Thanks for the help artoor!
Here are some rootkit results against Diskshot. This person also tested Shadow Defender against the same rootkits. My apologies is this has already been posted. -http://malwaretips.com/Thread-Diskshot-Home-3-7-970-vs-5-MBR-VBR-Rootkits.
No more news about it ?
I must say, the development of this project needs to slow down. I'm having trouble keeping up with all the changes.
It's been a while since i've met you guys, I was busy doing my job..
First of all, I must say there are some misunderstandings, for the test was not based on proper technical background.
Actually both SD and Diskshot passed the test, and the thing TDSSKiller detects is only leftover.
To Understand this, we need to know the way the 'Sinowal' code works.
The head developer (of the Diskshot) said that malware is very 'stupid'
because the infection code runs only on ring3, and is not technically sophiscated at all(in a point of rootkit infection).
there's an analysis of the rootkit Sinowal:
According to this, Sinowal exploits some remaining sectors(that every windows-installed HDD has to have), and locates their main code to the end of HDD sector, like TDLFS filesystem.
Basically, Diskshot and Shadow defnder only prevents the system drive(and MBR) from modification, so any remaining partition is left behind.
to describe the problem, let me show this picture...
so like a gun without a trigger, the remaining code (at the end of the HDD) will never be executed..
But TDSSKiller detects the (neutralised)remainings and warns it to user..
He(who tested these software) didn't know that fact and just relied on what TDSSkiller says, so he could say there were failures..
above all, your system is still safe while you are using SD / Diskshot.
if you want to erase the remaings, you could use TDSSKiller or bcwipe or ccleaner etc.
PS: The developer told me that to get around the misunderstandings shown above, Diskshot will apply whitelist protection mechanism as of DS@Home 3.8.
(which prevents any modification of the entire HDD partitions except specified)
And DS@home could have some AV engine (especially for password-stealing trojans/sophiscated rootkits), trying to prevent online system infection (like returnil)
Have a nice day!
anyway , no english version = useless
For translation issues, it will definately be multilingual once the software is prepared for international purpose.. they are just hesitating..
hesitating to get more market shares...strange business behavior...
Well.. once it gets international, they need to employ international customer support team, translation team, etc.. maybe it needs much money...
though DS@home is free for personal use, They are commercial company, and it's already prospering in south korea..
(south korea has so much internet cafes, and much of them uses Diskshot..)
going to give you the lifetime license before the international version is launched.
I really wanna try this. Hopefully they release the multilingual version soon...
Version 3.8.990 is out and according to Google translate it protects unallocated space now. I guess this means no Sinowal bypass anymore? Maybe testzabezpieczenpc will test it.
actually im not interested in the software anymore. got burned out waiting.
I looked on their site, and I don't see anything about English support yet. Has anyone installed the new version yet to verify there is still no English support?
Huge potential, but a massive head scratch to me since no english info yet: I see some minor english language appearance at the official site:
"Keep your time with Diskshot™ Guide / Manual / FAQ / Key / More"
...it all leads to the key request page and nothing more. Korbos translate the info, please!
Yea, without welcoming an English version this app is dead n buried IMO.
Separate names with a comma.