Introducing EdgeGuard Solo Beta (zero-day malware defense)

Look to post 13 with EDIT ( today October 14, 2008 ), please.

Thanks, PROROOTECT

 

Without having tried this utility am I right in thinking it's a less extensive clone of Geswall?

 

More like DefenseWall, IMO.

I'd like to see another release come out.

 

Heheh.........

ES BETA installed!!
Now what the heck are U d0ing in USA? U should be in Scandinavia (EIRIK)

TCSP

 

Well i cant even se the gui... I mean, i need s0mething

 

I was named after the first one from my father's family to arrive in the US from Norway. I've yet to go there. Sure would like to visit. I enjoyed many free beers over the years with people in the US failing to guess (3 tries each) how my name was spelled.

Eirik

 

I see the similarity. I prefer not to comment on products from other small vendors. Competing with the giants is hard enough without us fighting amongst ourselves. I would be happy to answer questions or ask our engineers to answer questions that enable you all to compare and contrast.

Eirik

 

Hi Eirik ! Not rich that means in New Norwegian....

I c0me from 0sl0... (wathEVER)
"U" Tell me this: What makes EdgeGuard Solo different (org) ?

Greetings fr0m l


Alpha-Draconia

 

In the list below, keys are ending on a \, values not, these are static keys/values and would not change under normal condition

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Programs
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RistrictRun


HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\system\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\Logon\


HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FormSuggest PW Ask
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Network\


And optional could also protect (as an option for IE)
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Extensions\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Main\
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Menuext\
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Styles\stylesheet
HKEY_CURRENT_USER\Software\Microsoft\Internet explorer\Urlsearchhooks\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet explorer\Toolbars\Restrictions\

What is the benefit compared to running an internat facing aps with stripmyrights for instance?

Few questions, applications started by guarded applications are also contained? what about downloaded files?


Cheers Kees

 

EdgeGuard Solo is a very focused anti-malware tool. It blocks major attack vectors but does not strive to deter them all at the cost of the user-experience. We seek to build something that does not call on end-users to make knowledge-dependent security decisions. It is intended to be a low profile tool in terms of distractions to end-users, disruption of user applications, and consumption of PC resources.

Eirik

 

Kees1958, I've forwarded your list of registry keys to engineering. Thank you.

These can have unintended consequences that can hinder normal application behavior. For example, Microsoft Office applications may not run when the user is logged in with admin rights and the application privileges have been reduced. EdgeGuard Solo, in this case, allows normal operation but still prevents the Office applications and anything they spawn from performing write operations to protected resources.

Yes, the children inherit the containment of the parents. This is particularly useful when ActiveX controls are involved. In the case of a legit executable that was downloaded, the end-user must save it and launch it via Windows Explorer, for example.

The next release will better deal with downloaded files or 'drive-by downloads' by suppressing launches from user-space.

When this forthcoming option is enabled, the end-user would be alerted to an executable being 'blocked' and would have to add that downloaded file to the 'guard' list to allow it to run. If an end-user wishes to run it unguarded, he/she adds it to the 'guard' list but unchecks the 'guard' box for that entry so it can launch. We will strive to make this easy to do via the GUI.

 

WOW, that is good news for Vista 32 users, when running

UAC with Nortan UAC tool + EdgeGuard Solo they will be protected from the most severe threats,

Please mail us when the release containing downlaoded files is ready for testing.

Are you going to protect the HKCU mentioned entries and values I mentioned also?

Cheers Kees

 

Our intention is to protect more HKCU keys. I've forwarded the list to engineering. After decisions are made, it will fall to me to alert you.

Thanks for the feedback,

Eirik

 

is this software going to be free for personal use when final release is out?

 

Yes, absolutely.

 

thanks

 

Eirik,
When can we expect the next EdgeGuard Solo update?

Thanks.

 

We will soon announce a date and features.

 

It sucks how we have to manually add everything we want protected. The system tray icon looks bad. And the GUI is just plain horrible. This is the first security program I've ever tried that has a GUI that looks like it was done with the default form images of Visual Basic 6. The aesthetics of this program could definitely be improved. Most importantly, this program needs to be made so it works "right out of the box".

 

dont fret, something better is coming.

 

Eirik,

When looking at the user interaction outline and security intention of your program I would go for the following scope of protection

a) Run mentioned programs in a limited user environment
b) Additionally protect some autostart registry entries in HKCU (Tony Klein has posted a nice round up in RegDefend section of Wilders Security, Entries listed in Runscanner, check their change log, and a google for a document named "where malware hides").
c) POLICY registry keys in HKCU
d) Guard Executable file associations
e) Guard All run*** HKCU registry entries (Run, RunOnce, RunOnceEx, RunService. RunServiceOnce)

What would be possible as an option
f) set host file to read only
g) disable a few services (remote registry, remote desktop, active desktop)
h) guard startup folders



Cheers Kees

 

While Kees's points are technical mine is superficial....

I'd like to see some sort of symbol displayed in the Title Bar, such as in the case of Sandboxie you have a "#" or in the case of DefenseWall you have "Untrusted", which indicates the blooming protection is turned on. For example, I turned off protection, to install something or other but had forgotten I had done it. I then went merrily surfing not knowing I wasn't protected. I suggest the word "Guarded" but anything will do.

Small point, I know, but it's needed.

Thanks....

 

Potentially very useful security program from all indications and once some choice additions are made.

Question: Can anyone offer a short list taking into mind this is early yet, of other security apps this is and will be compatible working with in combination?

Thanks

EASTER

 

Eirik, does EdgeGuard protect against RAW disk access?

 

Fantastic Topic!

I am getting really hyped up over this once it pans out.

TAKE IT TO THE LIMIT!!!!

EASTER