ProSecurity 1.43 RuleSets

I am experimenting with ProSec even though they too seem to have taken a break from programming duties, and who can blame these HIPS makers, while they might not be similar to AV's architectures, coding them adequately has to be a full time effort.

Does anyone know if there are some ProSecurity RuleSets around that been possibly contributed by other users that better enhance it's protections in much the same way as EQS can be greatly improved by well thought out and tested safe, rulesets?

EASTER

 

Nothing?

I'm sure the developer would be in awe after so much fuss was raised over how good it was/is.

I think even Peter2150 supported this and might still do.

 

Yes, this is curious.

Does this mean that Prosecurity comes with such a good ruleset that no additional improvements are necessary?

I guess it wouldn't take much work to use Alcyon's rules as the basis for a Prosecurity ruleset.

 

Hi Pete,

Presumably Prosecurity has a set of rules for registry and file/folder protection and that these can be modified and enhanced. It seems that the default rules are deemed protection enough. Would that be fair comment?

 

I'm not up to par with this and it's yet another HIPS to learn all over again but now i'm getting problems from it not connecting to the kernel ON BOOT UP.

These HIPS are really beginning to pee me off, first we have a delay with EQS and no one can even chime in on what the hold up is, and now as much as i really like Prosec, now it's starting to show signs of malfunctioning.

CAN ANYONE MAKE A HIPS THAT WORKS AS EXPECTED?

If not i'm going to drop them entirely for Virtual systems and an AV and blow them off.

This is ridiculous and nonsense.

And yes i'm peed off at the lack of attention lately.

EASTER

 

I've come full circle NOW I THINK with all these HIPS and such and my mind is finally made up, BACK TO FD-ISR!!!

At least this one app although an ISR, refuses & does not falter nor fail no matter what.

EASTER

 

Rule set? Rule set? Don't need no steenking Rule Set with PS 1.43. The developer vested PS with a very powerful rule set, so all one needs to do is load it & go.

Folks who use EQS, Defence+, & other such do-it-yourself-kits have been misled to believe the notion that a HIPS is a format for hassling its user, instead of being a finished security product.

Antivirus apps are ready to go right out-of-the-box. After a 1 or 2-day learning period, the same should be 99.9% true for a HIPS. In the case of PS 1.43, it is. Don't need no steenking Rule Set

 

Right on cue!
Thanks for the little bit of useful information provided.

 

This get's my vote for Quote of the Day

 

According my readings, Easter doesn't combine all these softwares in his signature in ONE system partition, but he has all these softwares at his disposal.

 

FYI, Mr MOD

Those apps in my sig are MY business and how could you who say you are in a business and reviewed this board for so long be so naive to think any member would run them all at one time.

Duh

Of course no one's PC could run them all, but it's for me to decide which one's are ACTIVE to keep the minions who garnish this board from knowing at any one time exactly which combinations are in play THANK YOU.

EASTER

 

I think Peter made that comment "tongue in cheek".

 

Exactly Erik

You're right on-target with that assessment of course.

We too are also within legal rights to our own respective INTELLECTUAL PROPERTY SETUPS.

Keeps arrogant snoops guessing.

 

Hey bruddah, please don't "Mr Mod" poor ole Pete. Despite the title, when Pete posts, he is just a regular bloke like the rest of us poor souls.

When thinking about job titles & perks (in general), I am reminded of the various modes of transportation whereby Navy blokes get from shore to ship...

Peace to all... from Bellgamin

 

Contrary to surface speculation from a list of apps, that statement just isn't logical or true, and since i was recipient to that suggestion, i think it is responsible to the membership here & Pete also to correctly clarify that assuption with the hard facts.

Sheee, i been known to heap security apps before for sure, but could any user in reality run everyone of those at the same time in my sig?

Oh, btw, even in respective combinations, each and everyone of them ARE 100% compatible with the others, so just wanted to put any doubts to that effect to rest.

EASTER

 

Hi EASTER,

Filling in some system environment details would probably have offset any critiques. Kernel disconnect errors for ProSecurity are extremely rare. I have seen four since October 2006...two OS service pack related errors (Server 2003 R2 and XP SP3 RCs), and two early beta errors. If ProSecurity installs successfully, you should not normally see a kernel disconnect error. On a known clean system, take advantage of learning mode so ProSecurity can grasp how your system works.

Nick

 

Don't understand the expression "tongue in cheek" ? Sounds like a French kiss to me.

 

That's why I double checked the definition before I posted...thought someone would think something like that.

"Tongue in cheek is a term that refers to a style of humor in which things are said only half seriously, or in a subtly mocking way."

 

Thanks for the explanation. I understood every word, but didn't understand the meaning of it. Now I know thanks to you.

 

It appeared openly rather rude i think everyone could agree, but i don't harbor any animosity on his comments because he doesn't understand i mix & match different combinations and to date they ALL have not presented a problem for me.

I still have complete 100% COMMAND & CONTROL and thats the way it's going to stay, but doesn't hurt to experiment with other apps like Prosecurity, it's just that it's always gave my units some issue from day one. I had hoped all that was over but obviously it isn't so it's back to EQS 4.0 beta again for me, and i'm not a bit disappointed in it, just the dog gone long delay for them to release a 4.0 final, if they ever do.

EASTER

 

No, I don't agree. I believe you are having a sook over nothing. GET OVER IT

ProSecurity will only need extensions to File/Folder and Registry rules, if you wish them, for example:
1) I restrict any create/write/delete from %SystemRoot%\System32\* & subfolders, then allow on a case by case basis
2) I do the same for %ProgramFiles%
3) I do the same for %APPDATA%

Also, I recommend using nearly everything in COMMAND LINE SENSITIVE mode.

Things like RUNDLL32.EXE, CMD.EXE, EXPLORER.EXE, IEXPLORE.EXE, FIREFOX.EXE can have their security increased HUGELY by allowing/disallowing on a command line basis.

That's one reason I'm not a fan of learning modes, they allow Firefox or Command Prompt to launch, regardless of parameters, leaving a security hole.

Could have changed, I've stuck with ProSec 1.4 PB2.

 

Doesn't matter anymore anyway.

Take it as you feel necessary because i repect Pete even on his off days and been helped immensely with his expert analysis regarding FD-ISR. So what if he goes out in left field sometimes, i think he already knows i am strongly security-wise and know how to strike just the right balance between applications of this nature.

I see that even you are avoiding 1.43 ProSec so theres not really any doubt from my experience with it myself.

EQS is going to have to be the mainstay and it can more then hold it's own.

EASTER