SpyShelter 9.2 released

SpyShelter 9.2

New SpyShelter version brings a couple of new advanced functions as well as many other improvements, which will increase SpyShelter’s performance and stability.

Biggest improvement since SpyShelter 9.1 is the possibility of creating customized rules. We have put a lot of work into it, and we hope that you are going to enjoy this fully customizable rule creator, which also allows to edit existing rules.
http://www.spyshelter.com/wp-content/uploads/2014/09/customrules.png
Furthermore, in this release SpyShelter Firewall has received some major updates.
SpyShelter Firewall 9.2 features brand new custom network rule creator, which will allow you to filter out connections from specific IP’s and ports.
http://www.spyshelter.com/wp-content/uploads/2014/09/rulec.png
Another new feature which you will surely like is Network Activity Tracker. It displays every application that is currently communicating with the Web, data sent, received, and also shows servers addresses!
http://www.spyshelter.com/wp-content/uploads/2014/09/networkactivity1.png
Update your SpyShelter now and discover new features!

Download:

Code:

http://www.spyshelter.com/download-spyshelter/

 

Still no 64-bit free version? Meh. Sorry if I don't agree that 64-bit compatibility should be a paid feature.

 

More features and options...more fun and exitement Screenshots from some new options
editing rule for existing app/process (the name of app is on the top of window)

create rule for new app/process

network activity

 

They should fix that by charging for the 32 bit version, too.

 

I agree. They should charge for both. They can't just give everything away for free. Their business would fail, and there would be no more SpyShelter then.

 

I don't use SpyShelter, but I have in the past. I think the new features look great! It says you have the option of Allow, Deny, and Default. What is the default action that will be taken? Will it ask the user? I would expect to see Allow, Deny, and Ask User?

Edit: Maybe what Brandonn meant to say is SpyShelter should have a free version for 32bit, and 64 but limit the features for each in the free version. I think that would be a better business model myself. Maybe he can clarify his statement.

 

Does SpyShelter Log blocked packets? What protocols does the firewall support filtering (tcp, upd, icmp,etc.)?

 

Vetty Interesting. Seeing as I have always been and always will be a (Customized) rules driven security addict, this might just be of some serious interest to me now that rumor has it my prized and FREE Qihoo 360 IS may be ending.

Thanks for posting this and the screenshots!

 

Should be called SpyShelterManager now (the new SSM ). Are all executables ASLR enabled now?

 

SpyShelter is based on its own internal rules and rules added by user what is connected with security level...quote from help file

In this way option "default" could mean "is rule true or not in comparison to the internal list of trusted certificates?"...if YES it's OK without questions, if NO we perhaps should see an alert. We should remember that we still have the list of monitored actions in "Settings" tab that are active so when actions is suspicious and is listed in such tab we just receive some pop-up. When we set main security level on "ask user" default action is probably "always ask" if no other rule is created.
I've noticed when we set in rules editor the main rule in box "All general actions" on "allow" or deny" all other boxes are greyed except these: "Ingoing - and Outgoing network traffic" and "Executions of an application" set on "default"

We can make rule for TCP and UDP and apply this rule to ICMP traffic...I didn't find log with blocket packet.

Perhaps YES SpyShelter could be called SpyShelter Manager or Suite but the second would be not the tribute for old SSM

 

I was trialing SS (FW) 9.1, last week (W7U 32-bit). Definitely more than a Anti-Logger + simple Allow-Deny UDP/TCP Connection (9.1 version) Firewall (coexisting with WFW). More of an Anti-LeaK, i would say. "Restricted Applications" & configurability of Security/Monitoring Actions/Alerts Level are very interesting features. It can be set-up in different ways depending on the Monitoring Actions and Exclusions. Taking advantage of the latter, an SRP (file path- or hash- or publisher-based) approach can be achieved. With the new features, i guess it can be set-up as a classical HIPS or an Anti-Executable (last ichito's pic).
During the installation, it offers the option to install for all users. Once installed, there is an option, in Settings, for allowing access to its GUI only for an Admin account. The GUI can be password-protected too.

On the downside, 1) it's a little bossy (it doesn't play well with SB, e.g.) and b) even though i wasn't able to terminate its process through Process Explorer (as Raymond had noticed/guess they fixed it), i did terminate it (9.1) through Process Hacker -i bet (haven't tried it) that the same can be achieved through any anti-root/bootkit program (Antispy, PowerTool, PCHunter etc.) that installs drivers/hooks. They should definitely focus on SS's Self-Defense. That's the main reason i'm not willing to purchase it just yet.

@ichito: Do you know if, when in "Ask User" mode, a user's response/rule that matches an internal rule is displayed in the "Rules" window? Alternatively, are the internal rules accessible somehow?

PS. Filtering the svchost's connections by service would be a very interesting addition...

 

@ ichito

Remember a while ago I asked for this feature? So I'm very happy to see the new "customizable rule creator".

I just might give SpyShelter a chance again, it is now definitely the most advanced HIPS on the market. They do need to fix some spelling errors like "accessing to webcam", it should be "access to webcam", but this is only minor of course.

 

@CGuard
Such easy closing of SS is interesting and disturbing but should be probably resolved by unchecking option "Allow terminating SpyShelter via Tak Manager"...screenshot below



...unfortunately it doesn't work by that way. After unchecking that box I was able to terminate SS using Process Hacker and Anvir Task Manager and it was just easy. Using other similar apps like Process Explorer, HiJack Free (EEK) or system task manager it was impossible. It should be reported to the SS support.
As regards to internal rules...I found info about it in changelog for ver. 5.11 more than 3 years ago and it's perhaps the latest info...it was at this time about 10 000 signers so we can guess that there is much more trusted apps/processes in base. No info who is on trusted list except Microsoft...i think...what is connected with one of security levels. Some updates from such changelog

http://www.spyshelter.com/blog/spyshelter-changelog/

 

@ ichito

A general question about the "restricted apps" feature: does it run apps in "low integrity mode"? You can check this with Process Explorer. The reason why I wonder about this, is because VoodooShield will soon offer a "sandbox" feature which will run apps with less privileges. I wonder if apps (like browsers) will still be able to run correctly.

 

Unfortunately SS runs apps added to "restricted"...in my case...in high level what can be connected to my administrator account in which I'm working. SS runs app in this mode with lower rights and some others restrictions...quote from help file

 

Yes a bit weird since Win Vista should offer this feature. Or perhaps SS does not run apps with "low integrity" at all. Because I'm not even sure if restricted SID is the same as running apps in "low integrity mode".

http://msdn.microsoft.com/en-us/library/windows/desktop/aa379316(v=vs.85).aspx
http://blogs.technet.com/b/voy/archive/2007/04/01/write-restricted-token.aspx

 

This is great! Apparently they improved their software in the very difficult Matousec tests as well:

http://www.matousec.com/projects/proactive-security-challenge-64/

Awesome! This excellent news plus the lifetime license makes this a an instant purchase.

 

@ Visigoth

I'm not really into Matousec anymore, but still nice to know that SS performs quite well against the Matousec leaktests.

 

Yes..it's good news Thanks for info.

 

I have sent the following suggestion

If you agree you can open a ticket here http://www.spyshelter.com/helpdesk/

 

@ guest

I still need to check out the latest version, but this kinda stuff has been my biggest complaint about SpyShelter, the GUI/ease of use is not that good. Especially when it comes to the logging and rule making part. Take for example Neoava Guard (an old Win XP HIPS), it was much easier to operate, see this post: https://www.wilderssecurity.com/thre...-9-spyshelter-firewall-3.360052/#post-2353110

 

Do I need to uninstall previous version before installing 9.2 release ?

 

SpyShelter Firewall v9.3 is out. Panda Free Antivirus classifies the installed SpyShelter.exe (SHA1: 370E985E843A753A9EF954132C600CAA59F03133) as a Trojan. If you run Panda, stop it before you begin to install SpyShelter Firewall via fwsetup.exe. After installation is done, put SpyShelter.exe on Panda's exclusion list, re-enable Panda and reboot your PC.

 

firewall part become more usable i hope they make it more better since its new.(ask deny for each request)
startup speed very good in this version but still it take 2 minutes to change from gray to blue.
plus in new version ASLR Enabled

 

Version 9.4 released today

Important bug in previous version :
http://www.spyshelter.com/blog/spyshelter-9-4/#more-2118

http://www.spyshelter.com/download-spyshelter/

Rules.