Shadow Defender 's vulnerabilities

Discussion in 'sandboxing & virtualization' started by RootAccess, Jun 12, 2011.

Thread Status:
Not open for further replies.
  1. RootAccess

    RootAccess Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    64
    From a Prevx web page, modern malware can defeat virtualization programs by directly writing directly to the atapi.sys kernel module. I was wondering if Shadow Defender has this same limitation.

    Also, there are malware that spread through USB drives. Returnil, a competing product, just forbids anyone from accessing the flash drive. However, this solution is terrible. What are Shadow Defender's defenses from these malware?

    Thanks!
     
  2. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I can access flash drives with Returnil. o_O
     
  3. RootAccess

    RootAccess Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    64
    Have you tried doing it with virtual mode on?
     
  4. Serapis

    Serapis Registered Member

    Joined:
    Nov 15, 2009
    Posts:
    241
    I use shadowdefender alot, but I dont recommend that you use it on its own however. If it was actively supported i wouldnt say that.

    The deal is, trying to run a machine securely with admin and driver installing priviledges enabled is an oxymoron. You can't do it. fullstop.

    Thats how things like tdss was able to bypass other virtualizers in Buster's tests. Thats how the rootkit driver was able to write to a low level the atapi.sys kernel module. But when it was run under a user account the rootkit failed since it cant install.

    Bottom line here, use a HIPS or Sandboxie when running under a LV just incase.
     
  5. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    yes... :D:thumb:
     
Loading...
Thread Status:
Not open for further replies.