Has anyone tried Clean Slate?
+4
eskro
noorismail
ssj100
Rico
8 posters
Page 1 of 3
Page 1 of 3 • 1, 2, 3
Has anyone tried Clean Slate?
Hi ssj! since you are quite a security enthusiast I wanted to know what your thoughts and impressions were about the program. Its quite similar to the beloved shadow defender. But I am sceptical about its ability in keeping malware at bay, so I thought you could maybe run the nasties off singlemature's list against them and shed light on them. Resource usage wise SD simply cant be beat but it does include some seemingly 'interesting' features.
Also another question; what are your opions/comments on fortres grand as a security company? I recall from past readings that their sandbox was nothing compared to sandboxie..
Also another question; what are your opions/comments on fortres grand as a security company? I recall from past readings that their sandbox was nothing compared to sandboxie..
Rico- Advanced Member
- Posts : 118
Join date : 2010-06-18
Re: Has anyone tried Clean Slate?
Hi Rico. I'll look into this in the next few days. Been a bit busy latey!
By the way, could you please give me links to the programs that you want tested?
Ruhe or anyone else, please feel free to test and post! Cheers.
By the way, could you please give me links to the programs that you want tested?
Ruhe or anyone else, please feel free to test and post! Cheers.
Re: Has anyone tried Clean Slate?
Well,while I never thought I would feel the need to,recent scares have led me to thank at least a look might be a good idea.
Damn!! I wish I did not get rid of my VirtualBox instal!!
In any event I will be testing CleanSlate in a XpSP3 Virtualbox,God Willing!!
fortres grand?? Toes up dead are they not? (spoken of course from a guy that runs a circa Windows 98 firewall)
noor
Damn!! I wish I did not get rid of my VirtualBox instal!!
In any event I will be testing CleanSlate in a XpSP3 Virtualbox,God Willing!!
fortres grand?? Toes up dead are they not? (spoken of course from a guy that runs a circa Windows 98 firewall)
noor
noorismail- Moderator
- Posts : 193
Join date : 2010-06-23
Re: Has anyone tried Clean Slate?
oops , heres the link ssj ; http://www.fortresgrand.com/products/cls/cls.htm -- what I realized is that they have a louzy subscription scheme, in every numbered version upgrade people gotta shell out more $$$, kinda like deep freeze's model.
------------------------------------
Out of curiosity, what country are you from ssj
------------------------------------
Out of curiosity, what country are you from ssj
Rico- Advanced Member
- Posts : 118
Join date : 2010-06-18
Re: Has anyone tried Clean Slate?
Just had a very quick look at Clean Slate and it seems much more configurable than other programs of this class (Shadow Defender, Returnil, Deep Freeze, Time Freeze etc). For example, there appears to be a clear option to add your "scanner" (presumably programs like an antivirus etc) to the exempted list.
Also, I quite like how it appears to clearly distinguish between a "user" and an "admin". For example, you can always enable the virtual mode for users (across boot) but always keep it disabled for admins.
There also appears to be several other components (layers) of security including some sort of anti-execution protection (up to the point where you can't even write new executables on to the virtual system).
Anyway, seems like a solid program, and very highly configurable. The learning curve is therefore much steeper though.
Also, I quite like how it appears to clearly distinguish between a "user" and an "admin". For example, you can always enable the virtual mode for users (across boot) but always keep it disabled for admins.
There also appears to be several other components (layers) of security including some sort of anti-execution protection (up to the point where you can't even write new executables on to the virtual system).
Anyway, seems like a solid program, and very highly configurable. The learning curve is therefore much steeper though.
Re: Has anyone tried Clean Slate?
Okay, just ran a couple of tests and Clean Slate failed them both (in default configuration...the only way I can think of for it to pass is to enable the anti-execution protection, and this isn't really passing the test - it's preventing the test from running in the first place):
https://ssj100.forumotion.com/other-f6/time-freezer-v10-bypass-test-t58.htm#273
"BOOTICE" - FAILED
"WYH Disk killer" - FAILED
EDIT: note the above were tested with the programs running in an ADMIN account with ADMIN rights. I've since tested both of the above in a limited user account, and they were both unable to do anything. This once again shows that running with (system wide) limited rights is truly a free and strong layer of security against real-world malware.
https://ssj100.forumotion.com/other-f6/time-freezer-v10-bypass-test-t58.htm#273
"BOOTICE" - FAILED
"WYH Disk killer" - FAILED
EDIT: note the above were tested with the programs running in an ADMIN account with ADMIN rights. I've since tested both of the above in a limited user account, and they were both unable to do anything. This once again shows that running with (system wide) limited rights is truly a free and strong layer of security against real-world malware.
Re: Has anyone tried Clean Slate?
how does it fare against the TDL rootkits discovered?
-----------------------------------------------------------------------
ssj, does having sandboxie with LUA and start/run give a similar effect as your setup, in regards to browser malware drivebys.-- My biggest fear
-----------------------------------------------------------------------
ssj, does having sandboxie with LUA and start/run give a similar effect as your setup, in regards to browser malware drivebys.-- My biggest fear
Rico- Advanced Member
- Posts : 118
Join date : 2010-06-18
Re: Has anyone tried Clean Slate?
Rico wrote:how does it fare against the TDL rootkits discovered?
-----------------------------------------------------------------------
ssj, does having sandboxie with LUA and start/run give a similar effect as your setup, in regards to browser malware drivebys.-- My biggest fear
Hi, not sure about TDL rootkits - if someone could PM me some, I'd be happy to test it out. singlemature's malware samples are mostly in chinese and I don't really understand most of what the samples are trying to do.
And yes, it would pretty much give the same effect as my setup. I also configure Sandboxie to have start/run/internet restrictions too. The thing with SRP is that it is system-wide. So if I took a file out of the sandbox, SRP would still be covering it.
I also think Firefox with NoScript (and intelligent handling of which scripts to allow) would give excellent protection against many (?most) drive-by attacks
Re: Has anyone tried Clean Slate?
That application to me is just THE BEST!!!
#1 CLEANSLATE can Let you decide
what you want to exclude from its protection!
You can exclude Files, Folders,
Entire Drives or even a single Registry Key!!!
#2 CLEANSLATE only needs a LOGON/LOGOFF
to wash away unwanted changes made to your system!!!
#3 CLEANSLATE's total RAM usage is 17MB!!!
#4 CLEANSLATE can turn OFF & ON its protection
without the need of a REBOOT or LOGON/LOGOFF!!!
very useful when you need to change a setting in an application
or save files to a usually protected folder!!!
#5 CLEANSLATE can prohibit any desired file/application from being executed!!!
#6 CLEANSLATE Accommodates AntiVirus Updates Without requiring any effort!!!
#7 CLEANSLATE Accommodates Windows Critical Updates Without requiring any effort!!!
#8 CLEANSLATE needs to tell you more now???? ....
eskro- Member
- Posts : 29
Join date : 2010-07-12
Re: Has anyone tried Clean Slate?
Thanks eskro. Yes, those are certainly the advantages I noticed when I gave it a test drive the other week. However, it appears Clean Slate's virtualisation engine isn't as strong as Shadow Defender's against Killdisk related malware? Also, it doesn't appear to protect the MBR. Any thoughts on this?
Re: Has anyone tried Clean Slate?
hold on,,,
Killdisk related malware....
explain
Killdisk related malware....
explain
eskro- Member
- Posts : 29
Join date : 2010-07-12
Re: Has anyone tried Clean Slate?
The Killdisk viruses literally destroy the contents of your hard-drive, up to your MBR. There is an example of such a virus in this post here (it's called "WYH Disk killer"):
https://ssj100.forumotion.com/other-f6/time-freezer-v10-bypass-test-t58.htm#273
Please do not test it on your REAL system, even with Clean Slate enabled. When I tested it against Clean Slate in my VM, it was completely bypassed.
By the way, I've asked dax123 to test Clean Slate against some rootkits:
https://ssj100.forumotion.com/shadow-defender-f3/light-virtualization-software-partial-sandbox-test-t166.htm
https://ssj100.forumotion.com/other-f6/time-freezer-v10-bypass-test-t58.htm#273
Please do not test it on your REAL system, even with Clean Slate enabled. When I tested it against Clean Slate in my VM, it was completely bypassed.
By the way, I've asked dax123 to test Clean Slate against some rootkits:
https://ssj100.forumotion.com/shadow-defender-f3/light-virtualization-software-partial-sandbox-test-t166.htm
Re: Has anyone tried Clean Slate?
Welcome Eskro, from ShadowDefender Forums!!
noor
noor
noorismail- Moderator
- Posts : 193
Join date : 2010-06-23
Re: Has anyone tried Clean Slate?
yeah i just tested a bunch of viruses such as KillDisk trojans....
Clean Slate didnt protect my Virtual PC from being destroyed,,,
im ashamed now...... terribly ashamed.....
Clean Slate didnt protect my Virtual PC from being destroyed,,,
im ashamed now...... terribly ashamed.....
eskro- Member
- Posts : 29
Join date : 2010-07-12
Re: Has anyone tried Clean Slate?
i did yes right now,,,
Here's their answer!!
Here's their answer!!
Were you using anti-virus software? Do you remember what your settings were? And yes if you can send me that file as a .rar that would be great.
Also, when you reinstall Clean Slate you will want to install the current build, which is build 3230. Here is the download link for that.
http://www.fortresgrand.com/redirect.asp?url=downloads/CSv65b3230.exe
Because of the high volume of email to which we respond, please leave all of the previous message (unless it's unbearable) in your reply so we can better remember your original message.
Thanks,
Rob Kadlec rekadlec@fortresgrand.com
Fortres Grand Corporation www.fortresgrand.com
ph: 800.331.0372 intl: 574.935.3868
fax: 800.882.4381 intl: 574.935.3869
eskro- Member
- Posts : 29
Join date : 2010-07-12
Re: Has anyone tried Clean Slate?
Sounds like they are quick to respond, which is always good.
However, I don't understand what antivirus software has to do with this. We're not testing black-listing. We're testing light virtualisation technology against malware.
However, I don't understand what antivirus software has to do with this. We're not testing black-listing. We're testing light virtualisation technology against malware.
Re: Has anyone tried Clean Slate?
Maybe they think that anti virus software is interfering with the ability of their software to function as it should.
ssj100 wrote:Sounds like they are quick to respond, which is always good.
However, I don't understand what antivirus software has to do with this. We're not testing black-listing. We're testing light virtualisation technology against malware.
Guest- Guest
Re: Has anyone tried Clean Slate?
EMAIL FOLLOW UP
SUPPORT said; Clean Slate does not allow any writes to the MBR when security is enabled. This is true even if the item attempting to do such is an Exempt Application. I ran the a.exe from ghost's shadow directory and rebooted. No change to my system. Extracted the file again and ran it. Since each time I run the a.exe file it gets removed from the extracted file directory. I extracted it yet again and ran it a 2nd time, then rebooted. System is up and running without fail.
How was it that you came to suspect that the MBR was modified?
eSkRo said; wrong file here...
the file that destoyed my pc was virus.exe ,,,
here's a link to it --> http://rapidshare.com/files/406798732/I_am_virus.rar?ref=A82C19D3541605FC7D48C4CBD72D0A26&directstart=1
extract and run virus.exe from your virtual pc...
eskro- Member
- Posts : 29
Join date : 2010-07-12
Re: Has anyone tried Clean Slate?
Not sure what tool they are testing to modify the MBR. You can see that the MBR is modified by using a genuine tool (not a virus) called "BOOTICE":
https://ssj100.forumotion.com/other-f6/time-freezer-v10-bypass-test-t58.htm#273
And as stated before, Clean Slate is bypassed by "WYH Disk killer" in my VM - you can simply link them to that post made by singlemature.
https://ssj100.forumotion.com/other-f6/time-freezer-v10-bypass-test-t58.htm#273
And as stated before, Clean Slate is bypassed by "WYH Disk killer" in my VM - you can simply link them to that post made by singlemature.
Re: Has anyone tried Clean Slate?
support team says;
I'm passing this along to the developers to test and look at.
I'll let you know how things go.
eSkRo said;
ok...
i won't use cleanslate for now as it didn't protect my PC like advertised....
keep me updated...
thx
support team answered;
Will do.
Thanks,
Rob
eskro- Member
- Posts : 29
Join date : 2010-07-12
Re: Has anyone tried Clean Slate?
Hi guys!
Long Time No See!
I'm still waiting a reply from CLean Slate regarding;
failure to protect against ---> WYH Disk killer
failure to protect against ---> BOOTICE
I emailed them again about it today,,,,
Hope to receive a reply soon....
I'll keep you guys updated...
Long Time No See!
I'm still waiting a reply from CLean Slate regarding;
failure to protect against ---> WYH Disk killer
failure to protect against ---> BOOTICE
I emailed them again about it today,,,,
Hope to receive a reply soon....
I'll keep you guys updated...
eskro- Member
- Posts : 29
Join date : 2010-07-12
Re: Has anyone tried Clean Slate?
Thanks for the update eskro. I don't know for sure, but something tells me they aren't too interested in this.
Page 1 of 3 • 1, 2, 3
Page 1 of 3
Permissions in this forum:
You cannot reply to topics in this forum
|
|