Virtualisation

Discussion in 'Ghost Security Suite (GSS)' started by f3x, Dec 8, 2005.

Thread Status:
Not open for further replies.
  1. f3x

    f3x Guest

    Well this seam to be a new trend
    Some approach like
    Tinny personal firewall's Track'n Reverse


    would be ready to implement with the current appdefend

    other approch like VE Lite or DefenseWAll HIPS can be used as a standalone product

    I have to admit that as good as regdefend/appdefend combo can be, I would hardly recommand it to ... well my sister for example. And the sad thing in that is that is that the one who are less able to use security tools are also the best target for virus / rootkit. Virtualisation seam to be a good compromise between powerfull kernel protection and ease of use.

    I'm just curious about your opinion on the topic, and want to know if jason have any plan to imlement such a thing. He certaily have the knowlege / low ressource mentality to make a killer product.
     
  2. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Ve is not exactly the same kind of product as the other one mentioned.

    VE is more like ShadowUser or DeepFreeze or Illusion or Watch-IT

    It 'backups' your current system and let you work on a mirror,
    and later on restores the real system.

    I've tested all these, and am a ShadowUser user,
    this one is (near my opinion) the best for testing your new applications etc.
    But sadly has no (serious) user/password protection.
    Because it uses the Windows built-in user system,
    which is normally broken within 30 seconds .

    TPF2005PRO Track and Reverse, just remembers what is changed by a program install.

    This is very unsafe, because lots of programs can be installed without
    noticeable for T&R.

    In another thread there was spoken about AppDefend monitoring
    installations or when testing new progs.

    One thing is for sure, now Appdefend (still is in Beta),
    lots of ideas evolve on this basis.

    Jason doesn't have to worry, to get new ideas for his progs
    or future progs.

    If you look at Regrun Gold you can also get some ideas how
    a lot of it's features could be implemented better with
    Ghost Security Suite (AD and RD).
     
  3. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Hi f3x,

    The next beta of AD/RD contains some major improvements to the base technology, basically which is the first step for new major features which possibly may include rolling back to known states securely.

    Virtualization when done right (like complete emulators VMWare, VPC, etc) is a very safe way of running possibly malicious content. However unless you are also running tools in the Virtual Machine to determine if they are indeed doing harmful things it is hard to determine in all cases whether something is malicious. Malware is getting smarter, and it makes sense to do things like "delay infection" or "pretend to do something useful and non harmful first".

    Any virtualization I don't really see as being a complete solution for malware prevention. It implies you have a "real" or "admin" section to your computer where you run the "safe" applications and the "bad" or "dirty" section for where you run untrusted applications. If your "safe" section is completely unprotected you are still highly vulnerable to user error (and other attacks, like network based ones), and unless you can spend the time reverse engineering every possibly application you are going to use or trust some other company for a whitelist, you are still in the same position with or without virtualization.

    Virtualization is a very handy tool, especially to someone like me. I just can't see it helping solve too many malware problems for the general populace for a few years at best.
     
  4. f3x

    f3x Guest

    Thank you both Jason and tuatara

    Nice to know that, now i have a reason to wait for the next beta lol.
    If such feature is implemented it would defenitively make the product stand out from PG wich only block and "almost stop" protecting you if something slipped.

    I hardly see any form of complete solution, exept maybe extended knowledge that let us use powerfull tools.

    Unfortunately security program have one point in common with spyware: they have anoying popup. I know alot of ppl who just live with those "search bar" and occationally close popup. They can live with them, however if those popup came from something they have bougth ... it's another story. They have paid for peace of mind, not more annoyances. And to those ppl who can't stand popup. Either you have a really nice set of rules to have the maximum protection with the less popup. Or you try to make very attractive popup with well rounded animated "funny" icons + long text description (safe'n'sec). Or you sell virtualisation. I know its not perfect, yet it is still better than nothing.
     
  5. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    I've thought about getting something like 'ShadowUser',but then i realized i already do that without thinking. Whenever i install/uninstall software,i do a backup of my HD (i use Power Quest's 'Drive Image 7'),install/uninstall the software/hardware,check everythings ok (leave a couple of days to a week to make sure),if so carry on,if not,i do a 'System Restore'.

    Just my 2 cents worth.
     
  6. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Hi TonyJL , that is indeed almost the same thing.
    But there are differences however.

    I use Acronis True image 8 and Shadowuser.

    The first one alows me to backup and archive.
    with 'archive' in this case i mean that i can make multiple full
    diskimages and keep them stored.
    For example: One made on Monday one on Tuesday etc. and keep those
    images stored on another (2nd or USB-disk)
    If i want to restore a image, i can decide to which day i can restore.

    That works great.

    Shadowuser works in another way, with this i can 'freeze'
    one (read: only 1) situation, but decide which directories on that disk
    are allowed to be changed during the shadow-mode (or test-your-new-programs-periode).

    Shadow-mode, is the situation that you work on a virtual
    system (like a mirror of the 'frozen' one).

    So in that situation only the modifications/changes in the directory
    or directories i configured are kept after switching back to normal
    or not-shadow mode.

    And with a simple reboot (within a minute) i have the last
    'frozen' situation PLUS the allowed changed back on the live system.

    A system backup and restore take much longer, and doesn't allow
    you to change directories in the meantime.

    So that is not exactly the same.

    But i agree, for you the result is the same, you have your system back the way you want to after a restore.
     
  7. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287

    I know what your saying:) ,and that is perfect for people like yourself and Jason (if he uses one?) who are testing,creating,modifying appz etc on a regular bases,but for the 'average' user,it's not really practical,how often would they need to use it? Not to mention the huge price differance:eek: ,if they knocked about 100 off the price,i'd one in a jiffy.:p
     
  8. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Sure , i can understand that, i only wanted to make clear,
    that the products are not the same.

    And i did not recommend one or the other.
    For the 'average' user i always recommend Acronis True Image 8.0
    or a simular product.

    Because everybody needs backup software for their system.
     
  9. controler

    controler Guest

    um if you use Microsofts Shared Computer Tool Kit you do not need a backup ;)

    Since there is so many Microsoft Haters here, Why have you not posted on this software?

    controler
     
  10. QuinnK

    QuinnK Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    47
    It's a good protection program, similar to some others, but I wouldn't think it would eliminate the need for any type backup. Windows crash involving the program itself, loss of a hard drive, etc....

    Take care... Quinn
     
  11. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    i agree with QuinnK

    i would not recommend this, for few reasons:

    1) broken harddisk
    2) like to have a backup stored on another location
    (fire/stolen pc etc.)
    3) etc.
     
Thread Status:
Not open for further replies.