Spyware Terminator 2.1 released

Spyware Terminator 2.1 "final" has been released (apparently build 2.1.0.313). "Complete Changelog will come soon" according the announcement on the ST forum.

 

man it's work's

 

You mean it works good. or you're surprised it works? LOL. Has anyone in here ever tested to see how well ST's Application and System Guards really work in preventing malware infestation? I understand the HIPS looks for programs that were not created in its data base and is suppose to block them, but what about those 2 Guards?

 

Well I use to like Spyware Terminator and I only use it on demand. But after trying out the new version and finding out it installs a backround service " sp_rsser.exe" I uninstalled it. Also the immunize files are only 5340. Spybot immunize files are 73,554.

 

You can test the HIPS yourself by simply downloading System Shutdown Simulator and using the HIPS test.

 

I love the new version. Has a great look and a new shield. ^_^

 

Take a screenshot of the allowed programs and dlls and i'll tell you if the GUI was improved.

 

Is this a good picture Pedro?

 

Dieselman, have you ever actually analyzed that number output by SpyBot? It does not appear you have.

The 5,340 number put out by Spyware Terminator refers solely to ActiveX code. It immunizes against 5,340 unique malicious ActiveX items. Whether they are of any harm today with IE6Sp2 and IE7 is debatable, but they are all unique ActiveX items.

SpyBot has a total, A TOTAL of a little under 900 unique ActiveX items. Thats it. Everything else is 7,000+ domains, or some number like that, placed in several locations.
1x HOSTS
1x IE restricted domains
1x Firefox blocked domains
1x here
1x there

Its like 10 different places it puts these 7000 domains. And thus you get 70000+...
10 x 7000 = 70000.

You are quite mistaken if you think that there are 70,000+ unique items in the SpyBot database.

 

Thank you for the pic Cheater, i appreciate it
If i ignore your wallpaper , it does seems fair. But not optimal. There should be a way to group by file type, and i should be able to see the full path.
The list of programs itself loses too many space due to all the things around.

Tokar: Settings, Application Guard etc. take to much horizontal space from the allowed programs list, and System Summary, Application Guard's title, and the too big white space take too much vertical space. It's far from optimal imho.

Then as i say above, one should be able to group by file type or file name.
Picture an option to toggle between the two modes, and if file type is chosen, there could be a separator between them (dlls, exe, and so on).

BTW Tokar, i have 2 Qs:
-does ST block by file extension, or does it block any binary executable? I don't know the tech mumbo-jumbo , i hope i am being clear.
-does ST control by parent-child (i forgot), or does it simply work file by file, allowing it / blocking it, no matter the parent?

TIA!

 

it alerts on several extensions... EXE, BAT, COM, SCR, DLL

im not particularly sure how the parent process blocking works. i know the option is there, but ive never used it to comment on it.

 

I don,t know of any security software( except Anti-Executable) that is blocking by binary code analysis( if this is what u mean). Why we should expect it from ST.

 

Let's see if i can explain.
SSM doesn't do code analysis, but i assume it doesn't block by extension either.

Anyone PLZ correct me at anytime, but i think that SSM like programs hook the OS so that any executable, regardless of extension, is blocked as soon as the OS function to launch executables is called. It's the mechanism, not the extension. Was i understandable, and correct?

 

Yes.

This is what any HIPS worth its salt does. Calls to the CreateProcess API are whacked, regardless of what fancy extensions (if any at all) that the child process is using.

 

Sorry, u are right. Actually I confused it with File protection feature of HIPS and AE where HIPS work by extension basis and AE on the basis od code analysis.

BTW now I am interested to know also if ST,s HIPS wotk on the basis of extensions. If so, I will regard it as an an inferior HIPS.

 

That's what i'm asking. Kind of critical.

 

Are any of you using the Web Security Guard?

dja2k

 

I do with Firefox, and it doesn't seem to cause any slowdowns, and the Crawler Tool Bar can be disabled if you like. I also have the HIPS of ST enabled, and it is running fine along with ThreatFire.

 

I'm using WSG. I love it. I always feel safe with it. If you don't like the look you can go to services on the left top corner, go to services and uncheck the things you don't want up top. I have mine cut down to just services and WSG shield.

 

Thanks guys, I am familiar with the enabling and disabling of the WSG and I know you can avoid install at ST setup. I just wanted to see who was using it and what comments you would bring forth.

I think that the Web Secure Guard toolbar seems better than using lets say LinkScanner Lite, which both are free of course.

dja2k

 

A question always pertinent regarding site advisor's is what they add to a host file. If they don't use some sort of heuristics, something real time to detect problems, it ain't worth it.
Note that i never used WSG, i don't know how it works.