Protection against Malware without bases: Viguard

Discussion in 'other anti-virus software' started by Mack Jones, Sep 4, 2005.

Thread Status:
Not open for further replies.
  1. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    Gents,
    I recent bought this tool what works only with rules and without any viral bases.
    That's Viguard.
    What you have to do ?
    When an alert appears (exe mods, active X or executable dl, etc...), simply accept or deny the action what generated this alert.
    I'm testing this tool on my machine and I have to say to works flawlessly.
    The only issue I know is how to interpret alerts...for confirmed/expert users only ;)

    http://nick.vallet.free.fr/1.png

    http://nick.vallet.free.fr/2.png

    http://nick.vallet.free.fr/3.png



    Sincerely,
    M.J.
     
  2. FatalChaos

    FatalChaos Registered Member

    Joined:
    Aug 6, 2005
    Posts:
    98
    have u tried testing this against real virsues/malware yet?
     
  3. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    Yes against some.
    And after double clicking, Viguard alerts me several times (run key alert, exe mods, new server connection, etc...).
    But it's not enought tested for sure ! :rolleyes:
     
    Last edited: Sep 4, 2005
  4. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    Looks like a nice application firewall.

    The problem is, these are so plentiful in their warnings, they overwhelm all but the most hardcore of users. I know I get tired of them within minutes after installing them.

    But they are sure nice when you want a lockdown.

    Remember, Safe'n'Sec also offers a total lockdown mode as an option, similar to this.
     
  5. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  6. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    There is a link to a Viguard's test and review on this thread:
    https://www.wilderssecurity.com/showthread.php?t=90583

    Viguard is less expensive now (79 E/$ for the Pro version and 49 E/$ for the home version).
    During my tests, i've pointed a weakness against API hooking and kernel driver installation (rootkits): Eyal Dotan, the programer will improve his product by an update.

    Once configured (as said Mark Jones, requires to be quite experienced, specifically about malware's behavior), it's certainly one the most effective Personal HIPS product.

    Regarding Principal Antivirus: very bad value for money.

    Regards
     
  7. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    kareldjag


    Weren't Viguard that french AV company which sued someone because he disclosed some weaknesses in their program? :)
     
  8. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    Awesome link :eek:

    Thank you so muck my friend !
     
  9. jay_

    jay_ Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    1
    Location:
    Paris, France
    Thanks Mack for this nice presentation.

    FYI, we are going to improve the security a bit more, with some more advanced anti-rootkit stuff, and the integration of a personal firewall.

    Regards,

    Jay
    ViGUARD dev team
     
  10. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    No Jay, thank you for developing such a wonderful tool, really.
    And thank you Kareldjag for all you tests.
    I onw both NOD32 and Viguard licences, and if NOD32 is really stunning as a traditional AV, Viguard amazes me and impress me a lot more due to its flexibility and the comprehensive way it detects and stops malwares.
    Simply Intelligency and beauty, a way to interact and understand how it works.
     
  11. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    *Don Pelotas,

    Tegam does not exist anymore: SOFTED is the publisher now.
    Your post is in relation to the old Tegam Vs Guillermito polemic.
    Well...this guy (Guillermito) has used a warez version for his testing.
    Then as a tester, i don't approve this methodology without deontology.
    In the past there was not evaluation version (as he said to me by an e-mail), but it 's simple to send an e-mail to the publisher for a cooperation (that was my strategy for Viguard and ProcessGuard).

    As usual, "there's no smoke without fire".
    Personally, i don't take into consideration these kinds of polemics to choose or not a product: the effectiveness and the good value for money are my first criteria.

    I've heard that a well known AV publisher has some relations with virus writers;
    i've heard that another well known AV publisher is suspected to be in relation with the Scientology ETC...
    Is it a reason to practise a "boyicot" against theses campanies?
    Each consumer his criteria...isn't it?

    *The question "Is Viguard really an Antivirus" is more interesting for me.
    An AV is based on a malware signatures database and it's not the case of Viguard.
    Then i'm wonder why this product is considered as an AV in France and reviewed as an IPS in USA: http://www.softpedia.com/get/Antivirus/ViGUARD.shtml

    Regards
     
  12. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Thanks Mack Jones, for your screencaptures: this AV seems outstanding :eek: ( looking about it for few weeks, in fact :D ), and I'm about to try it soon.

    Jay, I hope the firewall feature will be optionnal during the set-up, because Avs with integrated firewall are tricky when you already have a FW - did try Outpost pro along with Panda titatium av, and that was a pain in the ass because of the firewall included in Panda av ( sygate, apparently ) :doubt: - as it was trial releases, I didn't see if Panda does allow to deselect its FW during installation, but it should be.

    ... and I hope Viguard can run along with Process Guard !! doesn't seem evident, as they are both running in comparable ways o_O .

    Kareldjag: very interresting reviews in your first link!!! :eek: thanks !

    Regards,
     
    Last edited: Sep 6, 2005
  13. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    France i guess believes in a signatureless AV; however based on the functions and behavior of viguard, we instead categorize it as an HIPS.
     
  14. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    Viguard works flawlessly with Look'n'stop on my machine. The same for PG if I'm right. Simply uninstall any on-access AV scanner.
    But Jay will answer you better than I do ! ;)
     
  15. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    is that rele necessary, cant u disable individual function in it? isnt it an HIPS?
     
  16. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    You can disable some features in Nettrap, watch that pic below to see what you need or not, but I don't recommend to do that.
    It's complementary to a good FW, since a FW blocks ports and can be tuned with app and filtering rules.
    Viguard+LnS do a perfect job to me.

    http://nick.vallet.free.fr/3.png
     
    Last edited: Sep 6, 2005
  17. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    kareldjag, i was neither for or against, my memory was just a little fuzzy. Thanks for the info. ;) :)
     
  18. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    heh, hope you're right, Mack Jones, but that's not as evident as it can look: will try it anyway, but the fact that both programs do have quite similar features might provoke conflicts; that's not as when you run Process Guard with a "classical" antivirus, what was working fine for me with Norton, before. ( I know PG and Prevx can run together without problems, but they do a close but different job ). Seems Viguard, PG and Prevx are all HIPS progs.

    And I was caring about that announced firewall feature in Viguard, because I will use Outpost pro, and believe me, this one doesn't stand another program doing the same, unlike some other firewalls - never tried Look'n'stop, so I don't know its behaviour in such cases.

    Well, will make the try soon, and repport if problems between Viguard and PG happen - crossed fingers :D ( please,not the blue screen !!! :D )

    BTW: isn't Viguard included somehow in some hardware security from Cisco ? o_O
     
  19. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    How is Viguard performing? I am interested to see what your thoughts are on Viguard.
     
Loading...
Thread Status:
Not open for further replies.