New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,735
    Location:
    U.S.A. (South)
    And amazing to me NVT-ERP is still so ever efficient, at least on the prior series version to 10 which I have no interest in for a very long time. Windows 8.1 is as solid as a rock while all the softs around it are constantly jockeying for either better compatibility or updating to readjust to Microsoft's 10 updates that twitch a switch now and then.

    Fantastic creation ERP. The thing just won't quit and neither will I using it in it's current form. (even if it is a bit, shall we say, mileaged?)
     
  2. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,292
    Location:
    USA,IA
    How version 4 coming along ? Still being worked on?
     
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,649
    Location:
    USA
    I was wondering the same thing. ERP 4 has been part of my main security setup since it was released.
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,363
    Location:
    Hawaii
    I'm still happily running 3.1.0.0 build 1-24062015. I prefer a straight-forward, user-friendly anti-exe. I don't want all the extra add-on's in version 4 for the same reason that I don't want a vacuum cleaner with an attached radio & white sidewalls. To me, version 3 is a potential mass-market security app whereas version 4 is a niche app -- & a very tiny niche at that.

    I wish NVT would make 2 ERP versions: (1) a straight-forward but powerful anti-exe like version 3, and (2) a version 4-type anti-exe for ITs & SysAdmins

    I'm sure others will disagree but that's why Baskin & Robbins makes ice cream in so many flavors.
     
    Last edited: Sep 18, 2020
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,735
    Location:
    U.S.A. (South)
    Our @Peter2150 was another who despite my urging and some back n forth PM's outlining what extra benefit 4 might offer, was sold solid and quite satisfied with version 3. He explained his reasons, all of which were perfectly understandable from the viewpoint of keeping it simple (on his Windows 7)

    Version 4 is virtually part of my 8.1 Windows O/S itself. Rarely even bother with checking anything including logs since it responds in an instant each time required of the settings. And does it well.
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,363
    Location:
    Hawaii
    I miss Peter. He was a good fellow, a gentleman, and a scholar while he was here. He still is a good fellow, gentleman, scholar (I'm sure) where he is now.
     
    Last edited: Sep 18, 2020
  7. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,392
    Location:
    Under a bushel ...
    I agree. Version 3 was elegant in it's simplicity.

    I was one who pushed for changes due to what are now called LOLbins (largely gaining prominence with Excubits blacklists) changing hashes with new versions of Windows, requiring changing ERP selections with each Windows release. But I believe version 4 went too far in accommodating many other requests, and became overcomplicated, and never really pursued it.

    I believe the requirement for a return to simplicity is what prompted the creation of OSA. (Incidentally I hope OSA doesn't also meet the same fate with the paid version).

    And IIRC I started having problems with v3 on Win 10 at a certain point, so went the new' OSA route instead of troubleshooting ERP v3.
    Does v3.1.0.0 build 1-24062015 still work with current Win10?
    :thumb:
    Indeed. He offered me his sage advice from the time I landed on this forum, and we exchanged quite a few PMs. Felt like a personal relationship.
     
    Last edited: Sep 18, 2020
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,363
    Location:
    Hawaii
    Solution: Keep V3, dump Win 10. :p

    I do not know. I'm still running Win7. :rolleyes:
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    Yes, I was thinking about this the other day. I also think ERP 3 was better when it came to certain parts of the GUI. I believe that ERP 4 should become a bit simpler, but it also misses certain features like "strict parent-child process control".

    With this you would be able to control that for example only explorer.exe and vivaldi.exe can start vivaldi.exe or that only system processes can start explorer.exe and svchost.exe, this would protect against process hollowing attacks for example.
     
  10. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,221
    Location:
    Mass., USA
    Running that build on Win 10 Pro Build 1903 here w/o issue.
     
  11. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    431
    Simple GUI = simple rules. ERP 4 > ERP 3
     
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,735
    Location:
    U.S.A. (South)
    Great point!

    ERP 4 here on 8.1 but 3.0 is in storage and available for use. Still covers a good deal of interaction branches.
     
  13. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,320
    Location:
    Canada
    I've not looked at this, but if this is the case, it's a grave oversight. Placing these type of constraints on LOLBins especially, can and will bring recent and modern malware attacks to their figurative knees. The attacks will be rendered useless.

    BTW, those of you who are concerned about a program's complexity, just exercise some ingenuity to simplify some of the features/options to make it easier to use.
     
    Last edited: Sep 21, 2020
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,649
    Location:
    USA
    I've been reading a few of the comments about people preferring version 3 because of it's simplicity. That's true, version 3 is very easy to use. I think it should be noted that version 3 gives the user control on whether something is allowed to run or not. In version 4 you can control if something is allowed to run, and you also have some control over what allowed applications are permited to do. You can write a rule that does not allow your webbrowser media player, pdf reader, document viewer, etc.. to use or execute certain file types. This would work really well in protecting the user from exploits.
     
  15. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,363
    Location:
    Hawaii
    Hmmm... sounds a bit like the actions that are done by a Host-based Intrusion Prevention System (HIPS). There were some really good HIPS in days of yore: System Safety Monitor, Online Armor, etc. They all died of a fatal disease called excess complexity.

    In days of yore, I took the time to study & learn how to use those rather complex HIPS apps, & so did a relative few others around the world. TOO few, however -- those apps all turned out to be niche products with very limited financial viability. So the developers bailed out and left us with abandonware.

    And that's why I no longer invest my time learning to use overly complex, niche market security apps -- they all die eventually (often sooner rather than later). Fact is, software developers cannot make a decent living solely by selling to folks like the members of Wilders, MalwareTips, Bleeping Computer, et alia. WE ARE A NICHE MARKET. We are not representative of the general buying public. IMO, those who love version 4 will eventually love it to death, and thereby lead to EXE Radar Pro becoming yet another bit of abandonware.

    AFAIK, there are only a very few HIPS extant at present. SpyShelter and ESET have HIPS components, I think. AFAIK, those 2 apps are financially successful. IMO, one reason for their success is that they have wisely concealed their complex innards from tweaking by novice users. Expert users & security hobbyests can find those innards & tweak away, but those apps do a very good job even with NO tweaking. They will do just fine as "set it & forget it" apps for Aunt Maudie or Joe Sixpack, but they can be tweaked to razor sharpness by an IT or SysAdmin whose job depends on tight security.

    To me, that's what a complex app must do in order to be successful financially. It must be (as are SpyShelter & ESET) a security app that is: (1) designed by geniuses for (2) execution by lazy novices. ERP's version 4 does not even come close to meeting the #2 criterion. Why? Because its rule setting component:
    • Is readily available to novices
    • Gives the impression that the app won't function well without user-developed rules
    • Uses obscure symbols for its rule-setting language
    • Requires a significant knowledge of Windows structure, and security threats thereto, in order to develop rules.
     
    Last edited: Sep 22, 2020
  16. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,320
    Location:
    Canada
    It shouldn't be too difficult for NVT to develop their product to appeal to both the novices who want basic protection without the hassles of creating their own rules and those who understand process behaviour better and want better control over what file's actions do. All it would take is a slider or radio button on the program's main interface.

    Absolutely important. The way some malware is utilizing LOLBins these days, this additional process control in the hands of those with some understanding, can increase defenses from decent to powerful.

    Still, as I mention above, it shouldn't be difficult to make the program appeal to both novices and the technically inclined.

    I do agree with you on the complexity of ERP's obscure symbols in its rule setting language.
     
    Last edited: Sep 22, 2020
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,363
    Location:
    Hawaii
    @wat0114 -- I agree.

    When NVT was actively posting here and working on version 4, the problem was that anyone who asked for simplicity or a more user-friendly rule-setting language, was immediately drowned out and ridiculed by the self-anointed "gurus," who continuously pressed NVT for more & more power & complexity. So I finally stopped following this thread. Of the 2 main "we want more-more-more" gurus, one hasn't visited these forums for over a year now and the other has since been banned here and, later on, over at MalwareTips as well.

    I find it interesting that novirusthanks.com's website does not even list version 4 whereas version 3 is listed for download. NVT has an updated, paid version of OSArmor just about ready for release. I would be an instant customer of ERP if he did the same for version 3 -- or even version 4 if he made it more novice friendly.

    Hmmm... wouldn't it be interesting if NVT simply merged (a) ERP version 3 with (b) the current OSArmor locked into its default settings?
     
  18. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,392
    Location:
    Under a bushel ...
    I think Andreas' (NVT) development of OSA for the less savvy wider public was essentially spawned out of a realisation of the increasing complexity of ERP v4 objectives over v3, and the non-feasibility of such a niche product.

    I suspect the coming subscriber version of OSA may well become more or less what you are referring to, with 'standard' OSA for 'Aunt Maudie or Joe Sixpack' as default, and ERP v3(->V4) flavour for more advanced users (via slider or otherwise)? So incentives to pay for both kinds of users?

    There is no doubt Andreas (and possibly small team) are talented dev(s), and I suspect he has in the past made his money from business contracts, during his long absences, but plans to make a viable consumer product here - more control, and fun (for him).

    Could be interesting ... just speculating (and dreaming)! :isay::D:rolleyes:
     
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,363
    Location:
    Hawaii
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    Don't get me wrong, ERP v4 is pretty good, but ERP 3 was better when it came to for example separate tabs for easy viewing of whitelisted folders and the list of vulnerable processes. Now it's a bit cluttered. And rule making is also a bit more complex, it should become a bit more simple to configure. However, the events-viewer is pretty good in v4.

    To clarify, it has always been possible to block LOLBins also known as vulnerable processes with ERP, but I would like to be able to make rules per process. For example, currently you can't block only certain processes from running explorer.exe, svchost.exe or vivaldi.exe. This was easily done via System Safety Monitor for example.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    Yes, for example you may even use the "Trusted Vendors" feature to reduce alerts, see screenshot 1. And in screenshot 2 you can see the rule making that some may find a bit too complex to master.
     

    Attached Files:

  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,649
    Location:
    USA
    I complained about that several times, but my complaints didn't lead to any changed being made. I also wanted whitelisted applications and whitelisted command lines separated from vulnerable process rules. It does clutter things up.

    I didn't realize there was a limit on which processes you could block from running. If you blocked explorer.exe, or svchost.exe then you will certainly have certain elements of Windows start crashing, if not the entire OS. Do you mean controlling what it is able to do once it has started? It's not a good ideal to just block explorer.exe, and svchost.exe completely. When it comes to svchost.exe, it's best to just disable the service using svchost.exe in Windows Services.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    Yes, ERP v3 was better in this regard, you could quickly see all whitelisted folders and all vulnerable processes.

    This is exactly the problem, at the moment you can't add explorer.exe and svchost.exe to the vulnerable process list, because it will then cause problems with the Windows OS. The problem is that both of them are often used in process hollowing attacks. So ERP should be intelligent enough to allow only certain (system) processes to run them as a child process. Normally speaking, only services.exe is allowed to run svchost.exe and only svchost.exe is allowed to run explorer.exe, check out this article for more info:

    https://www.andreafortuna.org/2017/06/15/standard-windows-processes-a-brief-reference/
     
  24. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,221
    Location:
    Mass., USA
    Question:
    Is there a way to test ERP v3.1?
    It's been many months and I haven't heard a peep out of it.
    I've even installed a couple programs via .exe installs w/o any notifications?
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,735
    Location:
    U.S.A. (South)
    I can see where matters might seem convoluted and it took myself really delving into each line item category and comparing with events and such to aligned things and configure ERP to it's maximum potential. I been using ERP 4.0 since it released improved in the free version. And that free version suits just fine and is adequate enough as it IMHO. At least for Windows 8.1 that I solely rely on anymore. Windows 10 bullying turned me completely away from it although i'll have to assimilate when buying a new laptop.

    ERP 3 is still locked and loaded in any case I ever decide to revert. It still is useful for us throwbacks but for me ERP 4 even with the cluttering referenced by @Cutting_Edgetech, I have managed to master with some effort in accepting any drawbacks it presents with configuring.

    It stops dead in its tracks enough processes and alerts to others relatively simple where you can category them via options available.

    But I completely understand the points raised in above commentaries and can agree with most.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.