Spyshelter 4.5 releases

Spyshelter 4.5

Spyshelter update dated 29 Jul 2010 to version 4.5. Change log...

- Added new feature (Restricted mode for 32 bit systems)
- Fixed bug which with occasional exception on alert
- Security updates
- Small language corrections and other bug fixes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE: SS's new "Restricted mode" sounds something like OnlineArmor's "Run Safer" or "Drop My Rights". I'm not sure if I fully understand its potential. If you have comments or clarifications about this new mode please post them.

 

Re: Spyshelter 4.5

Thanks fo info about update bellgamin

This new new feature - Restricted mode -looks promising

 

Re: Spyshelter 4.5

I rather enjoyed this Q&A from the SpyShelter FAQs...

Can I install SpyShelter on more than one computer?
Yes. You can purchase a SpyShelter license for each physical computer that you have.

 

Re: Spyshelter 4.5

is this protected mode for the free version also?

 

Re: Spyshelter 4.5

@ Page42

Classic

 

Re: Spyshelter 4.5

I thought so too.

 

Re: Spyshelter 4.5

Yes.

Aditional info:

 

Re: Spyshelter 4.5

Thanks Majomo

 

Re: Spyshelter 4.5

I suggest caution in using restricted mode. I put Firefox into that mode. When I later tried to restart FF, it rebooted my computer. Then Prevx disappeared & I had to reinstall it. Then I again tried to use FF & my computer again rebooted. So I restored a recent image (made prior to installing SS 4.5) & now all is okay.

It might have been the result of a tug of war between Prevx (which is set to to activate Safe Online every time I start FF) or the fact that I use Runit (a launcher) to start FF. In any event, BEWARE!. Something could be amiss..

 

Re: Spyshelter 4.5

i have my browser,media player and messenger in protected mode and so far so good

 

Re: Spyshelter 4.5

Good! Have you tried closing your browser then restarting it?

 

Re: Spyshelter 4.5

yes i did maybe i am lucky here

 

Re: Spyshelter 4.5

If you simply put firefox into Restricted mode, then it would run without any problem.

But if you put firefox inside SandboxIE then it would not run/open...SpyShelter blocked all the modules/process of Sandbox because it was hooking firefox. Here are the screen-shots ... All the screen-shots were arranged sequence wise ...

 

Re: Spyshelter 4.5

Anyone knows whether restricted mode is simular to restricted user (1 tad more restrictive than limited user in XP)?

 

Re: Spyshelter 4.5

I have the same problem with Firefox/PrevX SafeOnline and this new function of Spyshelter. I can start Firefox but when i want to go to the forums from Bethesda for instance then Firefox locks up. So at the moment this new function is not for me.

But i did not have the reboot problem and neither did i have to re-install PrevX Safeonline. It was enough for me to remove Firefox.exe from the restricted list.

 

Re: Spyshelter 4.5

the only problem i found was that SS slowed down my browsing speed when IE is restricted and i didnt like it,but the idea is great like if you have defensewall or OA or even sandboxie lowering rights

 

Re: Spyshelter 4.5

Come to think of it I had a triple whammy on Firefox: (1) I had it set as Run Safer under Online Armor, (2) I had it set as Restricted under SpyShelter, and (3) I had it set to Safe Online under Prevx.

No bloody wonder their hooks got ensnarled with each other!

Now I am wondering & wondering & wondering...

WHAT is the difference (if any) between Online Armor's Run Safer -- and - SpyShelter's Restricted?

Does anybody here have a theory?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Information I have gleaned from SS folks (paraphrased so as to avoid direct quotes) . . .

 

Re: Spyshelter 4.5

Educated guess

From what Spyshelter allready performs system wide:

a) blooking hook setting
b) blocking memory/process modification
c) blocking access to autostart entries (the few Spyshelter protects)

Plus policy management:

d) running in a medium righs = limited user container:


Some remarks
Whenever protection is extended you reach a point in which auto-allowing signed applications makes the defense weak (for instance IE8 is signed, but it is vulnarable to attacks itself because IE runs external code through active X, Java and Javascript etc). The guys from Spyshelter are expaning their Anti_keylogger to HIPS. They now seem to make the shift to extending SpyShelter to a general purpose anti-keylogger and targeted enhanced protection (like Appguard does for instance). WHich is smart because it is a good approach to make the program relatively silent.

1. Impose strong hook monitoring on all programs, allowing signed programs (in general or only from Micorsoft), so deselect all other options of SpyShelter.

2. Provide extra border security at threatgates (in general internet facing programs), in restricted mode they can put their autorun, process/memory protection in combo with policy management. This is not the same but simular to for instance AppGuard, hence the option to exclude protection of certain folders (giving write access to the monitored application).

For members running Vista/Windows UAC and plain FireFox with no extra security except noscript/ad-block this might be a good one (remember allways make an image backup before trying Versions ONE features on security or at least set a restore point).

 

Re: Spyshelter 4.5

LoL i guess not.

But i was wondering about something myself. I used EMET on Firefox, could the changes made by EMET cause problems to for this restricted function of Spyshelter i wonder.

 

Re: Spyshelter 4.5

Rogue Security Tool.

Deny/remember at both prompts and.....

 

Re: Spyshelter 4.5

LOL

 

Re: Spyshelter 4.5

Mhh seems that SpyShelter has the same issue as old WinPooch had. Registry entries can be changed in several ways, Pooch only covered hooks which directly changed the registry.

Companies should value power users as Franklin, debuggging their software for free

 

Re: Spyshelter 4.5

Thanks for this excellent post!

PLEASE test Zemana Antilogger.exe against this same rogue.

 

Re: Spyshelter 4.5

i tried winpatrol plus and winpatrol did his job very nicely againts the security tool rouge

 

Re: Spyshelter 4.5

For reminder SpyShelter is a Anti-logger not Anti-virus application
On screens it blocks Security Tool form changing the registry value but not form executing