anti executable?

i've heard a bit about anti executable here at Wilders.

a Google search only resulted in the product from Faronics.
is there any other similar program that are easy to use and preferably free?

also, how do they compare in effectiveness with products like Geswall/Defensewall/Sandboxie?

i'm on W7 x 32

 

From what I hear, PE Guard should be great according to Malware Research Group's test. It detected the malware from 0-day and onwards. I am currently awaiting its support for x64 systems. I have also heard several users reporting it's top notch in their own tests against malware. It does work for you as you're on 32-bit Windows. Give it a try!

 

tnx m8, i'll look into it.
-------------------------
edit: i looked the Youtube video from Languy and he says: "definitely not recommended for the average user."

i'm looking for something easy to use.

 

GesWall and co. isolate browsers and other applications from the system, so a malware can't intrude or modify it. An anti executable blocks the execution of not wanted programs.

 

tnx blacknight.

i just read this page (link below) from Wilders and Anti-Executable doesn't seem that impressive...

https://www.wilderssecurity.com/showthread.php?t=282291&highlight=anti

 

Take a look here:
https://www.wilderssecurity.com/showthread.php?t=252601

Most HIPS can be set up to function as pure anti-executables. There was a very good guide posted recently by MrBrian in this forum which showed how to set up Comodo as a pure anti-exec.

 

tnx Scoobs!

 

Anti-executable (AE) programs are useful for protecting one's computer in a kiosk or such, or if it is used by doofuses at times. However, if you are the computer's primary or only user, & if you have even the remotest idea of safe hex (prudent surfing), then an AE is basically little more than a pesky old NAG.

Using an execution blocker (AE), which does little more than alert you if you execute an (unknown) application, is a bit ridiculous. I mean, you double-click something, and your AE pops-up and says "Hey, you just double-clicked something!!" Well golly gee -- thank you, I had NO idea what double clicking meant until my trusty old AE told me.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

When it comes to providing security, an AE is basically a MINDLESS nag. If an app gets on an AE's "OK/white list" then the AE will allow anyone to run that app even if it is loaded with tons of malware. An AE is only as good as its whitelist. Here again, if YOU create AE's whitelist using careful research and prudence so that only "clean" apps are included, then the AE would be helpful during those times when your computer is being used by someone else. It could also help YOU yourself if you had imbibed a few too many shots of single malt or smoked something strange & exotic.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Bottom Line: In my opinion a pure AE is a waste of $$ unless it's for use in a kiosk situation or if there are inept/careless/high-risk users around.

As someone suggested earlier, it is much better to use a HIPS because (1) it will block execution of risky apps regardless of what any whitelist or blacklist might be saying. (2) it doesn't only block execution, but also TELLS you why it is a doggone good idea to do so.

Or another approach -- also suggested by an earlier poster -- would be to use an app that isolates potential bad apps so that they cannot do any permanent damage.

Good & easy HIPS + Firewall (FW) apps include Online Armor & Private FW

Good & easy isolation apps include Defense Wall & Bufferzone

 

tnx Bellgamin!

you gave me everything i wanted to know about AE.
i guess it would be useless for me.

topic closed i guess

 

I am just sharing my own opinion and experince.
And unfortnetly I had to disagree with you.

I don't really agree with the statment that AE is waste of money.
For me AE whitelisting was and is one of the best security princple I found.
There are millions of so called software which claim to block most of the "drive-by downloads".
Where with AE whitelisting it is 100 %.
Because obviously that drive by woulndt be even allowed to execute. (and I am speaking about whitleisting, where it is default-deny, not HIPS which asks everything from user)

I don't know, maybe it's just me.
But I am with Rmus like mind set on this. If it can't execute it can't do anyharm.
Since the time I started using Default-deny, I stoped all my worries regarding drive-by malware.
I am not using noscript, adblocker or sandboxing my browser. I just don't worry about them. And I can freely open any link on MDL and try to execute it. Now that I can't even infect myself intentionaly unless I provide admin password. (I just don't give it to almost anything)
I don't worry about latest dll hijack. Because even dll loadind is whitelisted on my sytem. So no malasious dll can even try to load.
I don't care about adobe PDF patches, because all PDF exploits are basically same and try to execute something which will be blocked even if it is 0-minute malware.

See, for me it IS best thing I discovered in whole wilderssecurity forum.

P.S. I use AppLocker under LUA with dll rules enabled and Windows writeable folders excluded.

 

You could have a look at the Returnil Virtual System 2008 Personal 2.0.1.9002 which has quite a good AE, full system virtualization and free.

Don't really use the AE function fulltime here and only tested it briefly but seems quite robust.

I do use the Virtual function nearly full time along with Sandboxie as my main security.

The AE function is accessible through the start menu under Returnil Tools.

Unfortunately the link in my siggy points to a newer version now so if anyone is interested in the older version you will have to google.

 

tnx Jav,

it's good to hear an opposing viewpoint and your argument seems valid.
unfortunately, i don't think AppLocker is part of W7 Home.

tnx Franklin for the suggestion.

all you folks here gave me food for thoughts.

 

See Free Anti-Executable?. The Comodo guide that Scoobs72 mentioned is listed in that thread also.

 

Spyware terminator free. Not the strongest HIPS, but it builds a list of allowed aps

ThreafFire free has a build in rule which you can activate to make it an AE

 

tnx Mr Brian.

i found the link:
http://forums.comodo.com/defense-sa...t-security-as-an-antiexecutable-t60303.0.html

there is "only" 27 steps to follow?
thanks but no thanks.

beside, i tried Comodo a couple times and it borked my system both times.
i'm in no rush to repeat the experience.

tnx anyway m8!

 

tnx kees.

i think i'll stick to Geswall/Defensewall/Sandboxie.

i'm starting to get a headache just reading about this stuff.
that's not good.

 

SpywareTerminator (ST) is a nice HIPS but it has an appetite for cpu cycles like a Baleen Whale going after plankton. Also, ST has a truly awesomely enormous buttocks (RAM-wards, that is).

 

mwahahahaha!

 

very true bell very true

 

ST Got Back

 

Appguard from Blueridge Networks is one of the best AE's out there. It will be 64bit compatible soon. Theres several threads on this forum about AG. Just do a search. http://www.blueridgenetworks.com/products/appguard.php