Discussion in 'other anti-malware software' started by aigle, Mar 1, 2006.
how good is desktop armor?
Hi aigle, It's more than just good, i find that it's excellent ! Apart from blocking all web bugs, it has anti phishing built in too. Plus there are numerous other ways it helps protect you. And of course all the tools in there too.
I'm sure you can install it for 30 days for free to try it out, so i guess that's the best way to find and fully test it. I got it mainly for the web bugs blocking feature, all the other stuff was a welcome bonus.
It's a nice combo application. Rather solid. It's similar to Geek Superhero, without the flashy animation. The program does some registry protection, privacy protection and removes web annoyances. Not irreplaceable, but useful for people who do not wish to tweak too much or are average users.
How to compare it with WinPatrol.
Winpatrol is more oriented globally. It monitors large portions of registry and startup. Desktop Armor monitors smaller portions of registry plus some less known areas, so to speak. Furthermore, Desktop Armor has good web control, and a number of interesting miscellaneous features.
Winpatrol is more sort of a policeman. Desktop Armor is more sort of a SWAT, if you like the analogy. You can combine the two with some overlap, or go for a third application altogether, which offers the entire spectrum.
You can also use only Winpatrol if you have sufficient knowledge how to protect yourself against web annoyances and how to handle group policies. Mainly, you can achieve that using Firefox with extensions or maybe Proxomitron web filter. Group policies might be a bit more advanced, but they are not too difficult to learn. Besides, even if you decide not to go in this direction, Winpatrol will be sufficient and will protect you against most common registry buggers. The oddities will always skip this or that scanner or this and that registry tool, no matter how advanced they are. You can claim the same for Regdefend vs Desktop Armor or Arovax Shield vs Winpatrol and so forth. Just go with what makes you feel most comfortable.
Winpatrol is a well respected little tool, plus it's free.
ok, but pls just can you expolain about arovax shield, is it better than Winpatrol.
Hey Mrkvonic, while you are at it, could you also explain about the differences between Online armor, Appdefend, Regdefend, Processguard, Geek Supergeek, Startguard ,Prevx1, SSM , Safe N sec etc for starters?
Is any of these better than Winpatrol?
I never meant this!
Wow, that's a lot.
First, there's a guy on Wilders called kareldjag, he does lots of testing, he's a real pro when it comes to testing. He will most likely give you better and more accurate analyses.
Second, I can answer the question not as an objective comparative tester, but as someone who has trialed several of these, for personal purposes.
What is better - is not a legitimate question.
Better is subjective. What suits you may not suit someone else, even if theoretically raw performance might be in favor of one of the applications. For instance, Tiny Firewall - it's supposedly very powerful, but if you cannot utilize it and bend it to your needs, then it's useless. That's one of the reason why Norton, a theoretically inferior software, is the prevalent anti-virus in the world, because the average user, the common man, finds it much friendlier than Kaspersky, Nod32 or maybe UNA (just throwing names).
Which is better?
This could also be based on experience.
Then in that case, no one is, because I have never caught any malware with anything ever.
But .. in terms of intuitive friendliness, interface, cpu usage, ease of installation / uninstallation, conflicts with other software, bsod etc.
Both Arovax and Winpatrol are light, friendly, easy to use. I tested them both. Arovax has more limited options available in the interface, so it might be better for someone who wants a fire and forget solution. Winpatrol is more tweakable. Both give reasonably same quality of alerts and cover pretty much the same areas.
If you don't like to tweak - go for Arovax. If you do, go for Winpatrol.
To the other request:
Most of the softwares mentioned are one step above Winpatrol. They are fully fledged HIPS. Winpatrol is mainly registry monitor. It does not have a sophisticated application or memroy control.
For starters, did you mean, for starters as users, or for starters I might have more questions later on.
My experiences with the relevant softwares:
Online Armor - intuitive, friendly, good support, light on the system, suitable for average users.
Appdefend - not tried.
Regdefend - light, difficult prompts, not for average user.
ProcessGuard - light, powerful, difficult prompts, not for average user.
Geek Superhero - light, funny, multirole, good for average user.
Startguard - not tried.
Prevx - heavy on resources, some conflicts with installs of other softwares, not very intuitive, not for average user if to be used properly.
SSM - light, some conflicts with other softwares, extremely difficult, for advanced users.
Safe 'N' Sec - extremely difficult, for advanced users.
Again, MY personal experience - not a divine review by any means. Ny intuitive I mean how comfortable you feel with the software after 10 minutes without referring to a help file.
What would I use?
I do not think HIPS are needed. They will ultimately prompt you and ask for conflirmations. For example:
Process lsass.exe is trying to modify the HCLM\Users\SetValueError to 2, do you want to allow this to run? Note, this might be part of your installation.
What the hell does this tell you?
Well, if you know what processes are supposed to do, then you don't need HIPS, and if you don't know, then your click on the prompt is arbitrary as a roll of dice.
If you have doubt about running software on your machine - don't run it.
If you don't have doubts, you'll allow it, right? And it doesn't matter if it's good or not. For instance, a friend gives you a crack for a game. And you really wanna play. You'll run that crack, no matter what. And think it's safe, cause it comes from a friend.
HIPS is not the way to go in my opinion. Understanding how HIPS work is the way to go. Learn the functionality of registry, memory and processes and you will be able to deal with changes / threats. Otherwise, you can put a monkey in your place and let him click in your place.
HIPS is good for advanced users who want control over their processes and registry, not for average users who want to know if the subject processes are legit or not.
But still, if I HAD to choose.
From the pool of registry monitors, I would choose:
For fire-and-forgetters - Arovax.
For tweakers - Geek Superhero / Desktop Armor.
For uber-tweakers - Winpatrol or MJ Registry Watcher.
For fire-and-forgetters - Online Armor.
For tweakers - ProcessGuard.
For uber-tweakers - SSM.
Since I use SafenSec, I thought that I'd comment since my impression is rather different than yours.
I tend to view SnS as basically easy to use. It suffers that same prompt problem that you mention (i.e. Process lsass.exe is trying to modify the HCLM\Users\SetValueError to 2, do you want to allow this to run?) which effects Process Guard/RegDefend/AppDefend etc., although SnS tend to be somewhat more selective in what is monitored, so there are far fewer prompts to deal with in my experience. In the corporate version, you can also basically configure it to a default deny state with no prompts if desired. But you're absolutely correct in noting that at some point one generally has to make a decision that the user may or may not be equipped to render. That's partially the nature of this product class.
The general comments you make are quite correct.
In the time I've had SnS installed on my home machines, it has saved "me" once, and that was when I assume my son either ignored an AV alert or the malware was not flagged by the AV at the time - I'm not sure which occurred.
Thanks for your comments, Blue.
As to Sec, well we are different people with different tastes, after all .
It is a lot indeed, and you seem to have a vast knowledge of security softwares. However I do not agree with your statement that HIPS are not needed, on the contrary they are the new approach to malware based on process analyses rather than signatures.
I do agree that most of these prompts are either useless or difficult to interpret (I'm referring specifically to ProcessGuard full, my choice) but these applications do more than just prompt: Protecting all of my security from termination, blocking every new and changed application from starting (a powerful tool, when this function is activated).
Sometimes one can even decide whether to block or allow considering the circumstances, that is if you get a prompt out of the blue while visiting a particular site, well common sense would suggest to block and later one can always allow if it was the wrong decision.
I'd say all of the firewall tests I cared to try were killed from the outset from ProcessGuard which makes a computer almost impenetrable in conjunction with a firewall.
I agree with you most users don't care, but at Wilders at least people are willing to learn.
Similar, It's actually identicle in what it does. Same author, same company. They brought out Desktop Armor for the people who don't enjoy the cartoon graphics in Geek Superhero.
Oh, and it's a great app. It has lots of toys to play with. Well suited to blokes. Ask any woman about blokes and how they love their toys.
Yep, and taste does play a large role in these choices, probably more than we'd like to admit (after all, my selection was on purely performance grounds..., wasn't it??).
Cheers (from a fellow Matlab user as well ),
Thanks Mrk for your reply.
Of the heavy duty stuff with some form of exe white-listing I personally find Prevx1 the quietest, followed by online armor and safe n sec. But Prevx1 feels heavy because it needs to do all the community access stuff.
On the other site of spectrum, I think Antihook gave me the most prompts followed by SSM.
The rest like Appdefender,PG are in between.
Stuff like Winpatrol don't prompt on new processes starting so they tend to be the most quiet.
I'm talking about default setups of course with learning modes on, advanced settings off , most of these can be tweaked so that they can be damn noisy!
Kareldjag's site is nice but not very useful for me. It's nice to know that random security program can block random hacker attacker method I admit and that another security program fails.
I think it's pretty useless because you can't tell if the attack method is commonly used, or if it is just a curiosity that isn't used in the field because it's unstable.
Still I suppose if i want to be super safe, the best one is the one that prompts me on everything!!!
I tried to trial SSM the other day. First off, I had a hard time locating it -- it isn't any longer on the website of its originator. Secondly, once I found it & began installing, I noticed that the EULA allowed only 60 days of usage. At that point I aborted because: (1) I couldn't find a way to buy SSM if I liked it and, (2) neither was it any longer free.
A strange situation -- not free but can't be bought. Question 1- Did I overlook something about being able to continue using SSM after the 60-day period? Question 2- Does anyone know the currently correct URL for SSM?
As to WinPat, Arovax, & DeskArmor -- I could find no way to determine exactly WHICH registry items they cover. Neither could I find a way to add or remove registry items that I want scanned. Question 3- Am I wrong in thinking that non-disclosure & non-configurability of covered registry items is a rather significant weakness in applications that purport to protect one's registry?
I don't know the new SSM url, wasn't interested in it recently.
SSM is beta software and should soon become payware, as far as I know.
Inability to add sections can be a drawback - in that respect, MJ Registry Watcher is a preferable tool for you.
Just a few clicks on google.
I had to register in order to download SSM, but the speed is MUCH faster than it was with Max's site. I won't install until this evening because my granddaughter is here & wants to play Dragon Quest VIII.
Ah well, keeping the world safe from orcs is a tough job, but somebody has to do it. Yowzah!!!
Not to drag up an ancient thread, but I believe development of Desktop Armor/Geek Superhero has ceased.. Not a peep from the author, not a single update for nearly 2 years.
While many would consider it a completed product, and I wouldn't disagree, I am sure there is SOMETHING that would warrant an update. Optimizations, maybe some interface tweaks, or whatever.
Still, with all things considered, I install Desktoparmor on every relatives/family computer I setup, the "Tools" section has many helpful things, specifically the startup control, etc. However, I am migrating relatives/family to ArovaxShield for realtime protection (set to automatic), and DesktopArmor installed just for some lockdowns and tools, but not running in realtime.
Separate names with a comma.