Has Toolwiz TF been professionally tested? I thought it was a newer product and have heard of no recent virtualization tests.
Professionally tested? No, I don't think so. However, I myself did do some tests on a 32-bit Windows XP in Microsoft Virtual PC 2007. I used two droppers/samples I have of TDL3 and TDL4. I normally use Oracle VM VirtualBox for generic tasks but TDL doesn't behave well in it (it is VM aware or just buggy VirtualBox drivers, I don't know) so I used the Microsoft one instead. First I checked whether TDL successfully infected the system by running each dropper and then scanning with the latest version of TDSSKiller with the option to detect the TDSS file system enabled as well. Results were positive - both rootkits successfully infected the system. Then I reset the system to the original clean state, start it, install the virtualization application, reboot (if needed by the product), activate the virtualization, run the dropper, stop the virtualization (discarding changes of course), reboot, scan with TDSSKiller to see what the situation is. Repeat this paragraph for every virtualization application twice - once for each TDL version. Only Shadow Defender manages to withstand to the rootkit completely. This applies to all 3 latest versions: 1.1.0.325, 1.1.0.326 and (the controversial) 1.1.0.331. Returnil System Safe Free seems to prevent the rootkit installation but allows the TDSS file system to be created. This should be basically a success/pass, as the file system should be harmless without the actuall rootkit. However, both rootkits did cause freezes/crashes of the virtual machine. Such did not occur with the other virtualization applications. Wondershare Time Freeze, Toolwiz TimeFreeze and the older Returnil Virtual System Personal Edition 2.0.1.9002 all fail and rootkits were present after the reboot. It's not a professional test so it might not hold any merit for some/many of you but it's good enough for me and I decided to share the results just in case. P.S.: I wanted to test the TDL4 rootkit on a Windows 7 x64 virtual machine but since the rootkit doesn't like VirtualBox and Microsoft's products don't support 64-bit guests I couldn't do it. I just couldn't be bothered to install VMware Player today, to me it's much more of a hassle than Virtual PC is: larger download, longer installation, more settings, manual edit of the VM file, etc.
Thanks for the info. No it may not be a professional test but is certainly worth notifying the developers of. They seem very responsive. I've done some similar testing with rogue AV's and Toolwiz TF did well against those; but then again they are not as sophisticated as the TDSS baddies.
It may not be professional but it mirrors similar results that wondershare time freeze and toolwiz ( similar in technology to time freeze) are ineffective to TDl root kits. So far the only thing that I have found is effective is shadow defender. Its too bad too because I do love being able to disable time freeze on the fly.
My personal opinion is that Toolwiz is more a tool, a set of features, to test clean software and fully uninstall it rather than a protection/security application. That fact of the driver does not load at boot time (MBR) could be related to the failure against rootkits. But I'm not an expert on it.
It still fails in that category: run the Trustware test and you will see. If you protect "Documents" folder containing files and sub-folders, the test can read files name but not sub-folders name.
Yes, to read files name is feasible - but isn't attainable to open or to change them. So TTF'file protection feature is effective.
Sometimes file names still have sensitive information. I don't understand why sub-folder names are not readable. Anyway if you add a folder in a protection list, it means that it should make it read-write protected like Outpost's file/folder protection.
I can agree... With 'Toolwiz TF', folder protection is a 'Disable Acess' method. E.g. 'Wondershare TF' has two methods: 'Disable Acess' and 'Disable Changes' - and WTF, with 'Disable Acess', doesn't allow to open the protected folder itself (no sensitive information indeed...). BTW, be carefull when choosing the protected folder; system folders should not be protected never ('My Documents' also IMO): a BSOD could comes out with a 'fltMgr.sys' file source.
I already had a similar BSOD in a test machine. Can you please explain the reason why fltmgr.sys has to do something with "Documents" folder?
@sg09 http://www.personalcomputerfixes.com/general-errors/how-to-prevent-fltmgr-sys-blue-screen-errors/ I think if you have your own/private files in default place (C:\Documents and Settings), you shouldn't block access to this area. This folder contains other folders which are probably very important to proper work of system (LocalService, NetworService). Much better is to move privat files (whole content) in other non-system disk. The same I can say about downloading files to the desktop what is default option of system or some programs. The other reason to not have own files in C:\ - when system is crashed or corrupted all private files saved on it can be lost.
Thanks.. I rarely save any important files in "documents".. I did so to only test the efficiency of TTF against Trustware test.
I did the same...but in very deep past To the moment when my system was first time crashed and corrupted OK...I've understood
WTF always makes me smile, a most unfortunate acronym if there was ever one... BTW I just checked on their website and they're still pushing v2.0.3. This version has been released ages ago, a sign that the company behind the software lacks the coding talent to develop what they have further. The same thing happens with the unknown ...hacks who have acquired Shadow Defender. Those people - whoever they are - will keep selling Tony's code for as long as they can without any hope of further development. At least the people behind WTF are answering e-mails and offer support. The current SD owners are a total disgrace. I just hope Tony is still alive somewhere. It's funny how the mindset of doing business is so different in China. There are certain business ethics that would be unacceptable in the western world, but they are considered OK over there. I have had extensive business dealings with Chinese companies in the past so I speak from personal experience. Transparency of operation is not always important to them, and the way the westerners do things are often seen by them as a sign of weakness - just another part of the often complicated Chinese mindset.
Here is the official download link. -http://www.toolwiz.com/index.php?sdmon=software_download/Setup_TimeFreeze.exe-
I think the file protection issue sg09 met was because of the wildcard rule. If you add c:\aaaa\* to their protection list. you will see all the subfolders and files from c:\aaaa\. but if you add c:\aaaa* to the protection list, the aaaa folder will be protected too. I hope James can offer a rule edit button to let users to make their own protection rule. such as c:\aaa\*.doc. that will be great.
Anyone tried installing it in Windows 7 x64? Running the installer does nothing. >< Can someone provide me the version 1.0.0.0 of Toolwiz Time Freeze? I still have problems with the latest version. I tried their System Care and I also can't install it. I tried their other products and it installed perfectly.
I have installed the latest version on my Win7 Home Premium x64 w/o any problem. I haven't tried system care! Also I don't have the first version. May be you can register to their forum and ask help or simply mail to James at james[at]toolwiz.com
I've finally installed it. Forgot I have EMET and the DEP is the one that's crashing the installer. ><
