AppGuard vs. Voodooshield or NoVirusThanks EXE Radar Pro

In Medium Mode of Protection AG will allow any signed executable to execute in the user-space with limited rights. I have asked that BRN only allow certificates from vendors on the Trusted Publisher's List in Medium Mode of Protection in the next version of AG. I hope they take my advice.

 

Use your influence for Export Customize

 

I agree.

 

Sorry I thought the mechanism worked the way you asked it to. Agree (like pegr) that they should implement that.

 

I like appguard, but out of the 3 programs in this thread it's the most complex/confusing imo

 

Several of us have asked for that feature in the past. I'm not sure where that feature is on BRN's priority list. I think adding hashing ability, and only allowing certificates on the Trusted Publishers List in Medium Mode of Protection should be top priority. It would actually mean a significant increase in security, and hashing could also make AG more user friendly. It could allow the user to make exceptions for those random executables that some applications like to spawn in the user-space. Hashing could open the door to many different possibilities.

 

Some might disagree, but this is the way I see it...

VoodooShield = Most friendly

NoVirusThanks EXE Radar Pro = A mixture of Advanced and friendly

AppGuard = Advanced, requires more user interaction.

As for the effectiveness of all the products, they all are quite powerful and will provide amazing protection.

As for me, I prefer the way VoodooShield and NoVirusThanks EXE Radar Pro are set up. AppGuard (for me anyways) isn't my cup of tea, as I feel it requires too much of my attention.

 

I totally agree! VS seems to have way more bugs than ERP correct me if i'm wrong.

 

You're right, VoodooShield does have more bugs than ERP.

But, Dan (the developer of VS) is a lot more active and I trust in his ability to deal with issues VS might have.

In my opinion though, ERP development has kind of slowed down since it went donationware, Which is why I prefer VoodooShield much more.

But, ERP is still an excellent piece of software and I still highly recommend it.

 

Andreas is a wonderful developer and has created an excellent program but he has to make a living somehow, so I do understand why it has slowed down. I just hope it doesn't die like others in the past.

 

If your asking me, it needs to be maintained (fixing bugs etc) I love the way the program is currently.

 

Oh, I completely agree, Andreas is one my favorite developers out there (The dude is talented), I just think going donationware may have slowed down everything - Money coming in, development, etc. (Of course that is just the feeling I get, so I might be wrong).

I think the product should have remained as a bought product, as well as accepting donations for those who wanted to support development. Heck, I even think ERP alone is worth more than what he was selling it for to begin with, it's that good.

As far as what you said here...

This is what scares me, because Andreas makes amazing, useful software.

I really hope this isn't the case, as I absolutely love NVT products.

 

The products he develops may be solid and quite polished, but like any product out there, there is always a need for bug fixing, future optimizations and of course future system compatibility.

 

I agree 100% on both replies

 

Does not happen often that we disagree, but I have been running safe admin setup since 2010. It is based on deny execute for all in drive-by folders, a deny execute for medium level processes in user space, with an option to execute as admin when signed. When it would be that risky, why haven't I been infected, considering that until end 2013 I could use fresh malware to play with from a friend's honeypot (he moved to asia as malware reverse engineer).

Peter seriously with a double anti-exec (NVT-ERP & AG-user space) and a double sandbox (SBIE & AG protected processes) you want to convince me that you are not paranoid?

 

I must confess: I'm really a paranoid, well quasi-paranoid, see my signature

 

@Mister X

Okay I forgot, Peter is also using Shadow defender. Don't know whether he also uses Secure Folders to defend his data partitions, like you

How on earth can a malware pass such a double/triple secured sectup (I forgot also double exploit protection with AG's memory protection and MBAE or in Peter's case AG+HMPA)?

 

I don't know either. Last time I heard of him he was kind of reluctant to adopt it
Mostly for developer's unknown background and reputation.

I don't use HMPA but MBAE with the famous SBIE template to ensure dll injection, hahaha.

 

Why use MBAE when you have your browser sandboxed?

 

Sandboxie contains malware activity but it doesn't prevent from running. If Firefox and java running in a browser session happen to get exploited, then MBAE mitigates it in the first place but if attacker succeeds doing anything further with the exploit, next SBIE should stop him.

 

Btw here's MBAE template for Sandboxie:
http://forums.sandboxie.com/phpBB3/viewtopic.php?f=17&t=19132&start=30#p110120

 

Depending on your sandbox settings correct? I only allow chrome to run in it's sandbox

 

What OS version are you running?