I'm well impressed with improvements that were introduced into newest 1.8 version since v. 1.6: . MBR Protection - to add aditional MBR protection to low system level is welcomed indeed. It was added by default. Wondershare Time Freeze (WTF) also has it - like an option though. Introduced in kernel driver in v. 1.7 with some BSOD in Win XP systems - quickly fixed. . Save settings - in v. 1.8 user can save settings even in protection mode; such wasn't suitable in v. 1.6 (that was very confusing to user to handle with settings; first he needed to exit from frozen mode). . Splash screen - very annoying to some users was splash screen that appeared when login in frozen mode. In v. 1.8 there aren't anymore it; in fact is enough floating toolbar and systray tooltip. Even better than in WTF that comes with a annoying warning before user login session when in protected mode. . Install/uninstall routine - enhanced the uninstall process that allow to avoid some third part uninstallers to screw the uninstallation process that needs to reboot to do an accurate uninstall - like Revo free, Revo Pro and similars. TTF performance is excellent and effective. Working well with SandboxIE; I replaced WTF with TTF. If Toolwiz Time Freeze is worthy of attention - their young developer deserves congratulations for their work and efforts.
The program is still very new, hopefully they'll get it right in later versions. I talked with James (Toowiz team leader) a couple of days ago, but I forgot to mention this MBR issue. I'll e-mail him tomorrow and ask him if it is possible for them to do tests with TDSS rootkits. If they manage to contain those, then this tiny program could be on the path to greatness! BTW James said that they're still working on the RAM utilization option that I mentioned earlier on.
MBR protection doesn't work in v. 1.8.3 and probably in earlier. Good results in similar test have SD, WTF and Returnil.
TheMozart and ichito observations require some clarifications: 1- Toolwiz Time Freeze uses light virtualization: same OS is used with file systems and key OS resources virtualized; it runs at a low level (kernel-level driver) to protect drive/OS integrity - in particular, the OS partition and under your existing system. It isn't full virtualization - with a virtualized processor and a full Operating System. 2- MBR is stored in the first sector of the boot disk. The MBR is a small program which runs whenever a computer boots up. In fact MBR doesn´t need Windows System OS to run! 3- TTF virtualizes your OS and your system drive - it doesn´t virtualize MBR! 4- When MBR protection is added it is under your OS - kernel/protection rings level. MBR isn't virtualized; neither the pre-OS level (MBR/Disk partitioning/BIOS) is protected - it isn´t virtualized by Toolwiz Time Freeze. 5- MBR protection doesn't mean MBR is virtualized; it doesn't mean that was added HIPS, anti-executables or MBR write protection tricks features; it means that was added aditionals tactics to check some normal kernel/protection rings level MBR related - always under Operation System supervision. Like linked test (by ichito) shows: virtualized OS is in clean state; MBR was changed. Again: TTF doesn't virtualizes MBR (BTW, be sure that it isn't a partition) - it virtualize system drive. Some others similars app. virtualize MBR? No. Why with some there aren't MBR troubles? Because they uses non-virtualized methods to avoid MBR from to be changed/damaged or corrupted. Could TTF do that also? Yes, if their developer wants such feature in future. Is this a virtualization issue? No. This means that are a bug in TTF virtualization? No - definitively! Like wrote by Ilya Rabinovich, DefenseWall HIPS developer somewhere in a Wilders post - Windows System about: There is only one really working protection mechanism to prevent malware in kernel mode- loading only signed driver files. But it can be subverted with MBR trick. PatchGuard doesn't protect the system as advertised. P.S.: BTW, thanks ichito for share with us the illustrative video test!
@majoMo... thanks for your comprehensive and transparent explanations...but I'm still a little bit confused because of it... - I don' remember where I said that MBR is/was virtualised - MBR infections are old kind of infections and they can give us probably every kind of danger...every whatever we can think about...whatever we wish...so I think... - if MBR can be infected it means that system can be succesfully "killed"... - in this context TTF with its "MBR protection" is not effective security app...and that's all
Time Freeze is still too new to be effective. It all depends on how good the Toolwiz coding talent is. If one day they manage to beat sophisticated rootkits then they would rule the LV market. But somehow I feel that this will be improbable with a program like Time Freeze that works on a file-system level. The current implementation would be suitable only for reversing damage by non-malicious software (e.g. a bad driver or an incompatible Windows Update) and to also undo user configuration errors. They need to make it more sturdy against malware. Also the fact that you can kill its process via task manager is a massive oversight IMHO. They should be working on an a sector level program, a program that is able to to withstand and completely reverse all changes, malicious or not.
CB, please post this comment on their forum so James can read your words. Hopefully you may give them some good ideas.
Not at all, since the protection is always working in the Windows kernel mode (not in a process level). - The core goal of TTF is virtualize your OS and your system drive. And it does that. - The core goal of TTF is not (at this point at least and like it was designed for): . To protect non-system drives; . To protect the pre-OS level (MBR/Disk partitioning/BIOS) - it was enhanced recently such protection in a normal system level; . To be a full virtualization application. . To be a Antivirus app.. . To be an Anti-executable app.. Could be added features that aren't inside core goal? Perhaps. But it's not suitable circumvent core goals. User can to have another goals? Yes - but their goal doesn't must be TTF goal - at all! They could be good suggestions to developer - not to lead at unfit conclusions. Kees1958 understood well what Toolwiz Time Freeze was done for. And did a very good suggestion (that includes Nprotect MBR Guard app.) to who wants another protection level with TTF. There are others: that doesn't mean at all that TTF doesn't do what it was designed for! E.g.: I use - and I will use always - SandboxIE. And added junctions to handle with some app. settings (BTW, thanks Brian K for your well explained post about).
What exactly are you guys using Toolwiz Time Freeze for? Just when you want to run and test a new program?
Yes, for as long as the program you are testing doesn't need a reboot. Like all LV software, Time Freeze is unsuitable for testing apps that need a reboot in order to become functional. For such a purpose you'd need a snapshot program. In my opinion TTF would be good for undoing infections by basic/unsophisticated malware, as well as for trying proggies that need no reboot. It is also good for undoing problems caused by non-malicious software (things like a bad driver or an incompatible Windows Update), and for reversing configuration problems caused by user errors. It is still no good against smart malware, at least not yet. Basic oversights must be corrected first ASAP - e.g. the fact that the TTF process can be killed in Task Manager is a massive oversight IMO. Toolwiz should fix such fundamental issues before moving on to bigger and better challenges.
So it always seems to come back to Rollback RX, and only Rollback RX, to be the best as an all round program, because it supports reboots, where no other known program does.
Yes, unfortunately it seems to be the only true snapshot app out there, plus it supports SSDs. But the Horizon DataSys tech support sucks, they have been asked certain things numerous times and never shed light to some important technical questions regarding the program. Comodo on the other hand is very different. CTM will be free like the previous versions, and even Melih (the Comodo CEO) is approachable and discusses things with users at the forum; if you e-mail him he will reply. Not many CEOs are so normal and down to earth. Horizon have a lot to learn from Comodo regarding the way to do business.
Fully agree...TTF's thread exist 6 months on forum, we know its features, we know results of its tests...and still is only "no-fully-security-app". It's nice that is free, easy, lightweight, correctly discards unwanted changes in system connected with tested app, codecs, tweaks etc....but only that and nothing more. At this time...I hope
However, unfortunately Rollback Rx doesn't protect from viruses and malware! If they claim as such than it is nothing but marketing hype. Best regards, KOR!
I agree, however RX can still protect against unsophisticated malware. It would be no good against sturdier threats like TDSS
Really? So, a sophisticated piece of malware like Zeus - are you claiming that Rollback RX cannot protect from it?
