HIPS like program to watch processes and apps

Discussion in 'other anti-malware software' started by moontan, Oct 9, 2010.

Thread Status:
Not open for further replies.
  1. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i would like a HIPS program that could tell me if an application is logging keystroke, capturing screen or clipboard etc...

    this is for information purpose only.
    that's why i don't want a full blown HIPS.

    something easy to understand would be preferable. ;)
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I was going to suggest these, Zemana, Spyshelter, but i see you already have Zemana :thumb:

    I've been using it for a while and as you probably know, it does have good HIPS features built in as well as Anti etc etc, which does what you want. So what else is it that you feel you need ?
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Spyshelter is a HIPS (called "System Protection") -- nicely blown but not full blown. ;)

    It does just exactly what you want. Zemana's HIPS is even less blown than Spyshelter's. Even so, Zemana (which you already own) will do all that you have requested in your post. So -- why not dance with the girl you brought to the party?
     
  4. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    well,

    it's because when my subscription runs out next year i have no intentions of renewing it.
    Zemana is a very good program but 40$ or so is not cheap.

    so i want to learn a new program.
    somebody here PM'ed me about Tiny Watcher.
    i'll give that a try and see how it goes.
     
  5. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,066
    Prevx SafeOnline Free, but will protect your computer only from infecctions coming from your browser. http://www.prevx.com/safebook.asp

    Comodo D+ Free, you can configure it monitor whatever you want. If you deactivate the system protection like in Spyshelter you will have very few popups, also the huge whitelist included helps. The good or bad thing is that you have to install it with the firewall included (you can deactivate it) and remember disable the sandbox.
    http://wiki.comodo.com/Image:Cf_def_adv_def_set2.gif

    You can have both D+ and SafeOnline

    Spyshelter and Zemana (paid). If you want to pay for any of them, I would recommend you Spyshelter.

    Probably Spyshelter will be better than any other for this specific purpose, not for the system protection but for all the others (logging keystroke, capturing screen or clipboard etc...) and also have a very active development.
     
    Last edited: Oct 9, 2010
  6. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i just noticed SpyShelter has a free version.

    maybe i should give it a try.
     
  7. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
  8. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx for all your suggestions folks.

    i think i'm gonna go with Tiny Watcher for a while as it seems a good tool to learn stuff.
     
  9. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    well,

    i had to try SpyShelter, because well, that's just how we roll, us folks at Wilders! ;)

    well that thing slowed my boot time , i got stuck at the "Please Wait" screen for over a minute.
    the only way to shut down was to hold the Power button for 8 seconds.
    Tiny Watcher complained that settings had been changed outside its watchful eyes.
    Windows complained that drivers and services were changed or missing.

    only thing i can see is incompatibility with Geswall but guess who's getting the boot? :D

    with softwares like SpyShelter who needs malwares? :thumbd:

    after all this, i think it's time to re-install an image just to make sure i got totally rid of that virus. :D


    "The horror... the horror........" :ninja:
     
    Last edited: Oct 10, 2010
  10. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I really like Spyshelter :D :thumb:
     
  11. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    if it works for you, go for it! :)

    like i said, it and Geswall probably aren't getting along one bit.
    ------------------------------------------------------------------
    edit: i uninstalled Zemana first of course, before installing SpyShelter.

    one thing for sure, i'll never touch SpyShelter ever again.

    like a wise man once said:
    "Fool me once shame on you.
    Fool me twice shame on ...... errrrr.....

    Fool me twice can't get fooled again!" :blink: :D
     
    Last edited: Oct 10, 2010
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    why didnt you like spysheltero_O
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Just because Spyshelter won't run well on YOUR particular computer does not warrant your referring to it as "malware" and "virus."

    I had an experience similar to yours. In my case it happened when I tried Zemana. For some reason Zemana didn't like my computer at all. In fact, I had a BSOD. Since lots of other people are happily running Zemana, I concluded that the problem was at my end -- NOT Zemana's.

    That is a more reasonable way to approach such an issue. If the same problem happens with many people, that is a different matter, of course. Thus far, I know of few if any people who have reported any sort of problem with Spyshelter along the lines you have mentioned.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Meanwhile, back at the topic. . .

    Your original post said: "i would like a HIPS program that could tell me if an application is logging keystroke, capturing screen or clipboard etc." You then stated that you do not want a HIPS that is full-blown. Several posts later you said you are going with Tiny Watcher.

    TW is not a HIPS, full-blown or otherwise. TW is an on-demand-only file integrity checker. It is a very good one. I use it myself. But it won't tell you straight out whether an app is logging, doing screen captures, or clipboard captures, etc. So I am puzzled why you brought TW up as a possible solution to the HIPS-type quest that you initiated in your original post.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Someone recommended Malware Defender. MD is a full-on classical HIPS -- VERY "full blown." However, for the purposes you have stated, you can pare MD's coverage down so that it LESS than full-blown. Namely, each of MD's 4 main components (File protection, Registry Protection, Network protection, Application protection) can be individually enabled or disabled. Here's a screenie of my set-up. . .

    Image 2.gif

    I have disabled Network protection because I am using a Firewall & it doesn't need MD's help.

    For your purposes, you probably would only need Application protection & could disable the others.

    NOTE: You can try MD in shadow mode -- it does NOT need a reboot during installation.
     
    Last edited: Oct 10, 2010
  14. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    bellgamin:
    Just because Spyshelter won't run well on YOUR particular computer does not warrant your referring to it as "malware" and "virus."

    of course.
    but i install a lot of softwares, and uninstall them as well, and pretty much all of them never gave me the "wtf is this s**t?" moment i got from SpyShelter.

    different strokes for different folks i guess...

    anyway, tnx a lot folks for all your suggestions and comments.
     
  15. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I understand how frustrating it can be to have that happen. It has happened to me rather more often than I would care to mention.

    Bear in mind that HIPS (primarily) and Firewalls (secondarily) are especially likely to cause conflicts because they hook the kernel. If there are already other hooks there, as is often the case, then instability will occur -- sometimes immediately and obviously (as in your case); sometimes slowly and subtly. The latter is even worse because, being slow & subtle, when instability does appear, it is difficult to identify its source.

    We all know that we shouldn't run two HIPS or two firewalls or two antiviruses at the same time. But those types of programs are notoriously difficult to uninstall cleanly. Some security programs even have special programs for cleaning up their remnants because the normal uninstall routines for those programs simply do not do a thorough job.

    Sometimes a previous one of these programs -- a firewall or HIPS or AV -- that we uninstalled, still has remnants of itself buried deep in our computer's system. If a newly install security app bumps up against one of these deeply buried remnants, it can cause instability and we cannot figure out why.

    Other types of programs - file managers, word processors, etc -- won't be bothered at all by remnants of security programs, but newly installed security programs very often WILL be bothered.

    That is why I prefer to uninstall test programs by restoring a pre-installation image. But sometimes a program that I want to uninstall has been on my computer for a long time. Ergo, restoring an image of my computer as it was PRIOR to that program would be very inconvenient. That's why I use Zsoft Uninstaller to monitor every installation. It does a good job of making sure that remnants are seldom if ever left behind.
     
  16. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx a lot Bellgamin for taking the time to explain things to a noob! ;)
    it is possible like you said Zemana left some remains behind when i uninstalled it prior to installing Spyshelter.
    or maybe it's just not compatible with Geswall.
    anyway...

    i will look into MD and Zsoft Uninstaller when i get somw times.

    cheers m8! :)
     
  17. huntnyc

    huntnyc Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    976
    Location:
    Brooklyn, USA
    Appreciate this thread a lot. I am thinking about installing Malware Defender but just want to make sure if I simply should uninstall LnS firewall and run MD with Windows Vista Firewall on? Hope this is not off topic and thanks.

    Gary
     
  18. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    you could still use your existing firewall i think and disable "Network Protection" as in the image above from Bellgamin.

    i had a look at Malware Defender and it looks very complicated to use.
    i think i'll pass but you might not be as "noobish" as me. ;)
     
  19. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    By the way I forgot, did someone put up a post with a list of all the HIPS apps?


    THANKS
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    If you are a low-risk computer user, then all you need is something like Private Firewall -- it's a FREE firewall + HIPS + Anomaly Detector. VERY friendly & easy to use, but gives very strong protection.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    If you are a high-risk user, then don't give up on MD. It is the Rottweiler of HIPS. Initial configuration of MD can be quite simple for the reason that MD has an excellent "Learning" mode.

    For an easy but effective initial configuration of MD, here's what my IT taught me . . .

    1- Put MD into learning mode

    2- Do 2 or 3 warm re-starts, so MD can learn all your computer's starting processes

    3- For the next 4 to 7 days of regular-normal-daily computer use, leave MD in learning mode EXCEPT put MD into "Normal" mode whenever you are doing unusual or possibly risky things (downloading or installing new software, surfing into shark infested waters, etc.)

    After a week or so, put MD into Normal mode & leave it there (with the possible exception discussed below).

    After its Learning period, MD will know your computer better than you do. Thereafter, when MD pops an alert, you had better pay attention.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    MD can be a real PITN when installing new software. This is true for basically ALL HIPS.

    Some HIPS offer a so-called "Install" mode. Don't let that fool you. "Install mode" is just another way of saying "Disable the HIPS while I install this program." In other words, Install mode leaves you basically unprotected.

    MD doesn't have an Install mode as such. If you want to make MD hush up while you do an install, put MD into Learning mode until the install is finished, then return MD to Normal mode. If you intend doing this . . .

    Before:
    1- Do a pre-install-scan of the software you want to install using Hitman, your AV, Bugbopper, etc.

    2- Make a pre-install image of your system disk

    After:
    Since MD was in Learning mode during the install, you can open MD and take a look at the rules MD "learned" for the newly installed program. To do that: right-click the new application's name on MD's list of applications > then click Properties > then click Default Permissions tab.
     
  21. huntnyc

    huntnyc Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    976
    Location:
    Brooklyn, USA
    Thank you much bellgamin for your above post on training MD. I am going to give this one a shot and see if I can make use of this wonderful program.

    Gary
     
  22. huntnyc

    huntnyc Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    976
    Location:
    Brooklyn, USA
    Any instructions about running Sandboxie with MD? Anything I should watch for or adjust for possible conflicts or are they fine together? Thanks.

    Gary
     
  23. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    When I ran Malware Defender 2.6 with Sandboxie 3.46 I noticed no conflicts, also I had put Sandboxie under "trusted applications" in MD.
    They ran well together here on Xp home.
     
  24. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx Bellgamin!

    i remembered i had a license of Online Armor Premium (20 months left) laying around so i installed it.

    i removed Geswall, since OAP Run Safer is pretty similar.
    no sense having 2 softwares doing the same thing.

    i"ll see how it goes and as long as the popups don't get too obnoxious it should be fine. ;)
     
  25. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    OA-Prem is superb. FW + HIPS. Protects Hojtsy's/Tony's list of registry items,. Doesn't cover files whereas MD does cover files. Otherwise, OA is every bit as powerful as MD & simpler to use.
     
Loading...
Thread Status:
Not open for further replies.