Introducing Diskshot™ - an alternative to Shadow Defender

Discussion in 'sandboxing & virtualization' started by dax123, Oct 3, 2012.

Thread Status:
Not open for further replies.
  1. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Toolwiz Time Machine has the same functionality and footprint.

    Best regards,
     
  2. ViVek

    ViVek Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    575
    Location:
    Moon
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,995
    Location:
    Nicaragua
    Hey, hey, pareces hispano escribiendo Español, te felicito, saludos desde Centro America.

    I think an English translation of the program would be enough for most people, it would be nice if they put one out in the near future.

    Bo
     
  4. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    630
    Location:
    USA
    Last edited: Mar 9, 2013
  5. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
  6. Arcanez

    Arcanez Registered Member

    Joined:
    Oct 5, 2011
    Posts:
    404
    Location:
    Event Horizon
    why translate anything from those Videos. He's not even talking there's just Music in the Background and everything important that you Need to know is highlighted in green and red which is basically "failed" or "passed"....

    Also an interesting Thing is that the only malwares that get through are basically that TDL4 and Sinowal...All the tested light virtualization Softwares score a 4/5 because either the TDL4 or the Sinowal got through...
     
  7. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
    Not to 'hear' anything, but to 'read' the commentaries/messages as to what is happening and any impressions he may be sharing.

    Cruise
     
  8. artoor

    artoor Registered Member

    Joined:
    Oct 13, 2012
    Posts:
    113
    Location:
    Poland
    25sec he explained that because of that he doesn't know Korean he isn't sure if he's defined everything correct.
    37sec because DiskShot modifies MBR, TDSSKiller shows this modification as malicious software. So he does quick scan with GMER
    1min20sec GMER descried modification connected with DiskShot, and obviously it is a fals alarm.
    1min44sec Thanks to this option each modification on the Hard Drive should be undo (cancel) after rebooting
    3min05sec There is an infection (Sinowal) failure
    Next attempts are passed ;)
     
  9. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    Unliess I'm mistaken, and this wouldn't be the first time, Diskshot modifies the MBR (similar to Rollback Rx and its clones), but not TTM + TTF. :doubt:
     
  10. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
    Thanks for the help artoor!
     
  11. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    Here are some rootkit results against Diskshot. This person also tested Shadow Defender against the same rootkits. My apologies is this has already been posted. -http://malwaretips.com/Thread-Diskshot-Home-3-7-970-vs-5-MBR-VBR-Rootkits.
     
  12. guest

    guest Guest

    No more news about it ?
     
  13. carfal

    carfal Registered Member

    Joined:
    Dec 19, 2009
    Posts:
    177
    I must say, the development of this project needs to slow down. I'm having trouble keeping up with all the changes. :rolleyes:
     
  14. dax123

    dax123 Registered Member

    Joined:
    Jul 2, 2010
    Posts:
    58

    Hello! :D
    It's been a while since i've met you guys, I was busy doing my job..

    First of all, I must say there are some misunderstandings, for the test was not based on proper technical background.
    Actually both SD and Diskshot passed the test, and the thing TDSSKiller detects is only leftover.

    To Understand this, we need to know the way the 'Sinowal' code works.
    The head developer (of the Diskshot) said that malware is very 'stupid'
    because the infection code runs only on ring3, and is not technically sophiscated at all(in a point of rootkit infection).

    there's an analysis of the rootkit Sinowal:
    http://stoned-vienna.com/html/index.php?page=analysis-of-sinowal

    According to this, Sinowal exploits some remaining sectors(that every windows-installed HDD has to have), and locates their main code to the end of HDD sector, like TDLFS filesystem.
    Basically, Diskshot and Shadow defnder only prevents the system drive(and MBR) from modification, so any remaining partition is left behind.
    to describe the problem, let me show this picture...

    sample.gif


    so like a gun without a trigger, the remaining code (at the end of the HDD) will never be executed..
    But TDSSKiller detects the (neutralised)remainings and warns it to user..
    He(who tested these software) didn't know that fact and just relied on what TDSSkiller says, so he could say there were failures..

    above all, your system is still safe while you are using SD / Diskshot.
    if you want to erase the remaings, you could use TDSSKiller or bcwipe or ccleaner etc.

    PS: The developer told me that to get around the misunderstandings shown above, Diskshot will apply whitelist protection mechanism as of DS@Home 3.8.
    (which prevents any modification of the entire HDD partitions except specified)
    And DS@home could have some AV engine (especially for password-stealing trojans/sophiscated rootkits), trying to prevent online system infection (like returnil)

    Have a nice day! :D
     
    Last edited: May 11, 2013
  15. guest

    guest Guest

    anyway , no english version = useless
     
  16. dax123

    dax123 Registered Member

    Joined:
    Jul 2, 2010
    Posts:
    58
    For translation issues, it will definately be multilingual once the software is prepared for international purpose.. they are just hesitating..
     
  17. guest

    guest Guest

    hesitating to get more market shares...strange business behavior...:rolleyes:
     
  18. dax123

    dax123 Registered Member

    Joined:
    Jul 2, 2010
    Posts:
    58
    Well.. once it gets international, they need to employ international customer support team, translation team, etc.. maybe it needs much money...
    though DS@home is free for personal use, They are commercial company, and it's already prospering in south korea..
    (south korea has so much internet cafes, and much of them uses Diskshot..)

    going to give you the lifetime license before the international version is launched. :D
     
  19. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,292
    I really wanna try this. Hopefully they release the multilingual version soon...
     
  20. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    431
    Version 3.8.990 is out and according to Google translate it protects unallocated space now. I guess this means no Sinowal bypass anymore? Maybe testzabezpieczenpc will test it.
     
  21. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,892
    Location:
    US
    actually im not interested in the software anymore. got burned out waiting.
     
  22. silat

    silat Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    191

    In English?
     
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    I looked on their site, and I don't see anything about English support yet. Has anyone installed the new version yet to verify there is still no English support?
     
  24. MyBlackBox

    MyBlackBox Registered Member

    Joined:
    Jun 28, 2013
    Posts:
    35
    Location:
    Italy
    Huge potential, but a massive head scratch to me since no english info yet: I see some minor english language appearance at the official site:

    "Keep your time with Diskshot™ Guide / Manual / FAQ / Key / More"

    ...it all leads to the key request page and nothing more. Korbos translate the info, please!
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,775
    Location:
    U.S.A. (South)

    Yea, without welcoming an English version this app is dead n buried IMO.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.