ssj100 Security Forums
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Has anyone tried Clean Slate?

+4
eskro
noorismail
ssj100
Rico
8 posters

Page 1 of 3 1, 2, 3  Next

Go down

Has anyone tried Clean Slate? Empty Has anyone tried Clean Slate?

Post by Rico 29/6/2010, 07:51

Hi ssj! since you are quite a security enthusiast I wanted to know what your thoughts and impressions were about the program. Its quite similar to the beloved shadow defender. But I am sceptical about its ability in keeping malware at bay, so I thought you could maybe run the nasties off singlemature's list against them and shed light on them. Resource usage wise SD simply cant be beat but it does include some seemingly 'interesting' features.

Also another question; what are your opions/comments on fortres grand as a security company? I recall from past readings that their sandbox was nothing compared to sandboxie..

Rico
Advanced Member
Advanced Member

Posts : 118
Join date : 2010-06-18

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by ssj100 29/6/2010, 09:47

Hi Rico. I'll look into this in the next few days. Been a bit busy latey!

By the way, could you please give me links to the programs that you want tested?

Ruhe or anyone else, please feel free to test and post! Cheers.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by noorismail 29/6/2010, 13:51

Well,while I never thought I would feel the need to,recent scares have led me to thank at least a look might be a good idea.

Damn!! I wish I did not get rid of my VirtualBox instal!!

In any event I will be testing CleanSlate in a XpSP3 Virtualbox,God Willing!!


fortres grand?? Toes up dead are they not? (spoken of course from a guy that runs a circa Windows 98 firewall)


noor
noorismail
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by Rico 29/6/2010, 18:06

oops Embarassed , heres the link ssj ; http://www.fortresgrand.com/products/cls/cls.htm -- what I realized is that they have a louzy subscription scheme, in every numbered version upgrade people gotta shell out more $$$, kinda like deep freeze's model.
------------------------------------
Out of curiosity, what country are you from ssj bounce

Rico
Advanced Member
Advanced Member

Posts : 118
Join date : 2010-06-18

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by Guest 30/6/2010, 03:55

That's a pity, I hate rentware/leaseware.

Guest
Guest


Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by ssj100 30/6/2010, 08:30

Just had a very quick look at Clean Slate and it seems much more configurable than other programs of this class (Shadow Defender, Returnil, Deep Freeze, Time Freeze etc). For example, there appears to be a clear option to add your "scanner" (presumably programs like an antivirus etc) to the exempted list.

Also, I quite like how it appears to clearly distinguish between a "user" and an "admin". For example, you can always enable the virtual mode for users (across boot) but always keep it disabled for admins.

There also appears to be several other components (layers) of security including some sort of anti-execution protection (up to the point where you can't even write new executables on to the virtual system).

Anyway, seems like a solid program, and very highly configurable. The learning curve is therefore much steeper though.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by ssj100 30/6/2010, 08:58

Okay, just ran a couple of tests and Clean Slate failed them both (in default configuration...the only way I can think of for it to pass is to enable the anti-execution protection, and this isn't really passing the test - it's preventing the test from running in the first place):
https://ssj100.forumotion.com/other-f6/time-freezer-v10-bypass-test-t58.htm#273

"BOOTICE" - FAILED
"WYH Disk killer" - FAILED

EDIT: note the above were tested with the programs running in an ADMIN account with ADMIN rights. I've since tested both of the above in a limited user account, and they were both unable to do anything. This once again shows that running with (system wide) limited rights is truly a free and strong layer of security against real-world malware.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by Rico 1/7/2010, 06:04

how does it fare against the TDL rootkits discovered?
-----------------------------------------------------------------------

ssj, does having sandboxie with LUA and start/run give a similar effect as your setup, in regards to browser malware drivebys.-- My biggest fear

Rico
Advanced Member
Advanced Member

Posts : 118
Join date : 2010-06-18

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by ssj100 1/7/2010, 07:02

Rico wrote:how does it fare against the TDL rootkits discovered?
-----------------------------------------------------------------------

ssj, does having sandboxie with LUA and start/run give a similar effect as your setup, in regards to browser malware drivebys.-- My biggest fear

Hi, not sure about TDL rootkits - if someone could PM me some, I'd be happy to test it out. singlemature's malware samples are mostly in chinese and I don't really understand most of what the samples are trying to do.

And yes, it would pretty much give the same effect as my setup. I also configure Sandboxie to have start/run/internet restrictions too. The thing with SRP is that it is system-wide. So if I took a file out of the sandbox, SRP would still be covering it.

I also think Firefox with NoScript (and intelligent handling of which scripts to allow) would give excellent protection against many (?most) drive-by attacks
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by eskro 12/7/2010, 10:46

That application to me is just THE BEST!!!

#1 CLEANSLATE can Let you decide
what you want to exclude from its protection!
You can exclude Files, Folders,
Entire Drives or even a single Registry Key!!!

#2 CLEANSLATE only needs a LOGON/LOGOFF
to wash away unwanted changes made to your system!!!

#3 CLEANSLATE's total RAM usage is 17MB!!!

#4 CLEANSLATE can turn OFF & ON its protection
without the need of a REBOOT or LOGON/LOGOFF!!!
very useful when you need to change a setting in an application
or save files to a usually protected folder!!!

#5 CLEANSLATE can prohibit any desired file/application from being executed!!!

#6 CLEANSLATE Accommodates AntiVirus Updates Without requiring any effort!!!

#7 CLEANSLATE Accommodates Windows Critical Updates Without requiring any effort!!!

#8 CLEANSLATE needs to tell you more now???? Smile ....
eskro
eskro
Member
Member

Posts : 29
Join date : 2010-07-12

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by ssj100 12/7/2010, 10:49

Thanks eskro. Yes, those are certainly the advantages I noticed when I gave it a test drive the other week. However, it appears Clean Slate's virtualisation engine isn't as strong as Shadow Defender's against Killdisk related malware? Also, it doesn't appear to protect the MBR. Any thoughts on this?
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by eskro 12/7/2010, 10:50

hold on,,,
Killdisk related malware....
explain
eskro
eskro
Member
Member

Posts : 29
Join date : 2010-07-12

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by ssj100 12/7/2010, 11:01

The Killdisk viruses literally destroy the contents of your hard-drive, up to your MBR. There is an example of such a virus in this post here (it's called "WYH Disk killer"):
https://ssj100.forumotion.com/other-f6/time-freezer-v10-bypass-test-t58.htm#273

Please do not test it on your REAL system, even with Clean Slate enabled. When I tested it against Clean Slate in my VM, it was completely bypassed.

By the way, I've asked dax123 to test Clean Slate against some rootkits:
https://ssj100.forumotion.com/shadow-defender-f3/light-virtualization-software-partial-sandbox-test-t166.htm
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by noorismail 12/7/2010, 11:11

Welcome Eskro, from ShadowDefender Forums!!


noor
noorismail
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by eskro 12/7/2010, 11:32

yeah i just tested a bunch of viruses such as KillDisk trojans....

Clean Slate didnt protect my Virtual PC from being destroyed,,,

im ashamed now...... terribly ashamed.....
eskro
eskro
Member
Member

Posts : 29
Join date : 2010-07-12

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by Guest 12/7/2010, 11:53

Has anyone notified Fortres Grand about the bypasses?

Guest
Guest


Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by ssj100 12/7/2010, 12:11

I haven't. eskro, perhaps you can try contacting them about this.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by eskro 12/7/2010, 18:52

i did yes right now,,,
Here's their answer!!

Were you using anti-virus software? Do you remember what your settings were? And yes if you can send me that file as a .rar that would be great.



Also, when you reinstall Clean Slate you will want to install the current build, which is build 3230. Here is the download link for that.



http://www.fortresgrand.com/redirect.asp?url=downloads/CSv65b3230.exe

Because of the high volume of email to which we respond, please leave all of the previous message (unless it's unbearable) in your reply so we can better remember your original message.

Thanks,

Rob Kadlec rekadlec@fortresgrand.com

Fortres Grand Corporation www.fortresgrand.com

ph: 800.331.0372 intl: 574.935.3868

fax: 800.882.4381 intl: 574.935.3869
eskro
eskro
Member
Member

Posts : 29
Join date : 2010-07-12

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by ssj100 13/7/2010, 03:48

Sounds like they are quick to respond, which is always good.

However, I don't understand what antivirus software has to do with this. We're not testing black-listing. We're testing light virtualisation technology against malware.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by Guest 13/7/2010, 04:00

Maybe they think that anti virus software is interfering with the ability of their software to function as it should.

ssj100 wrote:Sounds like they are quick to respond, which is always good.

However, I don't understand what antivirus software has to do with this. We're not testing black-listing. We're testing light virtualisation technology against malware.

Guest
Guest


Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by eskro 14/7/2010, 19:08

EMAIL FOLLOW UP

SUPPORT said; Clean Slate does not allow any writes to the MBR when security is enabled. This is true even if the item attempting to do such is an Exempt Application. I ran the a.exe from ghost's shadow directory and rebooted. No change to my system. Extracted the file again and ran it. Since each time I run the a.exe file it gets removed from the extracted file directory. I extracted it yet again and ran it a 2nd time, then rebooted. System is up and running without fail.

How was it that you came to suspect that the MBR was modified?

eSkRo said; wrong file here...

the file that destoyed my pc was virus.exe ,,,

here's a link to it --> http://rapidshare.com/files/406798732/I_am_virus.rar?ref=A82C19D3541605FC7D48C4CBD72D0A26&directstart=1

extract and run virus.exe from your virtual pc...
eskro
eskro
Member
Member

Posts : 29
Join date : 2010-07-12

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by ssj100 15/7/2010, 02:16

Not sure what tool they are testing to modify the MBR. You can see that the MBR is modified by using a genuine tool (not a virus) called "BOOTICE":
https://ssj100.forumotion.com/other-f6/time-freezer-v10-bypass-test-t58.htm#273

And as stated before, Clean Slate is bypassed by "WYH Disk killer" in my VM - you can simply link them to that post made by singlemature.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by eskro 15/7/2010, 21:56

support team says;
I'm passing this along to the developers to test and look at.
I'll let you know how things go.

eSkRo said;
ok...
i won't use cleanslate for now as it didn't protect my PC like advertised....
keep me updated...
thx

support team answered;
Will do.
Thanks,
Rob
eskro
eskro
Member
Member

Posts : 29
Join date : 2010-07-12

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by eskro 20/9/2010, 05:01

Hi guys!

Long Time No See! Smile

I'm still waiting a reply from CLean Slate regarding;

failure to protect against ---> WYH Disk killer
failure to protect against ---> BOOTICE

I emailed them again about it today,,,,

Hope to receive a reply soon....

I'll keep you guys updated...
eskro
eskro
Member
Member

Posts : 29
Join date : 2010-07-12

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by ssj100 20/9/2010, 10:10

Thanks for the update eskro. I don't know for sure, but something tells me they aren't too interested in this.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Has anyone tried Clean Slate? Empty Re: Has anyone tried Clean Slate?

Post by Sponsored content


Sponsored content


Back to top Go down

Page 1 of 3 1, 2, 3  Next

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum