New Antiexecutable: NoVirusThanks EXE Radar Pro

And amazing to me NVT-ERP is still so ever efficient, at least on the prior series version to 10 which I have no interest in for a very long time. Windows 8.1 is as solid as a rock while all the softs around it are constantly jockeying for either better compatibility or updating to readjust to Microsoft's 10 updates that twitch a switch now and then.

Fantastic creation ERP. The thing just won't quit and neither will I using it in it's current form. (even if it is a bit, shall we say, mileaged?)

 

How version 4 coming along ? Still being worked on?

 

I was wondering the same thing. ERP 4 has been part of my main security setup since it was released.

 

I'm still happily running 3.1.0.0 build 1-24062015. I prefer a straight-forward, user-friendly anti-exe. I don't want all the extra add-on's in version 4 for the same reason that I don't want a vacuum cleaner with an attached radio & white sidewalls. To me, version 3 is a potential mass-market security app whereas version 4 is a niche app -- & a very tiny niche at that.

I wish NVT would make 2 ERP versions: (1) a straight-forward but powerful anti-exe like version 3, and (2) a version 4-type anti-exe for ITs & SysAdmins

I'm sure others will disagree but that's why Baskin & Robbins makes ice cream in so many flavors.

 

Our @Peter2150 was another who despite my urging and some back n forth PM's outlining what extra benefit 4 might offer, was sold solid and quite satisfied with version 3. He explained his reasons, all of which were perfectly understandable from the viewpoint of keeping it simple (on his Windows 7)

Version 4 is virtually part of my 8.1 Windows O/S itself. Rarely even bother with checking anything including logs since it responds in an instant each time required of the settings. And does it well.

 

I miss Peter. He was a good fellow, a gentleman, and a scholar while he was here. He still is a good fellow, gentleman, scholar (I'm sure) where he is now.

 

I agree. Version 3 was elegant in it's simplicity.

I was one who pushed for changes due to what are now called LOLbins (largely gaining prominence with Excubits blacklists) changing hashes with new versions of Windows, requiring changing ERP selections with each Windows release. But I believe version 4 went too far in accommodating many other requests, and became overcomplicated, and never really pursued it.

I believe the requirement for a return to simplicity is what prompted the creation of OSA. (Incidentally I hope OSA doesn't also meet the same fate with the paid version).

And IIRC I started having problems with v3 on Win 10 at a certain point, so went the new' OSA route instead of troubleshooting ERP v3.
Does v3.1.0.0 build 1-24062015 still work with current Win10?

Indeed. He offered me his sage advice from the time I landed on this forum, and we exchanged quite a few PMs. Felt like a personal relationship.

 

Solution: Keep V3, dump Win 10.

I do not know. I'm still running Win7.

 

Yes, I was thinking about this the other day. I also think ERP 3 was better when it came to certain parts of the GUI. I believe that ERP 4 should become a bit simpler, but it also misses certain features like "strict parent-child process control".

With this you would be able to control that for example only explorer.exe and vivaldi.exe can start vivaldi.exe or that only system processes can start explorer.exe and svchost.exe, this would protect against process hollowing attacks for example.

 

Running that build on Win 10 Pro Build 1903 here w/o issue.

 

Simple GUI = simple rules. ERP 4 > ERP 3

 

Great point!

ERP 4 here on 8.1 but 3.0 is in storage and available for use. Still covers a good deal of interaction branches.

 

I've not looked at this, but if this is the case, it's a grave oversight. Placing these type of constraints on LOLBins especially, can and will bring recent and modern malware attacks to their figurative knees. The attacks will be rendered useless.

BTW, those of you who are concerned about a program's complexity, just exercise some ingenuity to simplify some of the features/options to make it easier to use.

 

I've been reading a few of the comments about people preferring version 3 because of it's simplicity. That's true, version 3 is very easy to use. I think it should be noted that version 3 gives the user control on whether something is allowed to run or not. In version 4 you can control if something is allowed to run, and you also have some control over what allowed applications are permited to do. You can write a rule that does not allow your webbrowser media player, pdf reader, document viewer, etc.. to use or execute certain file types. This would work really well in protecting the user from exploits.

 

Hmmm... sounds a bit like the actions that are done by a Host-based Intrusion Prevention System (HIPS). There were some really good HIPS in days of yore: System Safety Monitor, Online Armor, etc. They all died of a fatal disease called excess complexity.

In days of yore, I took the time to study & learn how to use those rather complex HIPS apps, & so did a relative few others around the world. TOO few, however -- those apps all turned out to be niche products with very limited financial viability. So the developers bailed out and left us with abandonware.

And that's why I no longer invest my time learning to use overly complex, niche market security apps -- they all die eventually (often sooner rather than later). Fact is, software developers cannot make a decent living solely by selling to folks like the members of Wilders, MalwareTips, Bleeping Computer, et alia. WE ARE A NICHE MARKET. We are not representative of the general buying public. IMO, those who love version 4 will eventually love it to death, and thereby lead to EXE Radar Pro becoming yet another bit of abandonware.

AFAIK, there are only a very few HIPS extant at present. SpyShelter and ESET have HIPS components, I think. AFAIK, those 2 apps are financially successful. IMO, one reason for their success is that they have wisely concealed their complex innards from tweaking by novice users. Expert users & security hobbyests can find those innards & tweak away, but those apps do a very good job even with NO tweaking. They will do just fine as "set it & forget it" apps for Aunt Maudie or Joe Sixpack, but they can be tweaked to razor sharpness by an IT or SysAdmin whose job depends on tight security.

To me, that's what a complex app must do in order to be successful financially. It must be (as are SpyShelter & ESET) a security app that is: (1) designed by geniuses for (2) execution by lazy novices. ERP's version 4 does not even come close to meeting the #2 criterion. Why? Because its rule setting component:

• Is readily available to novices
• Gives the impression that the app won't function well without user-developed rules
• Uses obscure symbols for its rule-setting language
• Requires a significant knowledge of Windows structure, and security threats thereto, in order to develop rules.

 

It shouldn't be too difficult for NVT to develop their product to appeal to both the novices who want basic protection without the hassles of creating their own rules and those who understand process behaviour better and want better control over what file's actions do. All it would take is a slider or radio button on the program's main interface.

Absolutely important. The way some malware is utilizing LOLBins these days, this additional process control in the hands of those with some understanding, can increase defenses from decent to powerful.

Still, as I mention above, it shouldn't be difficult to make the program appeal to both novices and the technically inclined.

I do agree with you on the complexity of ERP's obscure symbols in its rule setting language.

 

@wat0114 -- I agree.

When NVT was actively posting here and working on version 4, the problem was that anyone who asked for simplicity or a more user-friendly rule-setting language, was immediately drowned out and ridiculed by the self-anointed "gurus," who continuously pressed NVT for more & more power & complexity. So I finally stopped following this thread. Of the 2 main "we want more-more-more" gurus, one hasn't visited these forums for over a year now and the other has since been banned here and, later on, over at MalwareTips as well.

I find it interesting that novirusthanks.com's website does not even list version 4 whereas version 3 is listed for download. NVT has an updated, paid version of OSArmor just about ready for release. I would be an instant customer of ERP if he did the same for version 3 -- or even version 4 if he made it more novice friendly.

Hmmm... wouldn't it be interesting if NVT simply merged (a) ERP version 3 with (b) the current OSArmor locked into its default settings?

 

I think Andreas' (NVT) development of OSA for the less savvy wider public was essentially spawned out of a realisation of the increasing complexity of ERP v4 objectives over v3, and the non-feasibility of such a niche product.

I suspect the coming subscriber version of OSA may well become more or less what you are referring to, with 'standard' OSA for 'Aunt Maudie or Joe Sixpack' as default, and ERP v3(->V4) flavour for more advanced users (via slider or otherwise)? So incentives to pay for both kinds of users?

There is no doubt Andreas (and possibly small team) are talented dev(s), and I suspect he has in the past made his money from business contracts, during his long absences, but plans to make a viable consumer product here - more control, and fun (for him).

Could be interesting ... just speculating (and dreaming)!

 

@paulderdash -- great comments. I hope you are right!

 

Don't get me wrong, ERP v4 is pretty good, but ERP 3 was better when it came to for example separate tabs for easy viewing of whitelisted folders and the list of vulnerable processes. Now it's a bit cluttered. And rule making is also a bit more complex, it should become a bit more simple to configure. However, the events-viewer is pretty good in v4.

To clarify, it has always been possible to block LOLBins also known as vulnerable processes with ERP, but I would like to be able to make rules per process. For example, currently you can't block only certain processes from running explorer.exe, svchost.exe or vivaldi.exe. This was easily done via System Safety Monitor for example.

 

Yes, for example you may even use the "Trusted Vendors" feature to reduce alerts, see screenshot 1. And in screenshot 2 you can see the rule making that some may find a bit too complex to master.

 

I complained about that several times, but my complaints didn't lead to any changed being made. I also wanted whitelisted applications and whitelisted command lines separated from vulnerable process rules. It does clutter things up.

I didn't realize there was a limit on which processes you could block from running. If you blocked explorer.exe, or svchost.exe then you will certainly have certain elements of Windows start crashing, if not the entire OS. Do you mean controlling what it is able to do once it has started? It's not a good ideal to just block explorer.exe, and svchost.exe completely. When it comes to svchost.exe, it's best to just disable the service using svchost.exe in Windows Services.

 

Yes, ERP v3 was better in this regard, you could quickly see all whitelisted folders and all vulnerable processes.

This is exactly the problem, at the moment you can't add explorer.exe and svchost.exe to the vulnerable process list, because it will then cause problems with the Windows OS. The problem is that both of them are often used in process hollowing attacks. So ERP should be intelligent enough to allow only certain (system) processes to run them as a child process. Normally speaking, only services.exe is allowed to run svchost.exe and only svchost.exe is allowed to run explorer.exe, check out this article for more info:

https://www.andreafortuna.org/2017/06/15/standard-windows-processes-a-brief-reference/

 

Question:
Is there a way to test ERP v3.1?
It's been many months and I haven't heard a peep out of it.
I've even installed a couple programs via .exe installs w/o any notifications?

 

I can see where matters might seem convoluted and it took myself really delving into each line item category and comparing with events and such to aligned things and configure ERP to it's maximum potential. I been using ERP 4.0 since it released improved in the free version. And that free version suits just fine and is adequate enough as it IMHO. At least for Windows 8.1 that I solely rely on anymore. Windows 10 bullying turned me completely away from it although i'll have to assimilate when buying a new laptop.

ERP 3 is still locked and loaded in any case I ever decide to revert. It still is useful for us throwbacks but for me ERP 4 even with the cluttering referenced by @Cutting_Edgetech, I have managed to master with some effort in accepting any drawbacks it presents with configuring.

It stops dead in its tracks enough processes and alerts to others relatively simple where you can category them via options available.

But I completely understand the points raised in above commentaries and can agree with most.