Spyberus

Discussion in 'other anti-malware software' started by Zero3K, Apr 25, 2008.

Thread Status:
Not open for further replies.
  1. Zero3K

    Zero3K Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    340
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Average users, watch out this is a beta version.
     
  3. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    I remember using a program from this company a while ago and it liked to crash my system alot. XPproS2 no other security programs at that time. :doubt:
     
  4. Zero3K

    Zero3K Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    340
    Well, if was this program, the bug you had was probably fixed in the new version.
     
  5. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Played with it earlier and i never reached my desktop

    Regards,

    MaB
     
  6. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Being an idiot and a whore of software I tried this program a few minutes ago. No BSoD but system became very sluggish/nonresponsive. Uninstalled quickly. I feel this program is not quite ready for primetime. A lot more development is needed.

    Later...
     
    Last edited: Apr 25, 2008
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Spyberus can be looked upon as a system modification management tool.

    Microsofts Steady state freezes the system
    Altris lest you management versions, free version has limited options
    Spyberus is a sort of enhanced Altriss roll back management

    Problem Altris was intended for testing software, suectity enthousiasts discovered how to use it as a more flexibel steady state, spyberus builded on this idea.

    Problem is that you have to cover the complete attack surface and match teh changes against the triggers. This is quiet difficult to achieve. complexity reduces solidness of software. DefenseWall has a rollback option but leaves it to the power user (and therefore evades the problem of accurate matching).

    Note: tried and hung my system, had to roll back



    I like the idea, but I have doubts on the complexity to implement it as a solid security mechanisme. Simpler implementations (either no yes or no when allowing changes) like steady state or Returnil, PowerShadow are more likely to proove a solid defense.

    So basic idea is great, solid implementation trouble some. I would not hesitate to buy such a program when it was fool and error proof.

    Regards Kees
     

    Attached Files:

    Last edited: Apr 25, 2008
  8. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    The newest version runs very smooth on my XP SP3. I am looking forward to a final release of this. It works great :D
     
  9. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    Is it free? What is it exactly?
     
  10. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    It appears to be a zero day threat preventer.

    http://www.net-security.org/secworld.php?id=5081

    Since it is a beta, I would think it would be free. No mention about a price from what I could tell.

    http://www.robotgenius.net/technology/spyberus.jsp
     
  11. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I decided to give it another try (on the home PC on which the first version gave no problems). It can be best explained as a combo of Altris and a limited classical HIPS.

    It give you a real time warning when systems changes (e.g. drivers are installed/loaded) occur (like a clasical HIPS), the nice thing is that you can decide to uninstall the package plus clutter afterwards (like Altris). It works real well for regular programs or regular programs which have spyware attached. I still have to try it against serious malware.

    Running it together with Avira (write only) and DefenseWall. Because DW takes the first load of **** trying to enter my PC it will not be tested much in regular use.

    Regards Kees
     
  13. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I basically use it for reliable software uninstallations. I am looking forward to Robot Genius releasing a final and getting their first real rounds of feedback and suggestions.

    I am glad to see they are more routinely releasing new versions.
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i gave the tool bar a try and is very good at detecting pages that contain malware or hacking tools,is very good in my own opinion better than siteadviser.i went googling for some infected pages with malware and always alerted me with a red pop up explaining how manny malwares those pages contain and also the names of the malwares,etc.etc.:thumb:
     
  15. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    U mean RGcrawler right? Its a linkscanner n if you say its good ima certaintly try it
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    RgRuard is the exact name and i believe that RGcrawler is in it(data base)is so far the best security tool bar if i can call it like that is the best ever,better than site adviser and link scaner.
    note:base on my own experience and opinion:thumb: :thumb:
     
  17. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    611
    Location:
    Melbourne, Australia
    I tried it and found it confusing.

    Google download.com and RGguard gives it a Green OK rating but when you click on the Green icon next to a Google search it states a lot of programmes on the site are Red Bad.

    So, if you are thinking about installing a programme from a Green OK portal you then need to manually check the programme is not Red Bad by seeing whether it's name is listed.

    If this were automatic that would be great but who is going to trawl through pages of Red Bad programmes to see whether the programme is listed?

    Ian
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Until so far it notifies on global hooks, driver loading/installation, does not on programs acquiring admin rights or going into debug mode.
     
  19. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
  20. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Yer it wouldnt install for me at first try either. I then noticed avg av had left their toolbar in addons after i deinstalled it so i removed that restarted tried again n then it installed np.
     
  21. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    4 RGGuard

    Nothing in addons like that. Just Noscript, ShowIP, and User Agent Switcher.
    Nothing in Themes. Plugins java, ms drm, sf and mp.

    I wanted to give it a go to see how it differs from siteadvisor, which is not installed.
     
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Testing it against malware under XP Pro power user and it is real strong. To use Spyberus without ownership errors (when switching between users) it is best to set the SPyberus directory as allow all in SRP, also the All USers application data directory of Spyberus. It is alo best to give users full access rights to the registry keys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RGProtect
    and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RGSvc

    I found a nice tweak in this registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RGProtect\Parameters
    , you can add extra files to protect (normal file path + name), regsitry keys and values (normal registry name proceeded with \REGISTRY\)

    I have entered all the static registry keys and values of Tony Klein's list out of the HKCU section and added my host file under file protection.

    Cheers Kees
     
  23. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Syntax for registry protection

    \REGISTRY\MACHINE\ = HKLM (HKEY_LOCAL_MACHINE)
    \REGISTRY\USER\ = HKCU (HKEY_CURRENT_USER) --EDIT -- HKU (apologies Master San Rabinovich)
    You can enter * as a wildcard and ? as a character joker
     
    Last edited: Nov 17, 2008
  24. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Wrong. It's HKU.
     
Thread Status:
Not open for further replies.