New Anti-executable: N-Shield

Discussion in 'other anti-malware software' started by Pliskin, Jan 26, 2013.

Thread Status:
Not open for further replies.
  1. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    341
    http://www.softpedia.com/progScreenshots/N-Shield-Screenshot-228188.html
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    thanks:thumb:
    i will try this now,nice to see a anti-exe with registry protection:) that's what i want
     
  3. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Wow. I wonder if its as good as NVT exe or voodooShield?
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,046
    I couldn't resist a quick look. I would rate it next to useless. Can only enter processes manually from what I can see. With over 2600 exe files and over 12000 dll files on this system. That is almost useless.

    Pete
     
  5. woomera

    woomera Registered Member

    Joined:
    May 21, 2004
    Posts:
    211
    i never actually understood the purpose of Anti-Executable softwares but guess they might provide an extra layers for some.
    thanks for sharing
     
  6. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,695
    Location:
    Zagreb, Croatia
    Ever heard of a 0-day driveby downloads or exploits, for example?
    Plus, not everyone use HIPS or BB.
    This kind of software is great for people who don't like popups and too many questions.
     
  7. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA
    What he said :thumb:
     
  8. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    I'd rather trust a reliable well-known AE like NVT EXE Radar Pro than some unknown program from Softpedia. Just my opinion.
     
  9. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Yes but you need to remember exe radar pro was an unknown when it first appeared.:gack:
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    It says self detection of viruses, and other infections. That's interesting coming from an AE. Registry protection as someone already mentioned above is good, but it can also be really annoying if it does not have white listing.
     
  11. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Only people that have no idea how to implement a HIPS have that problem. I run one in Paranoid Mode and haven't seen a popup in 2 months. In fact after about the first 2 weeks of using it I've seen less than a dozen total since. I can't believe this old wives tale still persists in 2013... especially in a place like this.
     
  12. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Any greasemonkey can create an application that issues pop up,s with every executable executing.:ouch:
    That is not security ...putting security decisions on the user is in fact making the computer less secure.o_O
     
  13. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    It's similar to Xyvos WhiteList which is a little bit abandoned...I think N-Shield is so good that it will not meet a similar fate. It's interesting but not revolutionary.
    ...............
    Are you so competent that you are so critical, ironic and unpleasant :thumbd:
    Look this...
    -http://yudha.binushacker.net/
     
    Last edited: Jan 27, 2013
  14. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,695
    Location:
    Zagreb, Croatia
    Tell that to my wife...
    :argh:
     
  15. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe

    Agree. It's the same for me.
     
  16. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Well, i wouldn't say that HIPS are "wife-friendly" and if your wife installs new things, it's impossible to avoid pop ups. It can become "wife-friendly", if you do all the dirty job needed to make sure that everything she uses is whitelisted and that she isn't installing anything new. Comodo, if installed with proactive settings ticked but set in "clean PC mode", is actually pop-up free, unless you install something new and VERY effective (it scores 340/340 in Comodo's leak test). But yeah, if wife doesn't feel comfortable with HIPS, i wouldn't install it for her...

    It's simple. In order for an infection to occur, something must execute. IF the antiexecutable, covers the method of infection of the malware, the antiexecutable has 100% success, no matter if the malware is 0-day or not and is particularly useful for infections that come from the internet or from disguised malware (ex. malware disguised as jpeg). Of course they don't cover everything. There are exploits that use already trusted windows processes to do their job. Most antiexecutables don't cover dll injection, then there is the script problem etc. For all these cases, a full blown HIPS (like Comodo, Outpost, OA), is much better. Still, even the "basic" antiexecutable, is quite powerful, since in many cases, the infection will try to execute a new PE file, which will be blocked.

    The more simple antiexecutable usually have less drag on the system than full blown HIPS, which need to have more hooks and intercept virtually anything. With an antiexecutable, usually you will have only 1 chance to stop the infection, if you have it with pop ups to ask. With HIPS you will likely have more than one chance to stop it.

    It's a bit like this:
    - Antiexecutable: 38 caliber revolver.
    - Full blown HIPS: M16 assault rifle with grenade launcher attached.

    Actually if the user is knowledgeable enough, a HIPS is more powerful than an antivirus. The problem is exactly that we 're not talking about the usual housewife. I 've had several friends who were well, not much into security, but they were gamers, so in contact with technology, who got infected simply because they were ALWAYS clicking "allow" (it's the "yes syndrome"). Of course, at this point, if boredom takes over and you just mechanically click "yes" every time, you may as well uninstall it.

    For computers that are in a "steady state" (no new programs installed), an antiexecutable or complete HIPS in "lockdown" mode won't produce any popups and will prevent infection much better than any antivirus.

    But i agree that it's not for everyone and if you have popups enabled, you need to be a patient person, as to avoid the "trigger happy allow mode".
     
    Last edited: Jan 27, 2013
  17. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,695
    Location:
    Zagreb, Croatia
    Great post but I would say that AE is more like AK47 compared to HIPS.
    :)
     
  18. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I tried this N-Shield over Shadow Defender and unless there is a conflict with SD or NVT, i must say it's WAY primitive. It's more primitive than what Process Guard was many years ago and more primitive than WinSonar.

    - Doesn't have "trainning mode". It was a "notification only mode", where it acts more like ExeWatch, but worse. If you want it to block something, you must launch every single application to whitelist it.
    - Unbelievably, it seems that it detects exes, by process ID... This results that if you close an allowed exe and then relaunch it and comes out with new PID on task manager, it asks you again! Someone must speak to the dev about keeping hashes and paths... For the same reason, even if you choose "notification mode only", it keeps notifying again and again, about the SAME exe, if you close and restart it.

    I didn't even bother to see if it will recognize renamed extension and stuff like that, i rebooted the PC to get rid of it in less than 5 minutes.
     
  19. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,915
    Thanks for detailed analyses. I tried it and I suspected about it the same.
     
    Last edited: Jan 27, 2013
  20. N_Shield

    N_Shield Registered Member

    Joined:
    Mar 18, 2013
    Posts:
    1
    Location:
    Indonesia
    thanks for review my software, i will fix and "make it more modern" :D
    please wait for 2nd version of n-shield..
     
  21. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,915
    ok, it would be nice if you inform here about new developments
     
Loading...
Thread Status:
Not open for further replies.