AbuseShield v2

Discussion in 'other anti-malware software' started by egghead, Dec 28, 2006.

Thread Status:
Not open for further replies.
  1. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
    Hello everybody,

    Being hit by HIPS virus I’m trialing AbuseShield v2 on the moment.

    AS is designed to prevent unauthorised applications from running. During installation AS makes an “image” of all hard disk files and it creates checksums and default rules for them. When an unknown application wants to run you are warned by a popup giving very clear info (and the options: allow, not allow etc.). If this info is not enough you can get additional on-line info for help to make a decision ( if you still unsure you can quarantine).

    I have found the proggie to be very userfriendly and easy to use. For the geeks there are a lot of options (central management for multiple hosts, script filtring/blocking, checksums etc.).

    I’m running it couple of days now on my test partition alongside a firewalled router and AntiVir free with no problems. It uses minimal system resources. You can buy this proggie for US 14,99. For this money you can’t get even drunk in the pub.:(

    I have not read much about this wonderful proggie on Wilders. Are there participants testing it? If yes, what are your opinions?

    http://www.globesoft.com/software_products_expand.asp?productID=9
     
    Last edited: Dec 28, 2006
  2. true north

    true north Registered Member

    Joined:
    Dec 14, 2006
    Posts:
    159
    egghead,

    that's sound very interesting to me. Would you consider AbuseShield as a full replacement for ProcessGuard?
    Since PG support is down I'm looking for an easy going substitute.
    Win XP, Kerio 4, KAV 6, BOClean and the good old PG

    thanks
     
  3. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
    Hello True North,

    No, I don't, there are some drawbacks: http://kareldjag.over-blog.com/categorie-69553.html but I think KAV6 and AbuseShield complement each other wonderfuly.

    If you are saying you are running KAV 6 you are very well protected (I'm running it myself on my main partition). Seeing your setup you don't need a replacement for PG, imo you only have to take a look at your outbound connection (Kerio is not that strong in that department; see:http://www.firewallleaktester.com/. I myself am using LookNStop for controlling outbond connection and it does this very good. (My inbound connection is protected by a firewalled router; in your case the XP firewall).

    If you insist on a "full replacement" for PG I suggest you trial SSM; imo the best HIPS. I don't think it is a difficult proggie at all (granted, if you want to milk out it's full potential you have to be a knowledgeable user, which I am not). It gives you a lot of info to decide to allow/block an application/process. If the given info is not enough use this site: http://www.file.net/

    For an "easy going" subsitute I would try AbuseShield. AS together with KAV 6 will do the same trick as PG.

    As browser use FireFox (with no script enabled).

    With this setup you will make a hacker cry :D :D :D

    Hope to be of some help.



    My Fort Knox partition is this:

    *Firewalled Router
    *KAV 6 (AAA & AIC in proactive defense disabled; no 2 drivers in 1 car>SSM)
    *SSM (paid version)
    *LookNStop (use it only for controlling outbound connection)

    Less is more !!!!!!
     
    Last edited: Dec 28, 2006
  4. true north

    true north Registered Member

    Joined:
    Dec 14, 2006
    Posts:
    159
    egghead,
    Thanks for your advise.
     
Thread Status:
Not open for further replies.