App Review Shadow Defender vs Malware samples

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Status
Not open for further replies.

safe1st

Level 17
Thread author
Verified
Top Poster
Well-known
Jan 29, 2016
812
As expected, classic malware testing on softwares like SD is futile; to truly test it; MBR-based ransomwares, bioskits/rootkits are the minimum requirements.


You're right :)
But if I find one when testing other security product, will do re-test for sure

Also I show to some people who dont know how exactly this software works

thanks guys
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
if you like to test hard-to-defeat software, what about running a test on ReHIPS?
The isolation won't give the malware even a chance, but you could make it much more interesting by running the samples from a non-isolated location, and let the HIPS alone fight the battle.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
It doesn't restrict driver loading so i guess it can't protect any kernel mode malware. I would assume that's one way to bypass any protection it offers.
the malware can load all the drivers it wants, and muck up the windows kernel, and it's all okay. Because all changes to the system will be erased at reboot. that's the form of protection it is designed to offer. Your system gets temporarily infected, and then you wash it all away at reboot.
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
the malware can load all the drivers it wants, and muck up the windows kernel, and it's all okay. Because all changes to the system will be erased at reboot. that's the form of protection it is designed to offer. Your system gets temporarily infected, and then you wash it all away at reboot.
If you load your drivers you can disable SD. No? I am no malware expert but it's possible.
 
D

Deleted member 178

It doesn't restrict driver loading so i guess it can't protect any kernel mode malware. I would assume that's one way to bypass any protection it offers.

If you load your drivers you can disable SD. No? I am no malware expert but it's possible.

Writing to MBR and partitions are redirected , so the drivers would be also redirected. AFAIK , nothing bypassed SD yet. The last known bypass was a MBR exploitation , this bypass led to the implementation of the MBR protection of SD.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top