I knew SNS was great, but it is nice to see tests showing that indeed it is great!

http://www.av-comparatives.org/forum/viewtopic.php?t=187

I took a short look to the software Safe'n'Sec. It is a HIPS (Host based Intrusion Prevention System), available also in the version HIPS+AV (the AV included is Bitdefender). Due the combination of the HIPS+AV it provides good security (also against Spyware); in my short test it detected at least 95% of the malicious software.
You can read more about the program on the official website of Safe'n'Sec. http://www.star-force.com/computer_security/
Maybe a good complement to the other security software installed (AV, etc.), as it has proactive detection capability; try it.

Regards,
Andreas

What would be interesting to know is how much of the malicious software is detected by BitDefender, and how much additional protection was provided by the SnS's IPS. I suspect the incremental protection is small, but possibly quite vital.

Rich

Oh I know what their software does to my machine, I'm quite scared to installing anything from that company.

He doesn't point that out, which I guess is a good question.

I've thrown about 1000 pieces of Malware at just the Intrusion part of SNS and it has caught them all. No clue how it works in the broad sense of the hundreds of thousands of threats. But give the inability for my honeypot to be infected with it installed - i'd have to say it works really well.

{QUOTE-> Oh I know what their software does to my machine, I'm quite scared to installing anything from that company. <-QUOTE}

Hi Brian,

Are you in a position to elaborate?

I tried installing SnS a couple of times based upon the recommendations of several members of this group whose opinions I hold in high regard. However, each time I did, I received notification (upon restart) that ZoneAlarm (and one other program that I do not recollect) had been "changed". This was of some concern to me because:

1) ProcessGuard is quite reliable with their alerts.
2) ZoneAlarm is an important security component on my system (obviously)
3) Star-Force has indicated that they were having problems with ZA conflicts that they were hoping to resolve with the next release.

My questions to them on their forum regarding these two incidences were never answered. I recovered by doing a complete image restore because I have no idea what happened during the SnS installation. Did you have any similar (or different) problems.

Rich

{QUOTE->
My questions to them on their forum regarding these two incidences were never answered. I recovered by doing a complete image restore because I have no idea what happened during the SnS installation. Did you have any similar (or different) problems.

Rich <-QUOTE}

Seems to me they answered your question, and requested more information. Did you provide this additional information? I wouldn't call that "Ignoring" you, quite the opposite, as they seem to be very responsive to your questions.

http://star-force.com/forum/viewtopic.php?t=63

SnS does not modify any files. The problem with ZoneAlarm was system deadlock, now it has been fixed.

Hi,

The one answer I saw was that they are resolving a problem with ZoneAlarm. I do not know if this pertains to my issue.

The other suggestion was that I run FileMon to track any changes to files. This I clearly cannot (and will not) do, since SnS is no longer installed. I obviously will not install any program when PG is alerting me that it is changing my firewall (that is why I installed PG, for these kind of alerts).

I was wondering if Brian had similar experiences, since SnS is a new program, and it is not clear to me how well it has been tested or validated. If there is some problem with PG, it is extremely easy for Star Force (or DiamondCS if they are inclinded) to investigate and report. If it is a problem with my machine, then I will have to wait to see if the issues are resolved. But I surely will not re-install SnS until there is some indication of why I am getting this alert. So far, no one on from Star Force has given me any possible explanation. This is fine. I was just wondering if anyone else had a similar experiences.

Rich

I've occassionally had false positives with PG. It doesn't happen very often, but it does happen. I wouldn't consider it cause for alarm when it's from a trusted program like SnS, just give it privs.

Hi Notok,

In this case, it wasn't an issue of privileges, since I installed SnS with PG in Learning Mode and gave it all of the privileges it asked for.

What happened was when I re-booted, I received alerts from PG that Zone Alarm (and another program which I cannot recall) had "Changed". This is similar to the alerts I get when I update a program such as ZA. But in this case, it happened right after I installed SnS (which I thought was unusual) and it disappeared once I did an image restore. A couple of weeks later I tried another SnS install and the same thing happened, so the problem is replicatable (at least on on my computer). I found it very unusual, and of course of some concern.

Have you had occassions when PG gave you a false alarm on a "program change"? It has been extremely reliable for me in this respect. Thanks for any additional info.

Rich

{QUOTE-> What would be interesting to know is how much of the malicious software is detected by BitDefender, and how much additional protection was provided by the SnS's IPS. I suspect the incremental protection is small, but possibly quite vital.

Rich <-QUOTE}
Here's your answer. (http://www.av-comparatives.org/forum/viewtopic.php?t=187)

{QUOTE-> BitDefender at least 95%, the HIPS offers additional protection, making the percentage even higher.
Let's wait some months to see results reached by SnS in other (more detailed) tests (done by other organizations). <-QUOTE}

Thanks Blackcat.

Rich

Oh sorry, I was talking about their CD-protection system.. Where you just insert the cd in the computer and it just destroys everything, forcing you to format the harddrive.

That's why I'm a little scared ;)
It could very well be they have created a tool that actually works, but I'm not gonna try it. I'll leave that to the rest of you.

{QUOTE-> Hi,

The one answer I saw was that they are resolving a problem with ZoneAlarm. I do not know if this pertains to my issue.

The other suggestion was that I run FileMon to track any changes to files. This I clearly cannot (and will not) do, since SnS is no longer installed. I obviously will not install any program when PG is alerting me that it is changing my firewall (that is why I installed PG, for these kind of alerts).

I was wondering if Brian had similar experiences, since SnS is a new program, and it is not clear to me how well it has been tested or validated. If there is some problem with PG, it is extremely easy for Star Force (or DiamondCS if they are inclinded) to investigate and report. If it is a problem with my machine, then I will have to wait to see if the issues are resolved. But I surely will not re-install SnS until there is some indication of why I am getting this alert. So far, no one on from Star Force has given me any possible explanation. This is fine. I was just wondering if anyone else had a similar experiences.

Rich <-QUOTE}
Blue Zannetti has experience using PG with SafeNsec. Youy might ask him.

Thanks Hammer. Maybe Blue will see this thread and respond with his experiences. The question is whether he is also using ZoneAlarm? I might check out previous threads and see what I can find out.

Cya,
Rich

{QUOTE-> Thanks Hammer. Maybe Blue will see this thread and respond with his experiences. The question is whether he is also using ZoneAlarm? I might check out previous threads and see what I can find out.

Cya,
Rich <-QUOTE}
See Here:http://www.wilderssecurity.com/showpost.php?p=352128&postcount=6

Thanks again Hammer. It looks like Blue is using LooknStop so he probably is not experiencing the same issues that I am. It appears that there is a known conflict (problem?) between SnS and ZoneAlarm. This has been acknowledged by Star Force. Whether the problem manifests itself in the alerts that I saw, I have no idea. So right now, I am sitting and waiting. ;)

Thanks for the help.

Cya,
Rich

{QUOTE-> Thanks again Hammer. It looks like Blue is using LooknStop so he probably is not experiencing the same issues that I am. It appears that there is a known conflict (problem?) between SnS and ZoneAlarm. This has been acknowledged by Star Force. Whether the problem manifests itself in the alerts that I saw, I have no idea. So right now, I am sitting and waiting. ;)

Thanks for the help.

Cya,
Rich <-QUOTE}
I take it Lock N Stop is not an option?

{QUOTE-> The one answer I saw was that they are resolving a problem with ZoneAlarm. I do not know if this pertains to my issue.

The other suggestion was that I run FileMon to track any changes to files. This I clearly cannot (and will not) do, since SnS is no longer installed. I obviously will not install any program when PG is alerting me that it is changing my firewall (that is why I installed PG, for these kind of alerts).

I was wondering if Brian had similar experiences, since SnS is a new program, and it is not clear to me how well it has been tested or validated. <-QUOTE}

For one thing, i'd put money on it being a PG error, since there is simply NO code in SNS that would alter any files. Assigning blame prematurely is bad.

Also SNS isn't a new product. Fairly new to retail - yes - but it has been developed and in testing for over a year. Some very experianced people (including myself) have been running it for a year or more and testing the hell out of it. I've tested SNS on approximately 2500 pieces of malware, and I know someone that has tested it on double or more that.

{QUOTE-> Thanks Hammer. Maybe Blue will see this thread and respond with his experiences. The question is whether he is also using ZoneAlarm? I might check out previous threads and see what I can find out. <-QUOTE}I see The Hammer located my set-up - I had switched from ZA Pro when they hit that rough patch upgrading a couple of years (?) ago to Outpost and very recently went to LooknStop.

I can say that I hadn't seen any strange interactions between PG and SnS while I was running both products. Do you have any idea when the ZA fix appeared relative to your experience? Were you using a freshly downloaded trial?

Blue

Hi BlueZannetti,

According to the second message in this thread:

http://star-force.com/forum/viewtopic.php?t=63&sid=15bf5bb33fab7f0b3233efa019359abf

they have a fix for a ZoneAlarm incompatibility which will be available in the next update. No date for the release was given. Right now I am just asking around to see if 1) anyone is running it with ZA and PG in place and 2) whether anyone has noticed a similar problem. Unless someone is running PG while installing SnS, the issue will probably not be noticed. For the life of me, I can't figure out what may have caused this PG alert, since I do not know exactly what PG is checking for nor do I know what SnS is doing during its install. But it definitely must be doing something since the "change" alert is directly related to the SnS install.

If you come across anything or have any ideas, I would appreciate it if you would let me know. Thanks.

Cya,
Rich

Wow, are there really people running Regdefend+Process Guard+ Safe N sec?

How about adding Antihook as well.

{QUOTE-> I tried installing SnS a couple of times based upon the recommendations of several members of this group whose opinions I hold in high regard. However, each time I did, I received notification (upon restart) that ZoneAlarm (and one other program that I do not recollect) had been "changed". <-QUOTE}
{QUOTE-> SnS does not modify any files. <-QUOTE}
Just a wild thought (I don't know how ProcessGuard works so this may be way off base): When installing, if SnS updates a system DLL (or other "common" component - e.g. GUI toolkit) that is also used by ZoneAlarm, might this make it look like ZA has changed?

{QUOTE-> Hi Notok,

In this case, it wasn't an issue of privileges, since I installed SnS with PG in Learning Mode and gave it all of the privileges it asked for.

What happened was when I re-booted, I received alerts from PG that Zone Alarm (and another program which I cannot recall) had "Changed". This is similar to the alerts I get when I update a program such as ZA. But in this case, it happened right after I installed SnS (which I thought was unusual) and it disappeared once I did an image restore. A couple of weeks later I tried another SnS install and the same thing happened, so the problem is replicatable (at least on on my computer). I found it very unusual, and of course of some concern.

Have you had occassions when PG gave you a false alarm on a "program change"? It has been extremely reliable for me in this respect. Thanks for any additional info.

Rich <-QUOTE}
I believe you said in another post. I don't know where (possibly the safeNsec review in Other Antivirus) that the other affected program was Nero exe's. Hope this helps.

{QUOTE-> Just a wild thought (I don't know how ProcessGuard works so this may be way off base): When installing, if SnS updates a system DLL (or other "common" component - e.g. GUI toolkit) that is also used by ZoneAlarm, might this make it look like ZA has changed? <-QUOTE}

Processguard doesn't check dlls either.

The first thing I do when seeing "System Deadlock" peoblems is look at
Event log Viewer. http://www.eventlogxp.com/
Freeware.

It mainly puts the system logs your machine saves anyway, into a easy to read GUI. or just go to System information, software enviroment, windows error reporting and see the same application errors.
You will then know which program was really hanging ;D

Does SnS install a kernel driver then?

You can look at application, security or system.

controler

Hi Hammer. You win! Great memory. :o Yep, it was Nero.

At this point, it seems like I am the only one who had run across the problem. I'll wait and see if anyone else can replicate the problem. While I doubt it is machine specific, it could be.

Hi, paterman. Thanks for putting forth the possibiliy. I guess only the developers at DiamondCS know exactly what they are looking at before they alert with the "change message". It could be one - or multiple things.

James, I never install a program (other than KAV and possibly Windows updates) without ProcessGuard active. That is why I installed PG in the first place. If I uninstall PG, before installing a package, I am undermining the whole purpose of installing PG in the first place. If, and when, I an fully satisfied that a process is as trustworthy as PG, I may remove ProcessGuard. When I chose to install PG, I implicitly and explicitly gave it the highest level of trustworthiness (ditto for ZoneAlarm and KAV). It remains so, until I otherwise decide and all other Security programs (especially brand new ones) remain subservient to PG's role. If PG says a new program (e.g. SnS has changed ZoneAlarm on my system- I pay attention. In this case, I did a full image restore.

Cya,
Rich