Abtrusion Protector

Discussion in 'other anti-malware software' started by Meriadoc, Apr 23, 2007.

Thread Status:
Not open for further replies.
  1. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Is there still a version of this program, would like a link as I can't for the life of me find it.:rolleyes:
    Abtrusion Protector, support.
    I've looked at it in the past and should imagine it is known here but have been asked for the d/l, anyone?
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    It's way obsolete, although probably still useful. I ran it before process guard, and my disks were always active. Obviously heavy overhead.

    Pete
     
  3. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    Last edited by a moderator: Apr 23, 2007
  4. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Yup, it is old...but I was asked for a link and couldn't find it there. Its not for use either just study so wanted the last version.
    Thanks for reply benny bronx.
     
  5. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    You're welcome Meriadoc, and apparently I either didn't screw up the link, or it was corrected by one of our beloved mods.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    This product was one of the pioneer "White List" softwares for the home user - a stand-alone execution protection program. There is also a good description in Benny's link.

    Why it didn't continue to be developed is a mystery. I looked at it and also ProcessGuard, as I was searching for some "White List" product. This approach to security was being used by some in the business and institution world, but the products were expensive, and there wasn't anything for the home user. ITs and System Adminstrators I spoke with felt that the lack of development for home use was due to the monoply of the AV industry in their marketing and advertising. Black List solutions, however, were slowly being discarded by those Admins as the front line of their security in favor of White List, and reboot-to-restore solutions.

    Faronics was one of the companies that saw a home market for this type of protection. They already had a Standard (home) version of their corporate/institutional Deep Freeze Product, and so they released "FreezX" which worked on the same principle as Abtrusion Protector, except that there was practically no overhead on the system.

    By the time I became interested, Faronics was redesigning FreezeX and it eventually became Anti-Executable. One of the changes was that the White List (database) would update on the fly, not requiring a reboot following the installation of a new program.

    I was looking at PG when Anti-Executable appeared on the scene. While PG has execution protection, it also has lots of other things, and reading in the PG forum about having to deal with prompts and alerts, hooks and all of that stuff, turned me away, since I was looking for a set-and-forget program that new users could employ quickly, one that would deny by default the intrusion of any unauthorized executable.

    I also wanted a program that would complement Deep Freeze for those in my group that were using it. At that time, products working/scanning down at the kernel level were emerging, and conflicts were common. Faronics developed AE to be compatible with DF, both using low level kernel mode drivers. Both use very little overhead.

    I was sorry, though, that Abtrusion Protection didn't continue. At that time, of course, it was a niche market (home-wise anyway) and I suppose sales just didn't support the continuing development.

    Now, of course, execution protection is built into many HIPS types of products, but for those who want just a simple default-deny product with nothing to configure, there isn't much out there.


    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  7. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, Rmus: Since you brought up whitelist approach concept. I have come across today a whitelist product named: Sanctuary made by SecureWave. They have 30 days trial copy. I found only very little info, but it is highly recommended by some IT security experts. Do you have any in-depth knowledge or interesting info on this app? Pls share, thanks.
     
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Yes indeed.

    An Ounce of Prevention
    www.infosec.co.uk/ExhibitorLibrary/123/An_Ounce_of_Prevention.pdf

    SecureWave Offers Palpable Relief to Beleaguered Decision Makers
    http://www.hurwitz.com/

    Malware Protection: Prevent Malware on Enterprise Desktops
    http://www.securewave.com/industry.jsp?id=92679

    Testimonials
    http://www.securewave.com/testimonials.jsp

    ===============

    The first file is a paper By Dennis Szerszen, a SecureWave Engineer - a pioneer paper on White List Solutions from 2004.

    The second paper is a white paper by Robin Bloor, Partner at Hurwitz & Associates. You will have to go to Hurwitz.com and register to be able to access their White Papers (worthwhile endeavor).


    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  9. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Coincidently, i installed last night, and no boot today. Last known good state, uninstall- error. Setup- repair install- reboot?- NO - Uninstall.
    Windows boots fine now. I did install Snoopfree, which has an error too- missing service, so maybe that was the problem to boot.

    Note to self- install one at a time always. Reboot between them.
    (yes i know.. but i just wanted to check it out, not keep it)

    I have this other to try, FullControl, also an anti-exe, opensource. BETA. I'm not sure if i want to try it..

    What alternatives are there, and which are the best? Anti-executable, and?
     
Thread Status:
Not open for further replies.