SpyShelter 10

Discussion in 'other anti-malware software' started by Mops21, Jul 30, 2015.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    BTW, SSFW also features "Application Execution Control", so if you need anti-exe you might still go for it. I personally use both SSFW and WFC.
     
  2. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    What does that feature do?
     
  3. Poppey

    Poppey Registered Member

    Joined:
    Nov 23, 2015
    Posts:
    39
    Location:
    Germany
    I think another different between WFC and SSFW is, when you allow an program with WFC to connect to the internet and the program that you allowed updatet to a newer version, WFC don't ask you again for this program. SSFW give you an popup that the version of the program is changed and if you want to block it, use the old created rules oder if you want to create an new rule for it. I use also Glasswire on my Windows 10 PC. Glasswire give you also an info when the version of a program was changed . But with Glasswire is the same problem as with WFC. Once allowed you wont be ask again for it. In Glasswire you get only an notification without an decision you have to do.
     
  4. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Oh, that's true; there's no hash checking in WFC. Now all I have to do is find out how to create a VPN killswitch, distinguishing between public and private networks.
     
  5. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    "Application Execution Control" allows to set if specific process is allowed to be launched and additionaly what others child procesess it can execute.
     
  6. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    411
    Location:
    router

    https://www.spyshelter.com/download-spyshelter/
    Firewall Protection,Application Execution Control ,Firewall version have 7 more action over Premium version
    action:33,34,48,50,52,53,54
     
  7. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Overall, spyshelter is a nice product. I went ahead and grabbed a lifetime license with the deal they are offering. But the firewall component needs works. It's very basic. There's no ability to create allow/deny rules in IP range, or to create a network zone that "is not", meaning I cannot create a rule to block anything that is not in the IP range 10.4.0.0 - 10.4.255.255. That's a shame.
     
  8. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    It seems as though I was wrong; a VPN "killswitch" can in effect be created by creating the tap network zone for incoming and outgoing addresses with a range of 10.4.0.0 - 10.4.255.255 and allowing it and denying the wifi/ethernet network zone. The latter can be automatically detected. Do this in combination with denying the DNS resolver network service. It works perfectly here!

    /me does happy dance
     
    Last edited: Oct 11, 2016
  9. hjlbx

    hjlbx Guest

    I checked SpSFW.

    Still no *.dll injection or process hollow detection\prevention on 64-bit systems; *.dll injection detection works only on 32 bit.. Also, Restricted Applications is still not fully supported on 64-bit systems.

    GUI remains essentially the same with its various quirks.

    SpS will still protect system though... if you open document, PDF, etc and get unknown application execution from desktop, for example, you have to select Block. If it is hollow process hollow ransomware and you select block for individual actions, then your files will be encrypted - unless you set up access right rules for all your User Space folders.

    If that's the case, then you don't need a HIPS to protect the system; you can get it from anti-executable like NVT ERP. If you have to always select Block upon execution to ensure the system is protected, then that is the domain of an anti-executable and SpS' HIPS extras are essentially useless against certain malwares.

    SpS is still just OK.

    Datpol said they would be implementing a bunch of improvements in SpS HIPS in 2016 back in January, but my testing doesn't show any new or improved protections.
     
  10. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    411
    Location:
    router
    SpyShelter 10.8.7 Changelog (13/Oct/2016):
    – Added new feature to define custom protected registry keys
    – Extended internal registry protection feature
    – Solved freeze with some critical registry keys protection
    – Improved system protection on 64 bit systems
    – Added Hyper-V compatibility on Windows 10 AU Pro
    – Application execution rules improvements
    – Small improvements in GUI
    – Other minor fixes

    https://www.spyshelter.com/blog/spyshelter-10-8-7/

    New version of SpyShelter is now available.

    SpyShelter 10.8.7 introduces handful of improvements and a new feature – User defined protected registry keys. It allows to build a list of registry keys which will be protected against unauthorized access. If an application attempts to delete or modify the defined keys, SpyShelter will stop the action and show up alert window with all details of the action. By default, SpyShelter protects crucial registry keys in your system, and with this feature, you can further extend this protection by adding your own defined critical registry keys.
    This feature can be accessed in Settings>Security tab. You can find more details about it in SpyShelter Help File.
    https://www.spyshelter.com/wp-content/uploads/2016/10/spyshelter-registry-protection.png

    Registry protection provided by SpyShelter has also been extended. SpyShelter now also monitors registry key deletion and renaming registry keys.
    Application Execution Control received a new option to create a denied rule without hash file checking.
    https://www.spyshelter.com/wp-content/uploads/2016/10/aec.png


    System Protection on 64 bit systems has been improved, and we have also added Hyper-V compatibility for Windows 10 Pro AU users.
    Small icons in advanced security settings (such as User Defined Protected Files) have been replaced by bigger ones.
    Action name will now be displayed in red color if the target of this action is a crucial system component.

    https://www.spyshelter.com/wp-content/uploads/2016/10/svchost.png


    another news
    End of support for SpyShelter Free Anti-Keylogger

    Posted on October 13, 2016 in News | Blog Homepage
    We will no longer be releasing new versions of the SpyShelter Free Anti-Keylogger.
    As for now SpyShelter Free Anti-Keylogger 10.8.6 is the last officially released version of the free SpyShelter edition. Maintaining free version required too much of our resources.
     
  11. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    "SpyShelter 10.8.7 Changelog (13/Oct/2016):

    ----------------
    edit:
    Hahaha...OK...removed my post :)
     
  12. ald4r1s

    ald4r1s Registered Member

    Joined:
    Apr 8, 2013
    Posts:
    53
    Yeah the Firewall GUI could use some extra work to make it more user friendly. Fortunately the range blocking is described in the help file which I found useful.

    Restricted applications as far as I remember is related with 64 bit systems limitations in this matter.


    I think that you forgot that the full name of the program is SpyShelter Anti-Keylogger, not SpyShelter Anti-Ransmoware. It could get extra features, but badmouthing the program for not having them is well, inappropriate in my opinion.

    AppGuard is bad because it does not encrypt keystrokes, boooo. X Antivirus is bad because it doesn't do Y, boooo.
     
  13. guest

    guest Guest

    There is a new release with "improved" protection for 64 bit systems. Can you test it again? ;)
     
  14. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    Yes...you have right...it's the best in his job and I've stopped some time ago convince people that SS is not this what is isn't.
     
  15. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    Too bad the free version will be abandoned :(
     
  16. hjlbx

    hjlbx Guest

    Some of you guys are SpS fanboys - and I get that - but have no real understanding...

    Hollow Process is not limited to ransomware infections. Poweliks, for just one example, uses hollow process - and it ain't ransomware.

    Like I said, big mouths, but no real real understanding...

    * * * * *
    As far as anti-logger:

    Any Anti-Logger cannot protect against:
    • External Keyloggers (generally need direct physical access to system for hardware keyloggers, but that is not the case for network hacks that steal data)
    • Scripted Keyloggers
    • Browser Extension\Add-On Keyloggers
    Anti-Loggers can protect against - but only unreliably so:
    • Windows Hook Keyloggers
    • Windows Message Keyloggers
    Anti-Loggers might protect against - but if you have any real understanding of Windows, then you won't count on it:
    • Rootkit Keyloggers
    Finally, anti-loggers do not transmit encrypted keystrokes over the network; the encryption is only local... LOL... you need a network solution to send encrypted data - like a VPN.

    * * * * *

    And the whole point of having a HIPS module in SpS is to prevent the installation of a keylogger in the first place - so encrypting keystrokes is rather pointless in the absence of an active keylogger on the system - as it isn't adding any real protection to the system.

    PS - pointing out limitations is not bashing, but I understand some people are very emotionally attached to their favorite softs and cannot cope with anything that they perceive as "negative" regarding those softs

    SpS products will protect system if it is configured and used properly; it has almost everything one needs to have a safe computing experience

    It, like any other soft, can be improved by identifying limitations...
     
    Last edited by a moderator: Oct 14, 2016
  17. ald4r1s

    ald4r1s Registered Member

    Joined:
    Apr 8, 2013
    Posts:
    53

    I am a fan of SpyShelter, just as well as I am a fan of MBAM and many other things. You must be appguard owner, aren't you? Judging by your signature you are affiliated with it in some way. It is really weird so see so many wrong and false statements coming from Appguard person.

    Mentioning hardware keyloggers...It is like asking why CCleaner can't clean the internals of my PC rack, and my dusty cpu fan. Obviously CCleaner is bad because it is supposed to clean my PC, but it doesn't clean it physically, give me the refund, because according to hjlbx logic this program does not do what it is supposed to. Should I e-mail Piriform? I wonder what they have to say about your logic.

    That's the most ridiculous thing I ever heard, I was THIS close to spitting out my coffee. I hope you are not running out of ideas, you are making the history in this thread.

    Lies. Lies. Lies. Lies. Lies.

    Keystroke encryption in SpyShelter is really helpful for already infected systems with great chance to work efficiently. Have you even tested it? Because I did, and all keyloggers were unable to gather unencrypted keystrokes. All they took was gibberish encrypted strings.

    You have used general statements which apply for all types of software but looks like you are here just hating SpyShelter.

    And regarding the browser keyloggers, SpyShelter can protect from some script keyloggers, there is a dedicated action for it.
    https://addons.mozilla.org/en-US/firefox/addon/kl/

    Of course internal applications loggers should not be even considered, another proof that you are trashtalking just to trashtalk.
    It is browser's task to protect against existence of keylogging activities not any security application.
    Frankly I am surprised that SpyShelter has this type of protection.

    If you allow any kernel modifications or install new drivers then no software can guarantee protection, ever.
    Already modified/infected system libraries is something that should be out of any discussion in relations to security software, because software FULLY CAPABLE of reversing the damage and guaranteeing 100% integrity does not exist and never will exist.
    What is possible, is PREVENTING infections from happening. And in my opinion, SpyShelter is currently one of the best applications available for this purpose.

    Everytime something new is posted about SpyShelter, you are first here to spread misinformation, like in your previous post.

    As I said in last post, SpyShelter always should be considered as anti-keylogger. Even the full name of the program is SpyShelter Anti-Keylogger. It has a very strong hips as well as file and registry protection which is much more than any anti-keylogger offers, but it still doesn't change the fact that this application is an anti-keylogger.
     
  18. Schorg

    Schorg Guest

    SpyShelter 10.8.8 released
    Posted on October 14, 2016 in News | Blog Homepage

    https://www.spyshelter.com/blog/spyshelter-10-8-8-released/
     
    Last edited by a moderator: Oct 14, 2016
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hmm. As a HIPS I think SpyShelter is a great app. But I have never seen the point of keyloggers myself. My feeling is if I have to worry about something capturing keystokes on my computer, I've already been so severely comprised I that I have much larger issues.
     
  20. hjlbx

    hjlbx Guest

    • Hollow process not detected\prevented
    • *.dll injection not detected\prevented

    on 64-bit

    Exactly...
     
  21. ald4r1s

    ald4r1s Registered Member

    Joined:
    Apr 8, 2013
    Posts:
    53
    I'd rather be safe than sorry, keystroke encryption in SpyShelter makes me feel more safe even though my PC is a fortress, you know, just in case.

    I have actually just done some research on your two points.

    Lie#1 - tested on CTB Locker injection and hollowing detected on ask user mode performed to svchost.exe - SpyShelter has done it's job well.

    Lie#2 - tested Kroger malware - http://journeyintoir.blogspot.com/2015/02/process-hollowing-meets-cuckoo-sandbox.html

    Process hollowing detected on both Windows 8.1x64 and 1 x64 including 1607 build (versions<10.8.7 not detected it). - SpyShelter has done it's job well.

    You are aware that Windows 8.1 and 10 are limited because of Patch Guard, are you? You cannot expect any legitimate security software to break the Windows 10 Patch Guard or modify system files. If you have got problem with Patch Guard limitations, complain to Microsoft.
     
    Last edited: Oct 14, 2016
  22. Schorg

    Schorg Guest

  23. hjlbx

    hjlbx Guest

    CTB-Locker (SOPHOS):

    CTB-Locker injects malicious code into svchost.exe and the injected code will in turn execute the dropped file from %temp% location; there is no hollow process... LOL.

    For example, TorrentLocker and CryptoWall use the Hollow Process technique to execute the majority of their code from a legitimate-looking process. In contrast, CTBLocker and TeslaCrypt carry out their malicious actions from their own processes.

    * * * * *

    So you tested against CTB-Locker and state that process hollow occurred and SpyShelter detected it. However, how is that possible when CTB-Locker doesn't use hollow process ?

    * * * * *

    LOL...Patch Guard has nothing to do with it.

    ESET, Emsisoft, Vipre, others have been detecting various attacks - including hollow process and *.dll injection on 64-bit systems - a long time at this point - despite Patch Guard.
     
    Last edited by a moderator: Oct 14, 2016
  24. ald4r1s

    ald4r1s Registered Member

    Joined:
    Apr 8, 2013
    Posts:
    53
    There really is no point in discussing this further, clearly you are the PR guy for AppGuard.

    It is fun to read how good program updates and new features are commented by you out of context talking about other bullshit. Sounds like you have some personal vendetta against the program.
     
    Last edited: Oct 14, 2016
  25. hjlbx

    hjlbx Guest

    I never once mentioned AppGuard at any point in this whole discussion. This is a SpyShelter thread and that is the only thing that I have discussed in every single one of my posts.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.