Discussion in 'sandboxing & virtualization' started by trjam, Jul 10, 2009.
Just a FYI. Tony says early fall to have it ready. That is good news. And maybe 2 other surprises.
And while I am at it, let me throw a plug out there to all new members who are not familiar with it. To me, it is likely the one most overlooked piece of software. It is a truly amazing software that if I could only pick one, it would not be NIS but ShadowDefender. You really should try it.
i'm so happy , but i'll wait till i see this by my eyes
i've already talked many times with tony about 64-bit versions and he promised me to do something in this point
in fact that's the only reason that always separated me from 64-bit OSs
if SD supported 64bit OS this will be a great step for this wonderful product beind the only virtulazing software to do that "as returnil still in beta"
BTW , did he tell u the expected date to release this version ?
i expected that after this long period of silence on the shadow defender website there will be a storm for sure
I think Tony is like alot of others here. Microsoft really holds they key. And with the image that Bill Gates portrays, it would kind of go against the grain of his public image to just, throw away that key for other vendors.
i;m sorry trjam but i can't translate or just understand ur last reply
dont feel bad, neither can I.
When Windows 7 is ready my next PC will be 64 bit, That would be good timing for me. Im using Shadow Defender basically 24/7.
This is long-awaited good news. ShadowDefender is a big part of my setup. I have never had a single problem with it.
Shadow Defender's developer, when asked he replied " in several months" as a matter of fact I'm back to Vista32 because I'm too addicted to SD. Some people say that the kernel patch guard in the 64-bit versions cannot be bypassed. I don't really understand these terms, what is the truth: is it a matter of time or just impossible?
As far as I know it's a matter of legality.
Lawless Rootkits are allowed to bypass the patch guard but law-abiding security software vendors are not allowed to bypass it - or MS will not invite them to their candle-light dinners anymore.
On the other hand, I've read somewhere that it is meant to stop rootkits. Basically what you are saying is that developers need to have a license from MS to bypass patch guard.
No, there is nothing to buy. Vendors can just water down their products (e.g. Comodo or Kaspersky) or stay away from patch guarded Windows versions (like Sandboxie).
It looks like MS has just thrown the baby out with the bath water.
Every Malware can easily remove the user mode hooks of CIS or KIS.
So what's the point of HIPS, Sandboxes etc. with this Windows versions?
khm... not just every malware, must be designed for this to do, also there are some protection techniques from unhooking, so it is not just every malware and not easy
From Kernel Patch Protection: Frequently Asked Questions:
Q. Is there any mechanism that allows a particular application or driver to patch the kernel?
A. No. There is no mechanism on systems that support patch protection that allows an application or driver to patch the kernel, for the following reasons:
• There is currently no reliable way for the operating system to distinguish between "known good" components and unknown components that might potentially be malicious. Therefore, it is not possible to grant patching capabilities only to "known good" components and deny them to unknown components.
• Even if "known good" components could be distinguished in a secure, non-spoofable, and reliable fashion from other components, patching would still introduce the reliability and performance issues that were described earlier. The attack surface of the kernel would also be increased to include the additional components.
Q. Patch protection prevents my application or driver from running. What are my options?
A. Modify your application or driver to use only Microsoft-documented interfaces. If the functionality you want to enable is not supported with Microsoft-documented interfaces, then you cannot safely enable that functionality. There is no mechanism to selectively disable patch protection or "special-case" a given application to work around patch protection. If an application or driver patches the kernel, it generates a bug check and shuts down the system...
My interest is really directed to virtualizers like Shadow Defender which cannot at the moment run on x64. Why then DeepFreeze (also a virtualizer) has no problems with x64? That explains why Avira can't scan for rootkits in the x64 version.
and what about windows 7 support by shadow defender
any one tested shadow defender with windows 7 ??
It works perfectly.
thanks for the answer
Patchguard pretty much excludes kernel mode rootkits but not user mode, although an adequate defence should prevent these also.
Separate names with a comma.