SpyShelter 5.02

Discussion in 'other anti-malware software' started by Boyfriend, Dec 20, 2010.

Thread Status:
Not open for further replies.
  1. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    SpyShelter has been updated to build 5.02

    Change log
    More info: SpyShelter
    Download: here
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    it sounds good;)
     
  3. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    I just installed the Premium version and it couldn't even start. Got a MS window saying it couldn't run.

    Maybe a conflict with Kaspersky Antivirus 2011 and or Private Firewall.
     
  4. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    @Rilla927: SpyShelter is compatible with Kaspersky Antivirus 2011. On my security setup, I am testing SpyShelter Free and it is working flawlessly until now.
     
  5. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Too many low level drivers in your setup. It happens to all, including Sandboxie!

    Best regards,

    KOR!
     
  6. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Latest update working flawlessly here.

    With v5.0 there was a delay rendering the black/white lists. Seems that that issue is there any more. It was more of an irritation than anything.
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    SS began as an antikeylogger but it has become more & more of a HIPS. The number of hooks that SS now puts into the kernel (19 at last count) is startling, to say the least. Even when the System Protection (HIPS) module of SS is disabled, all those hooks remain.

    Other HIPS (D+, Malware Defender, Online Armor, etc) are stronger than SS in the HIPS department (IMO) but they do not use nearly so many hooks to do the job.
     
    Last edited: Dec 21, 2010
  8. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Dear Bellgamin,

    Very true!

    I am a paid customer and have a lifetime license. Right now SS doesn't work with my setup. So, I have uninstalled it. Hoping that in future, they will get their act together and I can start reusing the software.

    Best regards,

    KOR!

    Merry Christmas and Happy New Year!
     
  9. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    maybe that's why my computer was coughing up hairballs the last time i tried it. ;)
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Does SS offer anything that Comodo D+ or Online Armor Premium does not other an anti sound recording?
     
  11. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    I think you hit it on the head. I forgot about Sandboxie, I do have it also.

    I even disabled the HIPS in Private Firewall and it still didn't work.
     
  12. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Wow, that's crazy!! No wonder it didn't work.

    PF has thrown me a curve ball here since it can't be used in more than one account at a time. I wanted to go back to SRP, SuRun and I can't do that so I thought I could balance it out with SS. Keyloggers worry me the most out of anything.

    So I'm giving DW a trial.
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Prevx Safe Online gives excellent anti-keylogger protection while you are online. So also does DW -- IF it is compatible with your OS.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    IMO the best route for the proponents of SS would be to make the System Protection (HIPS) component into a truly optional component, that could be selected or NON-selected by the user at installation of SS. By "truly optional" I mean that, if the user elected NOT to install the System Protection component, then SS would not install all of those HIPS-related hooks.
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Bill,

    I know you are on XP and have a lisence of Look and stop and Spyshelter premium. So you are without the excellent Vista/Windows internal Firewall or UAC protection.

    Maybe this combo makes you happy on your XP rig
    - install LNS, download the extra rules when you use wireless
    - install Spyshelter premium (for all users Rilla !)

    Now put all your internet facing software running as restricted (in Spyshelter) when you are faced with a write excepton put in the allowed list. Just set Spyshelter in the high auto allow security mode with all security on.

    Do some intrusion tests and you are bound to get a smile on your face. You have old OA like protection at a fraction of the CPU overhead (despite all hooks :)

    Happy holidays
     
  15. biscuits

    biscuits Registered Member

    Joined:
    Feb 16, 2010
    Posts:
    111
    Is this version compatible with F-Secure AV 2011 (latest build)?
     
  16. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    It is compatible with everything. But if you have too many low (kernel) level drivers installed and even they are disabled they still load during boot up. So something might not work.

    Give it a try, it is one of the best!

    Best regards,

    KOR!
     
  17. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    not on my machine.
    it made the computer so unstable i had to restore an image to get rid of Spyshelter.
     
    Last edited: Jan 1, 2011
  18. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    Mine won't run nicely with winpatrol when reg protection is on. (Btw thx kees for the long and nice and yummy registry protection list, I like it very much)
    But it work just fine with KIS, sandboxie, shadow defender, malwarebytes, hitman pro, avast and avira free av
    My suggestion is to turn off kernel and system protection if you don't need it.
     
    Last edited: Jan 1, 2011
  19. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Hi Blasev,

    You have too many low (kernel) level drives like any member on this. If you had installed SSL earlier and then tried to install another low level programs, SSL will work and that program will not work.

    Kind regards,

    KOR!
     
  20. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    KIS 2011 CF2 makes 13 System Service Dispatch Table (SSDT) hooks and sandboxie makes zero SSDT hook (at least on my system). SS itself makes more than 30 SSDT hooks (31 hooks on my system).
     
  21. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    520
    Hello everyone:)

    After installing SS Free 5.02, my ctrl keys are not functioning in my laptop having vista 32bit. I also have MSE 2.0 and Sandboxie (registered). I have to remove SS to solve this. Does anyone else have this problem?
     
  22. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Did SS Free 5.02 asked a question about known software like xxxx is trying to access keyboard? You probably blocked it (probably explorer) via denying it. Allow it and your whole keyboard will work just fine.
     
  23. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
  24. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Most anti-rootkits will show which programs have set hooks to the SSDT, e.g. GMER

    For a classical HIPS setting a lot of hooks is a way to control events of processes running on your PC.

    Remember Eastern who preferred to have all the SSDT hooks covered twice as a minimum :D

    A classical HIPS tries to cover all intrusions vectors, so setting a lot of hooks is you being guaranteed of a pro-active respons by the HIPS when some anomoly or a potentially abusable change is detected.

    In ancient HIPS days there were more or less two approaches
    1. Covering all the intrusion vectors (classical HIPS)
    2. Reducing the attack surface (partly through OS) preferably by policy restrictions or virtualisation (of which application virtualisation is the riskiest in terms of interfaces to deal with and needing more control over system API's than f.i. disk virtualisation or policy sandboxing)

    The above third party programs were used by people who did not want to use (e.g. LUA) or optimise (e.g. Safe-Admin) the policy and sandboxing mechanisms of the OS itself.

    Lately we have seen some interesting cross overs
    a) Online Armour (a Classical HIPS/FW) providing runsafer option (policy sandbox)
    b) Comodo a classical HIPS now offering a virtualisation sandbox also
    c) Appguard (allways a reduce attack surface approach) now also offering MBR Guard and Memory Guard
    d) Spyshelter (a classical HIPS) now also offering restricted mode.

    After having played with it, I can confirm that Restricted mode really is a configurable (on data access that is not services and processes) restricted token, safer than running limited user.

    For people using UAC on their Vista/Windows7 rig (and for instance use the great internal FW of Vista/Windows 7) my pick for x32 systems would be Spyshelter and on x64 systems would be Appgaurd.

    See pic
     

    Attached Files:

  25. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    It is very simple. You can use anti-rootkit tools like NoVirusThanks Anti-Rootkit (Free), Helios-Lite AntiRootKit, IceSword, Tizer Rootkit Razor, etc. to visualize SSDT table. I personally use NoVirusThanks Anti-Rootkit (Free). Check SSDT tab after installation and it will show you API and module/driver name. You can count/unhook/search them. Remember it is for x86/32-bit systems only and use it with extreme caution. Do not try to unhook until you know what you are doing.
     
Loading...
Thread Status:
Not open for further replies.