Anyone here use Abtrusion Protector?

Discussion in 'other anti-trojan software' started by anti-spy, Mar 28, 2005.

Thread Status:
Not open for further replies.
  1. anti-spy

    anti-spy Guest

    Does anyone know if Abtrusion Protector will block dll injecting trojans?

    How would you compare AP to WinSonar 2005, SSM (used SSM but it causes too many problems- freeze ups ect..), Prevx free and Process Guard free?

    Which would you say is the best app of the lot or combination thereof (freebies only please)? And which programs will, and will not block dll injection? Thx.
     
  2. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    I have used it . Customer support is great . Was for me anyway . They told me it does NOT protect against code injection . That was a while back though . It is different than SSM and PG . PG and SSM will give you more security . I found AP to be unwanted with PG running . I use the paid version though . dll injection protection is best utilized with PG . Some firewalls protect against this too . AP is a good free program but not really strong in protection . For free , I would have to suggest PG free and Prevx for now . If your system can handle it , you can add AP . Although , I do not think it would be warranted . Hope that helps and good luck to you
     
  3. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    Abtrusion Protection does not protect against dll injection and does not provide a strong protection against advanced threats (see the image).

    In a few weeks or perhaps in a couple of months, i'll publish a complete overview and test about Infection Prevention System (or Intrusion Desktop prevention) like Process Guard, Prevx, Abtrysion, SSM, Safe'n Sec, Winsonar and others ones which has not been reviewed on Wilders.
    Tests are from basics ones (Process termination/Hijacking, dll injection) to advanced ones (API hooking, Buffer Overflow...).
    It will just confirm the efficiency of PG and perhaps temper the enthusiasm about Safe'n Sec or Prevx.

    On the next link, you'll find a brief overview of some products you had mentioned.
    http://www.techsupportalert.com/intrusion-detection-p2.htm

    Regards
     

    Attached Files:

  4. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Here process hijacking with a dll:
     

    Attached Files:

  5. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Hi Kareldjag, I cannot wait till the test will be ready...Nice job as allways!!

    Inf;
     
  6. anti-spy

    anti-spy Guest

    Thanks to you both Hollywoodpc and Kareldjag. And thanks for the link Kareldjag, and I look foward to your reviews of these security programs. Sounds like it will be really good stuff! :)
     
  7. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Good job my friend . Not that it matters coming from me but , glad you confirmed what I knew from a while back .
     
  8. Hi ;) I'm a newbie on that software, so I appreciate experienced advice...

    If you would allow men I'd have 2 questions:

    1/ It doesn't protect against dll injection, but does it not prohibit the infectious program to be installed on the system in the first place? What I mean by that is that I pass all the leaktests because AP would not allow for them to be installed on my system if I do not willingly instruct AP to let them install. So the result is the same, or ain't it?

    2/ I saw the illustrative pic about 'advanced threats' but I don't understand what it's supposed to show me... Could you point me to one or two [advanced threats-program/exe] which would bypass my AP's protection, so I can test them on my system and more precisely understand what you are trying to tell us?

    Thanks, regards...
     
  9. Hi

    Also, Abtrusion would not allow one to install any new component or software on the system when xp is run in non-administrator mode, so I don't see how AP's self protection could be bypassed when in non-administrator mode...?!

    The 'enable install' option is only avalaible when one runs xp in admin' mode.

    Rgds
     
  10. Arup

    Arup Guest

    Kareldjag,

    Please include Antihook in your test list if possible.
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Hi AbtrusionUser

    I used to use Abtrusion Protector, before I switched to Process Guard. On my machine I found AP was much more resource intensive. But to answer your question about the DLL injection. You are right something has to run before it can inject, but.....

    PG like AP challenges a new program and blocks it, ...BUT... if I think it is okay and give it permission to run with AP your are had. Process Guard gives you another chance by telling you it is trying to do something else. For example if I am not sure about a program, but decide to let it run, and then it wants to install a keyboard hook, at this point I might say no way. See thats my second chance.

    Pete
     
  12. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    kareldjag,

    If you can please test InfoProcess' LaunchMonitor http://www.infoprocess.biz/LaunchMonitor.aspx I think it will do well especially if used in conjunction with Infoprocess' antihook as mention in an earlier post. I hope you don't mid the request but that's all it is is a request. If you don't want or can't then no problem.

    Thanks,

    Chris
     
  13. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    Attack is The best manner to test a program and to see how powerfull and efficient it is.
    Those test cost time, that's why i've made them slowly (one product per week) but seriousely.

    Chris12923, Antihook test has already bee finished last month and it 's in fact an interesting program (see the image).

    Regards
     

    Attached Files:

  14. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    I used AP up until today. Today I uninstalled AP because it was a resource hog. i now used Process Guard and Prevx Home instead. AP was really good but yes... a resource hog even though the stats in task manager are pretty low, it makes this machine grind alot.
     
  15. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    You are better off with Prevx . especially since you are running PG .
     
  16. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi all,

    I installed Prevx Home alongside ProcessGuard and RegDefend just to see what happens. So far, it has worked fine in some brief tests. It seems pretty stable compared to the product I tried out several months ago. I think I will leave well enough alone unless someone has found a good reason to upgrade to Prevx Pro. I will probably send them money no matter what, after 30 days, since I do like supporting those who support me. But is there any reason to go to Prevx Pro if I already have ProcessGuard and RegDefend?

    Thanks.

    Rich
     
  17. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Hi Rich .
    The Pro will give you more configurability . You can turn off more things . Pretty nice feature to me . I can turn certain off in the Pro that I do not need as other programs handle it and it makes it pretty nice . cannot wait for the new version . Coming soon to a computer near you !
     
  18. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Thanks Hollywoodpc. I'll be checking it out and waiting for the new Pro version. Would you say the Pro version is stable. I am asking, because my guess is that the Home version is the one that is getting the most use and testing and usually the "free versions" turn out to be quite stable because of all of the usage. Any opinions?

    Thanks for the help.
    Rich
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Hi Richrf

    I am running the Pro version along with ProcessGuard,Regdef, etc. and it is quite stable.

    Pete
     
  20. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Thanks Peter. If anyone has contrary experiences, please let me know. Thx.

    Rich
     
  21. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Sorry for the delay . Pete is on the money . At least , for me . Pro runs smoothly . No problems and they tend to pay attention to both versions equally .
     
  22. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Thanks Hollywoodpc. So far my trial is going well. I'll give it a few weeks and if everything is fine and dandy, I will give it a permanent install.

    Rich
     
  23. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Remember . New version coming soon
     
  24. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Thanks Hollywood, I'll be looking for it.

    Rich
     
  25. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    They tell me it ought to be a doozy . Is that a word ? LOL . I am looking for it too .
     
Thread Status:
Not open for further replies.