Anti-Executable

It seems to me that BlackIce PC Protection (new name for BlackIce Defender) is a firewall, most probably a very good one, but it is a firewall.

 

In Exe Lockdown there is no silent option, but you have to optionally enable the prompt to allow or not. Either way you get a popup with notification (which is customizable). The configuration is found through an applet in the control panel and all settings are password protected. When uninstalling you are prompted for the password.

I have verified that Exe Lockdown goes by filename AND location. I have contacted the company asking them to add a strong checksum into it and also the ability to disable prompts completely. Hopefully they are open minded to suggestions in their freeware. Their message submiter said I would be contacted in less than 4 hours.

 

Here is another screenshot:

Edit: I think Exe Lockdown only covers .exe files, which is another problem.

 

Ok, let me ask if u people know of more such applications, free or paid?

 

I don't think this is true and that would be absurd. According my readings EL recognizes more than just exe-files. You can try a screensaver for instance.

 

One more Q? How to uninstall it? I did not find any entery in Add/ Remove programs?

 

AE or EL ?

 

If person never changes their setup is a checksum really needed? If malware cannot execute it can't change anything. Only something silly done by the user would put them at risk. Thats my 2c anyway, i'm definitely no expert.

 

If you talking about AE then you have to disable it then run the setup again. Took me a while to figure that out LOL.

 

No, I am talking of ExeLockDown.

 

Maybe by a hacker, who can get in your system through your firewall of straw.

 

Most free hips can be configured to block execution such as SSM, PS and GSS. Theres plenty of choice it all comes down to user preference.

 

LOL! Yes thats true. Aside from hackers and user negligence i reckon it would work well, definitely not in the league of AE but pretty good for a freebie.

 

Just go to add/remove programs and uninstall it, you'll need your password to do it as well.

I just remember an old anti-exec program called trustnoexe.
http://www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm

I just downloaded it again and it looks like the exact same program as exelockdown LOL! maybe horizon bought it off these guys?

EDIT: its pretty similar, just has a few less features by the looks of it.

 

Hi, folks;hi, Erik, BlackIce PC Protection is more than just a firewall (firewall w/ IPS and application protection), it works very well w/ any tranditional firewall(ZA pro, outpost etc) and I am testing its application protection. It feels like AE but am not sure how solid is its strength. It contains some options such as adding file extension to the whitelist. I think it worths the exploring.

 

This makes sense as to why I assumed otherwise:

" Trust-no-exe hooks into the operating systems routines for creating a process and loading it into memory. If the operating system attempts to load any compiled code into memory ready to give it execution as a process or thread, trust-no-exe will jump on it and prevent the code from being loaded into memory. Therefore trust-no-one doesn’t rely on the file extension and can not be easily fooled."

In some ways this seems better than AE

Edit: Also, "Exe lockdown acts as an executable white-list-filter. Its’ small kernel mode driver, filters all executable files; regardless of its file extension ie.exe .com .dll .drv .sys .dpl etc..." from the Horizon site.

 

Can u put password and lockdown PS just like SSM disconnected UI?

 

Thanks, BTW I did not find any entery in add/remove.

 

Under Add/Remove the listing starts with Horizon. ProSecurity has password protection - do not remember any disconnection of GUI though.

 

Thanks. I was looking for E rather than H.
BTW u can manually delete its files, no protection but still it will continue to work.

 

It installs a driver which you would also have to manually uninstall.

Edit: Also some info on BlackIce (1 of many pages discrediting them): http://www.matousec.com/projects/wi...nalysis/top-five-comparison.php#final-results
"Internet Security Systems, Inc., the vendor of BlackICE, was not interested in our findings. Moreover, they were not interested in any of vulnerabilities we had published. These issues remain open and users of BlackICE should rather change to a better product. "

 

Based on the system calls hooked by AE (see below), I'm not sure I'd say better, just different without the benefit of additional information. As with any other product, the vendor designs in a specific complement of features to hopefully satisfy their target market segment.

Blue

 

If i remember correctly, with PS there is an option to allow new processes to start, you simply disable this option then password protect the config so it can't be changed.

 

Hi, folks: Thanks for the pointer. BlackIce did not perform very well against others in that kid's tests, mainly in firewall's function sector. I would not use BlackIce as sole firewall, the kid is right about that. But among all the firewalls he tested, to my best knowledge, none of them except BlackIce has application protection feature, therefore his conclusion apparently did not cover that area. The application protection feature is the most over-looked function,IMO, just because whitelist protection concept is relatively new, and still is subject to numerous hot debates. I am testing it . If it prevails, is an extra , big plus for me. There is evaluation copy available on web site, perhaps some more knowledgeable members can conduct some sort of testing in term of strength, similiar to tests done on EL. Thanks.

 

I have used BlackIce many times in the past. It has not significantly changed for at least 6 years (I was using it when Conseal, BlackIce and ZoneAlarm were the only real options for desktop firewalls and DLL component verificiation was the first recognized leaktesting).

If you search GRC.com you will see that instead of adding outboung network access control they flagged GRC.com's very simply leak test to make it look to the end-user like they do have outbound control. Why would a company who does not value outbound network control want their users to think otherwise?

I personally do not value any of BlackIce's features enough to have it on my system. If you value it's IDS that much and believe it is more quality than the company's morals then I guess that's one feature somewhat exclusive to that product in a Windows environment, but the executable monitoring is not much different from Exe Lockdown. I have not tested BlackIce's implementation of exe. control, but assume it uses somesort of checksum - unlike Exe Lockdown. Someone above made a good point that if malware cannot run, it cannot bypass Exe Lockdown.

Here is another link discrediting BlackIce's company (Internet Security Systems): http://www.grc.com/lt/leaktest.htm