AV-Comparatives tests Safe'n'Sec!

Discussion in 'other anti-virus software' started by SDS909, Jul 11, 2005.

Thread Status:
Not open for further replies.
  1. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    I knew SNS was great, but it is nice to see tests showing that indeed it is great!

    http://www.av-comparatives.org/forum/viewtopic.php?t=187

    I took a short look to the software Safe'n'Sec. It is a HIPS (Host based Intrusion Prevention System), available also in the version HIPS+AV (the AV included is Bitdefender). Due the combination of the HIPS+AV it provides good security (also against Spyware); in my short test it detected at least 95% of the malicious software.
    You can read more about the program on the official website of Safe'n'Sec. http://www.star-force.com/computer_security/
    Maybe a good complement to the other security software installed (AV, etc.), as it has proactive detection capability; try it.

    Regards,
    Andreas
     
  2. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    What would be interesting to know is how much of the malicious software is detected by BitDefender, and how much additional protection was provided by the SnS's IPS. I suspect the incremental protection is small, but possibly quite vital.

    Rich
     
  3. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Oh I know what their software does to my machine, I'm quite scared to installing anything from that company.
     
  4. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    He doesn't point that out, which I guess is a good question.

    I've thrown about 1000 pieces of Malware at just the Intrusion part of SNS and it has caught them all. No clue how it works in the broad sense of the hundreds of thousands of threats. But give the inability for my honeypot to be infected with it installed - i'd have to say it works really well.
     
  5. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Brian,

    Are you in a position to elaborate?

    I tried installing SnS a couple of times based upon the recommendations of several members of this group whose opinions I hold in high regard. However, each time I did, I received notification (upon restart) that ZoneAlarm (and one other program that I do not recollect) had been "changed". This was of some concern to me because:

    1) ProcessGuard is quite reliable with their alerts.
    2) ZoneAlarm is an important security component on my system (obviously)
    3) Star-Force has indicated that they were having problems with ZA conflicts that they were hoping to resolve with the next release.

    My questions to them on their forum regarding these two incidences were never answered. I recovered by doing a complete image restore because I have no idea what happened during the SnS installation. Did you have any similar (or different) problems.

    Rich
     
  6. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    Seems to me they answered your question, and requested more information. Did you provide this additional information? I wouldn't call that "Ignoring" you, quite the opposite, as they seem to be very responsive to your questions.

    http://star-force.com/forum/viewtopic.php?t=63

    SnS does not modify any files. The problem with ZoneAlarm was system deadlock, now it has been fixed.
     
  7. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    The one answer I saw was that they are resolving a problem with ZoneAlarm. I do not know if this pertains to my issue.

    The other suggestion was that I run FileMon to track any changes to files. This I clearly cannot (and will not) do, since SnS is no longer installed. I obviously will not install any program when PG is alerting me that it is changing my firewall (that is why I installed PG, for these kind of alerts).

    I was wondering if Brian had similar experiences, since SnS is a new program, and it is not clear to me how well it has been tested or validated. If there is some problem with PG, it is extremely easy for Star Force (or DiamondCS if they are inclinded) to investigate and report. If it is a problem with my machine, then I will have to wait to see if the issues are resolved. But I surely will not re-install SnS until there is some indication of why I am getting this alert. So far, no one on from Star Force has given me any possible explanation. This is fine. I was just wondering if anyone else had a similar experiences.

    Rich
     
  8. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I've occassionally had false positives with PG. It doesn't happen very often, but it does happen. I wouldn't consider it cause for alarm when it's from a trusted program like SnS, just give it privs.
     
  9. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Notok,

    In this case, it wasn't an issue of privileges, since I installed SnS with PG in Learning Mode and gave it all of the privileges it asked for.

    What happened was when I re-booted, I received alerts from PG that Zone Alarm (and another program which I cannot recall) had "Changed". This is similar to the alerts I get when I update a program such as ZA. But in this case, it happened right after I installed SnS (which I thought was unusual) and it disappeared once I did an image restore. A couple of weeks later I tried another SnS install and the same thing happened, so the problem is replicatable (at least on on my computer). I found it very unusual, and of course of some concern.

    Have you had occassions when PG gave you a false alarm on a "program change"? It has been extremely reliable for me in this respect. Thanks for any additional info.

    Rich
     
    Last edited: Jul 11, 2005
  10. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Here's your answer.

     
  11. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Thanks Blackcat.

    Rich
     
  12. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Oh sorry, I was talking about their CD-protection system.. Where you just insert the cd in the computer and it just destroys everything, forcing you to format the harddrive.

    That's why I'm a little scared ;)
    It could very well be they have created a tool that actually works, but I'm not gonna try it. I'll leave that to the rest of you.
     
  13. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Blue Zannetti has experience using PG with SafeNsec. Youy might ask him.
     
  14. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Thanks Hammer. Maybe Blue will see this thread and respond with his experiences. The question is whether he is also using ZoneAlarm? I might check out previous threads and see what I can find out.

    Cya,
    Rich
     
  15. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
  16. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Thanks again Hammer. It looks like Blue is using LooknStop so he probably is not experiencing the same issues that I am. It appears that there is a known conflict (problem?) between SnS and ZoneAlarm. This has been acknowledged by Star Force. Whether the problem manifests itself in the alerts that I saw, I have no idea. So right now, I am sitting and waiting. ;)

    Thanks for the help.

    Cya,
    Rich
     
  17. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I take it Lock N Stop is not an option?
     
  18. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    For one thing, i'd put money on it being a PG error, since there is simply NO code in SNS that would alter any files. Assigning blame prematurely is bad.

    Also SNS isn't a new product. Fairly new to retail - yes - but it has been developed and in testing for over a year. Some very experianced people (including myself) have been running it for a year or more and testing the hell out of it. I've tested SNS on approximately 2500 pieces of malware, and I know someone that has tested it on double or more that.
     
  19. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I see The Hammer located my set-up - I had switched from ZA Pro when they hit that rough patch upgrading a couple of years (?) ago to Outpost and very recently went to LooknStop.

    I can say that I hadn't seen any strange interactions between PG and SnS while I was running both products. Do you have any idea when the ZA fix appeared relative to your experience? Were you using a freshly downloaded trial?

    Blue
     
  20. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi BlueZannetti,

    According to the second message in this thread:

    http://star-force.com/forum/viewtopic.php?t=63&sid=15bf5bb33fab7f0b3233efa019359abf

    they have a fix for a ZoneAlarm incompatibility which will be available in the next update. No date for the release was given. Right now I am just asking around to see if 1) anyone is running it with ZA and PG in place and 2) whether anyone has noticed a similar problem. Unless someone is running PG while installing SnS, the issue will probably not be noticed. For the life of me, I can't figure out what may have caused this PG alert, since I do not know exactly what PG is checking for nor do I know what SnS is doing during its install. But it definitely must be doing something since the "change" alert is directly related to the SnS install.

    If you come across anything or have any ideas, I would appreciate it if you would let me know. Thanks.

    Cya,
    Rich
     
    Last edited: Jul 12, 2005
  21. James Taylor

    James Taylor Guest

    Wow, are there really people running Regdefend+Process Guard+ Safe N sec?

    How about adding Antihook as well.
     
  22. patermann

    patermann Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    49
    Location:
    UK
    Just a wild thought (I don't know how ProcessGuard works so this may be way off base): When installing, if SnS updates a system DLL (or other "common" component - e.g. GUI toolkit) that is also used by ZoneAlarm, might this make it look like ZA has changed?
     
  23. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I believe you said in another post. I don't know where (possibly the safeNsec review in Other Antivirus) that the other affected program was Nero exe's. Hope this helps.
     
  24. James Taylor

    James Taylor Guest

    Processguard doesn't check dlls either.
     
  25. controler

    controler Guest

    The first thing I do when seeing "System Deadlock" peoblems is look at
    Event log Viewer. http://www.eventlogxp.com/
    Freeware.

    It mainly puts the system logs your machine saves anyway, into a easy to read GUI. or just go to System information, software enviroment, windows error reporting and see the same application errors.
    You will then know which program was really hanging :D

    Does SnS install a kernel driver then?

    You can look at application, security or system.

    controler
     
Loading...
Thread Status:
Not open for further replies.