Anyone tried free Samurai host-based IPS?

Discussion in 'other anti-malware software' started by uhoo, Jun 11, 2005.

Thread Status:
Not open for further replies.
  1. uhoo

    uhoo Guest

    Who's tried Samurai? http://www.geocities.com/turbotramp2/samurai.html I've heard it can help defend against rootkits and other malware. Is it just a simple hosts file? Or something more? If it's a hosts file, how can it stop rootkits? Thanx for replies.
     
  2. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Very interesting, thank you much! It's a very nice little hardening tool with great promise. The only other hardening tool that I've seen with all that this covers is Qwik-Fix, which doesn't have the rootkit prevention. Definitely a keeper, I'll have to put this on my hardening page.

    Here's the description of the rootkit protection from the help document that comes with it:
     
  3. uhoo

    uhoo Guest

    Ok, thanks Notok. I guess I was looking for some confirmation that it was safe to use, even though I didn't actually post asking about that. So it looks like we helped each other, and maybe some others who view these forums too. :)
     
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I hope so :) Since I already have most of the protection settings covered with other software I didn't try out a lot of the options, but it looks promising enough. It does have an uninstall in case it messes anything up, which is always a risk with system hardening. I did try the rootkit protection part, though, and my system didn't explode :) If you still have reservations about the protection settings just create a restore point before applying.

    Edit: ok, I just gave it a try, minus the IE protection stuff.. I'll post back if there's any problems, but I don't anticipate anything. It's really all pretty straightforward stuff. There were no prompts by my firewall or anything. Thanks again, this looks great :)
     
  5. Arup

    Arup Guest

    This one looks to be on the line of Harden IT and Secure IT combined, good stuff.
     
  6. stillsmokin'

    stillsmokin' Guest

    Looks good but is there a way to disable everything all at once or maybe restore everything back to the state you were in before you ran the program?

    Like a one click button to restore everything if you have any trouble with the program? Sometimes things won't run right if you use a program like this. Even the somewhat similar program (though much smaller) Bugoff can keep you from being able to use Windows Update!! So it's good to know if this program (Samurai) has an easy way to restore any changes back if you should have any trouble. TIA.
     
  7. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
  8. stillsmokin'

    stillsmokin' Guest

    Thanks Primrose. :)
     
  9. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743

    Attached Files:

  10. Xmen

    Xmen Guest

    Nice it even wiped out Proccessguard. :))
     
  11. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743

    Looks like there is only so much room on the PC these day for the good stuff.
    :p
     
  12. P.Gallo

    P.Gallo Guest

    Does any one know how we can determine what to disable and what not to disable with this app?

    It would be very helpful if there was some kind of guide somewhere that explained it somewhat better (preferably geared to newbies ;) ). Perhaps telling what each entry disables and what possible effects it may have on your system, and which programs it may effect, services ect....for example, will anything disable Windows Update or other essential Windows services? That could drive a newbie crazy if they didn't know Samurai was blocking them.
     
  13. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    If a newbie on my machine select everything and apply: the AV wouldn't update anymore and the laptop couldn't connect to Internet. Also Peerguardian won't work anymore.
    So not a thingy for average home users. Even after reading the included .doc in the zip file.
     
  14. P.Gallo

    P.Gallo Guest

    I don't consider myself a newbie, but I'm still having trouble figuring out what I should disable and leave enabled with this program. That's why I asked, and I threw in the part about it being "geared to newbies" so it would be helpful to all who may wish to use this program. But I myself don't really require it to be in "newbie talk" only. I would just like each thing to be explained somewhat better so we know for certain what we are disabling and what effects we can expect from doing so. Thanks.
     
  15. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    The anti-rootkits protection is interesting, especially because Samuraî intercepts the API syscalls and could alert the user if a driver is loaded (as a service or not).

    but this soft does not provide configuration features like ProcessGuard or System Safety Monitor.

    Regarding hardening options, it could be interesting only for the user who has not hardened his system yet.

    Regards
     
  16. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Doh, there website is down. Will have to check back later. This sounds interesting. :)
     
  17. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743

    No it is not..just ran out of allocated service time..

    so you can get it here now

    http://www.majorgeeks.com/Samurai_d4635.html
     
  18. lynchknot

    lynchknot Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    904
    Location:
    SW WA
    Is this normal? (modifying memory)

     
  19. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Yes I noticed that Primrose thanks. I was wanting to go to the developers site to see what info was posted. ;)
     
  20. Terryala

    Terryala Rest in Peace

    Joined:
    Sep 2, 2003
    Posts:
    60
    Just a heads up..

    Samurai has been pulled from Major Geeks Download due to possible copy write issues.

    Grand Dad
     
  21. redford72

    redford72 Guest

    If anyone wants it, just post here and ask. I will upload it to Yousendit, where you can download it up to 7 days after I upload it there.
     
  22. redford72

    redford72 Guest

    Note to above post:

    It looks like it can be downloaded from the main download link posted above from Uhoo (post # 1) so that's where I would download it from. The best place to download from is usually the authors website. But I would still gladly upload it to Yousendit, if anyone has any trouble with that download link.
     
  23. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    This is incorrect. Just in case anyone else asks, this can't "wipe ProcessGuard" without YOU allowing it to. It access PhysicalMemory, I assume to restore the SDT as we have seen before, restoring the default table. It also does try to get to Kernel mode by installing a driver. Only trusted programs should be allowed such privileged access.

    While this program is clearly useful for non protected and possibly rootkitted machines, it does however present a problem for those who want to use this with PG installed. You should NOT allow this Physical Memory access by default, or on every reboot if you want PG to keep working. Allowing it to get to Physical Memory will remove PG's own hooks (which look like rootkit hooks to such a generic method of removing them) - by clearing the SDT as explained above. Allowing driver access is fine, just not Physical Memory.

    Allowing Physical Memory access will also remove any other similar hooks which many protection programs put in place. Its a slight problem/incompatibility/bad SIDE EFFECT users MUST be made aware of if using this program. The only option which would use this is the clear rootkits - so users could run that option once, run a complete virus scan, disable its Physical Memory access in PG, then reboot and have PG protecting them again. In some ways, this could be the best-of-both-worlds. Just be aware.
     
    Last edited: Jun 27, 2005
  24. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    damn, im always interesting in trying the latest security apps but because of this incompatibility ill just have to skip this as processguard takes priority. the rootkit scanner doesnt sound that interesting, as f-secure blacklight is an alternative.
     
  25. Pollmaster

    Pollmaster Guest

    That's true of course. But I would think that one of the oft given advise is to give your security programs all the rights it wants (you do trust your security proggies right) ? It just happens that in this case following such a policy would wipe out PG. Not that I was dumb enough to fall for such a basic error, but others might :)
     
    Last edited by a moderator: Jun 27, 2005
Loading...
Thread Status:
Not open for further replies.