To all members,

I would like to have a collection of security softwares with these conditions.

FORBIDDEN in this thread are :
1. Any software, using blacklists (definition, fingerprints) is forbidden.
2. Any software, using whitelists AND blacklists is forbidden.
3. Any Security Suite (like Firewall + AV + AS) is forbidden.
4. Any Firewall is forbidden.
5. Any File Backup software is forbidden.
6. Any Image Backup software is forbidden.
7. Any Snapshot software is forbidden.
8. Any Encryption software is forbidden.

ALLOWED in this thread are :
All security softwares that don't belong to the above mentioned softwares are ALLOWED.
So security softwares, using whitelists only are also ALLOWED.
Security softwares that don't start with a blacklist, but where the user creates the blacklist are also ALLOWED
In general the software has to protect you against at least one or more threats : virus, worms, exploits, spywares, etc.

Freeware or payware does NOT matter. Easy or difficult does NOT matter.
If possible mention the FULL NAME of the security software, NO version, NO website, NO description is needed.
If you are not sure mention it.
Good luck with finding these softwares. ;D

Thanks in advance.

Have been mentioned already in alphabetic order : I count 38
Abtrusion Protector
AntiExecutable by Faronics
AntiHook
AppDefend ???
Arovax Shield
Attack Shield Worm Suppression
BufferZone
CyberHawk
Fortres 101
GeSWall
Ghost Security Suite
HardenIt
Neoava Guard
nLite
Online Armor
Primary Response SafeConnect
Principal AntiVirus
Process Guard by Diamond CS
RegDefend ???
RegRun Security Suite
Safe 'n' Sec
SafeXP
Samurai
Sandboxie
Script Defender
ScripTrap
Script Sentry
Sentinal 2
SnoopFree Privacy Shield
SoftSphere Defenceplus
SoftSphere Defensewall HIPS
System Safety Monitor
Trust no exe
Unhackme
ViGuard
Virtual Sandbox
Wehntrust
Windows XP Pro - software restriction policy
Windows Worms Doors Cleaner
WormGuard

Software restriction policy in Windows XP Pro
Process Guard by Diamond CS
Anti executable by Faronics

There you go, that's a start.

Process Guard also does use blacklists. If a program tries to run and you permanently block it you've blacklisted it.

I am surprised that Erik by his rules has eliminated Shadowuser

-{ Quote: "I am surprised that Erik by his rules has eliminated Shadowuser" }-
That's because I don't consider ShadowUser as a security software.
ShadowUser doesn't protect you against any threat, it just gives you a clean system, like FD-ISR, Rollback Rx and DeepFreeze.

I allow ProcessGuard, because it doesn't start with a blacklist, the user himself creates the blacklist.

maybe sentinal 2

betauser2

personaly, AppDefend and Regdefend both as single application are one of the finest tools I have installed on my machine.

problem is IMO that all the software developpers are creating those process application firewalls atm .. and imho this is because it's the only way to go .. otherwise, like you mention a lot ErikAlbert ;), it's a crazy man's job with all those "black list signatures" ...

In three years, Ewido will probably have like 600.000 sigs lol so it's better to create an application firewall so IF Ewido don't have the signature for any given malware, maybe it will get blocked because of the hips.

I guess, hardening tools and process application firewalls (behavioural blockers) are the only possible answer to your question : SafeXp, HardenIt, Samurai, .. ..

-{ Quote: "I guess, hardening tools and process application firewalls (behavioural blockers) are the only possible answer to your question : SafeXp, HardenIt, Samurai, .. .." }-

Agreed, i think you've got your answer erik

betauser2

How about:

System Safety Monitor
Abtrusion Protector
Trust no exe
Principal Antivirus

SoftSphere Defenceplus
SoftSphere Defensewall HIPS
Sandboxie
Arovax Shield
SnoopFree Privacy Shield

-{ Quote: "
SoftSphere Defenceplus
SoftSphere Defensewall HIPS
Sandboxie
Arovax Shield
SnoopFree Privacy Shield" }-

Hi Nights,
I think Softsphere products use whitelistings. I could be wrong cause I am not that familiarized with those two programs.
SandboxIE, like ShadowSurfer, is some kind of snapshot software..

Arovax and SnoopFree could be included afaik.

another one I use once in a while:
http://www.nliteos.com/

Every encryption software in existence and any packet sniffer in existence? ::)

-{ Quote: "Hi Nights,
I think Softsphere products use whitelistings. I could be wrong cause I am not that familiarized with those two programs." }-
Keep in mind that softwares, which are using whitelistings are ALLOWED.
So these softwares of Softsphere are good.

-{ Quote: "Every encryption software in existence and any packet sniffer in existence? ::)" }-
Encryption softwares are FORBIDDEN. I changed the rules, after I saw this post. Thanks for mentioning them. ;D
Encryption softwares don't protect you against any threat. They only make objects unreadable.
What are packet sniffers ?

You can add BufferZone too. And Online Armor, (even if there's a "blacklist" included by default, checking files during OA installation) : you build your lists yourself with it.


Cheers,
nicM

-{ Quote: "You can add BufferZone too. And Online Armor, (even if there's a "blacklist" included by default, checking files during OA installation) : you build your lists yourself with it.nicM" }-
Approved !!! ;D

antihook
attack shield worm suppression
regrun security suite
script defender
script sentry
unhackme
wehntrust
wormguard

...and CyberHawk too : it's currently in beta, but I think does fit to your description (no blacklist).

I edit
HMMM :ouch: , I forgot this one : ViGuard, the antivirus without signatures, without predefined "blacklist", you should like it ;D

You can add Runsafe, Dropmyrights and iecondom too... [I realize the list might be loooong :o indeed]

GeSWall
Neoava Guard
Primary Response SafeConnect
Safe 'n' Sec
Windows Worms Doors Cleaner

ScripTrap. Yup that's the spelling.

-{ Quote: "problem is IMO that all the software developpers are creating those process application firewalls atm .. and imho this is because it's the only way to go .. otherwise, like you mention a lot ErikAlbert ;), it's a crazy man's job with all those "black list signatures" ...
In three years, Ewido will probably have like 600.000 sigs lol so it's better to create an application firewall so IF Ewido don't have the signature for any given malware, maybe it will get blocked because of the hips." }-
I'm working on a new security setup, that will start with a "Router + Firewall + ShadowUser + Encryption".
ShadowUser is IMO still the most natural and easy way to put my system back in a CLEAN state.
First of all, I have to separate my winXPproSP2 from my personal files : partitioning + TweakUI make that possible.

Although ShadowUser puts your system back in a CLEAN state after a daily period of 4-8 hours, it does NOT protect you against any threat DURING those 4 or 8 hours.
So the crucial question is : How am I going to protect my computer between TWO reboots (4 or 8 hours) ?
Encryption will protect me against any stolen information, but that's not enough.
I don't like to use blacklist softwares, because you waste alot of time on them and that time will increase every day.

That's why I'm looking for softwares of another type, that will protect me between two reboots.
It doesn't need to be perfect, because after 4 or 8 hours I'm CLEAN again, which is much better than working with an infected computer during months, because your scanners didn't find anything.
The risk that info is stolen during that weak period is HIGH, but it's unreadable and which genius is going to spend his time on cracking the encryption of files from a home computer. That doesn't make sense.

I also don't want to talk about rare disaster scenarios and the weakest link of all : the USER himself and his MISTAKES.
Nobody and no software can protect you against these events. So it's useless to talk about it.
Any software is vulnerable, so I don't want to talk about this either, because that's common for all softwares and these vulnerabilities will be fixed sooner or later.

I just need a combination of softwares, that protect me enough during that weak SHORT period. :)

so how do u plan on deciding between the software in ur list? also make sure to share ur experiences.

-{ Quote: "so how do u plan on deciding between the software in ur list? also make sure to share ur experiences." }-

Well I'm interested too.

Personally i just pick a couple of stuff people are talking about the most, try them, and if they don't crash, they are in.

I don't have the expertise unlike many on this board to actually evalaute how good security software is against advanced malware.

-{ Quote: "I don't have the expertise unlike many on this board to actually evalaute how good security software is against advanced malware." }-
its not neccessary. im mostly just interesting in a program's performance-impact (on a PC) and people's initial impressions of said program. screenshots are always appreciated too.

Interesting list : LLOONNGG list

BTW what ever happened to Samurai.
I use it and it pops up now and then.
Friendly app? now lost?

-{ Quote: "so how do u plan on deciding between the software in ur list? also make sure to share ur experiences." }-
How I'm going to decide between all these softwares ?
Good question and frankly, I don't know the answer, but that doesn't bother me.
At work I always start from scratch when I have to analyze a new application.
I need that list to start somewhere and Wilders was the quickest way to get it.
I'm going to read about these softwares, try to understand them and ask questions, if I don't get it.

Some softwares, like Anti-Executable for instance are well explained and you know how it works. AE is one, I'm willing to pay for.
Arovax Shield however is a complete mystery for me and I don't get any clear answers either. If Arovax Shield was payware, I would never buy it.
Other softwares are NEW to me, like ScripTrap for instance.
Everybody knows, I'm a newbie in security, so don't expect too much from me.
I'm just trying to survive like anybody else here at Wilders. ;D

Arovax Shield is freeware, and have a blacklist to block cookies...

Ghost Security Suite should be added to the list...

-{ Quote: "
Ghost Security Suite should be added to the list..." }-

No suites my friend :)

But still .. those two applications (RegDefend & Appdefend) separated as two different pgrm's would be better after all cause forget about mem usage (and those two proggies do not consume cpu power either ..) if you have at least 2*512mb of DDR ram. that's my opinion .. if in a suite is one bad component, then the chances are your system still get corrupt/infected/..

Therefor I will always see for different applications rather then a suite (albeit KIS2006 being rather appealing ;D )

cheers,

In many ways this thread is as misguided and silly as some of the "if you could only have 1..." threads. By Erik's rules some great apps are ruled out, and that just doesn't make sense. Given what Erik has laid out, having a router, firewall, and shadowuser, plus one other application, if I wanted to recommend one other program that gave the most versatility at this point, I'd give serious consideration to KAV 6.0 which is close to release.

Also having actually run FDISR,Rollback and Shadowuser, I'd have to rate Shadowuser in 3rd place, as some of it's features are confusing which could lead to a bad mistake. Also there is the support issue. Again SU is 3rd.

-{ Quote: "In many ways this thread is as misguided and silly as some of the "if you could only have 1..." threads. By Erik's rules some great apps are ruled out, and that just doesn't make sense." }-Whenever anyone makes a final selection, great possibilities are ruled out, that's OK. However, this thread essentially focuses on how an end goal is realized, not the objective itself. Items are ruled in or out based on how they achieve their function, be it blacklisting via signatures, as a suite of modules, and so on. That generally is not the best way to proceed.

Blue

-{ Quote: "In general the software has to protect you against at least one or more threats : virus, worms, exploits, spywares, etc...

So the crucial question is : How am I going to protect my computer between TWO reboots (4 or 8 hours) ?...

I just need a combination of softwares, that protect me enough during that weak SHORT period. :)" }-For me, the crucial question is, What do you feel you need to be protected against? That is, what specific types of threats do you think might occur between these reboots?

Your first statement is too general: virus, for instance. Via email? Via remote code execution? Without thinking through how this stuff becomes installed in the first place puts you at the mercy of the security products companies and media that exploit the fear generated by these terms, virus, spyware, etc.

When you have thought through the various scenarios you think you might be exposed to, and the probabilities of their occurrence, then you will be in a better situation to think about what types of protection you need.

-{ Quote: "For me, the crucial question is, What do you feel you need to be protected against? That is, what specific types of threats do you think might occur between these reboots?

Your first statement is too general: virus, for instance. Via email? Via remote code execution? Without thinking through how this stuff becomes installed in the first place puts you at the mercy of the security products companies and media that exploit the fear generated by these terms, virus, spyware, etc.

When you have thought through the various scenarios you think you might be exposed to, and the probabilities of their occurrence, then you will be in a better situation to think about what types of protection you need." }-

Excellent. Very well said. Some seem to feel a need to protect themselves against every possible scenario. This is a mistake. In sports and warfare planning against every possible attack is the kiss of death. In fact, it's impossible to accomplish in the real world and it's impossible within the world of computer security. So, really, Rmus said it all above.

---securityx---

-{ Quote: "Excellent. Very well said. Some seem to feel a need to protect themselves against every possible scenario. This is a mistake. In sports and warfare planning against every possible attack is the kiss of death." }-Well, it's pretty much impossible to protect any computer against any possible scenario; protection against an organization of skilled attackers with money and time resources who have (or can gain) physical access to the machine? I doubt any single individual here in this forum (or in any other forum) can accomplish it. The keyword here is 'plausible'.

-{ Quote: "For me, the crucial question is, What do you feel you need to be protected against? That is, what specific types of threats do you think might occur between these reboots?

Your first statement is too general: virus, for instance. Via email? Via remote code execution? Without thinking through how this stuff becomes installed in the first place puts you at the mercy of the security products companies and media that exploit the fear generated by these terms, virus, spyware, etc.

When you have thought through the various scenarios you think you might be exposed to, and the probabilities of their occurrence, then you will be in a better situation to think about what types of protection you need." }-
You are right, but nothing is decided yet. I'm just fishing.

My problem is that I don't know all the ways of getting infected., because I'm a newbie in security.

1. If I use a router in combination with a firewall, I'm safer, but don't ask me WHY I'm safer and against WHAT I'm protected, because I couldn't give an answer.
What is even worse, I don't know which malwares are able to pass through my router and firewall.

2. If I use Firefox with AdBlock and NoScript, no java, I'm safer, but don't ask me WHY I'm safer and against WHAT I'm protected, because I couldn't give an answer.
What is even worse, I don't know which malwares are able to pass through my browser.

3. If I ignore and delete my spam-emails, I know, I won't get any infections this way.
That's one thing, I'm pretty sure about.

4. If any private info is stolen, I wouldn't care because that info will be unreadable (encryption).
That is another thing, I'm pretty sure about. Why? Because I exclude the majority of the bad guys, who aren't smart enough to break my encrypted files and the brilliant bad guys have better things to do.

5. If I reboot (with SU), I know at least one thing : I'm CLEAN again.
That's the one, I like the most, because that's the one that makes me feel really safe, much more safer than all my scanners, telling me "Congratulations. No threats found."
If I reboot twice a day, in the morning and around noon, I feel much safer and I use the word "feel", because security is nothing but a feeling and the stronger that feeling is, the happier I'm.

6. What else can I do or which smart softwares can I use to protect me against the rest of the malwares ?
I don't know the answers. Do you know the answers ?

My main concern are the destructive malwares. Malwares that are able to destroy my personal partition, where all my hard work is stored.
The only good weapon I have against this, is a DAILY image backup of my personal partition on an external harddisk.
If I talk about this at Wilders, members tell me that most malwares are NOT destructive and I'm willing to believe that because the bad guys, don't kill the goose with the golden eggs.
If I was a gifted bad guy, I wouldn't destroy people's computer either. On the contrary, I would keep their computer healthy and write very silent, invisible, not-disturbing malwares, that are able to steal their money and valuable info
over and over again.

But destructive malwares do exist, but I never met them during all these years. :)

-{ Quote: "My problem is that I don't know all the ways of getting infected., " }-I don't know anyone who does.

-{ Quote: "1. If I use a router in combination with a firewall

2. If I use Firefox with AdBlock and NoScript, no java, I'm safer

3. If I ignore and delete my spam-emails, I know, I won't get any infections this way.
That's one thing, I'm pretty sure about.

4. If any private info is stolen, I wouldn't care because that info will be unreadable (encryption).
That is another thing, I'm pretty sure about.

5. If I reboot (with SU), I know at least one thing : I'm CLEAN again.

My main concern are the destructive malwares...The only good weapon I have against this, is a DAILY image backup of my personal partition on an external harddisk." }-In my opinion, you have a good grasp of your own situation and are well covered.

I would quit worrying about it and enjoy your computing and surfing on your new system!

Great posts by TNT, Securityx, Rmus.

-{ Quote: "
Some seem to feel a need to protect themselves against every possible scenario. This is a mistake. In sports and warfare planning against every possible attack is the kiss of death. In fact, it's impossible to accomplish in the real world and it's impossible within the world of computer security. So, really, Rmus said it all above.
" }-

-{ Quote: "
Well, it's pretty much impossible to protect any computer against any possible scenario; protection against an organization of skilled attackers with money and time resources who have (or can gain) physical access to the machine? I doubt any single individual here in this forum (or in any other forum) can accomplish it. The keyword here is 'plausible'. " }-

It's common sense sure, and not as sexy as babbling about zero day exploits, rootkits and whatnot, but very important advise no doubt.

-{ Quote: "Great posts by TNT, Securityx, Rmus.
It's common sense sure, and not as sexy as babbling about zero day exploits, rootkits and whatnot, but very important advise no doubt." }-
That's why I overwrite the zero day exploits, rootkits, invisible advanced malwares, ... with a CLEAN reboot/snapshot one or two times a day.
I figured that out myself one year ago when I heared the very first time about ShadowUser at SWI.

I know, it's an imaginary security setup and snapshots, including image backups on an external harddisk can be seriously infected by some imaginary threat, written by some imaginary genius.
And I offer my apologizes to those who strongly believe in scanners and HIPS and don't want any changes.
I admit I was wrong, etc., but ShadowUser is still my choice and let us all hope I was wrong. ;D

-{ Quote: "That's why I overwrite the zero day exploits, rootkits, invisible advanced malwares, ... with a CLEAN reboot/snapshot one or two times a day.

" }-

Actually you *plan to* , let's be clear.

-{ Quote: "
I figured that out myself one year ago when I heared the very first time about ShadowUser at SWI.
" }-

Aren't you a clever one! The world must have being waiting for your genius to grace our security forums. Use backups! Damn, we must all be so stupid not to see it before you pointed it out. That solves all our security problems...

Time for all our security experts to retire then. Erikalbert has licked all our problems... LOL

-{ Quote: "
I know, it's an imaginary security setup and snapshots, including image backups on an external harddisk can be seriously infected by some imaginary threat, written by some imaginary genius.
" }-

Well personally I have outgrown the children's game of "Let's pretend" , but I understand some adults still feel the need to engage in chilidsh wishful fantasies even one lasting over 3 years...

If you ask me, i don't really see the difference between people worrying about all these advanced scary stuff, and people who *used* to worry about them but doesn't any more because he now thinks he has found the 100% solution for it.

Espically since what he is banking on is a technology he hasn't used , much less understand.

Just flip sides of the same coin.

Erik loves to sneer at people who put faith in antiviruses, or HIPS to defend themselves against 'advanced malware'. I say it makes as much sense to sneer at people who think SU provides 100% protection against "Advanced malware" (not to mention one who doesn't even have personal experience in SU).

All you have is your faith it will.... Who knows?

-{ Quote: "That's why I overwrite the zero day exploits, rootkits, invisible advanced malwares, ... with a CLEAN reboot/snapshot one or two times a day.
I figured that out myself one year ago when I heared the very first time about ShadowUser at SWI.

I know, it's an imaginary security setup and snapshots, including image backups on an external harddisk can be seriously infected by some imaginary threat, written by some imaginary genius.
And I offer my apologizes to those who strongly believe in scanners and HIPS and don't want any changes.
I admit I was wrong, etc., but ShadowUser is still my choice and let us all hope I was wrong. ;D" }-Huh, this absolute faith on ShadowUser is, if anything, amusing. I have no idea where it comes from. I've seen people believing Deep Freeze to be 'unbreakable' as well a year ago or something, and nowadays it seems Faronics just can't get Emiliano Scavuzzo from "breaking" it (in fact, it seems that they actually gave up and got into legal action against him for "reverse engineering" the product, which is really somewhat pathetic on their part). I have no idea why you're so convinced that ShadowUser, on the other hand, is "unbreakable".

-{ Quote: "Huh, this absolute faith on ShadowUser is, if anything, amusing. I have no idea where it comes from. I've seen people believing Deep Freeze to be 'unbreakable' as well a year ago or something, and nowadays it seems Faronics just can't get Emiliano Scavuzzo from "breaking" it (in fact, it seems that they actually gave up and got into legal action against him for "reverse engineering" the product, which is really somewhat pathetic on their part). I have no idea why you're so convinced that ShadowUser, on the other hand, is "unbreakable"." }-

Hi TNT

Amen. I use both Rollback Rx and FDISR, and yes the do provide the ability to undo stuff. But unbreakable, and a total security answer. Absolutely not.

Pete

TNT,
I never said ShadowUser is unbreakable. ALL softwares are breakable without any exception, even the snapshots of FD-ISR and Rollback Rx, which have also many fans at Wilders.
I'm not a fan of anything and I'm too skeptical to trust anything.
When the time is there, I will try them one by one and make my final choice.
Until now ShadowUser gets my vote and not because it's unbreakable. :)

-{ Quote: "TNT,
I never said ShadowUser is unbreakable. ALL softwares are breakable without any exception, even the snapshots of FD-ISR and Rollback Rx, which have also many fans at Wilders.
I'm not a fan of anything and I'm too skeptical to trust anything.
When the time is there, I will try them one by one and make my final choice.
Until now ShadowUser gets my vote and not because it's unbreakable. :)" }-

I guess Erik, what puzzles most of us is how you can be so sure your vote goes to Shadowuser when you've never tried any of the programs. Using both FDISR and Rollback, and having used Shadowsurfer and trialed ShadowUser, from my experience with all 3 programs, Shadowuser is a very distant 3rd and a non contender for me.


Pete

I'm not sure of anything until I have tried it in practice.
Until now my opinion is based on readings about these products and once I've tried the main ones, including FDISR, Rollback, DeepFreeze, ShadowUser, etc., I will make my final choice.
It's not my fault that everybody thinks that I'm obsessed by SU and without using it.

ShadowUser is your 3rd choice, well that is your opinion and doesn't need to be mine.
I don't even know my choice, because I didn't try anything and I had alot of bad luck lately, which kept me away from doing my experiments.
Moving to another apartment, a new apartment with some hidden problems, which caused other problems, and now my computer vendor suddenly decided to re-decorate his shop, shop closed and I have to wait longer for the components, I still need.
Meanwhile I keep on reading and asking questions at Wilders.

I prefer to choose softwares myself and not on what other members are telling me.
Every new software looks strange in the beginning and some people like it on first sight and others don't.
The more they don't like the software, the faster they will give up on trying it.
I have that trouble too and sometimes I have to force myself to remain objective.

One thing I know : you don't separate your OS from your personal files, which is one of the recommendations of SU and by doing this you get a total different situation.
So even when you tried SU, you didn't do it like I will and there is no proof whatsoever, that SU failed and of course it will fail one day. Isn't that common for all softwares ?
The fact that SU has a bad support is indeed a disadvantage, but I also have read posts where people got a reply from ShadowStor.
Maybe I get a reply, when I start my email with praising their product into heaven instead of asking annoying questions. Who knows.

Member "Spy1" also uses SU without separating his OS from personal files and he likes SU.
Now what is the difference between you and Spy1. Do I have to listen to both with a contradictional opinion about SU ? Who is right, who is wrong.
~snip~, I would become insane, if I would do this.
My PC is too small, if I would listen to everybody's advice and each member is convinced he is right and is trying to tell me what to use or to do.
Sometimes I listen, sometimes not. :)

It is a good feeling to have a PC, that can not get infected and that a user can visit any website withou worries (not talking about hacking of course). The problem is, that with such a high security settings, some websites even do not load, so the PC is useless for a common user. There are not many people, who could not survive without a flash, scripts or whatever.