Which Shadow Program and Why?

Discussion in 'sandboxing & virtualization' started by huntnyc, Oct 14, 2007.

Thread Status:
Not open for further replies.
  1. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    There will be always a malware or tool that destroys a system partition with or without ISR-software.

    Two possibilities :
    A. Security softwares will stop them,
    - if it is an executable, it doesn't have a chance. AE removes such a malware immediately.
    - if it is sandboxed, it doesn't have a chance and my sandbox is empty after closing Firefox.
    - if it is a spam-email, it is already deleted, before opening.
    - if that doesn't help, plan B.
    B. Zero Tool and Image Backup software will fix it. Problem solved.

    I don't understand what the big advantage is of having an ISR-software that passed the test of only 3 destructive malwares.
    One day there will be a malware that destroys these ISR-softwares also and what then ? Use another ISR-software and drop all other arrangements ? All that just for one malware ? That is absurd.

    I know in advance that this can happen and I have a solution. Case closed.
    You only have to be worried, if you don't have a backup plan. :)
     
  2. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    as I know, the CleanMBR uses the directly I/O to access harddisk.

    Win32
    ---------------
    |
    V
    Kernel driver
    -----------
    |
    V
    file system (AV often work here)
    ------------
    |
    V
    disk system (SD works here)
    ------------
    |
    V
    harddisk (CleanMBR uses the directly I/O to send comand to the ATA port)
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    If possible can you pass along the url to this tool. These discussions and comparisons have seem to taken on a whole new form of life and interest of it's own as everyone scrambles to reach for that one prize app that takes the lead in these type most safe coverages, and FWIW it's generating some very useful excitement not often seen of this magintude.

    Thanks
     
  4. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
  5. Gargoyle

    Gargoyle Registered Member

    Joined:
    Jun 2, 2007
    Posts:
    67
    Can you either send me the tool or just test Returnil too? I'm interested in knowing more. Thank you.
     
  6. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    thats why using any virtual programs is good + AE so no matter if u are using even shadowuser pro which is 3 years old (in feb 2008 )

    cheers:)
     
  7. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    Yes, I just tested the Returnil PE 1.70.7502 in the same environment. RVS PE is immune to the CleanMBR. i will try to upload the video to Youtobe.com tomorrow.
     
  8. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024

    Wonder if there more imaging,virt. app. coming who respect the MBR like latest version of FDISR
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    But when all applications start using the PBR like FDISR, doesn't that create another problem ?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.