Shadow Defender 1.1.0.237 released today

Discussion in 'sandboxing & virtualization' started by pidbo, Feb 23, 2008.

Thread Status:
Not open for further replies.
  1. pidbo

    pidbo Registered Member

    Joined:
    Dec 25, 2006
    Posts:
    198
    New release of Shadow Defender 1.1.0.237

    Version 1.1.0.237 - February 23, 2008
    New: support removable media
    New: some GUI changes
    Fix: some minor bugs
     
  2. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    Good news!

    is there a list about the minor bugs?
     
  3. pidbo

    pidbo Registered Member

    Joined:
    Dec 25, 2006
    Posts:
    198
    Hi QQ2595, I can't find any other info regarding bug fixes etc but it is nice to see it progressing. Has anyone tried it yet?
     
  4. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    can u test it if the bug u found in commit now was fixed?

    cheers:)
     
  5. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Awesome. Now I can protect my usb memorys too :D
     
  6. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    Yes, I will have a test soon:cool: .
     
  7. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Thank you.

    Yes I'm liking the update. The new system status is good touch and the support for removable media is also welcomed...progressing nicely.
     

    Attached Files:

    • SD.PNG
      SD.PNG
      File size:
      78.8 KB
      Views:
      5
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, what about Robodog problem now?

    BTW I sent a PM to u.
     
  9. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    Hi, just tested, The new SD release is not immune to Robodog, SectorEditor, CleanMBR. When enter the shadow mode, the original volume are hidden in these names "\Device\DpShadowX". I had a try, thrid party tool can still access the original volume with these symbol directly in shadow mode.:(
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks.

    What about my samples?
     
  11. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    does the new Deep Freeze Standard 6.30.020.1875 also immune to such attacks? just wounder :)

    cheers :cautious:
     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I'd say not. However, if you run LUA+SRP, HIPS, Anti-Executable or a sandbox (GeSWall, Sandboxie, Defensewall, etc) you should be protected (except from obvious mistakes)
     
  13. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    lol i know mate... just wounder if DF the monster stand aginst it :argh:
     
  14. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Sounds like something you should test...., and report back on.

    Blue
     
  15. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    dont realy have the "bad tools" like QQ2595 has..thats why i ask him to give it a shot :)
     
  16. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    In a way, this begs the question of the degree of worry you should have concerning these types of approaches. Naturally, one should be aware of the possibilities and how they might play out. However, as lucas1985 points out above, there are fairly straightforward methods of handling most of these creations in their current guise.

    Cheers,

    Blue
     
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    true blue, and I will dab a tad deeper to say I seem to see a consistent effort by 2 members to shadow,"no pun intended." Tony and his product.

    If the latest release does fail in these areas, he is aware.
     
  18. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Let me also add, it was Paul who said how hard it is for the lone vendor to create, grow and support any new security product in this day. As he said, any intial excitement needs to be curtailed until a consistent line of growth is accomplished.

    Tony, isnt Ilya, but he is continuing to grow along the lines that Paul spoke of. So he is still creating and correcting, and I commend him for it.
     
  19. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    I think this is security forums for expert. You would like me only say "The GUI is cool", "It is smooth in my XP", "I like it", "I used it in 30 mins, no problem so far"?

    By the way, The ISR products are installed in more than 50 millions computers in Asia since 1997. SD is a new security product ?:(
     
  20. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Why or what, is your obsession with SD, that is all I want to know. Why are your tests not run and reported on for other products, say like SafeSpace. Yhank you.:cautious:
     
  21. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    my report about DF:
    https://www.wilderssecurity.com/showpost.php?p=1167793&postcount=17
    https://www.wilderssecurity.com/showpost.php?p=1167833&postcount=30

    my warning about EZFIX:
    https://www.wilderssecurity.com/showpost.php?p=1186730&postcount=50
    https://www.wilderssecurity.com/showpost.php?p=1186955&postcount=16

    my report about RVS:
    https://www.wilderssecurity.com/showpost.php?p=1172117&postcount=104

    my report about AE
    https://www.wilderssecurity.com/showpost.php?p=1161421&postcount=9

    my report about AE + SD
    https://www.wilderssecurity.com/showpost.php?p=1158024&postcount=1

    why not report the bugs if I can find them?
     
  22. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Ok, thank you. Can you run it against something like the AV for F-Secure.
     
  23. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
  24. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Reporting bugs and/or behavioral characteristics is a useful objective, but it's also useful to provide some sense of the scope of the issue and approaches that a user could employ (if any) to address the shortfall.

    In the current case, as an example, what could a user do to handle low level disk access by a third party application to circumvent SD? As noted above, use of LUA or some type of HIPS could address the immediate issue. For various reasons, layering on a HIPS may be a nonstarter for some, so one might appeal to LUA.

    I have noticed that SD will not launch using the "Start as administrator" facility under SuRun, while using the native OS "Run as" facility appears to work just fine. Obviously a bit of adjustment seems in SD appears in order. However, this (using the Run as facility and an account with admin credentials) should directly address the specific shortfall identified.

    That's pragmatically useful advice if one is an owner of this (or any other) application since many are not able to jump between licensed products on a whim. These differentiating characteristics are certainly useful to keep in mind if you're on the market for one of these solutions, be it partition/application/system virtualization, or any security application in general.

    Blue
     
  25. tonycn

    tonycn Registered Member

    Joined:
    Dec 31, 2007
    Posts:
    6
    Hi QQ2595,
    Could you tell me which version you have tested with Robodog, SectorEditor, CleanMBR. I have tested SD with SectorEditor and Robodog, but it seems that these two tools can't bypass SD1.1.0.237.

    and you mentiond "I had a try, thrid party tool can still access the original volume with these symbol directly in shadow mode."

    Could you tell me which the third party tool is?

    Thank you very much!

    Best regards,
    Tony
     
Thread Status:
Not open for further replies.