Anti Exes

Discussion in 'other anti-malware software' started by DX2, Mar 1, 2013.

Thread Status:
Not open for further replies.
  1. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    Yes it does. I love sandboxie and ERP. It's a great combo. I'm not a huge fan of appguard. I know how powerful it is but it's not my cup of tea.
    I guess humor is kind of hard to impart through text sometimes. :)
     
  2. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    I know that this is not an original question but, as there are a lot of anti-exes' lovers round here, why do you prefer them over a HIPS, for example?
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    i personaly prefer hips:thumb:
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I think many of the HIPS go a bit overboard. So many of the entanglements bit into HIPS are based on some POV. Problem is that for those POV's to do what they are supposed to do they first have to run. On of the users here has proven an Anti Exec will stop almost all exploits.

    ERP just is proving itself to be an excellent implementation of the Anti-Execs.

    Pete
     
  5. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    ERP is an excellent AE and it also has the behavior protection. I really enjoy the information on the alerts and all the choices.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    When I first looked at these things about 8 years ago, the basic difference was that a HIPS product gave the user much more granular control over the system.

    All I wanted was something to prevent any executable from running that was not already installed on my computer. HIPS in those days required "learning modes" and setting up "permission lists" and the like. I haven't kept up with the newer products, so I don't know if this difference remains.

    The anti-execution product I chose, Faronics Anti-executable (AE), automatically upon installation, created a White List of all executable files on computer, and that was that. Set and Forget. Nothing else to do.

    No executable file not on the White List can run, and that's all I was after.

    Here is AE blocking a Java exploit payload:

    [​IMG]


    ----
    rich
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Rmus, have you tried VoodooShield? I believe it's become an amazing product! It's similar to Appguard, and AE from Faronics. I would love to say more about it, but I have to leave for work now.
     
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Thanks for the information.

    I've sort of "retired" from testing things. If I become dissatisfied with AE for some reason, I'll consider something else.


    ----
    rich
     
  9. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Thank you all for your responses!

    Sometimes I too think that a full HIPS can be overkill for normal use: Either you trust a program to run on your computer or you don't. Installing apps that you need to be vigilant of is not wise at all. I'm keeping an eye on ERP and now I will check the Faronics AE too.

    Thanks again!
     
  10. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,156

    Hi Pete can I ask what about your firewall? how do you block things from connecting to net that you don't want to connect out?

    Also with everyone using ERP why not just use the windows built in Applocker?
     
  11. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Not everyone has Ultimate.....
     
  12. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    ....and I find ERP more user-friendly to work with....:thumb:
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Using Outpost Pro 8. I didn't mention it as I am using it essentially as a firewall only. Most of the application settings are in what I would call "trust" mode, ie no restrictions.

    Pete
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Yes, very much so... :)
     
  15. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Is there any good freeware or open source anti exe?

    @Rmus
    May i ask you what firewall are you using (if any)?
    thanks
     
  16. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    I can think only of ERP Free and Xyvos...
     
  17. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    The old Kerio 2.

    An earlier post asked about outbound control. Here is Kerio alerting to the Java application attempting to connect out as part of a drive-by exploit:

    [​IMG]



    ----
    rich
     
  18. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    @RMUS,
    Is the kerio firewall still being developed and supported.?
     
  19. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    No, it's not, the one Rmus uses (Kerio 2.1.5) is long gone now, and the newer Kerio 4.xx series is no longer developed or supported either. But they are still available here and there, and work well on XP or Win2k OS's... They were going to release Kerio 4.xx as freeware, but never got it past the beta stage and actually released it.
     
  20. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    Thanks.Its a pity as kerio was one of many great firewalls that have sadly become abandoned.
    Not much choice of good firewalls nowadays.:argh:
     
  21. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Yep, Kerio 2.1.5 was a classic as far as rule making interfaces goes, and my favorite for many years on Win2k. One of a kind... :)
     
  22. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    I never had a firewall in Win9x days.

    Comes along Win2k and something called "Services"...

    Well, you probably remember giving me lots of tips with Kerio 2 when I started using it!


    ----
    rich
     
  23. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Thanks Siketa and Rmus :thumb:
     
  24. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Hey Rmus. Yep, those were the days.. :)
     
  25. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,204
    Location:
    Virginia - Appalachian Mtns
    Rmus,
    Are you still using Win2K? :).

    Later...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.