SocketShield / protection against zero-day exploits

Discussion in 'other anti-malware software' started by Smokey, Apr 29, 2006.

Thread Status:
Not open for further replies.
  1. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Have read this morning at the XPL Labs website:

    "Zero-day exploits are traded online for financial reward. International cyber-gangs cruise the web, constantly on the lookout for software vulnerabilities to exploit. Actively seeking to make money by defrauding computer users, these gangs lurk behind the scenes on legitimate websites and use drive-by download techniques to deliver their poisonous payloads – without your knowledge or permission.

    Software vulnerabilities are a fact of life. What's needed is a way to prevent the bad guys from exploiting the risk window — the time between discovery and patching of a vulnerability. This risk window is getting wider as the criminals get smarter — zero-day exploits can be in circulation within minutes of a vulnerability being announced, while software companies take an average of two months to distribute a fully-tested patch.

    SocketShield stops exploits from getting on to computers during the risk window. Easy to use, it protects vulnerable systems against drive-by-downloads and other web-based zero-day exploits. Developed by the people behind PestPatrol and ZoneAlarm, SocketShield delivers the first truly effective protection against zero-day exploits."

    (XPL Exploit Prevention Labs is a new company, founded by Thompson and Bob Bales, two former executives at PestPatrol).

    Sound good, but will SocketShield do what XPL is promising us?

    What is your opinion?
     
  2. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    No opinion yet ;)
    But have a screenshot.
    Low in mem, no cpu.

    Gerard
     

    Attached Files:

    • xpl.gif
      xpl.gif
      File size:
      56.6 KB
      Views:
      1,511
  3. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Thanks for the screenshot, but i already have seen it on XPL's website itself:)

    Anyway, for the other thread readers is the posted screenshot okay, at least they get a (very small) impression i'm talking about;)
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    But what it actually does and how it works? Will be interesting if some body can do some testing over it!
     
  5. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    I have tried to install the stuff today.

    Lot of conflicts with my ATI-drivers, and was conflicting too with some other drivers.

    At the moment my DSL connection was demolated, i've stopped to try the install.

    IMO a pity, because i think the program has a lot of potential.
    What i understand, it's the very first beta version, i guess that's the reason for all the problems (problems on my machine, for sure other people haven't any problems at all).
     
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    So far it's playing well with others and doesn't run with scissors :D Doing remarkably well here so far.

    It installs a bunch of LSP's, likely something happened. Perhaps something else that uses LSP's that doesn't like being disturbed? You could probably use something like LSPFix, or another tool that resets the LSP chain, to get it working. I'd definitely let them know, though.
     
  7. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    ATI here as well and a 6Mb dsl connection, no issues yet but also dunno what this app is protecting me from.
    Done some settings regarding ewido 4 pikes my system runs now on 94% idle and low RAM.
    Well, I try everything on this box.

    Gerard
     
  8. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    :blink: :mad: :rolleyes: :)

    Yep, i know.
    I have played the whole afternoon with it, have tried to find the real cause, eliminated some other potential trouble-makers, but no positive results at all.
    At that specific terrain i'm for sure not a dumbo, i know a lot about the subject, but after 6 hours of experimenting i have surrended myself:rolleyes:
     
  9. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    It seems to be a filter, along the lines of Proxomitron with Kye-U's filters, but it filters all traffic and blocks by website as well. Check out the "Settings" tab, it makes a little more sense of it.

    Strange, no probs w/ Ewido v4 here..

    Hehe, welcome to the club :D

    Just thought I'd throw that out there, one never knows where someone else is at.. especially when you're not dealing with them in person :) If you contact them, will you let us know how responsive they are?
     
  10. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    I know, your intentions are (like always) okay and highly appreciated:)

    I will wait 'till the second beta is there, will start then the fuss again and when the program is messed up again my machine i will contact them.
    Because Gerardwil has no ATI driver issues like i have, IMO i better wait on the second beta.
    I keep you informed:D

    Other SocketShield issue: they will release in June the final version.
    Sound weird to me, this actual beta is the first one, how will they fix all the bugs in the program in such a short time?
    Not a very reliable sign to me....:cool:

    But maybe i'm to pessimistic:rolleyes:
     
  11. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Some have them some don't o_O
    It's ok here now after checking with filemon (sysinternals) and ignoring some dll's, ewido now max. 0.49% cpu. I am sure the guys in Erlangen will solve this issue sooner or later.
    I'll see in a week when I am back home, tomorrow morning airplane to Scotland for a week hiking and taste some whisky's. (hmm take my laptop with me o_O)
    Sorry mods for being off topic here :thumb:

    Gerard
     
  12. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Like the ATI drivers issue...o_O
     
  13. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    Have those drivers too. :doubt:
    Installing that app freezed Spy Sweeper from loading too at startup.
    As for Ewido 4 the guard was de-activated.

    Tried to uninstall it, but something wrong with that uninstaller or else
    some other app interfering with it. It really didn't work. :'(

    Rebooted and restored my image from yesterday, so I was back up and
    running in 15 minutes. :D

    It shows promise, but they really need to iron out those bugs.
    Like to try out new apps/betas, but no this one at present. :p
     
  14. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    You lucky one!:D

    Only 1 image restore?

    I have restored 3 times:blink:
    And now it's enough, they have to do a lot of work to fix all the problems.

    See my remarks about the presumed release date of the final version...:cool:
     
  15. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    Yikes, that's a lot. :doubt:
    They sure need fix all those problems prior to release.
    Already read it, but that means rushing it out of the door, which isn't a good sign.
    Or perhaps they have super programmers. :rolleyes:
     
  16. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    intersting software and its light on resources. meanwhile, time will tell if it does anything.
     
  17. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Geez, this is crazy.. normally I'm the one with all the issues, but I've got a few betas on this machine now, and not a single problem! SocketShield is working perfectly for me.. :(
     
    Last edited: Apr 30, 2006
  18. mannagills

    mannagills Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    37
    Location:
    Michigan
    Just installed SocketShield. First reboot took a long time. Got a NOD32 message that IMON settings had been changed. Second reboot was normal. So far, no conflicts and low on resources.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    So basically this isn´t a HIPS but nothing more than a bad URL blocker, sort of like a supercharged SiteAdvisor? Personally I don´t really like this approach plus what if they don´t recognize a malicious website, will you still be protected by this tool then? o_O
     
  20. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    No, it filters out specific exploits from your internet traffic, just like Proxomitron with Kye-U's filters except that it automatically filters all traffic.
     
  21. controler

    controler Guest

    Hello

    I have not tried it yet but this link explains how this program works.

    For unknown exploits, it gathers the evidence from your computer and sens it back to the correlation engine to then distribute the patch back to other users, where it actualy closes that socket the exploit is on.
    They combine this with their Reputation Filter.

    http://www.explabs.com/ss/index.html

    Requires a Pentium 1.2 gig or higher. This tells me it would be a resource hog wouldn't it?
    Dang I don't have anything that fast.


    controler
     
  22. controler

    controler Guest

  23. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    my experiences are the same as the others noted in this thread.. :)
    (screenshot below from Process Explorer.. for those not familiar with it, "working set" is physical memory usage, "private bytes" is virtual memory usage)
     

    Attached Files:

  24. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Of course it uses CPU. Given that it uses drivers, the CPU used by SocketShield will not be charged to the process associated with its interface.
     
  25. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    This program will remain free?
     
Loading...
Thread Status:
Not open for further replies.