Abtrusion detector

Hi All I found this little programme "Abtrusion detector" www.abtrusion.com
I am running it on my test PC (XP Pro) Appears to do its job OK & has a simple easy to follow interfsace I believe it uses MD5 for file protection.

The personal edition is free and does need appear to carry any eccess baggage!

Are there any others users or ex users that would like to share an opinion?

BTW I have absolutly no connection with this vendor!

 

Hi Pilli,

it reminds me a little bit of the Execution Protection or Wormguard of DCS... But certainly it's doing its job! But I don't think I'll need it.

Regards,

Patrice

 

Hi Pilli, I haven't used that one but I use System Safety Monitor which some people say is basically the same thing.
How they compare, I don't know, but I would feel nekid without my SSM running all the time now.
If you haven't checked out SSM yet, you might take a look and compare.
http://maxcomputing.narod.ru/ssme.html?lang=en
I think this type of protection is needed to stay ahead of such stuff as Optix and similar malware.

 

Patrice, we must have posted at the same time.
I can't speak for Abtrusion Detector, but SSM is nothing close to exec protection in TDS.
SSM is a sandboxing type program that controls what programs start up and what other programs can start them up or shut them down.
Security against leak test type exploits, plus.

 

Thanks for your replies,

Patrice, It does a different job really, It collects all the application & system executables into a database and checksums them, after you have allowed an application - Abtrusion detector will not allow changes to the executables - Any new application (which may include a trojan for instance) has to ask for permission to be installed - Anothe layer of protection for your system.
It is not the same as Exec Prot.

Root: Funnily enough I have SSM on this PC but have not looked at it in earnest as yet. I have had a few configuration problems (hardware related) with this, my main PC, so I am running a tight ship at the moment. I may try it on the test PC though.

Cheers Pilli

 

O.K. guys, thanks for the information. What's the link to this SSM? I would like to test it myself.

Regards,

Patrice

 

Patrice, In roots post above

 

Ahh... Sorry I shouldn't work on my computer wearing my sunglasses! LOL

 

Hello,

It was already discussed on other threads

You have to be carefull and be sure you PC is clean when installing for it scans all installed exe, dll, etc.... Everything present on your post is allowed by default, even a trojan or another malware....
No difference between the free and the shareware v except the default settings you have to adjust in the free v to be the same as in the shareware v.

Rgds,

 

Thanks JacK, Noticed that everything was allowed but fortunately it can also be disallowed easily & it appears to pick up any installs or changes very efficiently.

I shall compare it with SSM although I beleive SSM is registry key based rather than checskum based & appears to have more functions, I was wondering which method is most kikely to give the best protection ? Certainly looks like AD is simpler to use but limited.
I did use TTT when it was first released and you could get lost very easily but I hear the latest version is simpler to use.

 

Hello Pilli,

Yes, it can be done easily, the problem is that lambda user don't know what to disallow after installing. But good protection too.
ASFM I prefer SSM and the new advanced possibilities in Application rules (maybe for I am involved in it )

Rgds,

 

Hi guys!

Thanks a lot for this good advice!! SSM really is a very nice tool! I wasn't aware of that until now. Now I have installed it on my computer and I'm testing it thorougly. It's improving my security and adapts well with F-Prot, Look'n'Stop (Application filtering), TDS-3 (execution protection) and Wormguard.

But let's say I have to get used to all the hooked dll's. I'm not that familiar with those. When I started IE for the first time, some dll's showed up. How do you check them if they are malicious or not? Looking at the properties of it? Further advice is welcome!

Best regards!

Patrice

 

Yeah, unfortunately there is no program out there that knows whether a certain DLL should be allowed or not since there are so many, from Windows and other programs.
I don't use IE, so I can't help there, but if you have a question about some DLLs, there's nothing like Google for some quick and dirty references.
SSM is not perfect as it requires some savvy on the operators part to make sure nothing bad gets allowed. It at least gives us a fighting chance to make a decision though.
Not much goes on on my computer that gets by SSM.
Just the Windows Trojan.

 

Hi root!

Thanks for the advice. I started to locate the files and look at their properties. There you can see, when it was created, of whom,... Certainly you can fake this information, but I think that you can nevertheless be almost 100% sure of the provided information. Try once to fake a Microsoft Property...

Nevertheless this tool is for paranoid people like we are. Imagine someone else would use this tool like my mother for example! She would get crazy, if she would have to set all the different rules for it. Well to be honest, she already gets crazy now, when some minor errors occur... LOL

Best regards!

Patrice

 

Hi guys!

It's me again. Well, SSM is a nice tool, but somehow it's also irritating. It's certainly a tool for paranoid people like we are! lol

But sorry, I consider myself as a "poweruser" and right now I'm writing my thesis. That means, I open Word, Excel, IE, Adobe Acrobat, Photoshop, Outlook,... all the time. Do you know how many alerts SSM sends out? Funny that I'm not yet crazy...

That's why I had to uninstall it again. I cannot work properly with such a tool. It sure is a nice tool if everything is set correctly, but like that -no thanks! My final conclusion is, that this tool restricts to many things so that you aren't able to work in a proper way with the computer like it was intended to.

Well, this is my opinion, I'm sure you see things different!

Best regards,

Patrice

 

Hello Patrice,

I am running all programs from Office Suite XP and 2003 and lot of other too all the day long .

Never an alert for any of them if nothing try to hook on them ? Did you tick always allow for those programs ?

Rgds,

Rgds,

 

Hi JacK!

Sorry, I didn't explain it well! Yes, that's exactly my problem. I have to allow thousands of progs and dll's all the time. That was the reason why I almost got crazy...

Regards,

Patrice

 

Hello Patrice,

Seems to be a bad configuration : when a program is ticked "always allow" you shouldn't get any more warning on it as long as nothing try to hook on it.

What OS are you running ?

No problem on Win2K and WinXP. Possible incompatibilities with non NT OS.

Rgds,

 

Nope everything is fine with the installation. I'm using Windows XP Pro. The only problem is that you have to click away (always allow or only administrator is allowed) all these pop-ups. I know this is very good for safety, but not if you have to work a lot with your computer...

If I have to allow every single program on my computer if I wanna run it, then I will go crazy...

I prefer the Application filter of Look'n'Stop. It only asks me, if a program want to connect to the internet (and not if I wanna start it). That's much easier to have control over the applications. And it's indeed very interesting how many programs try to connect to the internet without your knowledge...

Greetings,

Patrice

 

Hello Patrice,

Seems to me there is a little missunderstanding the way SSM works. It 's not intend to replace you FW, is a complement.

You should try this : Admin Mode

When a new application starts for the first time and you trust it, tick "Always allow". Note that some applications may call legitimately different *dll, exe, etc... according what you do (IE for instance, but also programs from Office Suite, etc..) not only about connexion request. Once everything is Okay, what you always allow and always deny. You will only get alerts when something unusual occurs.

For instance, lot of programs have an automatic update feature. I put it on manual and when need as I update it, I tick allow this time only. For automatic update, I only let my AV and FW on always allow.
With FP for instance, when you click on aperçu, it try to connect to the W3 : no need for me, I check on a local Web server, so I checked always deny and I get no popup at all and no connexion attempt.

As for Windows help, I very seldom need to get help from the W3, only locally, so I get a warning to allow the connexion when need.

The best way to start is after installing running all your current applications AND their differents options to set your own policy ALWAYS allow and ALWAYS deny,
for the rest only (what depends on the circumstances sometime yes and sometime no) you will have an alert : that's up to you

The most alerts I got is when installing a new app and I can see for instance if something abnormal (spyware or other malware try to install itself in my back )

Hoping it helps,