New release. GSS v1.420

Discussion in 'Ghost Security Suite (GSS)' started by Jason_R0, Mar 11, 2008.

Thread Status:
Not open for further replies.
  1. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    http://www.ghostsecurity.com/downloads/setup_gss1420.exe

    As always, uninstall any previous versions prior to installing this one. If you run into any issues simply booting into safe mode will allow you to fix the issue.

     
  2. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    newgss7.jpg

    Showing the new password protect feature, and a WIP of the new Ghost Logo that is being worked on. ;)
     
  3. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Is this still alpha or beta or final?
    Will there be a free as well as paid version in final?
     
  4. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Jason :) , going to try it.
    Does it supress pop-ups when password protected or do i have to change defaults to deny? What's your angle here?
     
  5. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    LoneWolf, it's beta.

    So I allow some program to execute another (tried Process Explorer), and that is it's privilege. Then i need to confirm any program and allow them to execute.
    It doesn't feel right. What am i missing?
     
  6. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Downloaded and did clean install with no problems.
    Couple of initial things:
    Can't sort programs in AppDefend.
    No button to remove a program (can be manually deleted though).
    Can't register or update (I assume because beta). Is there a time limit on program (i.e. 14 days)? I am paid user of both RegDefend and AppDefend.
    Have to minimize. If hit the "x' it closes program and removes tray icon.
    Otherwise seems to be running smooth, using just under 10 MB of RAM.
     
  7. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    It is a beta as someone already posted, the final is a few weeks away. There will always be a limited free version going forward.
     
  8. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Popups are still going to happen regardless of GUI password protection. It's mostly there to stop people who have access to your computer, and also to stop viruses sending key/mouse messages to try and control applications (though with GhostGUI this is pretty much impossible for them anyhow).
     
  9. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Does it work in a restricted account without any LUA bugs? I tested GSS for a while ago and it didn´t work well then without tweaking the user permissions.

    /C.
     
  10. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Just installed GSS to XP SP3 RC. Everything working fine. I'm huge fan of GhostWall and if I remember correctly Jason_R0 says that there isn't coming any updates to it but it's going to integrate to GSS. When this should happen or is it forgotten now? What is the GSS price when it's released?
     
  11. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    759
    1) I do not seem to find any field to register this product (I am a registered user), the "About' page is a blank.
    2) For GUI password protection - password is not encrypted.
     
  12. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Hm, I get a Black Screen, even if I remove GSS directory and driver in safe mode.. strange thing, another strange occurance is the fact that I only have up to 1 minute time in safe mode, then mouse and keyboard are freezing and I am forced to restart!

    Beside lsass lsapid settings and schannel.dll are usual and can be allowed I guess.

    And what about all memory writes and memory protects, can I allow them all permanently?
    (csrss, lsass, winlogon, services, svchost, logonui)
    Because I allowed some of them only once, problem could be comodo firewall too, but usually after removing gss dir and driver I shouldn´t get a Black Screen on reboot, isn´t it?
     
  13. andylau

    andylau Registered Member

    Joined:
    Jan 27, 2006
    Posts:
    679
    It seems still does not have File Defend.

    I want to ask when would GSS has FD?:D
     
  14. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Problem solved, the renamed ghostsec driver has rebuilt itself after windows safe mode frost, the same was valid for gss in registry. Now renamed and rebooted and no more Black Screen.
     
  15. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I would like scripting control ala WG too, but this isn't the time for requests imo.
    Let him finish it! :p He's on the right path.
     
  16. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Yes great improvements, also with 30 sec. timer and nice button rollovers.
     
  17. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    interesting new kind of svc style :D
     
  18. berng

    berng Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    246
    Location:
    NJ, USA
    Very nice, Jason. Quite an improvement.

    Just two issues with APPDEFEND.
    I'm not able to remove a rule from the APPDEFEND list.

    And it would be nice if rules allowed wild cards. For example. on my development system I can literally create dozens of modules in a short time, and its really annoying having to give them individual rules.

    For example, if I wanted to allow everything on e:\devel, the following rule -
    *.*
    e:\devel\

    or

    *.*
    e:\devel\*.*
     
  19. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Highlight it then hit delete on your keypad. Would be nice if there was a remove rule button like version 1.
     
  20. berng

    berng Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    246
    Location:
    NJ, USA
    :oops:
    Thanks. I should have thought of that. I was highlighting it and then right clicking expecting to see a delete option.
     
  21. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    As with the 1.410 release, I have experienced a very ghostly GSS Alert. By this I mean, there is a GSS Alert item in the task bar but the window will not display. Both times this has happened the first thing in the morning, and the only way to correct the problem is to reboot the system.

    This was mentioned with the previous release, however I can't find the
    message so I can include the link for reference.
     
  22. buffet

    buffet Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    53
    On my DELL 1720 Laptop running winxp/sp2 and win2003 server, it still get problems with GSS even with 1.4.20 after a few reboot then tweaking some default rules to { mutex : block; keylogging : block; install driver : ask/block }; the BSOD with the error msg after tweaking then reboot :
    The problem is with even windows xp/2k3 os. It would work if no tweaking to the GSS; note that HIPS functions of Kaspersky Internet Security 7x and others if any are turned off when GSS exists.

    Any help on this.
    Thx.

    PS: Jason is right; after a few minutes, it is a good feeling working with random functional rollers on the GSS GhostGUI.
     
  23. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Cool, not reached this state with latest built. I will give it a try again later.
     
  24. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    So if you want to see your logon, just push always allow until it appears...
    that is the simple recipe.
    http://i30.tinypic.com/2ldgsw.png

    I see SSDT presence but GSS not:
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwCreateKey [0xF71E3A08]
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwCreateMutant [0xF71E43B2]
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwCreateSymbolicLinkObject [0xF71EB81A]
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwCreateThread [0xF71E3F40]
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwDeleteKey [0xF71E3E6C]
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwDeleteValueKey [0xF71E3D18]
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwOpenSection [0xF71EB6EA]
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwProtectVirtualMemory [0xF71EB596]
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwSetContextThread [0xF71E4270]
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwSetSystemInformation [0xF71EBC2E]
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwSetValueKey [0xF71E3BA8]
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwSuspendProcess [0xF71EB62E]
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwSuspendThread [0xF71E4314]
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwTerminateProcess [0xF71EB44A]
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwTerminateThread [0xF71E41CE]
    SSDT ghostsec.sys (Ghost Security Unified Driver/Ghost Security) ZwWriteVirtualMemory [0xF71EB4DE]

    Poor result vs AKLT3 : Only GetKeyboardState is blocked.... actually last rank on my toplist,
    87% away from Comodo Pro 3. Unfortunately Ghost SDT Table doesn´t help in terms of Anti-Keylogging
    but I guess the purpose is unhook protection. Unstable blocking sometimes GSS manages to block directx logging, sometimes not, the same is valid for GetKeyboardState. We need ShadowSSDT Hooks, seems not yet implemented in this beta but no problem GSS 1.4.2 beta + comodo firewall and everything is fine.

    But Congrats to Design+Effects! Very nice so far.

    I had some Mutex suggestions :D:
    DBWinMutex
    _!SHMSFTHISTORY!_
    _SHuassist.mtx

    There is only one problem some of them are used in legit apps, but also in file infectors.

    Wishlist: Load/Save Mutex. Just for Info GSS works seamless with Comodo Memory Firewall and Comodo Firewall.
     
    Last edited: Mar 15, 2008
  25. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Some blocked Mutex are still present and viewable via process explorer.
     
Thread Status:
Not open for further replies.