What are the currently available anti-executable options?

Discussion in 'other anti-malware software' started by NoHolyGrail, Dec 24, 2014.

  1. NoHolyGrail

    NoHolyGrail Registered Member

    Joined:
    Nov 14, 2005
    Posts:
    46
    I used to use ProcessGuard. When that folded, I switched to Online Armor. Recently, I realized Online Armor has changed its behavior so much that I no longer have any idea what it is doing. So, seeking a replacement, I've come back here to see what people are using today.

    So: What options are out there for a security product that revolves around whitelisting known applications and blocking unknown executables?
     
  2. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Voodooshield
    SecureAPlus
     
  3. genieautravail

    genieautravail Registered Member

    Joined:
    May 6, 2012
    Posts:
    109
    Faronics Anti-Executable
    NVT Exe Radar Pro

    IMHO, the two best programs in this category. :rolleyes:
     
  4. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Unfortunately having a verifiable hash list for executables is usually out of the realm of free software since it involves a lot of work and time to maintain, as I generally prefer to use free alternatives whenever possible. However, as far as paid products go, I would also probably suggest Faronics Anti-Executable as well since they seem to present things in a non-complicated way, yet are quite thorough and extensive under the hood.
     
  5. guest

    guest Guest

  6. genieautravail

    genieautravail Registered Member

    Joined:
    May 6, 2012
    Posts:
    109
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Having used Faronics in the past, it's good but. I wouldn't call it non complicated, just getting it open is a pain. Also NVT's ERP is much safer in the way it handles command line programs like Rundll32.exe and a few others. Then there is cost. If you like free, then ERP is so much a better deal in terms of cost.

    Pete
     
  8. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    I dont think the NVT free version is available on their site?
     
  9. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    833
    I used Faronics in the past too, dumped it because it was a pain. I use
    NVT Exe Radar Pro now.
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I wasn't talking about free software. Last time I checked Faronics was about $65 per year. ERP still is $20 per lifetime.

    And they may not be updating there free software. I mean at that price I almost hope they don't
     
    Last edited: Dec 24, 2014
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    If I were using 32 bit Windows I would definitely use Malware Defender as anti-exe + HIPS software. Right now I use built-in software restriction policies as anti-executable.
     
  12. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    My experience with Faronics is fairly negative. It worked well with XP, but was extremely buggy with Vista. NVT ERP was good as well as SecureAPlus but overall I gave up using an anti-executable as there is always something within Windows that breaks or is blocked silently, leaving me wondering what the hell is going on.

    For instance, in one situation I closed my notebook and went to bed, in the morning when I recovered the machine from sleep it was boiling hot as the sleep function didn't work and left the machine on all night. I cannot be absolutely certain whether the anti-executable caused it, but it had never happened before and never happened again after uninstalling the AE.

    Sandboxie tightly configured already functions as an anti-executable which is enough for my environment.
     
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    AppGuard
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Appguard while a great program isn't really an anti executible
     
  15. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I'd vote for EXE Radar, it's the easiest to use IMO. It's not perfect yet though, it needs an "install mode" and also a more handy way to switch between alert and lock-down mode.

    That's what I like about ERP, it has all the options to avoid or to quickly solve these kinda problems. The cool thing is that, you can also use it as a "path-based" white-listing tool. So this means you can choose to automatically allow execution of all apps from a certain folder.
     
  18. NoHolyGrail

    NoHolyGrail Registered Member

    Joined:
    Nov 14, 2005
    Posts:
    46
    Glad to see there are still good options! I'll have to take a closer look at these.

    Any thoughts on which has the most intuitive interface? I'd prefer to avoid having to micromanage rules and policies, but on the other hand I still want to know what is going on; I don't like security programs that give unexplained "low/medium/high" settings as if the user's level of concern is the only relevant factor.
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    all the time I thougt it was anti-executable :)
     
  20. 142395

    142395 Guest

    SecureAPlus will be one candidate. It explains most things in plain English and quite easy to use. And it covers all WinPE files and scripts by default while some other AE only monitor .exe file. You can even add any file types if you want. Though maybe you don't have interest, it also have Process Protector which prevents code injection, but it is only for advanced user and currently half-baked state.

    Another thing I personally like is it uses SHA256 for hashing. I hope ERP ditches MD5 and employ strong hash if not yet, as I think its "vulnerable programs" feature (whitelisting based on parameter) is quite strong. Well, actually using MD5 is not serious matter for AE because attacker have to know that you use ERP and some programs you whitelisted to abuse MD5 collision to bypass ERP. It's not practically easy, but still possible. Any security program shouldn't use MD5 anymore except for password hashing such as PBKDF2. But to be fair, even big name such as Kaspersky don't always follow best practice when it comes to crypt & hash.
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Take a brand new executable and stick it in any program files folder and Appguard won't block it. ERP will. Appguard won't block it because it doesn't block anything in system areas.

    Pete
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I still consider AppGuard an anti-executable. It just uses policy instead of whitelisting. I don't think AE can be solely defined as white listing applications. AG protects the Program Files directory by not allowing guarded applications to write to the directory to began with. AG protects the system space in the same way. One notable difference in AG policy restriction vs whitelisting applications is under some circumstances AG can only guard the executable instead of completely blocking it. So AG will run some executables sandboxed depending on their path, and the policy defined by the user. AG also has some other protection features that other AE do not have like memory protection, and ability to define private folders.

    I think the following below are your best anti-executable options
    AppGuard http://www.appguardus.com/
    No Virus Thanks ERP http://www.novirusthanks.org/products/exe-radar-pro/
    VoodooShield http://voodooshield.com/ (has a free version)
    Faronics Anti-executable http://www.faronics.com/products/anti-executable/ (expensive in comparison to the rest!)
    Bouncer http://excubits.com/content/en/home.html
    SecureAPlus https://secureaplus.secureage.com/Main/index.php
     
    Last edited: Dec 25, 2014
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    btw.. the original poster mentioned Online Armor in his/her original post, but OA is not an anti-executable. OA is a HIPS, and I might add a very good one :) HIPS will give more granular control over what is allowed to run on one's system, but works best in the hands of a knowledgeable user.
     
  24. 142395

    142395 Guest

    From #18, I don't think Bouncer is suitable for him.
    Yes, but by the same reason with Bouncer, it will not meet OP's need.
     
  25. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    That's correct, OP wants something with intuitive GUI and not have to manage rules/policies, so Bouncer is definitely on the opposite end of the spectrum there. Bouncer will only ever target the niche of true geeks and security enthusiasts who don't mind getting their hands dirty.

    In that regard, I would recommend VoodooShield as Cutting_Edgetech and Azure Pheonix had also suggested. That gives the option of a free version and also a paid option for more advanced options. In my recent experience with VoodooShield it was quite easy to manage and secure as well. My only gripe was that startup of Windows was slow but that has been fixed in it's current release.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.