Shadow Defender 1.2.0.370 vs 5 MBR/VBR Rootkits(testzabezpieczenpc)
- Thread starter JoeN
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
No surprise there
I remover this form a pc last week the user ran shadow defender and no realtime protection and they were thying to work out how someone was loging in to their online bank accounts from turkey
this stealth root kit survived a reformat and windows reinstall , so had to wipe whole disk with Jetico.BCWipe
https://www.virustotal.com/en/file/af1713e216913a768ec63cbae98f1c78d6bcdd5e88138a4aba21661ef909ea24/analysis/
Programs like Shadow Defender are fine to use but use the with av protection or at least sandboxie,
I remover this form a pc last week the user ran shadow defender and no realtime protection and they were thying to work out how someone was loging in to their online bank accounts from turkey
this stealth root kit survived a reformat and windows reinstall , so had to wipe whole disk with Jetico.BCWipe
https://www.virustotal.com/en/file/af1713e216913a768ec63cbae98f1c78d6bcdd5e88138a4aba21661ef909ea24/analysis/
Programs like Shadow Defender are fine to use but use the with av protection or at least sandboxie,
coranti malware said:
it was in Shadow mode on every boot?
the video was done in a VM so i give few credit to it. Some apps don't works as they should in a VM (like CIS).
Hello Umbra Corp
Yes it was in Shadow mode on every boot, as far as I am aware,
could the the root kit was on the system before Shadow mode was in stalled no,
new pc straight out of the box A dell , the only program ever installed was Shadow Defender Version 1.2.0.355
the user never did updates patchs or anything.
Yes it was in Shadow mode on every boot, as far as I am aware,
could the the root kit was on the system before Shadow mode was in stalled no,
new pc straight out of the box A dell , the only program ever installed was Shadow Defender Version 1.2.0.355
the user never did updates patchs or anything.
I heard of it, nothing is 100% bullet-proof but some apps like SD almost reach it.
SD was "abandonned" for around 2 years now the development restarted so we should give it some time to improve its protection against the latest sophisticated rootkit.
SD was "abandonned" for around 2 years now the development restarted so we should give it some time to improve its protection against the latest sophisticated rootkit.
Yes very true Umbra Corp nothing is 100% bullet-proof
I do think all users of Shadow Defender should be safe and use a AV or HIPS to insure protection
or even sandboxie
I think its a sad mistake for anyone to rely on only Shadow Defender for protection without some of what I said above, and that is not a go at Shadow Defender or shadow defender users I think all these software like Shadow Defender have yet to catch up to deal with these kind of MBR/VBR Rootkits,
I do think all users of Shadow Defender should be safe and use a AV or HIPS to insure protection
or even sandboxie
I think its a sad mistake for anyone to rely on only Shadow Defender for protection without some of what I said above, and that is not a go at Shadow Defender or shadow defender users I think all these software like Shadow Defender have yet to catch up to deal with these kind of MBR/VBR Rootkits,
Fabian Wosar (Emsisoft developer) explained on a thread here on MT, why system-wide Virtualization/rollback system are not 100% bullet proof.
anyway we will always need an AV, even if softs like sandboxie can prevent many infections for now, some malwares writers will find a way to bypass it or the user will make a mistake.
anyway we will always need an AV, even if softs like sandboxie can prevent many infections for now, some malwares writers will find a way to bypass it or the user will make a mistake.
If properly used without any mistakes. for example, if you download then run an infected "trusted-supposed-clean" installer (outside the sandbox because you want keep it on your system), Sbie will not help you so much.
Of course it is fine too, but few people do like you 
most users download many installers, infected wallpapaers, unknown softwares' skins, keygens, cracks, patches, etc... so they still need an AV to protect them.
You just need Sbie because you are an advised user with safe habits; if everybody were doing like you, AV industry will not exist or, at least, be prolific as now
most users download many installers, infected wallpapaers, unknown softwares' skins, keygens, cracks, patches, etc... so they still need an AV to protect them.You just need Sbie because you are an advised user with safe habits; if everybody were doing like you, AV industry will not exist or, at least, be prolific as now
I did a test on a friend, i just installed Sbie, teaching him to use it properly. He got infected one week later, reason?
used a "so called-safe" keygen given by his older brother that ensure him it is clean.
I asked him why he ran it outside Sbie; he said it was not working inside... ("drop my right" surely).
So until people do what they want discarding your advices, they need AVs. Of course, it was not Sbie fault, but it can't protect him from his bad habits; An AV will surely flagged the keygen.
used a "so called-safe" keygen given by his older brother that ensure him it is clean.
I asked him why he ran it outside Sbie; he said it was not working inside... ("drop my right" surely).
So until people do what they want discarding your advices, they need AVs. Of course, it was not Sbie fault, but it can't protect him from his bad habits; An AV will surely flagged the keygen.
I do agree Sandboxie can protect the user from almost anything but
A av is needed to protect the user form the user .
A av is needed to protect the user form the user .
Few things not listed here, like say, being on a "shared Network", it is not always possible for one to have a network to themselves, this, can be a vulnerability without any kind of detection/prevention.. Also, OS updates/program updates obviously can not be run in a sandbox either, while there is a very slight chance anything could happen, it is still a chance. I always recommend an av if if they are using sandboxie. To many variables to take a chance, and have them mad i said it would be cool to just use the sandbox, and watch them find a way to still get infected, as Umbra pointed out..
DefenseWall Personal FireWall 3.17
Malwarebytes' Anti-Malware (on demand)
Is not a bad setup to run with Shadow Defender
but Shadow Defender with a av would give better protection.
If you are going to stick with (on demand) I would ad
HitmanPro and tdsskiller it wont give you any extra protection but will help detection
I would also use MBR Backup which is freeware to back up your MBR
http://www.trojanhunter.com/products/mbr-backup/
(on demand) scanners wont stop you from getting infected.
DefenseWall I have no experience with,
but MBR Backup might save you if you get a rootkit..
Malwarebytes' Anti-Malware (on demand)
Is not a bad setup to run with Shadow Defender
but Shadow Defender with a av would give better protection.
If you are going to stick with (on demand) I would ad
HitmanPro and tdsskiller it wont give you any extra protection but will help detection
I would also use MBR Backup which is freeware to back up your MBR
http://www.trojanhunter.com/products/mbr-backup/
(on demand) scanners wont stop you from getting infected.
DefenseWall I have no experience with,
but MBR Backup might save you if you get a rootkit..
Similar threads
