New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    That's a great idea! :thumb:
     
  2. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,292
    Location:
    USA,IA
    is the default protection mode secure enough to just run ERP and nothing else? or what protection mode you guys recommend?
     
  3. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    It's in Lockdown Extreme mode here....:)
     
    Last edited: Aug 28, 2013
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I do a couple of things.

    1. I add Java to the Advanced tab list.
    2. I delete and don't use trusted publishers.
    3. I do white list every thing in the Windows and Program files area and let the advance list take care of the bad boys.
    4. Generally I run in Lockdown Advanced.


    Pete
     
  5. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    It depends, mostly I run in alert mode...when my wife is using it, i'll change it to lockdown extreme
     
  6. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Peter, Overkill, Andreas & Co.:
    Please, make some comments about my idea....
     
    Last edited: Aug 28, 2013
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Ask and ye shall receive:) Frankly I don't like the idea. I looked at the thread here, went to the site and watched the video.

    First how would it work. I am not going to put Crystal on my system. Don't need it. I generally don't put much stock in AV's, so a multi opinion scheme doesn't do anything for me.

    Second, I see it as more work for NVT, taking his time away from his program.

    Third, how would it work. Would I have to install Crystal on my computer. Won't do it, and wouldn't want the requirement from NVT I need to. Also I see it as a negative selling point for ERP, as why do I need it. Muddies the water.

    Anyway, that's my 3 cents.

    Pete

    PS As a qualifer, I do run EMSISOFT's EAM. But I don't run, it because I feel the need for it. I test for EMSI(Online Armor), so I run it to help them from a testing perspective. But I haven't run AS or AV software out of need for several years.

    Pete
     
  8. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    The idea is not to install Crystal at all.
    ERP could send a hash to Crystal cloud and receive a verdict.
    If the file is unknown/not analyzed yet then it would upload it to the cloud for analysis.
     
  9. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    Similar to how VoodooShield runs hash through virustotal on demand. I think it's a good idea. Especially if you don't have to install anything else. If they can integrate it without too much hassle then why not?
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    That's fine as long as the is an option to not use it. But since ERP is not a multi purpose program, and NVT recommends using an AV, I think he would be wire to avoid it.

    Then there is a bigger biggie. If NVT's program doesn't work as advertised and it causes damage to your computer, it is between you and NVT. If Crystal or any AV fails and it causes damage it is between you and them. But if NVT calls Crystal and it fails, the NVT is in the middle. Why do this when the bottom line is if you want input from Crystal, just install it an use it.

    I don't want to see ERP muddied up with AV stuff.

    Pete
     
  11. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    You sure remember older ERP versions that had option for commandline AV scanners.
    ;)
     
  12. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,204
    Location:
    Virginia - Appalachian Mtns
    I agree with Pete. If I want to run Crystal Security then I'll install it. Let's keep ERP as simple as possible.

    BTW, I haven't received any PMs from you in quite a while, Andreas. :mad: ...;).

    Later...

    Bob
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Actually I got involved after all that was removed.

    Pete
     
  14. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    I agree.
    My two penneth here too.
    Keep it simple please, don't overcomplicate,
    it's a fantastic piece of software as is.

    I think the company/developer should decide anyway.
     
  15. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,170
    Location:
    Italy
    @siketa

    The idea is good (in the old versions ERP used to query malwarehash database when an unknown process was executed), but since ERP's main focus is to allow only trusted applications and block the rest, it would be not needed to use cloud services (an Internet connection would always be needed) to query each unknown process for reputation. I see an easier option to deny by default the execution of unknown processes, because you just need to initially create your whitelist rules and the job is (almost) done. There are no exceptions when an unknown application tries to run: it will be blocked.

    Alternatively, to help beginner users, we could create a md5 hashes database of safe applications and use it to auto-allow known and safe apps. The problem here is that the database would become very huge since applications are, generally, updated frequently. The usage of external cloud services of file reputations in commercial applications, such as ERP, would also be expensive.

    @Brocke

    I would recommend you to run ERP in Alert Mode or in Lockdown Mode (Extreme) (as you prefer) and combine it with EMET and Sandboxie for additional layers of protection.

    @Bob

    I am finishing to work in the new ERP core (kernel-mode). After the internal tests are finished, I will send you (and everyone) a new build version, this is the main reason of the absence in the past days :D
     
  16. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I love erp the way it is, I agree with NSG001
     
  17. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    not sure if its mentioned before but in the "Settings" dialog popup box can we have "Ok" "Cancel" and "Apply" buttons on the lower right side and the "Apply" button only clickable when we have made a change to the settings?
     
    Last edited: Aug 28, 2013
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    That would be such an impossible task. I run some apps that are probably unique to you, plus there are apps for almost every profession, that if you aren't in that profession you've probably never heard of them.

    Pete
     
  19. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA

    Andreas, may I ask what all you use on your personal pc?
     
  20. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    ERP for sure...:D
     
  21. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,204
    Location:
    Virginia - Appalachian Mtns
    I've asked the very same question before. He refuses to answer. :cautious: . I think siketa knows. Let's bug him to tell us. :p .

    Later...

    Bob
     
  22. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    I know but I also respect Andreas' wish to keep it secret...
    ;)
     
  23. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Well ERP is a given, but I'm curious what else he uses :doubt:
     
  24. guest

    guest Guest

    Is a good idea, and if someone doesn't like it could be always optional.

    A program like NVT gives you a false sense of security, and it's just give you a little sense of control.
    If you execute a program is because you want to open it and you trust it. Nobody would execute a virus.... right?
    So why would I want a popup the first time I open a program I trust...
    An integration of NVT with Cristal would be a great idea (as an option). It would reduce the popups and you can have your files scanned with 50+ scanners without using any resource from your pc.

    If I already have taken the decision of execute a file or not, doesn't matter how many popups I get, I will execute it, so why do I want to have popups?

    The lock down mode is useless and stupid IMO, if I execute files in my computer wouldn't be a problem because they are clean so doesn't matter if I have installed NVT or not. If I get a new file and I want to execute it I have to disable the lock down mode... so again useless popups, useless steps and a false sense of security.
     
  25. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,170
    Location:
    Italy
    @guest

    I like the idea of using external cloud services to reduce popups, but then again, using them is expensive, they are not free for commercial applications and I believe ERP can go without them. In future we may create our own cloud service used to identify safe/trusted executable files, but for now it is not in our plans.

    Let me explain few things:

    1. ERP can auto-block processes started from RAM disks, USBs, Network Drives, CD-ROMs (options asked by few system administrators long time ago)
    Who can benefit from this feature ?
    - Normal PC user, system administrators (schools, governments, etc)

    2. ERP in Lockdown Mode Extreme can auto-block the execution of payloads dropped by drive-by exploits, some videos: http://www.youtube.com/watch?v=1pyqoSTZDH8 and http://www.youtube.com/watch?v=ZkHwLvf2FqY
    Who can benefit from this feature ?
    - Normal PC user, system administrators (schools, governments, etc)

    3. ERP can be used to whitelist commandline strings of blocked processes, so only specific commandline strings are allowed for (example) cmd.exe or regsvr32.exe
    Who can benefit from this feature ?
    - Normal PC user, system administrators (schools, governments, etc)

    4. ERP can password protect the execution of specific processes AND commandline strings (supporting wildcard)
    Who can benefit from this feature ?
    - Normal PC user, system administrators (schools, governments, etc)

    5. ERP keeps track of every process that is executed in the system
    Who can benefit from this feature ?
    - Normal PC user, system administrators (schools, governments, etc)

    6. ERP can auto-block all unknown processes (Lockdown Mode) and allow only safe and trusted processes and commandline strings
    Who can benefit from this feature ?
    - Normal PC user, system administrators (schools, governments, etc)

    7. ERP can alert everytime an unknown process is executed (Alert Mode) and give complete control to the user to decide to allow/block a process
    Who can benefit from this feature ?
    - Normal PC user, system administrators (schools, governments, etc)

    8. ERP is lightweight in the CPU and can be combined with other security software (such as EMET and Sandboxie) to create a powerful layered security setup
    Who can benefit from this feature ?
    - Normal PC user, system administrators (schools, governments, etc)

    9. System administrators and users that use ERP in a commercial/professional environment do not need to install applications frequently, so they just need to create the whitelist (processes and commandline strings) and they're done (disabling ERP to install/uninstall an application is not that time-consuming)
    Who can benefit from this feature ?
    - Normal PC user, system administrators (schools, governments, etc)

    10. With Alert Mode enabled, when an application is being installed by the user, ERP can detect and ask the user to allow/block the installation of third-party potentially unwanted applications bundled with the setup file
    Who can benefit from this feature ?
    - Normal PC user, system administrators (schools, governments, etc)

    I do not see why ERP features/steps may be useless...
     
    Last edited: Aug 29, 2013
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.