Shadow Defender Update Thread (Current Version 1.4.0.680)

[Andy Ful]

I know. If we start blocking drivers, then users will start screaming bloody murder. Right ? Right away, they will be the ones who will say such attacks are so low on the probability scale that they will accept the risk in favor of usability - in other words, they don't want the increased inconvenience in favor of increased protection against some extremely unlikely attack. Somebody on the forums will say those users are out of their minds - put the protection in place and make it an opt-out protection.

Of course, that would be like shooting in the own foot. That is why such gadgets can be used (and are in fact) to compromise institutions, banks, Enterprises. But, as I said before, that is not a realistic way to compromise computers of the home users.

 

[509322]

But what happens when the infection starts from system space and it's not in guarded applications, such as this one
Voodooshield and NVT EXE Radar Pro blocked this exploit in particular, I'm actually genuinely curious this time (not trolling)

Apply the Microsoft security patch that was released within days of the exploit, but for the patch to even be required, the system would have to be configured to be using and actively using SMB networking.

 

[Sunshine-boy]

firmware

I updated all my drivers with wise driver care! and it uses Duba(Kingsoft)cloud to DW them!but all of them are signed and VT show them as safe(i Checked them one by one)!can I trust it?

 

[509322]

What about zero day?

Our product has field-proven protection against zero-days. Based upon field data it has performed extremely well.

 

[Sunshine-boy]

remove the malware from it?

OM....g someone answers my question.Andy pls tell me how they clean that infected laptop

 

[Andy Ful]

Apply the Microsoft security patch that was released within days of the exploit.

But what happens when the infection starts from system space and it's not in guarded applications, such as this one
https://www.youtube .com/watch?v=lLChVsNt1fY#t=01m55s
Voodooshield and NVT EXE Radar Pro blocked this exploit in particular, I'm actually genuinely curious this time (not trolling)

There is no proof that Voodooshield and NVT EXE Radar Pro blocked the exploit. In fact, the similar targetted attacks with the same exploits implemented in Fuzzbunch, easily bypassed Voodooshield and NVT EXE Radar Pro.
The video is an example of the targetted attack, so unrealistic in home user reality. You should probably be more afraid of stealing your computer from home, than of the targetted attack.

 

[Andy Ful]

OMFG someone answers my question.Andy pls tell me how they clean that infected laptop

What laptop, and how it was infected????

 

[Andy Ful]

I updated all my drivers with wise driver care! and it uses Duba(Kingsoft)cloud to DW them!but all of them are signed and VT show them as safe(i Checked them one by one)!can I trust it?

Only for 99.99% . The 0.01% is the possibility, that they are China Government spying project.

 

[Sunshine-boy]

infected

Lenovo slipped 'Superfish' malware into laptops
Keylogger discovered preinstalled on some HP laptops
A company has a bunch of Hp laptop ok? how the secured their business?!when they didn't know HP has keylogger.

 

[509322]

There is no proof that Voodooshield and NVT EXE Radar Pro blocked the exploit.

The video is of EB\DP "ported" to Metasploit framework. Rundll32 spawned by lsass.exe was intercepted and blocked, which means the Metasploit reverse TCP was blocked. Nothing more, nothing less.

 

[509322]

OMFG someone answers my question.Andy pls tell me how they clean that infected laptop

Please do not use "OMFG" and similar because those sort of abbreviations are vulgar, and staff can considers those a violation of MalwareTips' Terms of Service. You should edit your post and remove it. Play it safe bro.

 

[Andy Ful]

Only for 99.99% . The 0.01% is the possibility, that they are China Government spying project.

The video is of EB\DP "ported" to Metasploit framework. Rundll32 spawned by lsass.exe was intercepted and blocked, which means the Metasploit reverse TCP was blocked. Nothing more, nothing less.

Yes. That was Umbra and my conclusion, and there are some facts that can support this. But there is a small probability, that an early Metasploit implementation of DoublePulsar was simply buggy.

 

[509322]

I'm thinking of using appguard and adding everything from here - https://excubits.com/content/files/blacklist.txt to the guarded applications list, and only removing them when I actually need to run one of those files, do you think that's a good idea?

That's my personal policy, with even more disabled, on a Dell XPS 15. The only other security related soft installed is Adguard. Just clean install Windows, all the drivers, and there is no need to install any other security softs. I just disable AppGuard when I occasionally check for new drivers and update Adguard.

I got no headaches with bugs, conflicts, performance issues, etc.

I am not saying AppGuard is perfect security, but its close enough for me. I tried to break one of my systems with AG on it once and the only way I managed was to throw it off the wall. It's all true, cross my heart hope to die. Of course, I didn't have a kernel exploit that worked freely available scribbled down on a piece of paper in my front pocket at the time. So maybe my test at that time wasn't entirely accurate nor fair.

 

[Andy Ful]

If you don't let the malware start, it can't infect you, right? Perhaps more vulnerable processes should be blacklisted to make sure nothing starts without your consent? I'm thinking of using appguard along with VS and adding everything from here - https://excubits.com/content/files/blacklist.txt to the guarded applications list, and using install mode when I need to run one of them, what do you think? Obviously as a home user with decent habits I'm pretty much never gonna have to worry about such exploits and things, like you said, but I want the 99.99999% protection

It would be not wise to use both AppGuard and VoodooShield alongside with Kaspersky. If you cannot sleep fearing that you are still unprotected with Kaspersky alone, then use Appguard if you like SRP or VoodooShield if you like anti-exe. My advice is to meditate for a week (for the better sleep), and finally, stick with Kaspersky alone.
If you want 99.99% protection, then use a Chromebook instead Windows (@Lockdown good advice).
You can easily access 99.99999% protection when throwing all computer components and monitor into the blast furnace.
.
Edit
In fact, @Lockdown advice was about using Chrome OS not Chromebook (my mistake).

 

[509322]

It would be not wise to use both AppGuard and VoodooShield alongside with Kaspersky. If you cannot sleep fearing that you are still unprotected with Kaspersky alone, then use Appguard if you like SRP or VoodooShield if you like anti-exe. My advice is to meditate for a week (for the better sleep), and finally, stick with Kaspersky alone.
If you want 99.99% protection, then use a Chromebook instead Windows (@Lockdown good advice).
You can easily access 99.99999% protection when throwing all computer components and monitor into the blast furnace.

1. Don't add AppGuard to KIS, KTS; it is unnecessary
2. If you want really high protection without all the hassle, then use Chrome OS

 

[ichito]

Is it still the thread about Shadow Defender?...maybe I've missed something?

 

[Sunshine-boy]

Chromebook

I can't play league of legends with chrome book lol useless os -_-
But is chrome os more secure than Linux?

 

[Andy Ful]

I can't play league of legends with chrome book lol useless os -_-
But is chrome os more secure than Linux?

I pm you my answer. @ichito is right, this thread is about Shadow Defender.

 

[Deleted member 65228]

But is chrome os more secure than Linux?

Chrome OS is based on Linux. Google haven't made their "own" OS, they just modify the Linux kernel to adapt for their needs. This also means that Android is based on Linux. Of course it isn't identical to the Linux kernel they decide to use, since they will heavily modify it so it is capable of supporting what they need (and remove things they don't happen to want), but they base it on Linux. Windows started using DOS (which they bought from IBM) and then adapted it into MS-DOS, and then they proceeded with the release of Windows NT and continued to develop it since then up to now. Even a majority of hobbyist OS-developers don't make it entirely themselves - they'll usually have assistance from very old articles about OS development, some of which were published around the years 1998-2005 (e.g. OS Wiki, OS Dever, etc.).

Linux tends to be more secure than Windows most of the time because the demand of attack for it is lower compared to Windows (more targeting Windows). Linux also has completely different mechanisms of security which makes it more difficult for an attacker used to Windows to adapt to it in a short-period of time. OS X also tends to be more secure for the same reason. They can still both be targeted by both simple and advanced attacks, so don't believe they are invincible to malicious software (and you also have the danger of web-based phishing the same as whilst using Windows).

@Lockdown and @Andy Ful are right though in my opinion, Chrome OS is a lot more appropriate for an average home user who needs to do web-surfing and that sort of stuff. You can still work with documents through Google Drive, Microsoft Office/WPS Writer and such software (which is actually a big attack vector thanks to macro's) is not necessary at-all a majority of the time.

 

[Andy Ful]

If someone wants to have much of Chromebook security on Windows, then he/she can adopt Shadow Defender on boot. Like in Chrome OS on the Chromebook, after the computer restart, the untouched OS is loaded.
Chrome OS on the standard computer is not as secure as on the Chromebook because the OS is not on the secure partition (I am also not sure if Chrome OS has 'Verified Boot' feature).
Personally, I use Shadow Defender for a long time without any serious problems.
Yet, for browsing, watching the media, document editing, the Chrome OS (or even better the Chromebook) is the best solution.