antimalware

Discussion in 'other anti-trojan software' started by monsunami, Apr 28, 2005.

Thread Status:
Not open for further replies.
  1. monsunami

    monsunami Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    29
    Location:
    USA
    Has anyone tried Antimalware from Trustware co.? I just signed up to try it. From looking at there site http://www.trustware.com/, it seems like prevx and ssm combined. Any comments on it is appreciated.
     
    Last edited: May 2, 2005
  2. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Well.. their trojan is really effective from what I can say... a PG using friend said it went right through

    direct link
    http://www.trustware.co.il/TrojDemo.exe
     
  3. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    no13,

    PG does flag it's launch. If you deny it, that's it. If you give it permission to run, it runs. Which seems pretty straightforward to me.

    I also have SafenSec on this system. It captures the activity at a different point and allows neutral activity (simple file broawsing) while trapping potentially malware like events.

    As far as I can see, both applications work as they should. If you give something the green light to go, should you continually be second guessed? I'd say no.

    Blue
     
  4. I agree with Blue....PG flagged it....I let it run....and NetVeda caught it too
     
  5. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Point.
    I'm not sure what the motives were behind launching the application, but needless to say, it does not hook the API, does it?

    So I'm thinking how does it get past PG?

    Which is two of my gripes with PG...
    1. It still isn't blocking some 'attack vectors', so to speak [I mean... this TrojDemo.exe and that password revealer discussed in the PG forum both got through]
    2. It doesn't have process launch control that even Kerio 4 has [launch of child process is controlled] ... this is the only thing IMO that makes Tiny Firewall so special [apart from Track 'n' Reverse]... bidirectional control was possible for parent/child relationship [I hope I'm not mistaken?]
     
  6. No13.....I don't understand what you are getting at....If you stop trojdemo.exe
    with PG...It is done....However....if you allow it to start....even with denying
    Cal.exe....it will try to launch, but your FW should catch it.
     
  7. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Actually.
    I'm saying that "Process guard" being the name, it should have guarded the process Cal.exe from being first launched, then hijacked. Isn't that the purpose of the proactive pproach - Don't Let Malware Attack At Any stage?
     
  8. We shouldn't hi jack this thread....PG does stop the initial launch.
    Deny it......it is all over....Period.

    True ...if you do miss it....even denying cal.exe...it will try to launch.

    Back on subject....that page is almost impossible to read, so even if product
    is very good...if you can't even read the info...it sure isn't gonna help them
    sell their program.
     
  9. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Agreed. :)
    Which page? Please be specific [and will you check out http://castlecops.com/postt113622.html and http://forums.subratam.org/index. php?showtopic=4196 ]
    It seems that "painkiller" is asking about it everywhere ;) https://www.wilderssecurity.com/showpost.php?p=436632&postcount=5
     
  10. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
  11. The Trustware home page.....The way it is laid out...very poor design.

    Thanks for all the other pages....I'll check them out
     
  12. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Maybe in Israel's webmaster community, using frames is a GOOD thing?
     
  13. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    AntiMalware is an anti-threats from the israelian firm Trustware.
    This product is more intented for enterprises like Soho or Small Busieness, even if it could be used on a single computer.
    In all case, it's quite expensive ;) !!

    I've tried AntiMalware which is based on Sandbox features with White (permit/trusted) and black list (deny/untrusted).
    This kind of products are just confirms that classicals scanners (AV/AT/AS) are not sufficient and that a strong protection needs to integrate more prevention than detection.

    I'm glad to see that BlueZanneti has SafenSec on his line defense.
    And against the trojan demo, SafenSec is one of most impressive product!


    Regards
     
  14. monsunami

    monsunami Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    29
    Location:
    USA
    Thanks for the reply. Even though this thread went a little off topic. I hope they have a free home version like prevx does without hosing my system. Looking for free software (really low budget now) that has similar type functions to prevx or process guard, with sandboxing and app control functions. Tried antihook and had really bad experience. Abstrusion protector wasn't really convenient to use and options was scarce so too much work just to install apps or allow some apps that updates or mod files all the time. Had process guard but it doesn't like punkbuster. Was going to look into SSM but I think they will become commercial soon.
     
  15. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Just ran the test file myself.

    I run Nod32, Microsoft Antispyware and a2 personal with guard activated.

    The Calculator opened up but after a short delay I got a IDS alert (Their heuristicss) that it detected some spywear or downloader and offered for me to terminate the program!

    Go A2! http://www.emsisoft.com/en/

    Cheers

    Jlo
     
  16. monsunami

    monsunami Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    29
    Location:
    USA
    Problem is that it was able to run a program on computer. All that the firewall did was block information comming out of a computer. That is a good thing to keep info safe from identity theft hackers. However too late to stop damage from some kiddy hacker. I think process guard should able to stop even calculator from running if you keep it on strict mode.

    btw, i am trying SSM and it actually was able to stop even calculator from running at all and Jetico firewall did the rest. Actually got a popup from trojan tester that my system looks secure. Anyway I will continue on SSM to see if it won't hose my system down. Seems very light on resources, barely know that it is running. At least it is free and functional till december.
     
    Last edited: May 2, 2005
  17. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    well, SSm used to crash Kerio systems, and i felt it was't really well designed... but if it works for you, that's great because it's really impressive with it's feature list
     
  18. BlueBird

    BlueBird Guest

    I've used Trustware's AntiMalware. What's remarkable about their technology, is that unlike sandbox, they allow most legitimate software to run & install. In fact they create an environment for each process.

    As to the TrojDemo, it's not a big deal. Their sales person introduced it to me as a simple example of basic malicious software. He said they didn't include hooking nor injection on purpose, just to show how simple bypassing fw & av is.
     
  19. twig

    twig Guest

    There is a new beta version for home users available now from trustware . They said in the email that " As one of our beta home users you will recieve the highest level of support@trustware.com 24 hours a day, 7 days a week!"


    Im downloading now lol
     
  20. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Link please.
     
  21. twig

    twig Guest

    Hi no 13 I have just emailed tai barkai @ trustware.com to check if Its cool to leave the link here .( just being politically correct) or if its best any one interested emails them personally. which you could do .

    a little bit of info
    About AntiMalware Home Pro
    AntiMalware™ Home Pro protects your computer against spyware installation, theft of information, hijacking your desktop, and damage to your operating system delivered through Browsers, Email Handlers, File managers, P2P applications, Instant Messages, USB Keys, CD ROMs, and FTPs. AntiMalware Home Pro provides continuous protection against all forms of threats—known and unknown, current and future—including Trojans, viruses, spyware, and newer morphing and blended threats. Acting as a Kernel driver AntiMalware Home Pro intercepts every unknown application, making it an excellent way to defend personal computers.

    AntiMalware ™ Home Pro uses the BufferZone™ unique “Protection without Detection” approach that dynamically isolates and safely executes all untrusted content, instead of trying to scan content and detect malicious code. With AntiMalware, you can safely execute any application as well as download and use any files with your normal applications, preferences and settings. Programs running in BufferZone ™ are not able to access trusted files, hence are prohibited from changing or stealing your personal data. Further explanation regarding the file trust properties is given in the quick guide.



    AntiMalware BufferZone ™ Protection prevents attacks such as:

    § “In the Wild” (known) Viruses, Worms, Trojans

    § “Zero Day” (unknown) Viruses, Worms, Trojans

    § Spyware

    § Fraud

    § Phishing

    § Adware

    § Key-loggers



    Because AntiMalware doesn't depend upon signatures, heuristics, or other ways of recognizing threats, it never requires updating when new forms of attack emerge. Once you install AntiMalware, you're protected now and in the future.

    2 System Requirements
    AntiMalware ™ Light security software runs on systems with the following:

    § Operating System:

    o Microsoft® Windows® 2000

    o Microsoft® Windows® XP Home

    o Microsoft® Windows® XP Proffesional

    o Microsoft® Windows® 2003

    § Pentium ׀׀ and above.

    § 128MB RAM


    AntiMalware Line of Products:

    § AntiMalware Home Light (Alpha) – for home users (free)

    § AntiMalware Home Pro (Beta) – for home users

    § AntiMalware Corp 1.20 – for corporate use with or without management
     
  22. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,


    ***Firstly, i'm always cautious with advertising arguments: if i've not seen the Ultimate Malware yet, the Ultimate Software is not ready to be borned.
    Virtual Zone technologies like AntiMalware, DeepFreeze, ShadowUser, DriveVaccine or DriveShield are really promising and interesting.

    The problem is that their efficiency is difficult to eveluate.


    ***Dodata is the french and official distributor and reseller of Trustware in Europe: http://www.dodata.fr/constructeurs.php?nom_constructeurs=TRUSTWARE

    There is an evaluation which is available (zip file) in the next link:

    http://www.dodata.fr/documents/produits/AM-MASTER-MONO-EVAL.zip

    MD5:02222153f43018a22191ffba8ac70b37

    This demo is in french.
    In all case, make a restore point before trying it.

    The set up is quick and easy, and requires a reboot.


    After, click on "certifier les fichiers": AntiMalware will record all the files with hashes algorithms and will considere them as trusted ones.
    On the control panel, click on "Mode Apprentissage": any new file will be allowed to run as a trusted one.

    Unfortunately, i couldn't attach more information with pdf file which is an overview about features and technology, then i attach just an image (rules by default).

    Hope this helps,

    Regards
     

    Attached Files:

    Last edited: May 1, 2005
  23. monsunami

    monsunami Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    29
    Location:
    USA
    yah , i just received an email from them with link to download. I think I will be trying this. If this has any problems or isn't effective, i will go back to SSM.
     
    Last edited: May 2, 2005
  24. twig

    twig Guest

    I received a reply from Trustware who would prefer me not to put the english link that they emailed out on open forum. They would prefer to be the download junction at this point. So by emailing them with enquiries to "request for trial" sales@trustware.com is the way to go . One of the reasons for this is they wish to be in direct contact with us during this test time for a number of reasons. One being they are establishing a BufferZone community and leveraging their bufferzone features in order to have a robust dynamic virtualisation for running unknown applications without ever harming the system. This will occur by getting as many feedbacks as they can, So they wish to keep in touch with those who do trial this product.
     
  25. twig

    twig Guest

    Looking forewards to your testing and results kareldjag.
     
Thread Status:
Not open for further replies.