Review EQSecure 3.3

Which AV & FW (if any) are you using with EQS? For that matter, are you running any other security apps along with EQS?

Thanks

 

PV Surfer,

We are behind a hardware FW,

On my wife's PC we use SensiveGuard as a data/firewall, EQSecure and DefenseWall, no AV or AS, surfes with IE7

On my Son's PC EQSecure and Antivir AV with heuristics high, and checks only on writes (faster), GeSWall Pro, surfes with FF

So in general, a first layer of a seamless Sandbox (only policy management, I should have bought XP Pro), next a light HIPS (I used DSA, PG, Antihook, trailed Prosecurity but on of the first releases BSOD-ed, NG, SSM free and Pro, CB free and Pro, Regdefend, but in the end decided for EQSecure).

The advantage of EQSecure you can share the rules very easily. I think it is still difficult to setup, unlike Easter i like the stop only feature, not kill, which reduces the chance of BSOD's).

 

Hmm, I don't fully comprehend this, but perhaps I will after some hands-on experience with EQS.

Thanks for the info though.

 

Anyone who is privy to chinese heard if they are going to address the point of concern where the process that EQSecure blocks still remains lodged in the running process list?

If they get that squared away and haven't created some other conflict as a trade-off, i for one will bring it on board full-time, but absolutely not untill then.

 

NeaovaGuard and EQS are security aps that can be compared to each other. NG has a kind of bad behavior points calculation as seen in some countries regarding driving lisences. When you violate to many traffic rules (speeding, etc) your driving lisence will be revoked. NG does the same thing. It collects bad behavior of aps running on your system. When they reach a certain level it quarantaines the application. It is really a simple and brilliant add-on. So NG changes from a blocker to a killer (when the maximum of malware points are exceeded). This could cause NG to run perfectly until it decides a driver (on my son's PC it was a graphics card driver) has done to many viloations and it will quarantaine it. This caused the PC of my son to hang.

EQS is not that smart, but this also gives you the predictability of constant protection behavior. NG plans a release in which the user interface is improved. When the developer of NG gives some more insight in the rating and an overview of aps which have collected minus-points, you can change your rules in time (before a BSOD).

From an architectural point of view NG is superior over EQS, only it is still in Beta and that causes some users to report BSOD's and sometimes even needs a full image recovery. I think Easter would prefer NG over EQS (he would like to have EQS kill the processes in stead of stopping them only).

That is what I meant with BSOD's.


EQS has a smart option to export ad import security rules (like Regdefend). It stores these exports in XML-format. This type of features (of EQS and Regdefend) makes it easy to fine tune tour settings and then copy them to other pc's (saves a lot of time). It is a corporate market feature for system administrators which comes in real handy when you have more PC's at home.

Regards K

 

Thank you for that explanation... After trying various HIPS-like products over the past few months (EQS being the latest), I've finally settled on just using Prevx1 (along with my AV & FW).

 

Hi, folks: I have gone through the very same process as well. I always believe that newer apps will bring about better security levels. But it does not evolve into that fashion in most cases. I have several anchored apps such as firewall, av, virturalization etc. And those modern HIPSs often causes BSOD, system crashes, or system hiccups to the lesser extent. I think these deep-rooting apps really get into your baby's nerves, trying to alter this, to replace that, causing entire neuro breakdown. I have erected a reminder just to remind me of not to test any HIPS lightly, just because they are so innovative, revolutionary. I firmly believe that the less is in fact the better. Just my loonie sense.

 

Hi all,

I agree fully. Do not try a new HIPS when you have not got a backup image and a XP boot CD/DVD (e.g. Bart's PE).

Regards K

 

I always do a backup or archive, when I test softwares.
Since march 2006 all disasters on my computer were caused by installing legitimate (security) softwares. Not one of them was caused by malware.
The good guys scared me more than the bad guys, isn't that a howler ?

 

kees i downloaded and installed eqsecure 3.3 so i could test it vs advanced process termination from diamoncs and simple process termination/keylogger from system safety monitor and martin's keylogger. the only change i made to eqsecure was what you had in this post. these are my results :

1) APT - eqsecure failed test 2, 3, 4, 7

2) SPT - eqsecure failed test 9, 10, 11, 15, and 16 (test 16 was odd because it said test couldn't shut down the process but the process was shut down!)

3) keylogger - eqsecure "passed" all 4 of the tests. tests 1 and 2 failed to log letter keys, but numbers and keys like ";,<" were logged. tests 3 and 4 couldn't log anything.

4) martin's keylogger - eqsecure "passed" the same way it "passed" keylogger tests 1 and 2 from the makers of SSM. no letter keys were captured, but numbers, mouse click positions, and things like ".<;" were.

 

To satisfy my own curiosity, for you users who have reported BSOD's with some HIPS was your system a patched XP SP2 by chance?

I catch a lot of flack sometimes for sticking with SP1 but on a positive note i never suffered one single BSOD from any HIPS, even betas, with the exception of one, Pro Security, and that was when it first came out.

 

version 3.4 maybe ready end of may.

fix of gui and speed issue according to their forum

 

Great news Korb and thanks for the new notice. Looking forward to it with a lot of anticipation, it's a really fine app.

 

New Release!

Testing time again.....................

 

Hi Easter,

I still believe it is in beta, otherwise Korb, Mitchelson or Solcroft would have posted the link (my chinese does not go any further than hello).

Regards K

 

http://www.eqsecure.com/download/V3.4Beta.rar

Replace the old version files in the EQ installation folder;
copy the"EQSysSecure.sys" (new ver.) to " ......\system32\drivers"
then reboot sysytem .

Alert: this is NOT an official release with some annoying bugs .

 

Thx Mitchelson,

I will wait the official release (hate surprise features called annoying bugs).

Regards K

 

Now you tell me.

I done the overwrite but backed up my EQSecure folder/files "FIRST"!

Good thing too, because those files were nothing short of a complete disaster. Nothing worked, the error shutdown message kept coming up, and it was literally a flop.

I think it's beginning to look like i'm going to stay with the first release since it works relatively flawless for me.

Please, no more buggy announcements, thats a sure way to cast a cloud of doom on what is been a remarkable first run out of the gate.

 

The Chinese version works next to flawlessly, at least, it is for me. According to the devs, it's because they haven't synchronized the files for the English version yet.

 

Thanks solcroft.

I do hope that was the glitch i experienced because it was an immediate letdown but i come to expect those lately with almost all security apps.

Just look at all the issues users been posting about Sunbelt's CounterSpy updated build before they seem to iron out those bugs. It looks to me like if any security app updates their program these days, and theres no serious issues reported, they are in a tiny minority. I see a lot of difficulties stem from developers having to merge in Vista support and still be compatible & stable with XP as before which isn't always happening as expected.

 

What issues are you experiencing, exactly? If you can duplicate them, would you mind telling me how to? I'll pass them on to the devs if I can produce them in the English version as well, assuming the bugs haven't been reported already.

Again, the download link for the beta version was never officially released by the devs anywhere outside the Chinese-speaking community, AFAIK, probably because they want to work out all the bugs first before synchronizing for the English version. I wouldn't be surprised if there were several errors thanks to this reason.

 

Sorry, seems I've made a mistake ---missed one important step :copy "EQSysSecure.sys" (new ver.) to " X:\*\system32\drivers"

Sorry for any inconvenience.

Infact, I am still running EQ V3.3 , just waiting the next official release comes out . I never trust bata ones.

 

This seems interesting and I would love to try it.

But does it support Windows Vista (32bit)?

Also, are all of its featuers usable and changable under a limited account?

 

I'm, also still with 3.3 and it's excellent but like you i'll just hold off for now on untill an official release is offered. Beta's can sometimes be nothing but disaster.

 

Maybe the next generation(V3.4 will improve a lot in many aspects) will support Vista, not now.

I haven't tried to run EQ under limited account, anyhow u can protect your settings with password.