ProSecurity 1.43 RuleSets

Discussion in 'other anti-malware software' started by EASTER, May 11, 2008.

Thread Status:
Not open for further replies.
  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I am experimenting with ProSec even though they too seem to have taken a break from programming duties, and who can blame these HIPS makers, while they might not be similar to AV's architectures, coding them adequately has to be a full time effort.

    Does anyone know if there are some ProSecurity RuleSets around that been possibly contributed by other users that better enhance it's protections in much the same way as EQS can be greatly improved by well thought out and tested safe, rulesets?

    EASTER
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Nothing? :eek:

    I'm sure the developer would be in awe after so much fuss was raised over how good it was/is.

    I think even Peter2150 supported this and might still do.
     
  3. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Yes, this is curious.

    Does this mean that Prosecurity comes with such a good ruleset that no additional improvements are necessary?

    I guess it wouldn't take much work to use Alcyon's rules as the basis for a Prosecurity ruleset.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    No magic here guys. I just tell it my system is 100% clean, and let it do it's thing. Actually I do then occasionally tweak, but it mainly to relax some of it's asks to allows.

    Pete
     
  5. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Hi Pete,

    Presumably Prosecurity has a set of rules for registry and file/folder protection and that these can be modified and enhanced. It seems that the default rules are deemed protection enough. Would that be fair comment?
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I'm not up to par with this and it's yet another HIPS to learn all over again but now i'm getting problems from it not connecting to the kernel ON BOOT UP.

    These HIPS are really beginning to pee me off, first we have a delay with EQS and no one can even chime in on what the hold up is, and now as much as i really like Prosec, now it's starting to show signs of malfunctioning.

    CAN ANYONE MAKE A HIPS THAT WORKS AS EXPECTED?

    If not i'm going to drop them entirely for Virtual systems and an AV and blow them off.

    This is ridiculous and nonsense.

    And yes i'm peed off at the lack of attention lately.

    EASTER
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Depends on your level of paranoia:D For me, since I trust everything on my system, what I want is an alert to something I don't know about. In that case the default rules(which are determined by your system) are fine.

    One can however tweak to his hearts content.

    Pete
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I've come full circle NOW I THINK with all these HIPS and such and my mind is finally made up, BACK TO FD-ISR!!!

    At least this one app although an ISR, refuses & does not falter nor fail no matter what.

    EASTER
     
  9. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Rule set? Rule set? Don't need no steenking Rule Set with PS 1.43. The developer vested PS with a very powerful rule set, so all one needs to do is load it & go.

    Folks who use EQS, Defence+, & other such do-it-yourself-kits have been misled to believe the notion that a HIPS is a format for hassling its user, instead of being a finished security product.

    Antivirus apps are ready to go right out-of-the-box. After a 1 or 2-day learning period, the same should be 99.9% true for a HIPS. In the case of PS 1.43, it is. Don't need no steenking Rule Set
     
  10. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Right on cue!
    Thanks for the little bit of useful information provided.
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Easter, I think your problem lies in your signature. If you have all that stuff on your system you for sure aren't in Command and Control. The poor system is probably in conflict over which conflict to conflict with.

    Pete
     
  12. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    This get's my vote for Quote of the Day
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    According my readings, Easter doesn't combine all these softwares in his signature in ONE system partition, but he has all these softwares at his disposal.
     
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    FYI, Mr MOD

    Those apps in my sig are MY business and how could you who say you are in a business and reviewed this board for so long be so naive to think any member would run them all at one time.

    Duh

    Of course no one's PC could run them all, but it's for me to decide which one's are ACTIVE to keep the minions who garnish this board from knowing at any one time exactly which combinations are in play THANK YOU.

    EASTER
     
  15. Cloudcroft

    Cloudcroft Registered Member

    Joined:
    Feb 29, 2004
    Posts:
    433
    Location:
    The Hill Country of Texas
    I think Peter made that comment "tongue in cheek".
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Exactly Erik

    You're right on-target with that assessment of course.

    We too are also within legal rights to our own respective INTELLECTUAL PROPERTY SETUPS.

    Keeps arrogant snoops guessing. :D
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Hey bruddah, please don't "Mr Mod" poor ole Pete. Despite the title, when Pete posts, he is just a regular bloke like the rest of us poor souls. :-*

    When thinking about job titles & perks (in general), I am reminded of the various modes of transportation whereby Navy blokes get from shore to ship...
    Peace to all... from Bellgamin
     
    Last edited: May 11, 2008
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Contrary to surface speculation from a list of apps, that statement just isn't logical or true, and since i was recipient to that suggestion, i think it is responsible to the membership here & Pete also to correctly clarify that assuption with the hard facts.

    Sheee, i been known to heap security apps before for sure, but could any user in reality run everyone of those at the same time in my sig?

    Oh, btw, even in respective combinations, each and everyone of them ARE 100% compatible with the others, so just wanted to put any doubts to that effect to rest.

    EASTER
     
  19. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi EASTER,

    Filling in some system environment details would probably have offset any critiques. Kernel disconnect errors for ProSecurity are extremely rare. I have seen four since October 2006...two OS service pack related errors (Server 2003 R2 and XP SP3 RCs), and two early beta errors. If ProSecurity installs successfully, you should not normally see a kernel disconnect error. On a known clean system, take advantage of learning mode so ProSecurity can grasp how your system works.

    Nick
     
    Last edited: May 12, 2008
  20. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Don't understand the expression "tongue in cheek" ? Sounds like a French kiss to me.
     
  21. Cloudcroft

    Cloudcroft Registered Member

    Joined:
    Feb 29, 2004
    Posts:
    433
    Location:
    The Hill Country of Texas
    That's why I double checked the definition before I posted...thought someone would think something like that. :D

    "Tongue in cheek is a term that refers to a style of humor in which things are said only half seriously, or in a subtly mocking way."
     
  22. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Thanks for the explanation. I understood every word, but didn't understand the meaning of it. Now I know thanks to you. :)
     
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    It appeared openly rather rude i think everyone could agree, but i don't harbor any animosity on his comments because he doesn't understand i mix & match different combinations and to date they ALL have not presented a problem for me.

    I still have complete 100% COMMAND & CONTROL and thats the way it's going to stay, but doesn't hurt to experiment with other apps like Prosecurity, it's just that it's always gave my units some issue from day one. I had hoped all that was over but obviously it isn't so it's back to EQS 4.0 beta again for me, and i'm not a bit disappointed in it, just the dog gone long delay for them to release a 4.0 final, if they ever do.

    EASTER
     
  24. Stephen2_Aus

    Stephen2_Aus Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    37
    No, I don't agree. I believe you are having a sook over nothing. GET OVER IT :thumb:

    ProSecurity will only need extensions to File/Folder and Registry rules, if you wish them, for example:
    1) I restrict any create/write/delete from %SystemRoot%\System32\* & subfolders, then allow on a case by case basis
    2) I do the same for %ProgramFiles%
    3) I do the same for %APPDATA%

    Also, I recommend using nearly everything in COMMAND LINE SENSITIVE mode.

    Things like RUNDLL32.EXE, CMD.EXE, EXPLORER.EXE, IEXPLORE.EXE, FIREFOX.EXE can have their security increased HUGELY by allowing/disallowing on a command line basis.

    That's one reason I'm not a fan of learning modes, they allow Firefox or Command Prompt to launch, regardless of parameters, leaving a security hole.

    Could have changed, I've stuck with ProSec 1.4 PB2.
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Doesn't matter anymore anyway.

    Take it as you feel necessary because i repect Pete even on his off days and been helped immensely with his expert analysis regarding FD-ISR. So what if he goes out in left field sometimes, i think he already knows i am strongly security-wise and know how to strike just the right balance between applications of this nature.

    I see that even you are avoiding 1.43 ProSec so theres not really any doubt from my experience with it myself.

    EQS is going to have to be the mainstay and it can more then hold it's own.

    EASTER
     
Thread Status:
Not open for further replies.