New Anti-executable: N-Shield

http://www.softpedia.com/progScreenshots/N-Shield-Screenshot-228188.html

 

thanks
i will try this now,nice to see a anti-exe with registry protection that's what i want

 

Wow. I wonder if its as good as NVT exe or voodooShield?

 

i never actually understood the purpose of Anti-Executable softwares but guess they might provide an extra layers for some.
thanks for sharing

 

Ever heard of a 0-day driveby downloads or exploits, for example?
Plus, not everyone use HIPS or BB.
This kind of software is great for people who don't like popups and too many questions.

 

What he said

 

I'd rather trust a reliable well-known AE like NVT EXE Radar Pro than some unknown program from Softpedia. Just my opinion.

 

Yes but you need to remember exe radar pro was an unknown when it first appeared.

 

It says self detection of viruses, and other infections. That's interesting coming from an AE. Registry protection as someone already mentioned above is good, but it can also be really annoying if it does not have white listing.

 

Only people that have no idea how to implement a HIPS have that problem. I run one in Paranoid Mode and haven't seen a popup in 2 months. In fact after about the first 2 weeks of using it I've seen less than a dozen total since. I can't believe this old wives tale still persists in 2013... especially in a place like this.

 

Any greasemonkey can create an application that issues pop up,s with every executable executing.
That is not security ...putting security decisions on the user is in fact making the computer less secure.

 

It's similar to Xyvos WhiteList which is a little bit abandoned...I think N-Shield is so good that it will not meet a similar fate. It's interesting but not revolutionary.
...............

Are you so competent that you are so critical, ironic and unpleasant
Look this...
-http://yudha.binushacker.net/

 

Tell that to my wife...

 

Agree. It's the same for me.

 

Well, i wouldn't say that HIPS are "wife-friendly" and if your wife installs new things, it's impossible to avoid pop ups. It can become "wife-friendly", if you do all the dirty job needed to make sure that everything she uses is whitelisted and that she isn't installing anything new. Comodo, if installed with proactive settings ticked but set in "clean PC mode", is actually pop-up free, unless you install something new and VERY effective (it scores 340/340 in Comodo's leak test). But yeah, if wife doesn't feel comfortable with HIPS, i wouldn't install it for her...

It's simple. In order for an infection to occur, something must execute. IF the antiexecutable, covers the method of infection of the malware, the antiexecutable has 100% success, no matter if the malware is 0-day or not and is particularly useful for infections that come from the internet or from disguised malware (ex. malware disguised as jpeg). Of course they don't cover everything. There are exploits that use already trusted windows processes to do their job. Most antiexecutables don't cover dll injection, then there is the script problem etc. For all these cases, a full blown HIPS (like Comodo, Outpost, OA), is much better. Still, even the "basic" antiexecutable, is quite powerful, since in many cases, the infection will try to execute a new PE file, which will be blocked.

The more simple antiexecutable usually have less drag on the system than full blown HIPS, which need to have more hooks and intercept virtually anything. With an antiexecutable, usually you will have only 1 chance to stop the infection, if you have it with pop ups to ask. With HIPS you will likely have more than one chance to stop it.

It's a bit like this:
- Antiexecutable: 38 caliber revolver.
- Full blown HIPS: M16 assault rifle with grenade launcher attached.

Actually if the user is knowledgeable enough, a HIPS is more powerful than an antivirus. The problem is exactly that we 're not talking about the usual housewife. I 've had several friends who were well, not much into security, but they were gamers, so in contact with technology, who got infected simply because they were ALWAYS clicking "allow" (it's the "yes syndrome"). Of course, at this point, if boredom takes over and you just mechanically click "yes" every time, you may as well uninstall it.

For computers that are in a "steady state" (no new programs installed), an antiexecutable or complete HIPS in "lockdown" mode won't produce any popups and will prevent infection much better than any antivirus.

But i agree that it's not for everyone and if you have popups enabled, you need to be a patient person, as to avoid the "trigger happy allow mode".

 

Great post but I would say that AE is more like AK47 compared to HIPS.

 

I tried this N-Shield over Shadow Defender and unless there is a conflict with SD or NVT, i must say it's WAY primitive. It's more primitive than what Process Guard was many years ago and more primitive than WinSonar.

- Doesn't have "trainning mode". It was a "notification only mode", where it acts more like ExeWatch, but worse. If you want it to block something, you must launch every single application to whitelist it.
- Unbelievably, it seems that it detects exes, by process ID... This results that if you close an allowed exe and then relaunch it and comes out with new PID on task manager, it asks you again! Someone must speak to the dev about keeping hashes and paths... For the same reason, even if you choose "notification mode only", it keeps notifying again and again, about the SAME exe, if you close and restart it.

I didn't even bother to see if it will recognize renamed extension and stuff like that, i rebooted the PC to get rid of it in less than 5 minutes.

 

Thanks for detailed analyses. I tried it and I suspected about it the same.

 

thanks for review my software, i will fix and "make it more modern"
please wait for 2nd version of n-shield..

 

ok, it would be nice if you inform here about new developments