anti executable?

Discussion in 'other anti-malware software' started by moontan, Sep 28, 2010.

Thread Status:
Not open for further replies.
  1. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i've heard a bit about anti executable here at Wilders.

    a Google search only resulted in the product from Faronics.
    is there any other similar program that are easy to use and preferably free?

    also, how do they compare in effectiveness with products like Geswall/Defensewall/Sandboxie?

    i'm on W7 x 32
     
  2. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    From what I hear, PE Guard should be great according to Malware Research Group's test. It detected the malware from 0-day and onwards. I am currently awaiting its support for x64 systems. I have also heard several users reporting it's top notch in their own tests against malware. It does work for you as you're on 32-bit Windows. Give it a try!
     
  3. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx m8, i'll look into it.
    -------------------------
    edit: i looked the Youtube video from Languy and he says: "definitely not recommended for the average user."

    i'm looking for something easy to use. :)
     
  4. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    GesWall and co. isolate browsers and other applications from the system, so a malware can't intrude or modify it. An anti executable blocks the execution of not wanted programs.
     
  5. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
  6. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Take a look here:
    https://www.wilderssecurity.com/showthread.php?t=252601

    Most HIPS can be set up to function as pure anti-executables. There was a very good guide posted recently by MrBrian in this forum which showed how to set up Comodo as a pure anti-exec.
     
  7. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx Scoobs! :)
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Anti-executable (AE) programs are useful for protecting one's computer in a kiosk or such, or if it is used by doofuses at times. However, if you are the computer's primary or only user, & if you have even the remotest idea of safe hex (prudent surfing), then an AE is basically little more than a pesky old NAG.

    Using an execution blocker (AE), which does little more than alert you if you execute an (unknown) application, is a bit ridiculous. I mean, you double-click something, and your AE pops-up and says "Hey, you just double-clicked something!!" Well golly gee -- thank you, I had NO idea what double clicking meant until my trusty old AE told me.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    When it comes to providing security, an AE is basically a MINDLESS nag. If an app gets on an AE's "OK/white list" then the AE will allow anyone to run that app even if it is loaded with tons of malware. An AE is only as good as its whitelist. Here again, if YOU create AE's whitelist using careful research and prudence so that only "clean" apps are included, then the AE would be helpful during those times when your computer is being used by someone else. It could also help YOU yourself if you had imbibed a few too many shots of single malt or smoked something strange & exotic.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Bottom Line: In my opinion a pure AE is a waste of $$ unless it's for use in a kiosk situation or if there are inept/careless/high-risk users around.

    As someone suggested earlier, it is much better to use a HIPS because (1) it will block execution of risky apps regardless of what any whitelist or blacklist might be saying. (2) it doesn't only block execution, but also TELLS you why it is a doggone good idea to do so.

    Or another approach -- also suggested by an earlier poster -- would be to use an app that isolates potential bad apps so that they cannot do any permanent damage.

    Good & easy HIPS + Firewall (FW) apps include Online Armor & Private FW

    Good & easy isolation apps include Defense Wall & Bufferzone
     
    Last edited: Sep 28, 2010
  9. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx Bellgamin!

    you gave me everything i wanted to know about AE.
    i guess it would be useless for me.

    topic closed i guess ;)
     
  10. Jav

    Jav Guest

    I am just sharing my own opinion and experince.
    And unfortnetly I had to disagree with you.

    I don't really agree with the statment that AE is waste of money.
    For me AE whitelisting was and is one of the best security princple I found.
    There are millions of so called software which claim to block most of the "drive-by downloads".
    Where with AE whitelisting it is 100 %.
    Because obviously that drive by woulndt be even allowed to execute. (and I am speaking about whitleisting, where it is default-deny, not HIPS which asks everything from user)

    I don't know, maybe it's just me.
    But I am with Rmus like mind set on this. If it can't execute it can't do anyharm.
    Since the time I started using Default-deny, I stoped all my worries regarding drive-by malware.
    I am not using noscript, adblocker or sandboxing my browser. I just don't worry about them. And I can freely open any link on MDL and try to execute it. Now that I can't even infect myself intentionaly unless I provide admin password. (I just don't give it to almost anything)
    I don't worry about latest dll hijack. Because even dll loadind is whitelisted on my sytem. So no malasious dll can even try to load.
    I don't care about adobe PDF patches, because all PDF exploits are basically same and try to execute something which will be blocked even if it is 0-minute malware.

    See, for me it IS best thing I discovered in whole wilderssecurity forum.

    P.S. I use AppLocker under LUA with dll rules enabled and Windows writeable folders excluded.
     
  11. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    You could have a look at the Returnil Virtual System 2008 Personal 2.0.1.9002 which has quite a good AE, full system virtualization and free.

    Don't really use the AE function fulltime here and only tested it briefly but seems quite robust.

    I do use the Virtual function nearly full time along with Sandboxie as my main security.

    The AE function is accessible through the start menu under Returnil Tools.

    Unfortunately the link in my siggy points to a newer version now so if anyone is interested in the older version you will have to google.

    AER.JPG
     
    Last edited: Sep 28, 2010
  12. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx Jav,

    it's good to hear an opposing viewpoint and your argument seems valid.
    unfortunately, i don't think AppLocker is part of W7 Home.

    tnx Franklin for the suggestion.

    all you folks here gave me food for thoughts. :)
     
  13. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Last edited: Sep 28, 2010
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Spyware terminator free. Not the strongest HIPS, but it builds a list of allowed aps

    ThreafFire free has a build in rule which you can activate to make it an AE
     
  15. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    Last edited: Sep 28, 2010
  16. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx kees.

    i think i'll stick to Geswall/Defensewall/Sandboxie.

    i'm starting to get a headache just reading about this stuff.
    that's not good. :argh:
     
    Last edited: Sep 28, 2010
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    SpywareTerminator (ST) is a nice HIPS but it has an appetite for cpu cycles like a Baleen Whale going after plankton. Also, ST has a truly awesomely enormous buttocks (RAM-wards, that is). :D
     
  18. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    mwahahahaha! :D
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    very true bell very true;)
     
  20. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    ST Got Back :argh:
     
    Last edited: Sep 28, 2010
  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
Loading...
Thread Status:
Not open for further replies.