Anyone tried free Samurai host-based IPS?

Who's tried Samurai? http://www.geocities.com/turbotramp2/samurai.html I've heard it can help defend against rootkits and other malware. Is it just a simple hosts file? Or something more? If it's a hosts file, how can it stop rootkits? Thanx for replies.

 

Very interesting, thank you much! It's a very nice little hardening tool with great promise. The only other hardening tool that I've seen with all that this covers is Qwik-Fix, which doesn't have the rootkit prevention. Definitely a keeper, I'll have to put this on my hardening page.

Here's the description of the rootkit protection from the help document that comes with it:

 

Ok, thanks Notok. I guess I was looking for some confirmation that it was safe to use, even though I didn't actually post asking about that. So it looks like we helped each other, and maybe some others who view these forums too.

 

I hope so Since I already have most of the protection settings covered with other software I didn't try out a lot of the options, but it looks promising enough. It does have an uninstall in case it messes anything up, which is always a risk with system hardening. I did try the rootkit protection part, though, and my system didn't explode If you still have reservations about the protection settings just create a restore point before applying.

Edit: ok, I just gave it a try, minus the IE protection stuff.. I'll post back if there's any problems, but I don't anticipate anything. It's really all pretty straightforward stuff. There were no prompts by my firewall or anything. Thanks again, this looks great

 

This one looks to be on the line of Harden IT and Secure IT combined, good stuff.

 

Looks good but is there a way to disable everything all at once or maybe restore everything back to the state you were in before you ran the program?

Like a one click button to restore everything if you have any trouble with the program? Sometimes things won't run right if you use a program like this. Even the somewhat similar program (though much smaller) Bugoff can keep you from being able to use Windows Update!! So it's good to know if this program (Samurai) has an easy way to restore any changes back if you should have any trouble. TIA.

 

This might help..keep you eye on this thread


http://www.dslreports.com/forum/remark,13622546

 

Thanks Primrose.

 

New download link for the program..thanks to some very nice people


Go here now to download.

http://www.majorgeeks.com/Samurai_d4635.html

 

Nice it even wiped out Proccessguard. )

 

Looks like there is only so much room on the PC these day for the good stuff.

 

Does any one know how we can determine what to disable and what not to disable with this app?

It would be very helpful if there was some kind of guide somewhere that explained it somewhat better (preferably geared to newbies ). Perhaps telling what each entry disables and what possible effects it may have on your system, and which programs it may effect, services ect....for example, will anything disable Windows Update or other essential Windows services? That could drive a newbie crazy if they didn't know Samurai was blocking them.

 

If a newbie on my machine select everything and apply: the AV wouldn't update anymore and the laptop couldn't connect to Internet. Also Peerguardian won't work anymore.
So not a thingy for average home users. Even after reading the included .doc in the zip file.

 

I don't consider myself a newbie, but I'm still having trouble figuring out what I should disable and leave enabled with this program. That's why I asked, and I threw in the part about it being "geared to newbies" so it would be helpful to all who may wish to use this program. But I myself don't really require it to be in "newbie talk" only. I would just like each thing to be explained somewhat better so we know for certain what we are disabling and what effects we can expect from doing so. Thanks.

 

Hi,

The anti-rootkits protection is interesting, especially because Samuraî intercepts the API syscalls and could alert the user if a driver is loaded (as a service or not).

but this soft does not provide configuration features like ProcessGuard or System Safety Monitor.

Regarding hardening options, it could be interesting only for the user who has not hardened his system yet.

Regards

 

Doh, there website is down. Will have to check back later. This sounds interesting.

 

No it is not..just ran out of allocated service time..

so you can get it here now

http://www.majorgeeks.com/Samurai_d4635.html

 

Is this normal? (modifying memory)

 

Yes I noticed that Primrose thanks. I was wanting to go to the developers site to see what info was posted.

 

Just a heads up..

Samurai has been pulled from Major Geeks Download due to possible copy write issues.

Grand Dad

 

If anyone wants it, just post here and ask. I will upload it to Yousendit, where you can download it up to 7 days after I upload it there.

 

Note to above post:

It looks like it can be downloaded from the main download link posted above from Uhoo (post # 1) so that's where I would download it from. The best place to download from is usually the authors website. But I would still gladly upload it to Yousendit, if anyone has any trouble with that download link.

 

This is incorrect. Just in case anyone else asks, this can't "wipe ProcessGuard" without YOU allowing it to. It access PhysicalMemory, I assume to restore the SDT as we have seen before, restoring the default table. It also does try to get to Kernel mode by installing a driver. Only trusted programs should be allowed such privileged access.

While this program is clearly useful for non protected and possibly rootkitted machines, it does however present a problem for those who want to use this with PG installed. You should NOT allow this Physical Memory access by default, or on every reboot if you want PG to keep working. Allowing it to get to Physical Memory will remove PG's own hooks (which look like rootkit hooks to such a generic method of removing them) - by clearing the SDT as explained above. Allowing driver access is fine, just not Physical Memory.

Allowing Physical Memory access will also remove any other similar hooks which many protection programs put in place. Its a slight problem/incompatibility/bad SIDE EFFECT users MUST be made aware of if using this program. The only option which would use this is the clear rootkits - so users could run that option once, run a complete virus scan, disable its Physical Memory access in PG, then reboot and have PG protecting them again. In some ways, this could be the best-of-both-worlds. Just be aware.

 

damn, im always interesting in trying the latest security apps but because of this incompatibility ill just have to skip this as processguard takes priority. the rootkit scanner doesnt sound that interesting, as f-secure blacklight is an alternative.

 

That's true of course. But I would think that one of the oft given advise is to give your security programs all the rights it wants (you do trust your security proggies right) ? It just happens that in this case following such a policy would wipe out PG. Not that I was dumb enough to fall for such a basic error, but others might