YesShield - SD clone ?

This looks intriguing anyway. I don't trust it yet, but I'll keep my eye on it. For some time now I've wanted to try Shadow Defender 1.1.325, but am unable to, since you can't find an installer for it anywhere, and if you did can't trust any key you'd purchase anymore (if you even can).

Leaving YesShield as the only viable option here.

 

I'm using it... Seems fine to me. I contacted the developer a day ago and I'll see what he/she has to say.

 

https://www.wilderssecurity.com/showpost.php?p=2138953&postcount=1447
Next info from this forum
- installation files of both programs have the same version 4.65.0.0
- after comparison of logs from installation we can see similar or even the same line and entries e.g.
from SD

from YS

Driver diskpt.sys is the same in both apps.

 

SD version 1.1.0.325.It has two setup files.Second setup file includes some silent update.

 

I believe you should not have checked the option to restart in protected mode, because by doing that the bootkit probably was not cleared from YS' virtual container!

Please try repeating the test with YS - but this time restart the system into unprotected mode. Then see if TDSSKILLER finds any trace of the bootkit.

TS

 

Has anyone here who is running Windows on an SSD tried YS? I'm curious about whether or not YS supports an SSD system configuration (as of this time, SD does not).

Cruise

 

Hi:

I will do as you say. Also I did the same for shadow defender with rebooting in shadow mode and still no infection? Anyway I will retest it as you say with default reboot in normal boot and let you know.

 

Hi:

I tried the test again and this time with default normal boot and yesshield passed? Tdsskiller did not detect anything. Also I did the same retest with toolwiz timefreeze and timfreeze failed. tdsskiller detected tdss and tdl4 infection.

 

Mixed results..... did you do it right the first time?

 

Not sure about this. I had SD on my old laptop. I put YS on this one turned on protection, same as with Shadow Defender and downloaded a browser just to test it.

When I rebooted, the browser was still there and working, as if nothing had happened. From all I can tell, this is basically SD with a different name. It should have returned my laptop to its old state, but it didn't.

The only thing different is, I've got NoVirusThanksEXE Radar Pro (free) on this computer. I don't know if that could make the difference.

 

So it didn't restore the changes made?

 

Hi there,

Thanks for your effort in repeating the test as I suggested. As I suspected your bootkit sample was cleared from YS' container when YS was set to restart the system normally (without YS active). Obviously Toolwiz is an inferior design from a security viewpoint, and in that regard SD is even stronger than YS, so although YS may have copied some of SD's ideas, your tests go to validating SD as the undefeated LV security champ!

TS

 

Nope. It was in protection mode. I downloaded a browser (Maxthon), and used it for an hour, then rebooted to unprotected mode. It should have restored the computer but didn't.

I was surprised. It left the browser. I ran Ccleaner and cleaned out over 100mb of I guess browsing data etc that I did. It was as if I hadn't been in protection mode at all.

 

I downloaded the setup for ccleaner made a few folders and deleted some stuff. It was all contained by Yesshield.

 

this is weird I tested yesshield again and the tdss was patched and detected by tdsskiller. I have included a pic of test.

 

Reboot after infection...and then run TDSS Killer.

 

Cannot agree more!
This Combo is:
-Light in Resources
yet
-Formidable when dealing with malware.

 

I did that. I had it set to auto protect. This is after reboot. It seems its a strange bug that if you autoboot normaly no infection but if you boot up back to protect mode then infection.

 

See post #55 for explanation.


TS

 

But that not should have matter as restarting should have cleared the infection. At least it is like that is how it is with shadow defender and if yesshield is a clone of SD then it should clear the infection regardless of being boot in normal or protect mode. Having to normal boot every-time you turn your pc and then enter shadow mode is a bet of a headache if someone wants to have it in constant protection mode rather then manually doing it every time pc reboots.

That's why shadow defender is great at.

 

They replied to my email. They were unwilling to give out any information about the Yesshield background.

 

The November Giveaway

License will last for How Long?

 

They probably earned less money as they expected but it's not strange because YS after all "researches" seems to be not only clone of SD but the clone that have been earned in unclear way...even maybe illegal.

 

With this alone, I suggest everyone not to use it. (Just my opinion )

 

They replied to my email. This version is free forever. Future upgrades not free.