Rollback Rx cannot protect from any malware and/or viruses, whether these malware and/or viruses are sophisticated or non sophisticated. Best regards, KOR! P.S. Rollback Rx has neither an anti-virus nor a malware engine!
If you are suggesting that you cannot rollback a system when you get hit by any type of malware, regardless of its sophistication then that is utterly untrue. Where rolling back to a previous snapshot may not work is with malware that modifies the MBR or performs low level disk access.
By the time you discover the virus or malware whether it is sophisticated or non sophisticated, you might not have a clean snapshot to rollback to. Even programs like Acronis True Image or Acronis Disk Director, if they are uninstalled with let say Total Uninstall, can break Rollback Rx. Has happen to me before! Best regards, KOR!
Glad you agree with me then. Rollback RX could recover your system as long as: 1. You still have a clean snapshot 2. The malware was not of the MBR-modifying or direct disk access type I would never uninstall programs such as those with Total Uninstall - you're just asking for trouble. Don't blame Rollback RX for that. Bottom-line - Rollback RX is not a solution designed to protect you from malware, but depending on the type of infection you have, you have a reasonable chance of being able to recover a previous snapshot.
Rollback Rx is super duper "System Restore", like "System Restore" Rollback and its "Snapshots" are useless if the "Restore Points" contain viruses and/or malware. Why? Does Rollback Rx advises as such to their regular users about uninstalling programs as I mentioned with Total Uninstall? Can you provide some kind of links on this from HDS? Best regards, KOR!
Guys, when I said "unsophisticated malware" I meant malware that do not modify the MBR and that are not aware of the existence of LV or of RX and its snapshots. There are a lot of crude malware out there which wouldn't have a clue that the system they have infected contains snapshots. Infections by such malware on RX or CTM systems can be easily undone just by restoring an older snapshot, for as long as the malware hasn't modified the MBR. It has happened to me in the past when I was testing CTM and RX with basic malware. All it took to get rid of them was to restore an older snapshot at next reboot, and all 'dumb' malware were history. Of course CTM and RX cannot protect against malware. Protect is the wrong word to use when we talk about LV and snapshot apps. But such solutions can most definitely undo most 'dumb' infections. This is an absolute fact proven by empirical data, and as such it is non-debatable. BTW King, the CTM and RX snapshots are hidden in a much better way than the simple Windows restore points. Not even the OS is aware of their existence, so it is highly unlikely that any unsophisticated malware would ever know that there are snapshot data stored on the disk's free space.
Sorry but I have a little bit another view of this...LV give us unrealistic-artifical system...it's something like fantom in which we can work and which can be of course infected. All unwanted changes exist only inside this "box"...and they can exist only as long as we want to allow this. One move...one push on the button "power off" and we still can be glad of clear healthy system. Of course is the protection.
Looks like it has been updated to: 1.8.6.0 Still no info about changes on the main page... rrrh1 (arch1)
V 1.9.0.0(June 20 2012) •Enhanced MBR protection •Start the protection when driver is loaded •Add protection to the password file •Fixed the rename bug for File Locker. •Added one more virtulization engine to the kernel Still no RAM usage for the virtualization cache... How hard can it be?? OK guys, anyone willing to throw some malware to it, see if it works?
The test will be soon...I hope BTW...it was also v. 1.8.7 beta...quote from forum TTF http://forums.toolwiz.com/topic/toolwiz-timefreeze-187-beta-is-released
OK...test for version 1.9.0.0 is ready. Unfortunately the result is still bad for TTF in protection against TDSS. Toolwiz again should to do something with this. -http://www.youtube.com/watch?v=OLh9UKmP2YE-
Interesting (and very sad) ....btw ichito, judging from your Wondershare Time Freeze test it doesn't do any better! Can any LV program successfully contain the latest TDSS variants within its virtual space (infection-free on reboot)?
In the inner test of SG BufferZone passed anti-TDSS test but it was in February 2011. I don't know some other latest similar test.
I'm not familiar with BufferZone. Is it similar in function to Sandboxie? Can you use it to test new software then get rid of it with a reboot, or isn't it that type of virtualization app?
Anyone knows where can I can find a recent sample of TDSS or any similar rootkits? I have an older computer that I want to use as a test machine for LV software.
BZ is similar to Sandboxie but has more features...it's more similar to SysWatch (old name - Safe'n'Sec). It's not LV app like Shadow Defender, Returnil, Wondershare Time Freeze or TTF.
From the light virtualisation programs Shadow Defender is still the only one that is successfull against TDL type rootkits.
Yes, tests conducted during 2010 - 2011 pretty well proved that. I bought SD based on those tests and have been using it on both of our PCs (on-demand). But I don't know if that's still true! @ ichito, do you know of any tests that disprove or update the LV-rootkit tests that were performed 2 years ago? TS
I can't speak for the actual Toolwiz (but ichito showed), but for Returnil, Wondershare etc. it is still true, I testet some weeks ago. Returnil moderator here often claims their product protects, but that is only true if AE blocks the sample (not always in default settings) or AV signatures exist. But from virtualisation part Returnil is not successful against TDL3/4. @CyberMan969: You can use every TDL3 and TDL4 sample if you wanna test, just allow execution. The behaviour is the same, real new ones aren't there.
It's still true I've mentioned earlier in other places of forum about those tests but "all together now" Returnil -http://www.youtube.com/watch?v=dt3-y39FckA WTF -http://www.youtube.com/watch?v=dI-MdSIUtiY&feature=relmfu SD -http://www.youtube.com/watch?v=QFYHDMiot6U Now about WTF I dont know if I understand you correctly...in my opinion WTF passed the test - of course system was crashed but after rebooting it was healthy and clean.
According to the performed tests Toolwiz Time Freeze basically withstands TDSS. Yes, the file system is there but the rootkit itself is not so this is basically a "pass", not "fail", since the file system is harmless without the active rootkit. If I recall correctly the same thing happened during my tests of Returnil System Safe.
so WTF and SD seem to have to exact same results from malwarebytes. So did WTF withstand those rootkit infections? Would have been nice if they added another hitman pro scan to see if there's any difference.
