Executables are available for download, you just need to create a config, it won't do anything without the config.
I'm sorry, but I just don't have the skills, they should have made a working GUI for all of their leak-tests, similar to this: http://www.testmypcsecurity.com/securitytests/all_tests.html#TypesSecurityTests
BTW, I'm currently running Vivaldi sandboxed via SS, just as an experiment. If I'm correct, Vivaldi already has an internal sandbox similar to Chrome's, so I'm not sure if I gain anything. But so far I did get an alert about Vivaldi wanting access to the webcam. The strange thing is that I don't even own one.
OK I see, but this alert only appears when Vivaldi is running restricted, and there is no way to allow this hook.
what provides good protection for hollowing and RMI? EDIT: I assume that if windows script host is disabled, then RMI is blocked?
I understand from the posts here that the whitelisting/anti-exe function of spyshelter works pretty well, and the complaints are mainly about the failings of the HIPS, which is sort of a second level of defense, in case the malware somehow executed anyways, perhaps due to a user mistake. And it does seem to me that Spyshelter premium, which I have set at "medium" level of security, is pretty good at protecting sensitive windows processes. In light of this, would there be any advantage to running secureaplus or voodooshield along with spyshelter, or is that useless?
No, RMI is an advanced code injection method, it hasn't got anything to do with blocking "windows script host" or other processes. So called "process hollowing" can be blocked by monitoring the execution of certain processes like explorer.exe or svchost.exe. If some app launches these type of system processes, there is a big chance it's trying to modify them. But certain HIPS can spot such an attack out of the box. SS can not do this at the moment, at least not according to certain tests that were done by members. BTW, I don't believe RMI is used by a lot of malware, it's more used as a technique to bypass anti-exploit tools. And HMPA is an example of a tool that recognizes "process hollowing", without relying on user decision. Depends on how you look at it. To me the HIPS part is the most important, for anti-exe there are other more user friendly options available, I use EXE Radar. Obviously, nobody will deliberately run malware, but a HIPS/BB might give you a clue that a certain semi-trusted app is perhaps up to no good.
I like your approach. The HIPS gives you a second chance, so it is not game-over as soon as you allow an installer to run.
Yes exactly. AV + AE and common sense is the first line of defense, HIPS is the second line. The problem is that most people don't understand how to interpret most alerts, so that's why it will always be a tool for the advanced user only. But despite all of my "negative comments" about SS, I still think it's worth the money. It's not perfect, and will probably not block all advanced malware techniques, but I think it's good enough. However, a couple of thing should be fixed that would make it more user friendly and a bit more secure.
Like I said, HMPA can detect process hollowing. SS might be able to detect the first stage of RMI with the "open process or thread for modify access" filter. The problem is that it's way too common for this alert to be triggered. But like I said, I don't believe RMI is used a lot by malware.
No you're still misunderstanding. Like I said, it's not related to "vulnerable processes" at all. It's often used during exploit attacks, in order make it more difficult for standard AV's to detect malware that's running in memory. But it can also be used by malware that is launched by the user themselves. It's basically a DLL injection method, but I'm not sure if HIPS are so easily fooled by it. If I remember correctly, member itman tested a certain tool against the ESET HIPS, and it could spot RMI. https://en.wikipedia.org/wiki/DLL_injection
BTW, I would love to see SS being tested against the latest malware and simulators like the ones used by MRG, see link. That would give an indication how strong the protection really is. https://www.mrg-effitas.com/wp-content/uploads/2015/07/Webroot-SecureAnywhere-Versus-Trusteer-Rapport-Comparative-Analysis-2015-Q2.pdf
Hello, SpyShelter version 10.8.5 has been released: Homepage: https://www.spyshelter.com/ Download: https://www.spyshelter.com/download-spyshelter/ Blog: https://www.spyshelter.com/blog/ Changelog: https://www.spyshelter.com/blog/spyshelter-changelog/
Apparently I can't install the update if I want Keyboard Encryption, because Zemana AntiMalware is installed... I've been using these together and found no compatibility issues. I mean I can understand if they blocked installation if Zemana AntiLogger was installed, but not AntiMalware. Also, it ****** me off quite a lot because it doesn't let me override it... *Sigh* Sent e-mail complaining about it, waiting for new update to try again, until then I'm on 10.8.4 Besides that I'm quite disappointed by the fact that SpyShelter and Hyper-V conflict on my system. After the Anniversary Update it seems that if both are installed then I'll get BSOD at start. Went back and forth with support and the summary seems to be 10+Hyper-V+SpS = conflict, issue is in old code which would be risky to experiment with and could take hundreds of hours to fix and could cause new problems... So as I understand it this won't be fixed, unless Microsoft undoes what they did with the Anniversary Update... Pfft fat chance. Is anyone running SpyShelter and Hyper-V on a Windows 10 Anniversary Update machine without any issues? Basically I just want to know if the issue is isolated to my machine (tried re-installing Windows) or if it's affecting all other or perhaps only some other machines. (Be warned that if you have not tried it, and decide to try it by installing Hyper-V, the BSOD may be of such a nature that fixing it may be troublesome, as such I recommend a full-system backup first) Even with the above in mind I'd like to say that I have personally had a really good experience with their support. I also like the program but personally believe it needs some serious work in several areas, for example if your code is old and it would be a hazard changing something there, then perhaps it's time to go through it, understand it and then re-write it.
"New version of SpyShelter is now available. Known issue: Automatic update option in background will not work while upgrading to 10.8.6, so please do manual update by downloading the installer from our Download Page. NOTE: Installer file name for Premium version has changed its name to premiumsetup.exe (previously setup.exe). SpyShelter 10.8.6 introduces an option to enable non-styled table lists. It is for users who prefer performance over visuals. Disabling it speeds up scrolling experience, especially at Rules list. We also updated some translations and added a button on alternative rules view which allows to delete single rule. List styles can be disabled in Settings>General tab. SpyShelter 10.8.6 Changelog (07/Sep/2016) – GUI: Added option to disable lists skinning – Language updates – General small improvements" https://www.spyshelter.com/blog/spyshelter-10-8-6-released/#more-7059
The above issue regarding the installer refusing to install in the presence of Zemana AntiMalware has been fixed with the 10.8.6 release.
I was thinking, it would be cool if SS offered some of the features of GlassWire. I'm not happy with the current "Network Monitor". http://www.pcworld.com/article/2686...ool-tells-all-about-your-network-traffic.html
Sygate, Jetico, Rising...they have similar monitor but for me the coolest was in Online Armor..."was" - unfortunately it's a good word in this case...
@ ichito Yeah, a tool like SSFW should have had a more advanced Network Monitor, with the ability to show all active connections. And that's what I mean when I say there is no true innovation going on. Also, why isn't there a simple process monitor which lets you mark running processes as trusted or restricted, know what I mean? And there still isn't an "auto-block" mode.