Has anyone tried Clean Slate?

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

Has anyone tried Clean Slate?

Post by Rico on 29/6/2010, 07:51

Hi ssj! since you are quite a security enthusiast I wanted to know what your thoughts and impressions were about the program. Its quite similar to the beloved shadow defender. But I am sceptical about its ability in keeping malware at bay, so I thought you could maybe run the nasties off singlemature's list against them and shed light on them. Resource usage wise SD simply cant be beat but it does include some seemingly 'interesting' features.

Also another question; what are your opions/comments on fortres grand as a security company? I recall from past readings that their sandbox was nothing compared to sandboxie..

Rico
Advanced Member
Advanced Member

Posts : 118
Join date : 2010-06-18

View user profile

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by ssj100 on 29/6/2010, 09:47

Hi Rico. I'll look into this in the next few days. Been a bit busy latey!

By the way, could you please give me links to the programs that you want tested?

Ruhe or anyone else, please feel free to test and post! Cheers.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by noorismail on 29/6/2010, 13:51

Well,while I never thought I would feel the need to,recent scares have led me to thank at least a look might be a good idea.

Damn!! I wish I did not get rid of my VirtualBox instal!!

In any event I will be testing CleanSlate in a XpSP3 Virtualbox,God Willing!!


fortres grand?? Toes up dead are they not? (spoken of course from a guy that runs a circa Windows 98 firewall)


noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by Rico on 29/6/2010, 18:06

oops Embarassed , heres the link ssj ; http://www.fortresgrand.com/products/cls/cls.htm -- what I realized is that they have a louzy subscription scheme, in every numbered version upgrade people gotta shell out more $$$, kinda like deep freeze's model.
------------------------------------
Out of curiosity, what country are you from ssj bounce

Rico
Advanced Member
Advanced Member

Posts : 118
Join date : 2010-06-18

View user profile

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by Guest on 30/6/2010, 03:55

That's a pity, I hate rentware/leaseware.

Guest
Guest


Back to top Go down

Re: Has anyone tried Clean Slate?

Post by ssj100 on 30/6/2010, 08:30

Just had a very quick look at Clean Slate and it seems much more configurable than other programs of this class (Shadow Defender, Returnil, Deep Freeze, Time Freeze etc). For example, there appears to be a clear option to add your "scanner" (presumably programs like an antivirus etc) to the exempted list.

Also, I quite like how it appears to clearly distinguish between a "user" and an "admin". For example, you can always enable the virtual mode for users (across boot) but always keep it disabled for admins.

There also appears to be several other components (layers) of security including some sort of anti-execution protection (up to the point where you can't even write new executables on to the virtual system).

Anyway, seems like a solid program, and very highly configurable. The learning curve is therefore much steeper though.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by ssj100 on 30/6/2010, 08:58

Okay, just ran a couple of tests and Clean Slate failed them both (in default configuration...the only way I can think of for it to pass is to enable the anti-execution protection, and this isn't really passing the test - it's preventing the test from running in the first place):
http://ssj100.fullsubject.com/other-f6/time-freezer-v10-bypass-test-t58.htm#273

"BOOTICE" - FAILED
"WYH Disk killer" - FAILED

EDIT: note the above were tested with the programs running in an ADMIN account with ADMIN rights. I've since tested both of the above in a limited user account, and they were both unable to do anything. This once again shows that running with (system wide) limited rights is truly a free and strong layer of security against real-world malware.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by Rico on 1/7/2010, 06:04

how does it fare against the TDL rootkits discovered?
-----------------------------------------------------------------------

ssj, does having sandboxie with LUA and start/run give a similar effect as your setup, in regards to browser malware drivebys.-- My biggest fear

Rico
Advanced Member
Advanced Member

Posts : 118
Join date : 2010-06-18

View user profile

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by ssj100 on 1/7/2010, 07:02

Rico wrote:how does it fare against the TDL rootkits discovered?
-----------------------------------------------------------------------

ssj, does having sandboxie with LUA and start/run give a similar effect as your setup, in regards to browser malware drivebys.-- My biggest fear

Hi, not sure about TDL rootkits - if someone could PM me some, I'd be happy to test it out. singlemature's malware samples are mostly in chinese and I don't really understand most of what the samples are trying to do.

And yes, it would pretty much give the same effect as my setup. I also configure Sandboxie to have start/run/internet restrictions too. The thing with SRP is that it is system-wide. So if I took a file out of the sandbox, SRP would still be covering it.

I also think Firefox with NoScript (and intelligent handling of which scripts to allow) would give excellent protection against many (?most) drive-by attacks

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by eskro on 12/7/2010, 10:46

That application to me is just THE BEST!!!

#1 CLEANSLATE can Let you decide
what you want to exclude from its protection!
You can exclude Files, Folders,
Entire Drives or even a single Registry Key!!!

#2 CLEANSLATE only needs a LOGON/LOGOFF
to wash away unwanted changes made to your system!!!

#3 CLEANSLATE's total RAM usage is 17MB!!!

#4 CLEANSLATE can turn OFF & ON its protection
without the need of a REBOOT or LOGON/LOGOFF!!!
very useful when you need to change a setting in an application
or save files to a usually protected folder!!!

#5 CLEANSLATE can prohibit any desired file/application from being executed!!!

#6 CLEANSLATE Accommodates AntiVirus Updates Without requiring any effort!!!

#7 CLEANSLATE Accommodates Windows Critical Updates Without requiring any effort!!!

#8 CLEANSLATE needs to tell you more now???? Smile ....
avatar
eskro
Member
Member

Posts : 29
Join date : 2010-07-12

View user profile

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by ssj100 on 12/7/2010, 10:49

Thanks eskro. Yes, those are certainly the advantages I noticed when I gave it a test drive the other week. However, it appears Clean Slate's virtualisation engine isn't as strong as Shadow Defender's against Killdisk related malware? Also, it doesn't appear to protect the MBR. Any thoughts on this?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by eskro on 12/7/2010, 10:50

hold on,,,
Killdisk related malware....
explain
avatar
eskro
Member
Member

Posts : 29
Join date : 2010-07-12

View user profile

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by ssj100 on 12/7/2010, 11:01

The Killdisk viruses literally destroy the contents of your hard-drive, up to your MBR. There is an example of such a virus in this post here (it's called "WYH Disk killer"):
http://ssj100.fullsubject.com/other-f6/time-freezer-v10-bypass-test-t58.htm#273

Please do not test it on your REAL system, even with Clean Slate enabled. When I tested it against Clean Slate in my VM, it was completely bypassed.

By the way, I've asked dax123 to test Clean Slate against some rootkits:
http://ssj100.fullsubject.com/shadow-defender-f3/light-virtualization-software-partial-sandbox-test-t166.htm

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by noorismail on 12/7/2010, 11:11

Welcome Eskro, from ShadowDefender Forums!!


noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by eskro on 12/7/2010, 11:32

yeah i just tested a bunch of viruses such as KillDisk trojans....

Clean Slate didnt protect my Virtual PC from being destroyed,,,

im ashamed now...... terribly ashamed.....
avatar
eskro
Member
Member

Posts : 29
Join date : 2010-07-12

View user profile

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by Guest on 12/7/2010, 11:53

Has anyone notified Fortres Grand about the bypasses?

Guest
Guest


Back to top Go down

Re: Has anyone tried Clean Slate?

Post by ssj100 on 12/7/2010, 12:11

I haven't. eskro, perhaps you can try contacting them about this.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by eskro on 12/7/2010, 18:52

i did yes right now,,,
Here's their answer!!

Were you using anti-virus software? Do you remember what your settings were? And yes if you can send me that file as a .rar that would be great.



Also, when you reinstall Clean Slate you will want to install the current build, which is build 3230. Here is the download link for that.



http://www.fortresgrand.com/redirect.asp?url=downloads/CSv65b3230.exe

Because of the high volume of email to which we respond, please leave all of the previous message (unless it's unbearable) in your reply so we can better remember your original message.

Thanks,

Rob Kadlec rekadlec@fortresgrand.com

Fortres Grand Corporation www.fortresgrand.com

ph: 800.331.0372 intl: 574.935.3868

fax: 800.882.4381 intl: 574.935.3869
avatar
eskro
Member
Member

Posts : 29
Join date : 2010-07-12

View user profile

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by ssj100 on 13/7/2010, 03:48

Sounds like they are quick to respond, which is always good.

However, I don't understand what antivirus software has to do with this. We're not testing black-listing. We're testing light virtualisation technology against malware.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by Guest on 13/7/2010, 04:00

Maybe they think that anti virus software is interfering with the ability of their software to function as it should.

ssj100 wrote:Sounds like they are quick to respond, which is always good.

However, I don't understand what antivirus software has to do with this. We're not testing black-listing. We're testing light virtualisation technology against malware.

Guest
Guest


Back to top Go down

Re: Has anyone tried Clean Slate?

Post by eskro on 14/7/2010, 19:08

EMAIL FOLLOW UP

SUPPORT said; Clean Slate does not allow any writes to the MBR when security is enabled. This is true even if the item attempting to do such is an Exempt Application. I ran the a.exe from ghost's shadow directory and rebooted. No change to my system. Extracted the file again and ran it. Since each time I run the a.exe file it gets removed from the extracted file directory. I extracted it yet again and ran it a 2nd time, then rebooted. System is up and running without fail.

How was it that you came to suspect that the MBR was modified?

eSkRo said; wrong file here...

the file that destoyed my pc was virus.exe ,,,

here's a link to it --> http://rapidshare.com/files/406798732/I_am_virus.rar?ref=A82C19D3541605FC7D48C4CBD72D0A26&directstart=1

extract and run virus.exe from your virtual pc...
avatar
eskro
Member
Member

Posts : 29
Join date : 2010-07-12

View user profile

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by ssj100 on 15/7/2010, 02:16

Not sure what tool they are testing to modify the MBR. You can see that the MBR is modified by using a genuine tool (not a virus) called "BOOTICE":
http://ssj100.fullsubject.com/other-f6/time-freezer-v10-bypass-test-t58.htm#273

And as stated before, Clean Slate is bypassed by "WYH Disk killer" in my VM - you can simply link them to that post made by singlemature.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by eskro on 15/7/2010, 21:56

support team says;
I'm passing this along to the developers to test and look at.
I'll let you know how things go.

eSkRo said;
ok...
i won't use cleanslate for now as it didn't protect my PC like advertised....
keep me updated...
thx

support team answered;
Will do.
Thanks,
Rob
avatar
eskro
Member
Member

Posts : 29
Join date : 2010-07-12

View user profile

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by eskro on 20/9/2010, 05:01

Hi guys!

Long Time No See! Smile

I'm still waiting a reply from CLean Slate regarding;

failure to protect against ---> WYH Disk killer
failure to protect against ---> BOOTICE

I emailed them again about it today,,,,

Hope to receive a reply soon....

I'll keep you guys updated...
avatar
eskro
Member
Member

Posts : 29
Join date : 2010-07-12

View user profile

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by ssj100 on 20/9/2010, 10:10

Thanks for the update eskro. I don't know for sure, but something tells me they aren't too interested in this.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Has anyone tried Clean Slate?

Post by Sponsored content


Sponsored content


Back to top Go down

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum