Appdefend + Regdefend replacement with freeware on XP

Hi all,

On the 'play with security PC' I have run for the last months a very light combo of freeware security

Samourai HIPS
Only select the following options:
a) enable rootkit protection,
b) disable anonymous sessions
c) disable guest account

Effect
==> Will warn you when a driver tries to install

ScriptDefender
Install scriptdefender

Effect
==> Will warn you when a script is run

Online Armor free
Run it out of the box with the following option
a) Go to the process guard and select the 'run safer' option for all your internet facing applications, like your e-mail client (eg. Outlook express), webbrowser (e.g. Internet Explorer), P2P program (eg LimeWire), messenger (e.g. Windows messenger)
b) Also run scriptdefender with limited rights (run safer)

Effect
==> Easy to use firewall and anti executable (the default setup)
==> All internet facing aps will run with limited rights (option A)
==> All scripts will run with limited righst (option B)

WinPooch
Download the attached filter in this post. Open with Notepad and save as ANSI file with the WFP extention instead off TXT. Install WinPooch without the freeware Clamwin antivirus. Open Winpooch configuration, see http://www.softpedia.com/screenshots/Winpooch_3.png and import this filter

WinPooch has one strange registry key syntax: for HKCU use HKU\*\ instead, all others are common syntax (e.g. HKLM). Always use Joker for registry entries (even when there is no joker in it like * for all, or run* for run plus or question marks for letter jokers e.g. controlset ? ? ?, wthout spaces for controlset001/002/etc), this will reduce capital/normal character typing errors.

Effect
==> Will warn you when a sensitive registry key is changed (should be very quiet, meaning no popups)
==> Will warn you when a sensitive OS file is changed (should ve very quiet also)

Dealing with pop-ups
Samourai driver install warning
When you are installing a legitemate application choose allow or otherwise block.

WinPooch
When you are installing a legitemate application choose "let process through". When you are updating (e.g. Antivirus) and WinPooch might pop-up, choose new filter (choose accept and quiet/silent in the next screen). All settings should be static, so in normal operation WinPooch will not pop-up.

OA Armor
See help file

 

Addendum,

Webbrowser

For really fast surfing use Opera and choose extra from the menu, next choose preferences and select advanced tab. On the left a clickable option history is shown. Select to use memory (for say 60 MB max), set disk to off.

effect
==> temporary webpages and history will not be saved on disk, but are stored in memory, also with every reboot this will be automatically cleared.

Antivirus/Antispyware
This set up is real strong, so you won't need the contineous checking against the blacklist. Setoff the standard shield, but allow all other modules (you can either choose for outlook or internet mail shield, depending on your setup).

effect
==> light NIDS against some worms,
==> 'fore checking' of webpages before they are executed. The webscanner delays browsing a bit, but Opera will compensate for the lost speed compared to IE or FF. Also you will notice that program launches will be faster (also startup of Opera), because the standard shield is stopped.
==> Avast won't check on program startup, file writes and reads on your hard disk. Remember data streams are checked ONCE before execution by the web shield, P2P shield etc. So you have a incoming read check on known malware.

 

On Vista use Comodo V3 with D+ it does provide simular protection in one package. Only downside of teh currect release are its pop-ups and dealing with pending files (so Gamers using for instance Xfire will be nagged to death with pop-ups).

Comodo V2 was talkative also, with release 2.4 they really had it smoothed out, so for V3 just wait for the next releases (Online Armor will get a Vista version ultimately, but on Vista64 Comodo really is the only freeware HIPS).

 

ScriptDefender has a serious UNinstall problem.
https://www.wilderssecurity.com/showthread.php?t=187398&highlight=Script Defender

 

Indeed, but ime Revo uninstaller (my backup option to ZSoft) can clean the intercepts. Of course, this needs confirmation from someone else, and new versions could behave differently.

 

Eric.

Never uninstalled it. Why did you?