Silent death of a behaviour blockers!

There are no prompts. If a rule doesn't exist for an event it is silently blocked.

 

I remember seeing a few blips in avast!'s behavior shield monitor, but I don't know what it was scanning. I think Kaspersky has taken a much better approach in this regard with their proactive defense module. There are clearly labeled rules so that you know what is being monitored. If something is triggered, you can select the action to take. All the time I was running avast!, nothing triggered an alert, so I'm not sure how they handle a detection. Emsisoft AntiMalware is similar to KAV, but it conflicts with MD on my system so I never got to really give it a workout.

 

I still receive responses worth noting from EQS, so this theory or suggestion that BB's are dust, you could even turn to Mamutu/ThreatFire to see they still perform and protect.

IMHO, new software, especially pertaining to BB's, never always equates to being better then it's predeccessor forerunners.

I use Trust-No-Exe, and old security app, and that single old relic alone is equipped with an impregnatable shield that protects as well as anything new or latest if not in some ways better.

It would be wise to subscribe to the age old notion that Hero's come and go and are forgotten but Legend's never die!!!

 

@ Easter

Good to see you posting more frequently

I'd forgotten about Trust-No-Exe Thanks for reminding me, and others I saved it somewhere several years ago, but never got round to installing it as i was using other apps Forgotten Legend indeed I have noticed over the years it does get updated from time to time so i presume it's still an active app ?

Would you say it's as good as some other AE's ?

 

Yep is a process execution filter simular to AE3 and AppLocker, in the sense it does not check on extentios, it really monitors code execution It works only on XP though.

 

Kees1958 is quite right. At the present stage of matters Trust-No-Exe is welded to XP untill and or unless it's maker decides to adjust it's internals to meld with Windows 7 and beyond.

However, it is as rock solid as they come when it's white and black lists are properly configured and i have hit it with every single rootkit, mbr, etc. while in blacklist, this app REMAINS SOLIDLY SAFE as wel as firm as a nuclear pile!

I love old developer's works of masterful time honored art, some stand the test of time even in today's 21st Century myriad of aggressive virus makers and whatever.

I said a long time ago and bares repeating again, newer simply doesn't mean better, but as everyone can see, newer has far more issues and failures then some protections they would much rather dismiss & regard as old relics instead of revisiting those programs and picking up some useful and, uh huh, profitable pointers if their ego would let them.

Never be deceived, the proof is right before our very eyes when it's present.

EASTER

 

and with Trust No Exe how do plug the security hole of preventing new executables from being copied to a white list folder location?

 

@ Kees1958 & EASTER

Thanks for the replies, i might just try it

 

I have been using Mamutu for just about 1 day now. And already its told be a few things about the behaviour of some of my applications that I didn't know before. I have managed to block the behaviour I don't want with it. I am using it with KIS2011 and prevx.

 

why are these blockers becoming less?

 

Its not just the non-geeks who would like to keep it simple; I come from a linux background, have reasonable technical expertise; but the popup messages gets annoying "process x is trying to modify a system process" (in online armor ) kinda messages. To fully understand these messages, I would need to know the wndows architecture. While that is fine for curiosity's sake, it can get annoying after a while.

My viewpoint (again coming from a linux background) is that security at its core should be very simple. Set some rules at the beggining, and keep system updated. That is all that should be required. While there are a lot of security software for realtime monitoring, this monitoring approach seems inelegant to me.

For me, the elegant solution is to configure SRP, use LUA, close down user startup folders, and use sandboxing for online browsing in LUA. When installing a new program, scan it with MBAM and a couple other on-demand scanners. This approach shuts down basically ALL malware. The only exception might be 0-day kernel vulnerabilities where LUA processes can get root privileges.