Anyone tried free Samurai host-based IPS?

I have win2000proSP4 and it's a stand-alone computer, not in a network.

Here are my personal experiences with "Samurai v2.2" :

A. I selected ALL security settings in the list and
pressed the "Apply Configuration" button and
rebooted my computer.

When I opened Samurai again, 4 security settings were deselected :

1. PREVENT AIM EXPLOIT: Disable the AIM URL protocol handler.
2. DISABLE GUEST ACCOUNT: Disable the Guest Account.
3. SECURE LICENSE LOGGING: Disable null session License Logging.
4. DISABLE SHELL URL: Disable the Shell URL protocol handler.

I assume that these 4 settings are NOT applicable for my computer and
that Samurai deselected these 4 settings automatically.
So I consider this as normal, if I'm wrong tell me.

B. Because I selected ALL security settings in the list,
I had a problem with ONE selected setting :

1. SECURE EXPLORER ZONE 0: Set and secure "My Computer" zone.

Samurai has 30 security setting, so it took me awhile to figure out that this setting was causing the problem.
I don't even know if this is problem, it could be normal too.

After rebooting my computer I got a popup window on my desktop :

Internet Explorer (title)
Do you want to allow software such as ActiveX controls and plug-ins to run ?
Yes No (two buttons)

So I clicked Yes.

Then I opened "Windows Explorer".
The directory tree (left part) was normal.
But when I clicked on one of the directories, I didn't see any files in the right part.
In stead of that I got that same message again :

Internet Explorer (title)
Do you want to allow software such as ActiveX controls and plug-ins to run ?
Yes No (two buttons)

I clicked Yes and the files appeared in the right part.

When I selected another directory I got again that message.
And then my "Windows Explorer" was frozen and I closed "Windows Explorer".

I deselected the security setting "SECURE EXPLORER ZONE 0: Set and secure "My Computer" zone."
Pressed "Apply Configuration" button and rebooted my computer and everything was back to normal.

For the moment I consider this also as normal, but I could be wrong.
Nevertheless I found it weird that this setting was the reason why "Windows Explorer" didn't work properly anymore.

That's it. Maybe one of these days I get other problems, but so far so good.
Anyone else had that experience ?

 

I'm using this and I have process guard full. I'm only using it for the rootkit feature though. BTW, has anyone seen the rootkit GUI? I wish turbotramp would at least show a screenshot.

 

I also think it needs an interface like SafeXP/BugOff, it should be able to detect the status of a certain setting ===> (is it already enabled/disabled?). And the option to toggle settings with only on click.

And does the Rootkit setting really work, or should I stay away from it, since it seems to interfere with PG? And I can imagine that Pivx isn´t too happy about this app, it seems like a clone of their Qwik Fix app, with even more features.

 

or SafeXP or a zillion other "hardening tools".

The only feature worth having is the antirootkit feature, very good to save your system if you are screwed.

 

Yes on the rootkits.

more features and free too They probably are making a stink about it but really its all registry tweaks - but the rootkit feature.

 

Yeah that´s true, their product is based on changing registry settings, I´m actually surprised they making money with, because as soon as other people know were the "soft spots" are, anyone can make a hardening app.

Anyway, I already had applied a lot of these settings with the help of Secure-It, BugOff, and SafeXP, but I´m going to check out some new things that these apps didn´t offer.

 

Well the app does seem to work, and applied settings are higlighted, that´s good, although I still prefer a nicer GUI like Safe XP. But, is it normal that it tries to modify processes after you apply certain settings?

 

Samurai is up to version 2.2 now.

 

I experienced the same problem with Quik-Fix Pro *Beta*. You can actually change the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags from a value of 47 to 21, which will access the "Computer Zone" from the IE Options / Security Tab. There, you can set the standard Low/Medium/High Security or customize your own configuration set.

 

I think I will try it.