Discussion in 'sandboxing & virtualization' started by Cutting_Edgetech, Feb 14, 2011.
hxxps:// www. youtube.com/channel/UCrtmme_CU7ixcZjkMZ2r_3Q
Not at all surprised by the tester's perfect results, but his remarks to the effect that the ransomware was 'blocked' or 'stopped' is incorrect and misleading...
In all 10 ransomware infections, upon performing a system restart Shadow Defender was able to restore the system to its prior (clean) state, but during the time the system was infected by ransomware there's a definite possibility that data-theft may have occurred - i.e., before the system was restored by Shadow Defender! That's why (imho) it's critical to implement outbound firewall control (in addition to SD).
Agree, but there is only one thing missing if the system become infected with malware.
With the combination above of security software.... For example of Shadow Defender &
Away to remove/clean the malware, ect.....
Maybe a secondary scanner or just a antivirus without a firewall. Plus, adware cleaner.
Shadow Defender, restore the system to its prior (clean) state, if it was really clean to began
SpyShelter Firewall,does not remove malware and/or clean......
Suggestions/thoughts opinions, welcome......
for this you have backup.
Even antyvirus dont clean system fully/ well good after infection and system might be unstable even after "cleaning" by antyvirus..
Becasue antyvirus delete corupted files and new malware files ofc if "detect,find it"
And for fix system file you need use windows tool or just better make rollback system to state before infection.
And there is a lot forums where peoples using other tools to find files corupted mostly use FIRST...
But even this software can't be enought if system is much harm and still need offen reinstall or rollback system if made backup in past.
So you dont need scanner AV if your system is all time rollback to clean state.
so you dont bring infection to new,next session and in current session hips/fw protect you to not get infection in that one.
Just look how much av is helpfull
if you get infected by ransomware av will help you ? no bc your filles are allready screw.. dellete virus not bring you back files.... and your system still can't be unstable after it so you need rollback or reinstall system.
If you lose your prive data due of Keyloger or Trojan etc spying behavior... AV will help you ?
No your private personal data already in darkside of net. and scanning pc not give you guarante trojan was fully removed from your disk and still can be spying somewhere there..
So solution its once again reinstall or rollback system to not leak rest data if was yet left something to leak....
This is 2 golden example why better more prevent instead of try cure because for cure can be to late.. "instead chasing butterflies"
Straight to the point, with great details and with a few examples.
What rollback software would suggest? For example, Instant Recovery,
Rollback Rx, and Macrium Reflect.
Or just do a clean install of Windows to current version?
Remember please that this is the thread about Shadow Defender.
Appreciate the remember, thank you.......
Exacly and Shadow Defender its kind or rollback
Just look... how long you work on your system with out reinstall or rollback.
1 year ?! meaby 2 meaby 3 or even longer... and what if your system is infected after 20day since fresh install and ofc you still dont know it.
You life with it , use your system whole this time with virus who steal.read your all activity whole this time... and ofc you used few antivirus in this time ofc not all in one time, half year avira .. but you didint like it so you moved to kaspersky now peoples saying defender basic is far enought and you stay with it..
but unfortunly this malware which is on your pc it still less popular and any AV still don't detect it which you used in past and unfortunly still even now .
Now look on Shadow Defender even if you launch system 1 time on day or even 2 times - for example before go to job and once again after it.
If one year have 365 days you will have 365 fresh sessions.
That why in this case/situation Shadow Defender 24/7 using its better then even hardstyle multiple scanner like SecureAplus , HitmanPro etc.
Because its not molest your all files. data by make bussy your I/O taks disk and processor for scaning new operation with dream about find virus and you still dont have 100% chance to find all which i said above.
Shadow Defender wipe all new changes from up every single boot which is better than holding 1 unknow session whole years and molest it with av which faster or later will fail with detection..
I use Sandboxie, Keyscrambler Premium, Malwarebytes active and a firewall (in my case Sygate Personal Firewall Pro) and check each file that I download on to my pc in each Shadow Defender (Shadow Mode) session and I never save a file or to reboot to a real session from Shadow Mode until it has been thoroughly tested and confirmed (by me) to be safe.
Note: Remember to confirm your Firewall settings in non Shadowed mode if changed in Shadow Mode session..
I install programs outside Shadow Defender Shadow Mode only after testing in Shadow Mode and with anti virus etc and running the program to see if it serves my purposes.
Tony always said that it was important to install Shadow Defender at an early stage when installing your operating system. I imagine that this is to get there before the malware is installed and active when it might make connection to an outside source and then your Shadow Mode session would be pointless when the 'enemy' already has your vital information.
Shadow Defender does not protect you from revealing information that you give away on the Internet revealing your true identity and personal information which might make you vulnerable in Shadowed and non Shadowed session.
I do not like software that insists on 'phoning home' as part of it's makeup. I usually block anything like that unless it is essential and proven safe. Anything that proves itself a nuisance I will not have on my system. I don't want to be constantly nagged or reminded of things by a software developer. I don't allow automatic updates.
That is my way of working...it might not be 100% but it's served me well over the years.
Thanks to @Dann for kind comments
The most important in securtiy its what you realy need to have and what is the real most important
and in this scenario you also need know which software how work to get good choice.
And you cant fully compare AV's to Shadow Defender because thier job its totaly diferent but honestly if you compare cons and pros better stick Shadow Defender but dont forget you no need choice beetwen them you can use well both of them. but for me there is no point.
And both av and shadow defender its not kind of software which prevent its more kind of diferent way to keep clean state of system.
For prevent you have Hardering ( disable services which take more risk for infect system and you dont use, add some more restriction/settings etc )
HIPS which take action during 1st try by launch unwanted action and take control whole system what happen in background.
Firewall to take contro what try connect to your system and what goes out from it also.
And also Shadow defender not only protect you about be permanently infected but hold your system always fresh.
So you no need use from time to time other cleaing tools like ccleaners because temp burdel files will be wiped
So if something broke for sure will be not system but faster pc component or just to time when you not shutdown shadow mode for intall /make updates any other kind of changes in system.
That why even if you use Shadow Defender you have still do solid backup and dont forget it.
Technicaly not matter which way you go which kind of layer security/which soft you will use - always do backup!!
If you are always running virtually in SD's shadow mode, reverting back to the clean real system with every restart/shudown, how could the real system become infected? Certainly the virtual system (shadow mode) may get infected; that's why I recommend an additional layer of protection, specifically to prevent rogue outbound traffic. As far as I'm concerned that's all the protection actually necessary!
Of course image/clone backups (to external storage) must be performed on a regular basis for disaster (of any kind) recovery.
Now that i've gave up the ghost so to speak transitioning to Windows 10 (but NOT entirely just yet), Shadow Defender is as it's been for some time now. On Demand Only. Since those days of foulware hunting are pretty much behind i still keep SD close like a guard dog in case for those rushes to duty & courage if i happen on a powerful sample or two that raise enough panic to grab attention enough for me to send it into the Shadow Defender Arena for sport and research.
Aside from that on this newly christened Windows 10 20H2 i'm running ERP 4.0 which is akin to double duty for UAC but way more granular to the liking. WiseVector Stop X is silently positioned in tandem with Microsoft Defender which i never thought i would see the day i could actually rely on it. Well on 10 its built in and does enough. Secure Folders is also a throwback alternative that is hard to part with even on a newer system.
Also Drive Snapshot backup images are the final lifeline which rounds out the core of this system and any others that might be added in the future. Gotta have them backups, No Brainer
That said i seen and experienced rock solid performances of SD plenty enough against the baddest of the bad only to rise to the occasion as it always has for me and return a session right back to clean state. So while unlike some of you i don't run it to go online to stay safe or dump my safe sessions whatsoever but it is every bit a integral component that i can turn to without giving a second thought to it's capabilities to meet and defeat challenges.
@Quassar, @Wendi, @Wendi,
Nice feedback on Shadow Defender.......
Learning a lot, keep it up.......
Here is some review about SD
Great more feedback on Shadow Defender. Thank you for sharing, @ichito....
Thanks @Wendi I agree. It's been mentioned and strongly suggested before just as you on occasion before, however it is worth that REMINDER AGAIN as a wise decision to add that particular extra layer in order to "absolutely" prevent any possibility to some outbound run while in Shadow Mode.
Does anybody know if you can use Comodo Firewall for containment feature with browser and Shadow Defender?
Like a safety net.....?
I'm not a CF user, but I believe you can configure CF's alert settings so as to be notified whenever the firewall encounters an unknown request for network access.
We used to have posted to this forum some years back a freelance developer or two who's little outgoing firewall alert programs were ideal just for a program like SD to prevent if something tried to ring the phone to some outside destination when in Shadow Mode.
Wouldn't a front-end to the firewall for Windows like @alexandrud's Windows Firewall Control suffice for that purpose?
@EASTER, @Moose World, as a long-time SD user I have found the free version of SpyShelter performs outbound traffic control very well (and in addition, if desired, it also provides an effective HIPS)!
Apparently @Wendi also complements SD with SS to monitor/control outbound network requests.
Thank you for sharing, really appreciate the info and update........
Thanks @pvsurfer- I may have a look and test run sometime with it.
Shadow Defender is On Demand only here- (is been that way mostly for my 8.1 units) Its always also been extremely stable. When testing malware especially file infectors, it proved solid as iron which is saying a lot since there must be every conceivable form of malware known/unknown to exist that SD can handle.
@EASTER, and it has also been very stable on my Windows 10 for at least two years now
If you have several internal drives for backup, should all of these backup drives be in Shadow Mode in addition to the C: drive?
So long as you or your backup isn't writing to them that you want to retain I really don't see why not. I mean it's always an excellent preventative while online even though they are storage for your backups. I would if it was me also on occasion transfer those, or some of the most recents or even dated ones out and over to a isolated storage for really superb confidence.
Separate names with a comma.