The unofficial Shadow Defender Support Thread.

Discussion in 'sandboxing & virtualization' started by Cutting_Edgetech, Feb 14, 2011.

  1. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,587
    Location:
    North Carolina, USA
    Hello,

    I agree with this post:
    I would much rather see the already existing bugs (such as the task scheduler and the losing of program settings issues) resolved first before even thinking of adding new features. These new features are not really needed as you are already in an environment where you can just re-boot and revert your system back to the previous state. Adding new features could make it even harder in isolating the cause of current bugs and issues, and could even introduce new bugs to the software.

    IMHO, I would like to see the current version bug-free before adding anything else new. There are several of us out here that have issues that adding new features does not help the usability of the software for us at all.
     
  2. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,292
    Yes, this is my point of view too. Keep it simple, but most importantly, keep it usable.
    Once the current version runs with the least bugs possible, a new feature could be added, but again, that might not be necessary at all.
     
  3. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    SD's legacy has always been the fact that it wasn't officially "beaten" until very recently, when Sinowal arrived. Tony probably wants to beat it and get his record back. In fact he asked me for a sample to research, which I provided thanks to Patrick.

    Drop Rights will bring Sandboxie features encompassing whole disk/partitions and not just individual applications. Low level access will be blocked so malware won't be able to infect the virtual environment and then possibly leak to the real system (as Sinowal seems to be able to do). This would be a proactive and comprehensive OS defense.

    Personally I would rather have such options via SD. It will be good to have solid light-virtualization plus the ability to block low level access, all within in a single, easy-to-use lightweight app like SD. At the moment my SSDs don't take any direct write hits thanks to SD's RAM cache. I'd like to keep this ability and also have extra system security added to a single-app setup that is already optimal to me.

    Regarding the current scheduler problems: I e-mailed Tony yesterday again, asking him to participate on this. He'll probably respond at the official sd forum.
     
    Last edited: Apr 16, 2013
  4. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    The reason is that Shadow Defender can not always 'get rid of everything you don't want/need by simply rebooting'. Recent tests (believed to be reliable) have been conducted which have shown that SD is vulnerable to at least one known rootkit.

    At this time, it seems that only Sandboxie has the capability to prevent all rootkits from escaping/bypassing its virtualized container (sandbox) and that's because SBIE provides a 'drop rights' option and disallows any kernel driver from executing.

    TS
     
  5. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    Very well stated CM - we share the same belief re this matter (and why I proposed an SD enhancement for 'Drop Rights & Prevent Kernel Driver Execution' option).
     
    Last edited: Apr 18, 2013
  6. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
  7. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,081
    Last edited: Apr 19, 2013
  8. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
  9. chew

    chew Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    515
    Location:
    GeordieLand.
    Been lurking for a while now so want to say that I am glad to hear that SD (Tony) is back in development after missing for few years.

    I am going to wait for a while before purchasing a copy as my computer is going a bit loony at times. Not infection but more likely missing some drivers.

    My last "shadow" software was PowerShadow but SD is better as far as switching between shadow modes is concerned.

    Keep up the good work lads.

    p/s: do you know what is the exact reason Tony is missing for the past few years?
     
  10. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Is SD 1.2.0.376 compatible with XP SP3?
     
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,981
    Location:
    Nicaragua
  12. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
  13. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    340
    Location:
    Mexico City
    Hi,

    @Virus total and Jotti's malware scan

    SD1.2.0.376_Setup(x64).exe <- Ikarus Virus.Win32.Virut

    Do you have the same result with your version?

    PLMK

    Cam
     
  14. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    340
    Location:
    Mexico City
    Hi TomAZ,

    I installed SD 1.2.0.376 in my test machine (Windows XP SP3 32 - bits) without any issue.

    Cam
     
  15. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    1,081
    Just scanned using Malwarebytes anti malware (current virus defs)
    and Avast Pro (current virus defs) and both came up clean
    22.14 23 April 2013

    Patrick
    The Official Shadow Defender Forum


     
  16. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    That's good to know, Camelia. Don't know why, but from time to time with some of the earlier versions, I was running into BSOD on reboots and Windows startups. Maybe just some kind of conflict with my particular system.
     
  17. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,362
    Location:
    Oz
    I didn't know that SD was vulnerable to anything. What rootkit? And is it a rootkit that GMER would detect? Would Malwarebytes or Hitman Pro be able to detect the trojan that was mentioned?
     
  18. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    Check this out... -http://www.youtube.com/watch?v=VTLuTjufQkU- ;)
     
  19. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
  20. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,546
    For me, a shadow mode without exclusions and with 100% of the disk virtualized is completely useless. In normal work, I download files, create and modify documents, etc. They must be saved locally somewhere (I use a data partition) and, of course, they must survive a reboot.
     
  21. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
    This is why this will be optional and disabled by default. People can carry on using SD as they normally do. Any users who don't care about frequent committing would enable this to benefit from a more secure system.
     
  22. CyberMan969

    CyberMan969 Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    589
  23. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    340
    Location:
    Mexico City
    Hi TomAZ,

    No BSOD on reboot and Windows startups with my particular system...
    Which AV/Firewall do you use?
    Did you install a malware protection such as MBAM, SAS or Hitman Pro... to mention a few?
    Did you install .NET 4.0?

    Cam
     
  24. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    340
    Location:
    Mexico City
    How to check my system for the Sinowal Virus?

    Running Microsoft Windows Malicious Software Removal Tool (KB890830) or what?

    TIA

    Cam
     
  25. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,344
    Hi:

    It seems ikarus flash command tool.exe in Shadow defender folder as a virus??
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.