ZoneAlarm Free + ShadowUser

Discussion in 'other anti-malware software' started by ErikAlbert, Oct 7, 2005.

Thread Status:
Not open for further replies.

  1. Becausee Next to spy1 and remus you are one of the major users of Shadowuser here? That's why i mention it here? Is that a problem? There definitely no scarasm intended, maybe you are reading too much into it?

    I don't claim to have total knowledge of you, but I wouldn't say I know nothing about what you are doing, after all the PMs we exchanged.

    I was just wondering about a legimate question. It seems to me and VaMPiRiC_CRoW that Shadow user would not be good for people constantly testing, and to my knowledge (I could be wrong, I said i "believe") you do testing, so I was just pointing out the contradiction.

    So okay according to you , you don't test much, besides prev1,OA.Antimalware and no other software (security or otherwise), good to know.

    That's all.
     
  2. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Poll, In amongst all your protestations of innocence you still manage to treat so many people disrespectfully. I don't have any problems with you correcting someone, myself included, but more importantly, it seems you choose to insist on putting barbs into your posts, and quite simply, I've grown tired and bored of them, and have no wish to deal with the bad manners anymore.

    I've also grown bored and tired of you bringing me up in multiple posts for no apparent reason, so I ask/ed that you stop using my name/handle/whatever as an example/reference in any of your posts that aren't in direct reply to one of my posts.
     
  3. It's sad that you think I'm treating you disrepectfully in my latest posts, but I assure you that is not my intent at all. I can see why you think so though, based on past clashes.

    Okay, from now on I won't mention your name, but I don't promise that i was not post in response to you however , if I feel the need.

    Is that fine?
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,989
    Location:
    California
    I'm not sure where you got the idea that I use ShadowUser - I've highly recommended it as a great product, but I don't use it.

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Thanks for confirming it and I won't use it against you, if something goes wrong :D After all it's MY decision.
    If I ever do this for real, I will certainly report my bad experiences (if there are any) at Wilders.
    I'm just waiting for the moment, when I'm really sick and tired of my own discipline on the net and the many scanners on my computer. :)
     
  6. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Yes Poll, that's fine.

    Thank you.
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    This is again pure hypothetical and based on my security set : "Firewall (ZoneAlarm Free) + ShadowUser", described in my very first post of this thread.

    What will happen if I go a step further and ditch my firewall too ?
    In that case my security set = ShadowUser only, which is of course even more extreme :D

    According my readings when you work without a Firewall, your computer will be :
    1. infected with malwares from internet itself, I don't know about which types of malwares I'm talking, but malware is malware.

    If ShadowMode is ON, I assume that even these malwares, directly from the internet, will be removed after the next reboot.
    Am I right about this or not ?

    2. vulnerable for intruders, like hackers. I don't think my computer was ever hacked, maybe I didn't even notice it.
    I don't even know what an intruder is able to do with my computer, because I never had that experience.

    If ShadowMode is ON and an intruder has done something to my computer, will ShadowUser UNDO these actions too after the next reboot ?

    Working without a firewall is of course very extreme and the way of infection is also very different, because it was not caused by downloading/installing an infected software or by any action of the user himself.
    Being hacked by an intruder is even more scaring and unpredictable, because this is done by another malicious PERSON and I never underestimate the bad guys, because these people can be very smart too.

    Normally I would never do this, because my knowledge is too poor.
    Nevertheless I would like to know, what the consequences are when I would work without a Firewall.
    Is working without a Firewall and using SU as only protection, really that dangerous ?


    Firewalls are made of straw.
    I still remember that article, maybe it was a bit exaggerated, but ANY software can be compromised, even Firewalls.
    There are also good Firewalls and lesser good firewalls. Less-knowledgeable users (like me) don't always use the very best firewall, because they can't handle the firewall due to lack of knowledge to build rules.
    If certain malwares succeed to pass through my Firewall, while ShadowMode is ON, will SU remove these infections as well after the next reboot ?

    I don't really expect clear answers from you, answers that are based on theoretical knowledge are also good for me.
    I assume that many members at Wilders have enough experience and/or knowledge (much more than me) to answer these questions in a theoretical way, if they don't have practical experience.
    TIA. :)
     
  8. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    774
    In fact the answer is quite simple, if you don't care that someone is
    changing your data, using etc, because for the data that is on that pc
    it doesn't care, then you are completely right.

    If a hacker changed your system (i hope it is not in a network, because
    then it is of course not wise)
    ... and you don't mind that data changed, IF you can restore your original setup,
    then you can use Shadowuser that way.

    Theoretical this scenario is possible:

    You install Windows up to a certain patch-level with all the tools and apps you need.
    You have no other systems in your network, and you don't mind if
    the data on your pc is used or changed by others.
    Then it just doesn't matter how bad you pc gets changed by malware or hackers, a reboot will solve your problems!

    There are however a few things you must not do:
    1) Keep your systems 'up', or without a reboot too long.
    Otherwise it can be hacked, and misused by others, until the next reboot.
    This means in fact that your pc can be used, to store data
    by others that you wouldn't like.
    Like Warez, Illegal MP3's or even a website with things you get nightmares from.
    So you have to reboot it frequently (daily ?)

    2)
    Another thing is that you don't want to change OUT of shadowmode
    (only 'loose data when rebooting') because if you want to make updates
    install other software etc. your have to:
    1) Disconnect from the web (unplug networkcable etc).
    2) Be sure that the software that you add is prefectly safe.
    3) Don't install Windows-updates from the web (only in this case)
    etc.

    Otherwise your system still gets infected.

    But i don't see any reason, why this should not work.
    It is not a regular setup, but what a lot of people often forget
    is WHY the take security-actions.

    Example:
    Some people say it is unsafe to go to any cybercafe in any country in the
    world and go on the web.

    The reason of course is, that you don't know if they are using key-loggers
    (etc) to steal your creditcarddata or bankaccount info
    or webmail username/password.

    But i know that in some countries they go to such a cafe, because the know and trust the owner and be able to look at websites wich are in THEIR country illegal, and are unsafe to visit from their own pc.

    So ,we always want to protect the pc data from being manipulated,
    but what if you don't care, UNLESS your are able to restore it quick.
    Perhaps it is an odd setup, but even with all the protection software you can buy (for live-system-protection) nobody can garantee that not data will be changed by malware.
    Or your system will not hang because of other reasons.

    That is how i think about this, but i can understan if others think different
    about this.
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,989
    Location:
    California
    Hi ErikAlbert,

    I tried this for one day, running Deep Freeze only.

    In one session on the internet, I suddenly lost my connection, and on subsequent connectings it kept dropping. I rebooted and all was well.

    In another instance, my mouse froze; again, reboot and all was well.

    I know from studying the firewall log in the past that there is constant bombardment to the trojan ports (139, 443, 445, etc) and while a reboot wipes things clean, the firewall prevents being bothered by these nuisances.

    Also, as I demonstrated in the anti-keylogger thread, the firewall prevents trojans from connecting out to the internet.

    So, while I believe in "lean is mean" I depend on the firewall as a major component of my security.

    I don't include the firewall in the category of preventative-ware that you describe that you want to get away from. Once the rule set is in place, it requires no attention (updates, etc) and is not a bother at all.

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  10. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    774
    And of course there are lot's of firewalls for free today ...

    And you can also think about buying a firewall in a Internet-router
    these are now (here) 2nd hand for less then 25$ en protect your
    complete network from the outsite world and have no performance impact
    on your pc('s).
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Tuatara and Rmus,
    Thanks alot for sharing your experiences. I'm going to keep my Firewall, because I didn't like the hacker part. Maybe a router as well.
    My stand-alone PC is quite boring and impersonal, but that can change in the future.

    I will start with the absolute minimum "Firewall + ShadowUser", because that's what I really want and if that is sufficient (time will prove it), I reached my final goal.
    I can certainly live with 2 security softwares, but not with 20 and I can ditch my boring discipline as well.
    If I don't try this myself, I will NEVER know for sure if it is possible or not :)
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I didn't do anything yet, I'm just preparing the installation of ShadowUser in my mind and I have read this :

    Source : SUguide.pdf (= ShadowUser User Guide)
    So I have to partition my harddisk "C:", which is my only harddisk.
    I never worked with a partitioned harddisk, but I assume that partitioning means that you divide your physical harddisk in at least two logical harddisks.
    In my case :
    1. One partition for "MS Windows 2000 Professional" (on CD) + "Windows Update".
    2. One partition for "MS Office 2000 Professional" and all my other softwares.
    Am I right about this ?

    Software "PartitionCommander" or "PartitionMagic"
    I don't understand why I need one of these softwares.
    When I'm going to install ShadowUser, I will reformat my harddisk and re-install win2000pro+SP4 from scratch.
    As far as I remember, Windows will ask me to partition my harddisk or not, during the setup of win2000pro and then I will partition my harddisk "C:".
    So my guess is, that I don't need PartitionCommander or PartitionMagic.
    Am I right about this ?

    Partitioned Harddisk
    I never worked with a partitioned harddisk.
    Are there some visual changes anywhere, like in Windows Explorer ?
    Does it complicate things ?
    TIA.
     
  13. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,989
    Location:
    California
    Yes. Yours is a good approach because it insures you start with a clean system before installing SU.

    You will notice an extra drive letter for each partition. Suggestion: change your cd/dvd rom drive letters further down the alphabet so your HD partitions will be C:\ and D:\ and any external drives/card readers can take the next letters in order.

    I don't think it complicates things at all, once you are used to working with two partitions.

    As SU states, with partitions you will have more control over your operations. With Deep Freeze, for example, by having only the OS on the frozen partition, I can write changes to the other partitions easily.

    After you have it set up, you can experiment as you get to know SU better. Some of the others who use SU can give you some tips.

    Happy partitioning!

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Rmus,
    Thanks for answering my questions. Before installing SU, I will do 2 things first :

    1. Create a new win2000pro CD
    My original windows-CD is more than 3 years old, which means I have alot of "Windows Updates" to do and this takes alot of time. I also need an (unnecessary) internet connection for all these windows updates.
    Months ago I've read somewhere that you can create a new CD, which is a combination of your original Windows CD and a certain file that contains all Windows Updates, including SP4, which can be downloaded from a M$ website.
    That new CD will install win2000proSP4 alot faster.

    2. Partition my harddisk
    Before I install SU, I want to be familiar with a partitioned harddisk first.
    As you said it's most probably not that hard, but it's my very first time and I don't like to handle two problems (partition + SU) at the same time, when it's not necessary.
    I guess it won't take that long to get used to a partitioned harddisk. So SU will follow very soon.
    Once I install SU, I will re-format/re-install my harddisk again of course.
    It's also a good exercise for me and I'm not in a hurry. :)
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Well, after the n'th attempt (lost counting), I succeeded in creating a new CD with win2000proSP4.
    I learned alot and made only one mistake, but it took me hours to find out what it was.
    I hope the new CD works, when I re-install win2000proSP4. :)
     
  16. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    Did you check the CD to see if it`ll boot?
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    My new CD acts like the original CD. I think it will work, when I use it for installing win2000pro from scratch.
    If it works, I will check Windows Update to see what the new CD did NOT install.
    I will use the new CD very soon, because I have to partition my harddisk also for the very first time. Maybe tomorrow or the day after :)
     
  18. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Well I had a very bad day, yesterday.

    1. My new CD didn't work to re-install my win2000pro + SP4 at all.
    My new CD was created correctly and I got even two "successfull" messages during making that new CD : iso-file creation + burning on CD.
    The new CD worked fine for awhile, until I got an error message.
    So I did it the old way : original CD + Windows Update and that worked fine as always.
    I don't consider this as a real problem, but it would have been more convenient if the new CD would have worked properly.

    2. I partitioned my harddisk, but I'm not sure I did it right (very first time !!!)
    I only created one partition of 4096 MB (4 GB) to install win2000proSP4 and that was OK.
    I didn't create any other partition and that was probably my mistake.
    Keep in mind, I'm not familiar with partitions.
    So I re-installed my harddisk without partitioning and that is a real problem,
    because I need a partitioned harddisk before I install ShadowUser.

    3. On top of that, my CD drive for writing on CD, gave up.
    This has nothing to do with re-installing my harddisk, because it happened BEFORE and I hoped
    that re-installing my harddisk would fix the problem with my CD writer/burner, but it didn't.
    The CD Drive had some troubles in the past, but I was able to fix it, until now.
    The CD drive has a bad block according my Event Logs.
    The CD drive doesn't read/write CD's anymore, but it still loads and ejects CD.
    I installed the latest firmware v1.07 for PlexWriter 12/4/32 but that didn't work.
    Any suggestions to fix this or do I have to buy a new CD drive ?

    4. I'm not able to re-install MSAS BETA1 either.
    It has something to do with "Genuine Microsoft Windows" and the validation code.
    M$ doesn't accept my validation code and I can't download MSAS anymore.
    I can assure you that my original win2000pro CD has been paid, when I bought this computer.
    What's wrong ?

    I never had so many problems in ONE day :D
     
Loading...
Similar Threads
  1. garry35
    Replies:
    21
    Views:
    3,310
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.