SpyShelter 10

Discussion in 'other anti-malware software' started by Mops21, Jul 30, 2015.

  1. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    278
    I've been doing some back and forth with SpyShelter support and would like to now answer my own questions regarding the firewall.

    This issue was based in the fact that I ticked for the zone to include ICMP. When ICMP is enabled for a zone then if it's trusted all ICMP traffic will be allowed and if it's blocked then all ICMP traffic will be blocked, regardless of the limitations of the rule ( example above trusted a specific subnet yet I was allowed to ping 8.8.8.8

    If you check ICMP checkbox and zone is trusted it will be allowed for ANY IP
    If you check ICMP checkbox and zone is blocked it will be blocked for ANY IP
    According to support the zone list has a priority based on which was created last, latest = highest priority. Haven't tested this.
    There was an issue with my testing methodology here. Basically whenever Tixati is listening to a port it will show an alert if it can't listen to that port. I assumed that the lack of such an alert = it could accept incoming traffic. I don't think that's true but I can't confirm it yet. The issue here is reliable testing methodology, mainly because I haven't been able to reliably get another torrent client to connect to me in such a way that port forwarding would be relevant. I have confirmed that the incoming port is working for the intended port but results are inconclusive for unintended ports as I can't be certain whether no one was allowed to connect to it, or if no one simply tried to..

    Besides that I'm not sure I share the opinion on SpyShelter support, while certain answers could have been more fleshed out I still received several answers of considerable length and overall I think the support was good. And, for me at least, better than what it's made out to be here.

    Edit: (Unrelated to the above) it seems like SpyShelter is giving me bluescreens with Windows 10 Anniversary Update. Had to uninstall it until it's fixed. Reported to SpyShelter with dump.
     
    Last edited: Aug 5, 2016
  2. ald4r1s

    ald4r1s Registered Member

    Joined:
    Apr 8, 2013
    Posts:
    53
    Everytime I had contacted SpyShelter support I always received solid information from them. I have had shitty experiences of support cases with MBAM and Comodo in the past. With SpyShelter I was amazed that they actually reply so fast. "Longer" tickets obviously took more time.

    So you just got a handful of protection features/improvements and yet you complain about GUI of the program? Application has to do its job. I don't care about my chocolate wrapping as long as the chocolate is delicious. Why would I care about GUI that I rarely open? It could be better but that's the last thing I would think of, honestly.
     
  3. haakon

    haakon Guest

    How interesting is this?

    SShelterTrial.jpg

    I was confused by their use of "evaluation" and "demo." The download page refers to it as "trial." Dismissing the "words have meaning" concept is risky.

    My thinking was this randomly disabled behavior kicked in on day 15, the evaluation/trial version switching into a demo mode. But I wanted to confirm that. Here's their helpdesk@ reply:

    SpyShelter protection will be automatically disabled after ~4-5 hours of continuous usage (all modules turn red in Protection tab). You have to restart your PC in order to re-enable it. It was a recently introduced countermeasure to stop abusing the trial version.


    Considering a production system up for 12-14 hours a day, that's several reboots a day. Even more if it's really "a couple of hours" as that dialogue warns. As well, it says randomly and support says automatically.

    Either way, except for installation/updates, one reboot is too many. Add to that one must remember to open the UI to check if the random-automatic shut down has gone into effect.

    And then there's this...

    SShelterTrial2.jpg

    All the features. Until you have to manually check if you have to reboot. :thumbd:

    I never found out what actually happens on day 15. But it seems this trial/evaluation/demo version is just a singular version that randomly disables itself perpetually until it's registered. Or uninstalled.

    OK. Their trial version has been abused. Very sad. Zinging the potential customer is not the solution.
     
    Last edited by a moderator: Aug 6, 2016
  4. haakon

    haakon Guest

    Well, regardless of their whacky trial scheme, considering Datpol's reputation and the product's maturity, I'd consider a purchase anyway.

    I'm checking with support@ on their refund policy and if this is a legitimate seller. Nice deals...
    http://sharewareonsale.com/?s=spyshelter&post_type=download

    Anyone know where other deals might be snagged? Thanks!
     
  5. scorpionv

    scorpionv Registered Member

    Joined:
    Jan 28, 2016
    Posts:
    33
    Just mail Datpol, They might just give you a personal deal.
     
  6. guest

    guest Guest

    I trialed it end of last year and i had no restriction for 14 days. Hmm, now they changed that because of "Abusing the trial version" o_O
    If you consider to buy it, ~50% less for a lifetime license is a good deal.
    But:
     
  7. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    176
    Same here , always got a quick response to questions .
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    The thing is, we all expect something different. When I was still on Win XP, I was using the SSM + Neoava Guard combo, and believe me they were a lot better than SS in many ways. Of course SS is better in some areas. But the GUI is very important to me, of course you're not looking at it the whole day, but when you need to get certain things done quickly, or need certain info, you will see that it does matter.

    Actually, the things that I requested were just minor, I didn't even mention other things like better protection against code injection methods that are being used by ransomware and banking trojans, a more user-friendly anti-exe feature, and a way better sandbox. I would also like to see SS tested by MRG, but I guess this costs money, plus there is no guarantee that SS will pass all tests, unless they get access to the MRG "Financial Malware" simulators.
     
  9. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,501
    Location:
    .
    Many Updates, lately...:confused:
     
  10. haakon

    haakon Guest

    No.
    Well, support@ confirmed sharewareonsale dot com is a legitimate reseller but return policies are that of the seller.

    This sweet deal from well-known and respected dealer flew into my radar in the meantime
    https://bitsdujour.stacksocial.com/sales/spyshelter-premium-lifetime-license
    and their policy is no refunds as well citing the "deep discount." That's reasonable.

    support@ took umbrage at my negative critique of their trial-shutdown scheme, that it's for "crackers and users who are not interested in paying." Interesting perspective from security specialists according to their About us page.

    And "in 99% cases trial (random/timed shutdown scheme) version helps to make right decision."

    Purchases direct from Datpol can be refunded in 14 days in case I might fall into that 1% category where something other than a browser or a game might be an issue without resolution.

    Maybe I'll buy the one year license as a for-real trial where I won't have to reboot several times a day. Because of crackers. And hope that next year there'll be some more lifetime deals if within 14 days I'm 99%.

    (Yes, I know I'm a remorseless deal scrounger. Been one for ages, like just about everyone. But I've never been one of them, and you know who you are, who gripe and moan about what free versions don't do.)

    Oh well...
     
    Last edited by a moderator: Aug 6, 2016
  11. hjlbx

    hjlbx Guest

    Protection improvements for 64 bit systems have been very slow to be implemented - and there are definite holes. Other vendors - like ESET, Emsisoft, etc - have been able to do it.

    That being said, the only way to truly protect a system is not to execute untrusted\unknown files in the first place - and SpSFW is currently capable of blocking those from executing. However, upon execution you're beat if it is hollow process ransomware or RMI on 64 bit systems.

    Just basic enhancements to make sure SpSFW will run on various systems is the most often "improvement."
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Exactly my point. In certain areas, other security tools are more advanced. But I think it's a matter of too much work for the developers, they probably don't have enough manpower. And it's unlikely that a bigger company will buy the SS product, since just about all AV's already have some form of HIPS on board. So SS is pretty good, but I'm afraid that it's not going to get any better. This bugs me as a true HIPS fanatic, SS could have been great instead of just good. But like I said, it's hard to blame the developers.
     
  13. hjlbx

    hjlbx Guest

    Oh... I would bet there will be improvements, but they will be forthcoming very slowly.

    I'm not sure what the issue is between SpSFW and 64 bit systems - as every time I tried to get infos none that clarified the issue were ever provided.

    All I was told was that a lot of work is to be done over the coming year -- and in no uncertain terms told not to submit any further bug\vulnerability reports.

    And with that I dropped SpSFW...
     
  14. ald4r1s

    ald4r1s Registered Member

    Joined:
    Apr 8, 2013
    Posts:
    53

    I just checked out of curiosity what exactly MRG is since it is first time I heard about it. Just take a look at this,

    https://www.mrg-effitas.com/recent-projects/comissioned-tests/

    I never laughed so hard :argh:

    1. Start up an antivirus testing organization
    2. Add "on demand" tests to your offer
    3. Antivirus A sends request to compare itself to Antivirus B in the tests in which it will have better scores
    4. Antivirus A pays up the money to MRG
    5. Antivirus A can now proudly place a badge on website "Better than antivirus B according to this uber godly testing organization"
    6. Profit

    I always knew that those AV comparing organizations were utter ******** but this is whole new level for me :) With the right amount of money, everyone can pass the test, or make sure the competitor will not pass it. Nothing works better on walmart antivirus shoppers than another certificate :argh:

    To my understanding, Windows 10 is probably the main reason. I mean, even the biggest av vendors who have almost infinite resources (like Kaspersky) stopped releasing builds that supported Fast Ring due to big amounts of changes by Microsoft.

    Well, whatever works for them I guess, it is their business afterall so if they made trial work this way, there must had been a reason behind this decision.

    HIPS in antivirus software has more holes than swiss cheese :argh: From my point of view SpyShelter is already great, not just good. There is always room for improvements and hopefully we will get more of them.
     
  15. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I know what you mean, but at the end of the day I do believe that these kind of tests make products better.

    Not really, the BB/HIPS in EAM, Kaspersky and Webroot are all quite advanced. And if you think SS is already great, then you probably have a lower standard. It's a fact that SS will most likely fail to protect against certain banking trojans and ransomware. That doesn't mean it's crap, but I sure as hell would like to see it become more robust. But I already explained why this is most likely not going to happen.
     
  17. ald4r1s

    ald4r1s Registered Member

    Joined:
    Apr 8, 2013
    Posts:
    53
    So, is it a proven fact or it is most likely to happen i.e. you speculate? :) While SpyShelter is not intended to be antiransomware (except for protected files feature), I haven't really seen any test of SpyShelter failing against "certain banking trojans", but what I saw are tests where HIPS modules of applications you mentioned still fail matousec tests.
     
  18. Eru

    Eru Registered Member

    Joined:
    Mar 23, 2010
    Posts:
    108
    Location:
    Poland - Sosnowiec
    +1

    @Rasheed187 show us a proof - a real test where SS fails at this point, not you speculations without a proof :p
     
  19. hjlbx

    hjlbx Guest

    SpyShelter products do not protect against hollow process. SpS cannot detect nor prevent hollow process on 64 bit systems. Also, SpS does not detect nor prevent file encryption by a ransomware using its own encryption process.

    This is a known issue and has been repeatedly reported to Datpol.

    You can defeat it by setting folder permissions, but if the ransomware uses hollow process, then you're beat...
     
  20. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    @Rasheed187
    Please show me anti-ransom test for anti-logger apps like SS...I don't know about something like that and honestly I expect quite bad results. We shouldn't be hipocrite...look at this posts about HMPA...no comments.
    https://www.wilderssecurity.com/thre...iscussion-thread.324841/page-433#post-2609273
    Tests against banking malware...you mean MRG?...history dates 5 years back and is already closed - no participation of SS in such tests.
    https://www.wilderssecurity.com/threads/new-mrg-test-results.275546/page-11#post-1704243
    https://www.wilderssecurity.com/thre...er-browser-security-test.305848/#post-1923148
     
  21. haakon

    haakon Guest

    Of course it's their business. Which I have decided to reject. I know... so what?

    The reason is up there in #535. Read it again.

    This free-trial-shut-down-demo mode is new, so "whatever works" remains to be seen.

    For me, a program by "security experts" subject to abuse - some other time.

    Also, I think it's necessary to point out to you, and possibly others, the "99% card" is draw by those who cannot provide a reason other than what serves themselves.

    The 99% metric injected into a discussion for its closure is pure bull ordure. Always has been, always will be.
     
    Last edited by a moderator: Aug 10, 2016
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Member hjlbx has already explained. SS doesn't protect against process hollowing which means that it can't stop malware that's using this technique. I can't name any specific banking trojans that are able to bypass SS, but if you look at the tests from MRG you can conclude that it's highly likely that SS will fail against the ones that are using the newest code injection and hooking techniques. Don't forget, I'm a SS user myself so I'm not trying to bash the product, but we should at least be realistic.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I totally forgot about Matousec. The test results of SS were indeed impressive, too bad that Matousec never made the testing tool available, at least not with a user friendly GUI. But I did test SS against a couple of older leak tests, and it couldn't pass them all, so I'm not sure what to think. Also, the Matousec tests were not true malware, it basically consists of techniques that malware might use in order to bypass HIPS.
     
  24. guest

    guest Guest

    As far as I know you can download matusec test tools from his website
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, but did you check it out? They don't seem to do anything, you probably need to compile them first.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.