The unofficial Shadow Defender Support Thread.

Discussion in 'sandboxing & virtualization' started by Cutting_Edgetech, Feb 14, 2011.

  1. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    That's strange.
    I purchased 2 licenses [one for desktop and one for laptop] of Faronics Deep Freeze Standard at the beginning of this year [January to be exact] and they included Data Igloo with them.

    Since when they discontinued selling DI alongside with DF Standard ?

    I fully understand user huntnyc, not wanting to buy DF Enterprise for a home environment since the minimum amount of licenses allowed for the Enterprise version of DF is 15 and that's quite expensive.

    So far, I like DF a lot since it does the exact things as SD and, the system resources impact is very minimum.



    Carlos
     
  2. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Hi Gary,

    I really love Deep Freeze and its low profile. My AV, which is Avast Internet Security always informs me about program and/or definitions updates. So, does the Microsoft Windows Update.

    When I see an update is pending, I usually thaw the system, apply the updates and then put back the system in frozen state again. I guess for the Deep Freeze Standard version, this would be the only solution. With SSDs my reboots are very fast.

    Best regards,
     
  3. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Dear Carlos,

    Thank you for the above information. According to Gary (huntnyc), Data Igloo doesn't allow redirecting of Program Folders.

    What has your experience been about Data Igloo?

    It appears to be the best and working great with SSDs.

    Best regards,
     
  4. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    Hi Aladdin,

    It's odd because the following links state that Returnil is compatible with SSDs. I'm not sure what you mean by fully compatible though - unless of course you had in mind the restrictions that Coldmoon was referring to in the DSLReports forum, which apply while in Virtual Mode.

    http://www.returnilvirtualsystem.com/files/manuals/en_us/rss/ch01.html

    http://www.dslreports.com/forum/r26...rnil-Virtual-System-Pro-v3.2.12918.5857-REL14

    Kind regards
     
  5. huntnyc

    huntnyc Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    1,014
    Location:
    Brooklyn, USA
    Was not taking any negative shots at Deep Freeze becaus eit is a fine product. Just clarifying that if anyone wanted to try and exclude Avast or any other program that resides in Pragram Files folder, that would not be possible with Data Igloo and Deep Freeze Standard. My information comes from the Data Igloo manual which anyone can download themselves and read. Faronics also has an Anivirus product which integrates with Deep Freeze but only with the Enterprise version which is prohibitive in cost to home users.

    Regarding Returnil, just holding off because I think it might take up too much system disk space to run on my 128 GB system SSD according to system requirements but I oculd be wrong. Thanks again for all info.

    Gary
     
  6. huntnyc

    huntnyc Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    1,014
    Location:
    Brooklyn, USA
    Although I could not exclude Program Files folders with Deep Freeze Standard 7, have decided to run it anyway, remove Avast, and also run Sandboxie Paid as well as HitmanPro on demand. Should be enough to meet my needs. Just wanted to give a final update on this.

    Gary
     
  7. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA

    @ huntnyc:

    That setup would be excellent in my opinion.
    Although, I think you should add another line of defense on your PC setup which would be an Anti-Executable.

    I was thinking that A-E could be either Blue Ridge Networks AppGuard or Faronics Anti-Executable. You can't go wrong with either one.

    My layered defense for all my PCs laptops at home include at least these three layers: [Windows 7 Pro, with UAC enabled and running as standard user]

    [1] AV/AM, in this case, I'm using MSE v4.1

    [2] A-E, in this case, I'm using Faronics A-E, v5.0

    [3] Light-Virtualization, in this case, I'm using Faronics Deep Freeze Standard v7.3

    I've thrown in on this setup Sandboxie [paid], and I also use Mozilla Firefox 13.0.1 with NoScript as my default browser. [Previously, I had WOT for Firefox but the latest version of this add-on totally refuses to install on FF on Windows 7].

    And, in case of disaster, I have a full image of my HDD [all PCs/laptops at home] created by using Acronis Ture Image Home 2012, so if something goes wrong and even with that above setup, malware gets past all the protection layers, I just re-image and, back on business.



    Carlos
     
  8. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,053
    I'd just like to remind everyone that this is "The unofficial Shadow Defender Support Thread."
     
  9. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    Very odd that the .331 driver is digitally signed whereas the "venerable good" .325 isn't.
    That might explain why you aren't seeing BSOD with .331.

    In regards to "Tony"...didn't that guy live in Beijing?
    How much we know about him and how are business handled in China?
    So far, no none of us have been to Beijing to know exactly what happened to SD "developer". May be the government expropriated his business, who knows.


    Carlos
     
  10. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Dear Carlos,

    Thanks for the above information. I wasn't aware that .331 driver was digitally signed by Microsoft. To get that done it has to meet the following criteria.

    1. It has to be legit.

    2. Tons of money need to be paid to Microsoft for the driver to be digitally signed.

    Best regards,
     
  11. Moosehead77

    Moosehead77 Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    134
    Well you gentlemen could have told me about the digitally signed driver 400 posts ago....

    But Thank You for pointing this out. A valuable piece of information.

    Like a man just out of prison and abandoned by the world, when no one will trust him, I will trust and give version .331 a chance.
     
  12. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    As far as I know v325 is also signed by VeriSign. This got nothing to do with Microsoft certification though, and this goes for both v225 and v331.

    By the way, here's some screenies of my v325 diskpt.sys VeriSign certificate:

    325.jpg
     
  13. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Well some have said they have purchased 331 and yet to hear anything bad or evil going on.Other then the silent No support, I think its fine to use.
     
  14. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    59,102
    Location:
    U.S.A.
    Removed Off Topic Posts.
     
  15. Moosehead77

    Moosehead77 Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    134

    Im trying it out and i hope it works out. I respect the opinion of this fine community and i pay attention to whats being said. I wanted version 325 to work but it was giving me the infamous BSOD. Ill keep trying out this 331 version. If all else fails and i get the malware of doom, well ill just whistle, and kick this puter to the curb. :eek:
     
  16. CGuard

    CGuard Registered Member

    Joined:
    Mar 2, 2012
    Posts:
    145
    Interesting...

    I guess that's the "24-2-10" version (silent update). I 'm using the "23-2-10" version" and diskpt.sys is not signed. Also, its file-size is significantly smaller (186 KB).
     
  17. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    Yes, as far as I know this is the silent update (it is obvious from the dates/times when compared with the previous file you mentioned which is 1 day older).

    In the past I have seen users confusing VeriSign certification with Windows WHQL certification. From wikipedia: http://en.wikipedia.org/wiki/WHQL_Testing

    A company can choose to sign their own drivers rather than go through the WHQL testing process. These drivers would not qualify for the "Certified for Windows" logos, but they would install on 64-bit versions of Windows and install without a warning message on 32-bit versions of Windows Vista or Windows 7.[2] However, it will not install without a warning message on Windows XP.[3]

    Some device drivers that have passed the WHQL tests are also made available for download using Windows Update.

    When Windows XP detects a new device, for which it does not have built-in drivers, it will show a Found New Hardware Wizard (see screenshot on the right). The only way to avoid the Found New Hardware Wizard from popping up on Windows XP is by pre-installing a WHQL certified driver before the device is plugged in.

    The WHQL testing fee Microsoft requires is USD $250 per operating system family.[4] This fee covers both 32-bit (x86) and 64-bit (x64) versions, if submitted simultaneously, and is non-refundable. The fee does not include other expenses, such as a Windows Server 2008 x64 license, necessary for running WHQL tests, and a VeriSign certificate, necessary for submitting test results.[5]
     
  18. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Dear CM,

    Again thank you for such an informative and learning post. Your posts are always a joy.

    Best regards,

    Mohamed
     
  19. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    Thank you brother! :thumb:
     
  20. jna99

    jna99 Registered Member

    Joined:
    Apr 18, 2012
    Posts:
    94
    Location:
    127.0.0.1, Netherlands
    I've found on youtube someone that has tested the 331 version with malware. the video is about a month old. And the author of the vid is Winsevenholic. don't know him personally, but he has tested many many av products. its a short test.
    Anyway here's the link:

    -http://www.youtube.com/watch?v=hGXqkwcLOyQ

    I use the .325 version myself, just in case. I have no idea if .331 is to be trusted.
    But I thought maybe nice to see how SD does in a vid.
     
  21. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA

    I just watched the SD v1.1.0.331 video at YouTube.
    As usual, impressed by the capabilities of SD against malware regardless the version number.

    Although, I couldn't understand how come the video poster was able to open the Windows Task Manager right after each malware file execution.
    I had thought that was one the first things malware tends to block from working, to avoid the PC user could terminate its malware processes [via task manager].



    Carlos
     
  22. jna99

    jna99 Registered Member

    Joined:
    Apr 18, 2012
    Posts:
    94
    Location:
    127.0.0.1, Netherlands
    I do agree with you I must admit, now that I thought about it more. Ideally it would be better if there are more videos by different people with SD in it with different kinds of malware/viruses.
    But to answer your concern about Task Manager behaviour, I have no idea to be honest. Some malware take over the system completely and don't show even the explorer process (task bar, window manager, etc).
    The fact that the video is a bit like an music video (fast forward, fast cuts) doesn't help much either in following exactly what a specific virus/malware is doing.
    Maybe the author did edit the video a bit too much. I rather see unedited video, but I couldn't find recent SD test video's tbh, or I didn't search hard enough or the videos that are more elaborate are usually russian, polish or in similar languages.
    I guess a more thorough and unedited video is better to watch. I hope someone will do a lengthy test video.
    Anyway, I do see your concern and I agree with you.
     
  23. Moosehead77

    Moosehead77 Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    134

    Thanks for the Link Jna99. Appreciate it.
     
  24. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,053
    The versions that I have (32 and 64) are both 23/02/2010


    101CDC867F7771FAAE6810483EF16439

    35EDF53C0B4D3B8960047CFBFCBAE7E3
     
  25. jna99

    jna99 Registered Member

    Joined:
    Apr 18, 2012
    Posts:
    94
    Location:
    127.0.0.1, Netherlands
    My version is .225 which I downloaded with thanks to CyberMan969 (post # 1092). Checksums are MD5.
    I already had a license bought for version .331 but thank goodness the licenses work with older versions :D
    Various people in this thread recommended to use version .325 , so I stick with this version. But that doesn't mean .331 would be bad, but I guess still highly suspicious because of no changelog and no response with mail and no support or announcement whatsoever.
    I'm running os windows 7 x64 and had no errors with installing, no BSOD or other errors.

    Various checksums for x64 1.1.0.325 (silent update version):
    checksums are calculated by Hashtab v4.0.0 program.

    Adler32: F4011B6C
    CRC32: 5AF8B7A9
    MD2: 8AA153E21E5AA015B4A9ADB2E3B138EB
    MD4: 7FEA6DEE42A72B9D1F5055F55807879F
    MD5: 35EDF53C0B4D3B8960047CFBFCBAE7E3
    RIPEMD-128: A7868B5B4682C6790D594568D011E43C
    RIPEMD-256: 56DB2B1ADC3932F2A4C1EDEB090098EBFE8E1913F6DAA769E4CC1ADCB1743109
    RIPEMD-320: 0C413CD6C1859824E218F70664797E465C720CD6E073C4BDA000FA39106E34B09BA794E8790A3E6E
    SHA-1: A46C3B986ACF1BE42B87F2B1F57E3E13DEAF282A
    SHA-256: 6FE018248990D0FEFE3BD10A3F13112B890841936B9D370A8A19ECBCFCD0C915
    SHA-384: 953A87D418B9DCAD2FF87F6D386F35C7725043974073C1576A880CA1E366929AEF0A42CC3B1175630FEB42448CDB337D
    SHA-512: C2823F1DF6745629C794ED35C24574D7C57AF9CFEE87CCAF9D5D89D02A7F6D140A123C78898C3816A646B1B178DEC4512FE30478243AD3415DD04BCC778C7003
    Tiger: 720F1E1E4CD5C85AFCF57BB7E1BB2828EB62BCE43ADB4C50
    Whirlpool: 49864CA924C519B9C8926469FEB32BB4F0209AEF95F3CC9D0E40B801329E04306AC0A7F1A3E893C462B80A22B6F8B02D96D81DF93367217DAEC0630B1E923F09
     
    Last edited: Jul 16, 2012
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.