Bouncer (previously Tuersteher Light)

And this post and the one below re further cleanup of .ini, .log, .sys ... ?

 

Thanks a lot.

 

Just a quick question here for anyone who has been a user or follower of Bouncer, MemProtect, Pumpernickel, etc.

I've had a few suggestions from well respected forum members to keep this thread for Bouncer specifically, and create another thread that would be something like "Excubits Beta Camp - Discussion" that would be for discussing any of Florian's other drivers, sharing configs for MemProtect, Pumpernickel, etc. So essentially one thread for stable Bouncer, the second thread for Beta Camp drivers support and discussion.

Does anyone have any objections to creating another thread specifically for the Beta Camp drivers? Or any suggestions in particular?

I figured I would reach out to you all first to get some opinions before I create another thread. I hope you all are having a great weekend!

 

Another thread makes sense.

 

I fully agree. A normal grade of paranoia and some basic mitigations should work well for most users. For me this is an anti-exe, vera-crypt, ms-defender, backups, frequent updates/patches. It worked very well for a decade of years now. A few weeks ago I posted a short essay in this threat, that in my opinion a basic mitigation set should work very well. If you are afraid of targeted attackes (or more sophsititaced ones), I recommended to use an Raspberry PI for surfing around on risky sites and opening e-mails. I think that using a Paspi could also protect a lot, and it is somehow the cheapest mitigation technique that only costs once and can help a damn lot as an additional surf station...

Absolutely!

I see this too. Many people tend to install 3-4 AVs, a Desktop Firewall, additional anti exploit tools, several drive encryption stuff and at the end wonder why things do not work etc. etc.

Yes.

For sure, "less is more" and also (especially) enhances security.

 

Absolutely: it makes sense and is more equalized i guess.

 

I don't see the attack too.
That was only a simple answer from me to the question if ransomware can access the disk data directly.
Yes, with admin-rights it can.
This was not meant to be as an attack of Pumpernickel or other security apps.

 

I would prefer separate threads for Bouncer, MemProtect and Pumpernickel, because each of them can be purchased as separate product and needs it's own config file.

 

@WildByDesign
i suggest you or Florian to create page on github.share rule and and put tutorial and then if anyone have issue,can open an issue.
much easier

 

Run elevated command (Run command prompt as Admin), type

sc stop Pumpernickel
sc delete Pumpernickel

check by typing
net stop Pumpernickel

Service should not be found anymore

 

Use Notepad++ (or a similar solution). You can keep tuersteher.log and tuersteher.ini open all the time (even between reboots) and copy/paste from LOG to INI in seconds. For best results you are required to optimize the rules yourself, so there will never be a GUI to fix that. Florian could at the most build a highly specialized text editor and improve the traybar tool a little bit. I wouldn't rate those improvements as high priority, because they wouldn't reduce the knowledge you need. So the target audience would still be the same.

The other solution would be to provide buildings blocks containing predefined rule sets and a GUI to activate / deactivate them, but that should be a separate product.

The current workflow and the complete freedom and customization it provides are the main reason why I prefer the drivers from Excubits. I want to protect family, friends and customers in the future. They shouldn't have some GUI making it look easier than it is and ideally end users shouldn't even think there's a chance for them to administrate the kernel drivers by themselves.

If you want to protect regular users, you don't want dialogs like "Do you wan to allow x to do y?". They should be forced to call you, if the rules need to be expanded. Otherwise the biggest security risk - the user - is not mitigated. I hope the drivers never will be just another toy for the freeware / lifetime licence collection of script kiddies, but a serious solution we can adapt to new threats and findings.

More and well documented configuration examples are far more important in my opinion. We shouldn't have to search through 50 pages in this thread to find a solution to allow Microsoft Updates, Office Updates and Chrome/Firefox Updates with minimal security risks. And even if you read all 50 pages, there still isn't an answer for some of that questions. Installation-Mode and #LETHAL are no solution to use the drivers on systems of regular users we want to protect. So absent documentation and examples for everyday problems are the real constraint.

$/€ 35 only includes one year of updates. You can use the license forever, but I guess most of us want new features in the future.

As far as I understand Bouncer's Parentcheck-Feature works like EMET's ASR. The difference is, that ASR is a blacklist solution and you have to configure all disallowed modules, while Parentcheck can be configured as whitelist solution.

I guess Google already uses many other technics that can be enforced by EMET. So the question is, what befits (additional security features) do we get from EMET, MBAE or HMPA if we already use latest Chrome with Parentcheck and if there are any, why doesn't Google implement them in Chrome? Solutions like EMET should be most useful for legacy applications and not very helpful for well written modern code.

Excubits MemProtect on the other hand is always a good idea, because it could prevent damage if an exploit succeeds in circumventing Chromes built in security features, EMET, MBAE or HMPA.

In most cases it should be enough to boot WinPE from USB/CD and remove / rename the INI file, if you have problems with misconfiguration of Excubit drivers.

Do you have links that provide additional infos about the different features between MBAE, EMET and HMPA?

 

$35 per year
Where did you get this information from?
It's not mentioned in the Terms and Conditions

 

Florian told me by email - if you already have a license it may include lifetime updates, but new licenses only include updates for one year.

You get 50% discount on the future price if you want to update after the first year. So it would be €/$ 17.50 from the second year. Maybe €/$ 25, if he raises the price.

You don't have to pay again, if you don't need the new features. The license is lifetime.

 

That is (was) my understanding too. You can use Bouncer lifetime, there is no re-newal needed. The first year includes software updates, so you get the new versions within the first year. At some point it is understandable that you cannot get all the future updates for free - its like buyin MS Word back in 1990 and still get Word today ;-) from a business point of view this would not make sense. So lifetime usage and 1y updates sounds ok for me.

 

Yes, from my experience lifetime updates result in stagnation sooner or later, because the developer has no further incentive for improvements. So after some years it doesn't make a difference if updates are free, because there are no updates without permanent revenues.

On the other hand €35 is a bit high for a non-commercial licence in my opinion - after 5 years this would be €105 - that's twice as much as I pay for my much more complex antivirus solution and the most I pay for any of my other licenced software.

If you consider the much smaller target audience it's somehow ok and didn't stop me from buying a license. I'm happy the developer is improving the solution and is sharing the results with us. And if I see how much some users contact him for support (not the real internal beta testers or real bugs), it's actually quite cheap.

 

Since Oct 18, 2015, bouncer (stable version) has not updated once yet.

Since when is there only one year update license?

 

Ouch. A real gut check with that statement. Sorry to see there will NEVER be a GUI to better assist this unique creation.

It's clearly understood now that MANUAL text editing with notepad (or other) is also included in the price we pay for it.

 

Well, there were several updates in 2015. This is not true. You are right, the last update was in october 2015 but if you read Florian's blog you will see that he is still working on a new version and it will be released sooner or later. So not to worry.

Sorry to be harsh: Oh my gosh, reallllly??!?!?! Why do you need an additional GUI to set paths like C:\Windows\* or E:\Software\OpenOffice\* ?

Is this really so hard to do with an simple text editor? That exactly is the beauty of Florian's tools. They come without any bloat - a thing that is often discussed with other software where people say: too slow, to bulky, to much phone-home functionality, too many updates, to complicated GUI, etc.

Now there is a software that took this into consideration and puts it to a beautiful and maximal minimum. An now we read here and there: why not auto-update, why no better GUI, why no wizards.

If Florian would implement all these wishes at the end Bouncer/Tuersteher would be the same bloaty and bulky trash software we already have. It is that simplicity thing that makes it what it is. Have you read security news about the latest Symantect and other AV security breaches. This is what happens if you have software full of bullshitty functionality to make it colourful and with 1000000 of stuid functions you do not need.

If honestly hope that Bouncer keeps its simplicity, because this is what it really makes it so powerful. For years I have not seen a software that was so clean and tidy. A software that could be just deleted by deleting files and using net stop and sc delete. That is absolutely wonderful and I think this should be honored, and 35 bucks is not taht much. 4 times Starbucks or a Merchandies T-Shirt of your beloved (Rock) Band costs exactly the same - how long does a T-Shirt last? One year washing and drying, and most of them looks like ****. You can buy Bouncer now and can still use it in 5, 6 or 7 years. Even an AV must be relicensed at least every 2 years.

Such discussions really suck. Its like the people saying: I do not want to pay for that CD of the band XY. Why paying $15 for an album? It is to much. Well, it is not cheap but you should honor the work of people. I guess that you also expect your boss to pay you for your work. And this is the point: buy films, music and Software legally, because these people also work hard. It is not that they just sit around, do nothing but party and music, films and software falls from sky and they earn money without working for it.

 

Bought a license several months ago, but did not see or hear of anything about "One year" at that time.

Can @WildByDesign confirm this "One year" update policy with Florian and give us a clear answer?

 

All i'm saying is that it would be nice if it had a GUI.

It's not that big a deal either way.

 

Well, I think you will get the new version. From my experience Florian has great user support. I do not worry.

If you are a customer you can already get the current version (which is currently only available as beta). I am using the brand new version of Tuersteher with CMDChecking and as a unlimited full version, incl. updated manual describing priority rules and cmd checking - I just asked him if he would provide me this version although it is only currently available as beta. He provided me the version and it works absolutely great, without any issues, no BSOD, no nothing. (personally I wonder why he did not already publish it as final, but I guess it will be released soon).

From what I have read written by @WildByDesign I think he also has this brand new version - also without any issues. So, do not worry.

 

Could someone be kind enough to inform me how to correctly unregister, and delete the Bouncer.sys driver for the beta version. I forget, it seems I remember using an elevated command prompt, and using command sc something ... I asked Florian for a beta version without the data limit since I paid, and it seems I may have received a beta version that still has the data limit in the .ini file so I will not be able to use my policy with it. I will just use the stable premium for now.

 

Open an elevated command prompt:

Code:

net stop Bouncer
sc delete Bouncer

 

Thank you so much!

 

You can put

Code:

@Echo off

at the beginng of these .cmd-files to get a less verbose output after executing.