Antivirus and HIPS Realtime Protection ?

Discussion in 'other anti-trojan software' started by JBB, Oct 4, 2005.

Thread Status:
Not open for further replies.
  1. JBB

    JBB Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    51
    Does anyone know which Antivirus (w/t realtime module) and/or HIPS Programs are able to detect and alert to an action attempts of either Formatting the Hard Drive or Writing to the Hard drive's boot record, by "Unknown" Trojan Pgms (.exe's) for which signatures definitions have *not* yet been released o_O

    .... Just looking for what can provide this extra layer of real-time protection for unknown pgms that are executed.

    .... Does anyone know whether the latest versions of NOD32, Norton Antivirus, Safen'Sec, Online Armor, etc; provide this type of protection, when you go ahead and "Allow" the 'Unknown" pgm to execute ?? ... (i.e. you think the pgm is safe, but its not) ?

    P.S. I remember in the past that pgms like NAV 2002 touted this type of protection, but I haven't seen today's antivirus pgm's mention this feature anymore in their documentation.
     
  2. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    I think the answer for what you are looking for is Anti-executable.

    On install, Anti-Executable performs a deep scan of the computer and authorizes everything on it. From that point on, any other executable is deemed unauthorized and will not run or install.

    http://www.faronics.com/html/AntiExecStd.asp

    muf
     
  3. StevieO

    StevieO Guest

    Hi JBB,

    Any good AV with Heuristics should be able to help prevent to some extent a known Trojan/Virus etc that wants to do what you ask.

    If you want something that kills unknown .EXE's dead then i can recommened the excellent WinSonar.

    For those of you not running XP etc then i can highly recommend StarTest from the same place.

    . . .


    Winsonar 2005 XP

    Freeware Edition is a program specifically designed for process monitoring and system protection from unknown processes: the program detectes new processes permanently installed into memory while system is working off-line, offering also an active Internet protection, by optional automatic termination of any unknown process trying to load itself into memory when the system is on line.
    The basic idea is that if the user could know a new program silently installed into memory when off-line, he could take appropriate countermeasures. Unfortunately this does not offer any protection against downloading a malware when the system is on-line.
    For this reason the program detects the on-line status, asking then the user if an automatic termination of any unknown processes is desired (this option can be also enabled by default).
    This leads to an active protection against trojan\spyware-infected e-mail attachments: even if the user unfortunately opens the attachment, the malicious executable process will be suddenly terminated, without having the time to perform any action.

    The program has been updated to the version 5.01.03, released on January 8th, 2005. New features of this version:

    * Off-line shield added: activating this feature any unknown process will be automatically terminated, even when the system is off line. This "locks" your system from unknown programs and it could be useful to ensure that no spyware or viral program is stealing your confidential data while you are treating them off-line.
    * File search routine rewritten.
    * Renewed interface.
    * Minor bugs fixed.

    This program has been tested and works under Windows 98\Me, 2000\XP.

    http://digilander.libero.it/zancart/winsonar.html


    Startest 3.5

    The purpose of this program is early detection of infection from boot viruses and to provide a daily check of system critical files. When computer starts, it reads informations stored into first sectors of the hard disk, a necessary procedure for a correct system startup. Many viruses, adding themselves to boot code, take advantage of this mechanism in order to gain control of the machine and replicate themselves to infect as many computers as possible. Every times Startest 3.5 is run, a comparison is made between current MBR\boot sectors and the configuration detected during initial setup process, alerting for changes. In case of changes, the program extracts the added or changed code in hexadecimal format, offering the possibility of notification to the free services of anti-virus software houses.

    Moreover, the program checks every time is run some essential Windows Dinamic Link Libraries, helping in early detection of unknown viruses attack to the system. Some new viruses infact, ( i.e. Hybris virus ), take control of the system communication DLLs to gain access to the Internet, having the best possibility of spreading through e-mail services.

    This version of the program checks a larger number of critical Windows files, improving overall safety of the system.

    http://digilander.libero.it/zancart/startest.html

    . . .


    It works and it's Free just like all the other nice Apps on the site including WinSonar.


    StevieO
     
Thread Status:
Not open for further replies.