Anti-Executable

Free and still avaliable
http://www.horizondatasys.com/169602.ihtml

EDIT: Same link as Lucas1985's

 

It's a bit confusing because the word "trial" is still included in the downloaded zip-file.
I wonder if it is as strong as AE, after all it's freeware.

For instance does it this ?
Quintuple Verification
* File Size
* File Type
* File Location
* Creation Date
* Code Sample

 

Mine says full . I don't see trial.

 

Thanks Lucas and travellinman.
Eric- they wrote it freeware.

Anybody using it?

 

I'm waiting for the email. They say they send it by mail, and i think Gmail will block it.. If i knew that before, i would give them another e-mail.. They only say it after you give the details.

I'ma gona wait.

 

Check ur spam folder.

 

That is a good one, two different downloads for the same software from the same website. Almost unbelievable that such a company makes such mistakes. High time to adjust their website.

 

Just tried out exelockdown. I really should read the install screens, at first i couldn't find it and then i didn't know the password LOL! For a freebie its actually not too bad, you can autoscan your hdd for exe's which get added to the whitelist and you can manually add exe's to the blacklist. Custom messages, logging and the ability to add an allow button are also there.

One problem i found is its easily circumvented by changing the name of an exe. I did a simple test by putting regedit into my documents folder and allowed it to run. I then changed the name of another exe to regedit replaced the original regedit exe and it ran with no alerts.

 

That,s why it is free.

 

If that's true, is it worthless?
Any takers?

 

Hi, Travellingman: Can I ask you questions? I visited ExeLoc 's web site, got some info, but not all I need. It appears that EL will scan pc for existing exe to build baseline, and then will pop up alerts in the event of encounterring unknown exe and ask user's choice. Is this ture? or it will terminate the unknown cold. Does EL update its baseline? and how? Thanks.

 

By default it denies any exe that is not on its whitelist, it just brings up an alert showing you what exe has been denied. There is an option to add an allow button to the alert.

 

Yeah I dunno if that makes it worthless. Its definitely a weakness in the app. If its run on a system that doesn't change then it would work well imo.

 

I don't see any advantage of this.
The principle of a whitelist is : anything what is not whitelisted is blocked.
That's why you don't need a blacklist, this is total superfluous.

In AE you don't see the whitelist and you can't edit it either, which offers a much better protection.

Thanks for testing EL, it saves me time. I stick to Anti-Executable.

 

Depends on the scenario. Dad says son can't play that game until he finishes homework, on the pc too. Dad blocks that exe temporarily.
There should be other scenarios too. Like IE7 .

 

This, of course, is a subjective evaluation and doesn't negate the White List protection of the product.

I am more interested in the robustness of the product. Can those who use it answer a several questions?

1) The description on the site shows it is entered in Add/Remove. If you attempt to uninstall it, are you prompted for a password?

2) It's not clear to me (I might have missed it) if its program directory and White List are protected from access.

3) According to the site,

What about programs installed on another partition: do these have to be manually added to the White List? This would have to include all .dlls and .sys files associated with the various programs.

4) Are you prevented from moving/deleting *any* executable file on the computer? I see farmerlee found out that you can rename one.

thanks,

-rich

 

It,s totally useless if it has no checksum for the exes.

 

I don't understand this. Can you explain this a little better. I don't see anything subjective about this.
In English I'm a bit more stupid, than in Dutch.

 

Erik, he means it's subjective because it depends on the user specific needs.
Dad-son, IE7 etc.

 

When placed in a disabled state, AE appears to maintain a comprehensive accounting of files accessed. It doesn't seem to do any of the normal processing, for example comparing against the whitelist and either ignoring the access or adding the information (as appropriate) to the whitelist. The accounting then appears to be processed in one step on re-enabling AE. You'll notice a slight delay/stutter of the system under normal conditions (say installing a typical program) as the files accessed in that operation are processed.

In the event AE is disabled and a comprehensive system AV scan is run, all files examined by the AV appear to re-examined by AE on enabling. In this sense, it is quite akin to the initial system scan. During that time, your system is completely unavailable and you lose access to the keyboard and mouse. On a small system, this period may span a few to a tens of minutes. Depending on your haste, this might be a minor to significant inconvenience. On my main multiboot system, with fairly large libraries of downloaded executables on multiple drives, this scan takes a couple of hours. That's all I meant. The details above might not be quite right, I'm interpolating based on observed behavior only.

Blue

 

Hi, folks: I have made a surprising or stupid (you can say it this way too) discovery. I have had BlackIce PC protection for a long time, mainly for its IDS function. But never look at its other remarkable feature, namely application protection, until whitelist protection approach has been lately discussed. I tested today and found it is similiar to other apps, such as AE, but w/ more options. I will play it for few more days to see what I have missed for this long period of time. People often say that grass is more greener on the other side of fence. I think it is wrong idea. Let me find out more.

 

Thanks, but I don't see it that way. I always have an idea in advance how a software is supposed to work, before I even know the software. AE has a black & white vision on executables, if it isn't white, it will be refused and that is how it is supposed to be.
A frozen snapshot has a COMPLETE whitelist (= freeze storage) of EVERYTHING in a snapshot , which is even better than AE, but AE acts immediately, while FDISR acts only on reboot and that is TOO LATE, just like scanners are too late.

I'm also interested in the answers of Rmus's questions, but not to change my mind, my decision is already made. As far I can see Rmus's questions are based on a comparision with AE.

 

Actually, Erik, having worked in ESL for many years, I think your English is very good

To add to what has been said:

This is an objective statement: it is a fact

This is a subjective statement: an opinion. While valid for you, this feature might be useful for someone else.

Now, about delete--move--rename: This feature of AE is an important consideration for me, since I install AE mostly on family computers where the kids sometimes like to fiddle.

An extreme example: Years ago, before AE, I loaned an extra computer ( Win98 ) to an exchange student living with a host family. One day she called and said that the computer wouldn't boot. I went over, and asked what was the last thing she did. Well, in downloading lots of music files, she ran out of space, and deciding that she never used anything in the Windows directory, decided to free up some space - she never used those *.dll files so, away they went...

Also, this protection is useful in some institution settings, although Deep Freeze negates any attempt to do the above.

I ran some tests awhile back illustrating how AE blocks these commands on executables:

AE_delete-move-rename

I would like to know how Exe Lock does in these situations. The reason I don't want to evaluate it is because it requires a reboot following installation.

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

Is this a problem for you to install softwares, that require a reboot during its installation or is it just a principle of you ?

 

I used to do lots of evaluating using a second test computer. I don't do that anymore, and no longer have a test computer.

-rich