Appdefend + Regdefend replacement with freeware on XP

Discussion in 'other anti-malware software' started by Kees1958, Dec 29, 2007.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Hi all,

    On the 'play with security PC' I have run for the last months a very light combo of freeware security

    Samourai HIPS
    Only select the following options:
    a) enable rootkit protection,
    b) disable anonymous sessions
    c) disable guest account

    ==> Will warn you when a driver tries to install

    Install scriptdefender

    ==> Will warn you when a script is run

    Online Armor free
    Run it out of the box with the following option
    a) Go to the process guard and select the 'run safer' option for all your internet facing applications, like your e-mail client (eg. Outlook express), webbrowser (e.g. Internet Explorer), P2P program (eg LimeWire), messenger (e.g. Windows messenger)
    b) Also run scriptdefender with limited rights (run safer)

    ==> Easy to use firewall and anti executable (the default setup)
    ==> All internet facing aps will run with limited rights (option A)
    ==> All scripts will run with limited righst (option B)

    Download the attached filter in this post. Open with Notepad and save as ANSI file with the WFP extention instead off TXT. Install WinPooch without the freeware Clamwin antivirus. Open Winpooch configuration, see and import this filter

    WinPooch has one strange registry key syntax: for HKCU use HKU\*\ instead, all others are common syntax (e.g. HKLM). Always use Joker for registry entries (even when there is no joker in it like * for all, or run* for run plus or question marks for letter jokers e.g. controlset ? ? ?, wthout spaces for controlset001/002/etc), this will reduce capital/normal character typing errors.

    ==> Will warn you when a sensitive registry key is changed (should be very quiet, meaning no popups)
    ==> Will warn you when a sensitive OS file is changed (should ve very quiet also)

    Dealing with pop-ups
    Samourai driver install warning
    When you are installing a legitemate application choose allow or otherwise block.

    When you are installing a legitemate application choose "let process through". When you are updating (e.g. Antivirus) and WinPooch might pop-up, choose new filter (choose accept and quiet/silent in the next screen). All settings should be static, so in normal operation WinPooch will not pop-up.

    OA Armor
    See help file

    Attached Files:

    Last edited: Dec 29, 2007
  2. Kees1958

    Kees1958 Registered Member



    For really fast surfing use Opera and choose extra from the menu, next choose preferences and select advanced tab. On the left a clickable option history is shown. Select to use memory (for say 60 MB max), set disk to off.

    ==> temporary webpages and history will not be saved on disk, but are stored in memory, also with every reboot this will be automatically cleared.

    This set up is real strong, so you won't need the contineous checking against the blacklist. Setoff the standard shield, but allow all other modules (you can either choose for outlook or internet mail shield, depending on your setup).

    ==> light NIDS against some worms,
    ==> 'fore checking' of webpages before they are executed. The webscanner delays browsing a bit, but Opera will compensate for the lost speed compared to IE or FF. Also you will notice that program launches will be faster (also startup of Opera), because the standard shield is stopped.
    ==> Avast won't check on program startup, file writes and reads on your hard disk. Remember data streams are checked ONCE before execution by the web shield, P2P shield etc. So you have a incoming read check on known malware.
  3. Kees1958

    Kees1958 Registered Member

    On Vista use Comodo V3 with D+ it does provide simular protection in one package. Only downside of teh currect release are its pop-ups and dealing with pending files (so Gamers using for instance Xfire will be nagged to death with pop-ups).

    Comodo V2 was talkative also, with release 2.4 they really had it smoothed out, so for V3 just wait for the next releases (Online Armor will get a Vista version ultimately, but on Vista64 Comodo really is the only freeware HIPS).
  4. ErikAlbert

    ErikAlbert Registered Member

  5. Pedro

    Pedro Registered Member

    Indeed, but ime Revo uninstaller (my backup option to ZSoft) can clean the intercepts. Of course, this needs confirmation from someone else, and new versions could behave differently.
  6. Kees1958

    Kees1958 Registered Member

Thread Status:
Not open for further replies.