Discussion in 'other anti-malware software' started by Boyfriend, Dec 20, 2010.
SpyShelter has been updated to build 5.02
More info: SpyShelter
it sounds good
I just installed the Premium version and it couldn't even start. Got a MS window saying it couldn't run.
Maybe a conflict with Kaspersky Antivirus 2011 and or Private Firewall.
@Rilla927: SpyShelter is compatible with Kaspersky Antivirus 2011. On my security setup, I am testing SpyShelter Free and it is working flawlessly until now.
Too many low level drivers in your setup. It happens to all, including Sandboxie!
Latest update working flawlessly here.
With v5.0 there was a delay rendering the black/white lists. Seems that that issue is there any more. It was more of an irritation than anything.
SS began as an antikeylogger but it has become more & more of a HIPS. The number of hooks that SS now puts into the kernel (19 at last count) is startling, to say the least. Even when the System Protection (HIPS) module of SS is disabled, all those hooks remain.
Other HIPS (D+, Malware Defender, Online Armor, etc) are stronger than SS in the HIPS department (IMO) but they do not use nearly so many hooks to do the job.
I am a paid customer and have a lifetime license. Right now SS doesn't work with my setup. So, I have uninstalled it. Hoping that in future, they will get their act together and I can start reusing the software.
Merry Christmas and Happy New Year!
maybe that's why my computer was coughing up hairballs the last time i tried it.
Does SS offer anything that Comodo D+ or Online Armor Premium does not other an anti sound recording?
I think you hit it on the head. I forgot about Sandboxie, I do have it also.
I even disabled the HIPS in Private Firewall and it still didn't work.
Wow, that's crazy!! No wonder it didn't work.
PF has thrown me a curve ball here since it can't be used in more than one account at a time. I wanted to go back to SRP, SuRun and I can't do that so I thought I could balance it out with SS. Keyloggers worry me the most out of anything.
So I'm giving DW a trial.
Prevx Safe Online gives excellent anti-keylogger protection while you are online. So also does DW -- IF it is compatible with your OS.
IMO the best route for the proponents of SS would be to make the System Protection (HIPS) component into a truly optional component, that could be selected or NON-selected by the user at installation of SS. By "truly optional" I mean that, if the user elected NOT to install the System Protection component, then SS would not install all of those HIPS-related hooks.
I know you are on XP and have a lisence of Look and stop and Spyshelter premium. So you are without the excellent Vista/Windows internal Firewall or UAC protection.
Maybe this combo makes you happy on your XP rig
- install LNS, download the extra rules when you use wireless
- install Spyshelter premium (for all users Rilla !)
Now put all your internet facing software running as restricted (in Spyshelter) when you are faced with a write excepton put in the allowed list. Just set Spyshelter in the high auto allow security mode with all security on.
Do some intrusion tests and you are bound to get a smile on your face. You have old OA like protection at a fraction of the CPU overhead (despite all hooks
Is this version compatible with F-Secure AV 2011 (latest build)?
It is compatible with everything. But if you have too many low (kernel) level drivers installed and even they are disabled they still load during boot up. So something might not work.
Give it a try, it is one of the best!
not on my machine.
it made the computer so unstable i had to restore an image to get rid of Spyshelter.
Mine won't run nicely with winpatrol when reg protection is on. (Btw thx kees for the long and nice and yummy registry protection list, I like it very much)
But it work just fine with KIS, sandboxie, shadow defender, malwarebytes, hitman pro, avast and avira free av
My suggestion is to turn off kernel and system protection if you don't need it.
You have too many low (kernel) level drives like any member on this. If you had installed SSL earlier and then tried to install another low level programs, SSL will work and that program will not work.
KIS 2011 CF2 makes 13 System Service Dispatch Table (SSDT) hooks and sandboxie makes zero SSDT hook (at least on my system). SS itself makes more than 30 SSDT hooks (31 hooks on my system).
After installing SS Free 5.02, my ctrl keys are not functioning in my laptop having vista 32bit. I also have MSE 2.0 and Sandboxie (registered). I have to remove SS to solve this. Does anyone else have this problem?
Did SS Free 5.02 asked a question about known software like xxxx is trying to access keyboard? You probably blocked it (probably explorer) via denying it. Allow it and your whole keyboard will work just fine.
please teach this noob (me ) how to see hooks?
i've tried this : https://zairon.wordpress.com/2007/03/20/tool-system-service-descriptor-table-revealer/
but it wont work
Most anti-rootkits will show which programs have set hooks to the SSDT, e.g. GMER
For a classical HIPS setting a lot of hooks is a way to control events of processes running on your PC.
Remember Eastern who preferred to have all the SSDT hooks covered twice as a minimum
A classical HIPS tries to cover all intrusions vectors, so setting a lot of hooks is you being guaranteed of a pro-active respons by the HIPS when some anomoly or a potentially abusable change is detected.
In ancient HIPS days there were more or less two approaches
1. Covering all the intrusion vectors (classical HIPS)
2. Reducing the attack surface (partly through OS) preferably by policy restrictions or virtualisation (of which application virtualisation is the riskiest in terms of interfaces to deal with and needing more control over system API's than f.i. disk virtualisation or policy sandboxing)
The above third party programs were used by people who did not want to use (e.g. LUA) or optimise (e.g. Safe-Admin) the policy and sandboxing mechanisms of the OS itself.
Lately we have seen some interesting cross overs
a) Online Armour (a Classical HIPS/FW) providing runsafer option (policy sandbox)
b) Comodo a classical HIPS now offering a virtualisation sandbox also
c) Appguard (allways a reduce attack surface approach) now also offering MBR Guard and Memory Guard
d) Spyshelter (a classical HIPS) now also offering restricted mode.
After having played with it, I can confirm that Restricted mode really is a configurable (on data access that is not services and processes) restricted token, safer than running limited user.
For people using UAC on their Vista/Windows7 rig (and for instance use the great internal FW of Vista/Windows 7) my pick for x32 systems would be Spyshelter and on x64 systems would be Appgaurd.
It is very simple. You can use anti-rootkit tools like NoVirusThanks Anti-Rootkit (Free), Helios-Lite AntiRootKit, IceSword, Tizer Rootkit Razor, etc. to visualize SSDT table. I personally use NoVirusThanks Anti-Rootkit (Free). Check SSDT tab after installation and it will show you API and module/driver name. You can count/unhook/search them. Remember it is for x86/32-bit systems only and use it with extreme caution. Do not try to unhook until you know what you are doing.
Separate names with a comma.