Spyware Warrior

[eburger68]

Hi All:

Given the level of interest in this forum in the new generation of pro-active, preventitive anti-malware applications, we thought it might be useful to post a preliminary list of these types of applications. The following list was taken from this web page:

http://www.spywarewarrior.com/uiuc/soft5.htm

[nicM]

Hi Eric,


As you asked for some links to reviews about these programs, here is a link to Karedjag's blog, where several of these programs were tested :

http://kareldjag.over-blog.com/categorie-69553.html



I did take part in some tests on DefenseWall lately, you can find the review here (7 pages total) :

http://security.over-blog.com/article-3030160.html


Bunches of malwares were used during these tests, to see "how" is the program protecting.


The tests about other white-list based programs are in process, and similar reviews about Prevx and Kaspersky's proactive module will be available soon .


nicM

[Moore]

Nice list

Maybe also these for HIPS :

Appdefend -
http://www.ghostsecurity.com/index.php?page=appdefend
http://www.wilderssecurity.com/forumdisplay.php?f=78

Regdefend -
http://www.ghostsecurity.com/index.php?page=regdefend
http://www.wilderssecurity.com/forumdisplay.php?f=72

Regrun -
http://www.greatis.com/security/
http://spywarewarrior.com/viewtopic.php?t=8896
http://spywarewarrior.com/viewtopic.php?t=20032

Dynamic Security Agent -
http://www.privacyware.com/dynamic_security_agent2.html

and to some extent Winpatrol could fit in here.


Deepfreeze [ virtualization section ].
http://www.faronics.com/html/deepfreeze.asp

Anti-Executable [ sandbox - hips ] :
http://www.faronics.com/html/AntiExec.asp


Possibly this [ havent tested it yet ] - Altiris Software Virtualization Solution:

[eburger68]

nicM & Moore:

Thanks for the suggestions. I have added most, but not all, of the suggested applications to the list.

Best,

Eric L. Howes

[mikey]

Personally, I think a distinction should be made here between process filters and the sandbox type tools. I tried to make that distinction here; http://www.spywarewarrior.com/viewtopic.php?t=8622 They are two distinctly different kinds of tools and really IMO don't belong in the same listing.

Additionally, sandbox type tools are generally not user friendly. Also, I have yet to see a sandbox tool that wasn't terribly flawed.

On the other hand, there are several process filters around that have proven themselves to stop every type infection currently known. The concept is simple; If it can't initiate, it can't infect.

BTW Another tool I think worthy of mentioning would be SpywareTerminator...discussed here; http://www.spywarewarrior.com/viewtopic.php?t=19553 After quite a bit of looking at it(several months), I think it has enough merit to be mentioned here even tho it was once listed as a rogue.

Anyway, I believe that if you guys truely wish to educate the users so that they will no longer be dependant on the reactive malware scanners that have been obsolete for several years, you will make the distinction between these two obviously different types of proactive tools.
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE

Spyware/Adware is NOT freeware, it costs all of us dearly.

Mikey's Stuff

Fiddler and friends...essential web diagnostic, forensic, & development tools.
-

[eburger68]

Mikey:

The lists stays as it is for now, unless you want to break up the HIPS/Sandbox list into their respective parts and PM me with the results.

As for Spyware Terminator, a number of anti-spyware scanners are incorporating kernel level prevention technologies. If I list Spyware Terminator, I'm going to have to list the others as well -- no preferences. Yet, I'm reluctant to add mention of every single one that has done this, lest this list simply become yet another long, general list of anti-spyware tools.

Eric L. Howes

[mikey]

That's cool.

BTW I recognize and appreciate your trying to include the proactive tools in the teachings around here. Thx.

=======

The list of process firewalls is a fairly short one compared to this entire list. I'll try to get back to you(PM) asap. Thx again.
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE

Spyware/Adware is NOT freeware, it costs all of us dearly.

Mikey's Stuff

Fiddler and friends...essential web diagnostic, forensic, & development tools.
-

[nicM]

[eburger68]

nicM:

I moved BufferZone and added 4 of the apps you suggested (the others didn't look appropriate, however interesting they might be).

Eric L. Howes

[Erikalbert]

Another take on classification

http://wiki.castlecops.com/Different_classes_of_security_software

[Turtledove]

Eric,
Nice work. But the following didn't show up anything but mostly a blank page. No download or info on product or pics. Did I do something wrong, or is it my settings?


Abtrusion Protector
http://www.abtrusion.com/

Abtrusion Protector Personal Edition
http://www.abtrusion.com/

Thanks any one for advice.
TD
_________________
Graduate of Malware Removal University
WinPatrol, Online Armor,
AntiVir,
Smile...It WILL get better

[bigos]

'mostly a blank page'........................same here
_________________


Life is for living not just for prolonging!
B uzzz

[Moore]

Their site works , but the page is totally blank yeah .. weird, they must have pulled it down. ?
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts |

[eburger68]

Turtledove:

Well, there are some pages up, but it does look like the company is either shutting down or has gone into hibernation. As long as there's something there, I'll keep the links in the list.

Eric L. Howes

[Turtledove]

Thanks for responding Eric. Will keep checking.

TD
_________________
Graduate of Malware Removal University
WinPatrol, Online Armor,
AntiVir,
Smile...It WILL get better

[Moore]

I recieved an email from support@abtrusion.com today confirming that Abtrusion Protector has actually been discontinued.
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts |

[eburger68]

Moore:

Thanks for the info. I'm going to leave it on the list for the time being, but with a note that it has been discontinued. My reasoning is that readers will see this app mentioned in other places, reviews, and lists -- best to head off questions where possible.

Eric L. Howes

[Turtledove]

Thank you Moore and Eric for the update.


_________________
Graduate of Malware Removal University
WinPatrol, Online Armor,
AntiVir,
Smile...It WILL get better

[Moore]

Hi Eric. Would you consider Outpost 4 for the list , now that it's features include various sandbox/HIPS "type" protection.

http://www.agnitum.com/products/outpost/whatsnew40.php
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts |

[Dragan_Glas]

Greetings,

It may interest all here to know that Ian "Gizmo" Richards did a review of a number of the above applications in the November issue of his newsletter.

The article can be found here:

Eight Security Sandboxes Reviewed and Rated

Kindest regards,

Dragan Glas

[great]

Hi. I want to thank all of you for the informations.

[JRosenfeld]

Any reason for not mentioning Windows Steady state (ex Microsoft shared Compuyer Toolkit)?

http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx

[katana]

[muf]

I am surprised you didn't feel that Regrun should be included. If you have ever used/tested it then you would be aware that it alerts on a wide range on system changes. Registry, files, services, bho's, Homepage & searchpage changes, toolbars, process monitor. It has a whitelist and blacklist of known files to compare what you have on your pc.

It does include a lot of other useful tools that I admit are not HIPS but it doesn't take away that this application has quite a few function's that are found in HIPS. It does eveything that Avorax Shield does, and a lot more besides!
http://www.greatis.com/security/detail.htm - Scroll down to the full features list.

I also feel that Browser Sentinel should be included as this also monitors what I mentioned above for Regrun. It's a system monitor tool. The name sugests it's protection is associated with browser changes only but this is far from the truth. It monitors for services, Startups, drivers, shell extension's. It protects regedit, control panel, task manager from being disabled. I do feel it qualifies as a HIPS as these monitors are not what you'd find in a conventinal antispyware or antivirus.
http://www.browsersentinel.com/

muf
_________________
"Never violate a woman, nor harm a child. Do not lie, cheat or steal.
These things are for lesser men.
Protect the weak against the evil strong.
And never allow thoughts of gain to lead you into the pursuit of evil.
Never back away from an enemy. Either fight or surrender.
It is not enough to say I will not be evil. Evil must be fought wherever it is found."

---The "Iron Code" of Druss

[suzi]

Hi Muf,

No one is really updating the list, but feel free to post about apps that you think are worthy of discussion, including Regrun.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[muf]

Hi suzi. Sorry I didn't notice how old the previous post to mine was! If I had I propably would have not posted. But the info is there all the same. If I find any more apps, be them old or new(especially), I'll post the info here with a brief outline of the app with a link to the author's website for people to check more in-depth.

Thanks,
muf
_________________
"Never violate a woman, nor harm a child. Do not lie, cheat or steal.
These things are for lesser men.
Protect the weak against the evil strong.
And never allow thoughts of gain to lead you into the pursuit of evil.
Never back away from an enemy. Either fight or surrender.
It is not enough to say I will not be evil. Evil must be fought wherever it is found."

---The "Iron Code" of Druss

[muf]

Ok, I did a quick check and found five that are getting a fair bit of press(forum discussion) at the moment.

EQSecure
http://www.wilderssecurity.com/showthread.php?t=202063
I provided the Wilders link(hope it's ok) as this is a Chinese software and finding info about it in English is limited. This thread does provide a fair amount of info which should give people a good idea of it's capabilities and there is a download link provided.

Mamutu
http://www.emsisoft.com/en/software/mamutu/
Behaviour monitor from the company who provide A-Squared.

Threatfire
http://www.threatfire.com/about/
Behaviour monitor. Replacement for Cyberhawk from the same company.

Safespace
http://www.artificialdynamics.co.uk/content/products/personal-edition.aspx
Sandbox application.

Norton Antibot
http://www.symantec.com/norton/products/overview.jsp?pcid=is&pvid=nab1
Behaviour monitor.


muf
_________________
"Never violate a woman, nor harm a child. Do not lie, cheat or steal.
These things are for lesser men.
Protect the weak against the evil strong.
And never allow thoughts of gain to lead you into the pursuit of evil.
Never back away from an enemy. Either fight or surrender.
It is not enough to say I will not be evil. Evil must be fought wherever it is found."

---The "Iron Code" of Druss

[Deker]

Thanks for info, but first post has a lot of deadlinks

[Coldmoon]

Hi,
Though I am obviously biased toward the application you might consider adding Returnil to the list as a free alternative for Instant System Recovery:

Returnil Virtual System Personal Edition:
http://www.returnilvirtualsystem.com/index_files/rvspersonal.htm

Mike
_________________
Coldmoon over Dark Water...

[suzi]

The list isn't being updated. If someone is interested in updating the list, let me know.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.