New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,330
    Location:
    U.S.A. (South)
    The common user don't know what their missing.

    I think most who "have" will agree that it is one of the most simple set it and forget it apps ever put out front with plenty enough reasonable protections.

    And with a user friendly GUI! :cool:
     
  2. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,505
    Location:
    Under a bushel ...
    Yes, I tend to just Disable Protection permanently, when I don't want ERP to be active, then click back to Alert Mode when done. The grey icon is sufficient reminder that it is off.
    But @mood's solution (similar to AppGuard), soods good.
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,476
    Location:
    Hawaii
    THAT is the reason why I think that the "complicated stuff" should NOT be on the main GUI. Instead, the complicated stuff should be accessed by an "Advanced" button. IMO, so-called "common users" are essential to ERP's financial viability.

    My suggestion: "dumb-down" the GUI, & provide plenty of pre-sets for the advanced stuff that common-users (sic) won't want to tinker with.
     
  4. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Dumbing down the GUI more than likely will not increase ERP usage. Anti-executables, software restriction policy softs, whitelisting applications, etc aren't used by the typical user - they don't even know that they exist, security is not a priority, they want an automated security soft or one that tells them what to do, etc.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,293
    Lockdown you are correct. And it's sad. In the testing against malware, I did a quick test against the various types of malware. ERP blocked them all in alert mode.
     
  6. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    I have only seen a single case where malware caused an unexpected behavior with ERP. It was an IE exploit that attempted to run a ransomware. ERP alerted to the execution of the ransomware. If the user selected Block within the alert, then the exploit would try to re-execute the ransomware after each user block - and the ERP alert\user block sequence would keep occurring ad infinitum.

    ERP had some issue with permanently blocking the ransomware file execution via the rule created in the very first alert. No big deal really - don't worry about the ransomware re-launch attempts and just reboot the system. Issue solved. User data safe.

    Within the context of this discussion, a typical user would probably keep pushing Block in the alerts until their fingers fell off...
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,784
    Location:
    The Netherlands
    I wouldn't mind if it it became a bit more pretty. Perhaps NVT can post some screenshots of what he has in mind?

    That's why strict "parent-child process control" would be cool to have. In this case it would mean that ERP would simply auto-block the child process, without any alert shown after you blocked it. It should also give an option to kill the parent process.
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,536
    Location:
    USA
    I most definitely agree with you on this one! It's like you read my mind. I was even thinking about how the common user does not even know products like ERP, AG, Shadow Defender, etc.. even exist.

    I don't think dumbing down the GUI will make the GUI more user friendly. I think the common user will just have to stick with common Classical Security Products that take most of the decisions out of the hands of the user. The common user will not educate themselves about Cyber Security Matters because they don't care, or they are too lazy. Why should Super Users, or Professionals have to use less effective products in order to accommodate those that refuse to learn about Cyber Security?

    Its users from forums like Wilders, Malware Tips, and Bleeping Computer that give valuable feedback to software engineers in designing Security Solutions for Enterprise, and Government. All products we are a test bed for will not be well suited for the Consumer Market. Some will be much better suited for Enterprise, Government, Education, etc.. so they will be in the hands of professionals. Some of us are just lucky to be able to use them.
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,850
    Would be nice if we could have some more Blacklist-options in the next version.
    At the moment only specific files can be blacklisted, and if the checksum changes it has to be added again.

    Blacklist by path / checksum / folder locations.
    So that is has some more options like now.
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,476
    Location:
    Hawaii
    So..... why shouldn't ERP rename itself as an "Anti-Malware" or even an "Anti-Virus"? Based on the fact that ERP passed all your anti-malware-type-tests (so to speak) why not label it as such?

    If I am Joe Sixpack looking for a security app, I doubt that I would give a second glance at something named "EXE Radar". A product's name should be based on what the product actually DOES -- in ERP's case, it actually DOES block malware, PLUS it does its job without signatures or endless updates.

    I truly believe that an anti-execution app should be on everyone's computer -- not just those of security nerds.
     
  11. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    553
    Location:
    The Outer Limits
    The term "SHIELD" would go some ways to actually explaining what ERP does to aforementioned Joe,so how about "VIRUS SHIELD", "SUPER SHIELD" or something similar ?

    Regards Eck:)
     
  12. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,542
    Location:
    Mexico
    Those names have a connotation, so anyone could think: Traditional Antivirus software.
    I believe and want to ERP keep its current name.
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,293
    I agree. It is in no way an antivirus. I see no reason to not call it what it is, an anti executable. That's what it's doing. It doesn't identify a virus, just stops something not whitelisted and that it does well.
     
  14. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    You can call it whatever you wish, but changing the name isn't going to increase usage.
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,330
    Location:
    U.S.A. (South)
    What common user and some geeks I might add doesn't like to know the instant something is happening?

    With today's social scene that "Bing!" alert on cellular units is a new message etc.

    On PC's with ERP the "Bing!" is a welcome event that there might be a very unwelcome message to be looked at and decided against.

    That's a HUGE welcome addition for those who also depend on built-in and user-configurable Audio Alerts built into their security apps.

    When NVT-ERP throws up an alert it can also be "heard" as well as logged for those of us who enjoy reverse tracking those things not whitelisted or trusted.

    Rock On! This app is on this end has been just as dependable & loyal as Shadow Defender for a very long time.
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,330
    Location:
    U.S.A. (South)
    I understand that it's strictly for process and files but is there a chance at all that adding a folder monitor would be something worth adding to it or not?
     
  17. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,780
    Location:
    Europe then Asia
    means alerting about a change in a folder (write, modify) ? if it is that , worthless and would defeat the simplicity of ERP.

    if you meant, restricting the access to folders, softs like Appguard does it already; but it could be implemented in ERP easily.
     
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,476
    Location:
    Hawaii
    Do you mean a file/folder integrity monitor? If so, give a look at AdInf HERE. It supports:
    • Windows 7 x86 (32-bit system)
    • Windows 7 x64 (64-bit system)
    • Windows 8.1
    • Windows 10
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,330
    Location:
    U.S.A. (South)
    Thanks @bellgamin but wouldn't this one work just as well? Been using this "snapshot comparison" since windows 98! Nice.

    http://www.blueproject.ro/systracer
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,293
    I have a program that tracks changes in real time. I watch it when I run malware. Interesting but wouldn't help prevent any infections.

    My vote would be for Andreas to leave this alone. Besides both ERP and VS have caught everything I have thrown at it. Why add more code that does nothing.
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,330
    Location:
    U.S.A. (South)
    Whatever he does to it will be something i'm sure that will take us by surprise.

    He is not one to break was isn't broken and I have a feeling we'll be seeing yet again some his unique creativity which is frankly pretty impressive!
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,293
    Easter, on that I agree whole heartily
     
  23. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,850
    Something like this? https://directorymonitor.com/
    But i think it's better to develop a dedicated tool for monitoring folders instead of adding such kind of features to an Anti-Executable:
    :thumb:
    We'll see what new features will be added (if any(?)... :doubt:). Some more weeks to go:

    "May have a public build to test on end of February or some weeks later." #5768
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,293
    I have Directorymonitor on my system, although I don't auto start it. Interesting tool but for security I don't see much value
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,330
    Location:
    U.S.A. (South)
    Yeah, it's kind of hard to want to fork out for that one since it offers No Security when an old Windows 98 abandonware app FileChangeAlarm does all the similar monitoring/logging.

    I must still be having severe flashback anxiety for when you could take EQS and fine tune that HIPS to catch folder creations and a whole host of other goodies like snatching scripts in mid-flight until you could check the logged (via toast pop up) for Origin to Destination and create rules.

    I'll never live that one down
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.