SpyShelter 5.20 final released

Try the spyshelter tester tool against OA
http://www.spyshelter.com/download/AntiTest.exe

 

guest


passe all tests

 

Thank you.
I had already tried those tests. But since they are known as goodware "Anti-test" by all the AV vendors on the VirusTotal list, this might be the reason OA doesn't block them.

But I did have something "alien" on a laptop April last year I strongly prefer not to have again. Ever. A nightmare.

I posted on a HijackThis forum, but to no avail. Same on the Avira forum. Here is the description of it on the old OA forum:

"Some Russian guests on my laptop...":
http://support.online-armor.com/showthread.php?t=12735&highlight=Lode

I thought the problem was gone, so I stopped posting about it there. I used system restore, and everything seemed fine. But then it started all over again.
I had a few days before removed all my backups for lack of space, and made a new clone. So I used that one, but it might already have been infected, because my laptop was nearly completely out of my control after a few hours... sometimes it would reboot in safe mode without me tapping the f8 key.

Avira, SAS, and MBAM found a trojan, and I had it removed. But that was obviously not enough. It would take over a minute to open a web page, 2 1/2 minutes to file a document, a minute to get a reaction from my scroll bar. I kept staring at the little hourglass... and once every minute my screen would flash off and on again for a second... as if snapshots were being made.

I ended up having to reformat, and work for days to get it all back to how it was before the craziness began.

So at least for now I am keeping SpyShelter...

 

SS lacks much compared to SS: AV, cloud, heuristics, whitelist, sandbox, firewall, full HIPS
CIS lacks a bit of antikeylogger functions as compared to SS: Networkspy potection, web cam logger, sound logger etc.

 

Okay, thanks for the answer. But since I still need to buy it, referring to having a x64 OS, I will skip SS for now.

 

How does the antinetworkspy work? Does spyshelter needs to connect to internet periodically because I saw spyshelter component in active mode settings tab of Eset?

 

If you want to complete the antilogger capabilities of CIS you can do it with safeonline or even better with trusteer rapport.

And also do this

Make custom Groups ():

\Device\Usb#Vid* in "Defense+ -> Computer Security Policy -> Protected Files and Folders"
\RPC Control\AudioSrv "Defense+ -> Computer Security Policy -> Protected COM Interfaces"

http://www.youtube.com/user/Anarchitektur#p/u/3/D9BPONNYk_g
http://www.youtube.com/watch?v=aLymuyn3tMQ&feature=relmfu

 

I want to try this but no free x64 support for free sucks

 

you can try SS premium, It has 14 day trial version. If you like it, you can buy.

 

Agree with guest, and also it will worth it, since the license is lifetime

 

Out of honesty and fairness to OA, Sandboxie, Avira, SAS, and MBAM I have to confess some mistakes:

First of all I had gotten a warning popup from OA as soon as I tried to run the SpyShelter tester tool, asking me for a decision, meanwhile blocking it. After that OA warning popups kept coming up when I tied to run the the other tester tool modules. But every time I gave permission to be able to run the tests, thinking that OA would block what I was going to do during the tests. This did not happen, and I mistakenly thought OA failed to block my actions performed during the tests.

So OA did not fail. Instead it warned every time a test module tried to install and blocked it. The test keylogger I had given permission to run even showed in OA's Anti-keylogger log.

I like SpyShelter a lot, and trying it out I found that it is very effective in blocking what it does not recognize as legit. So it will protect those of us who don't have OA or other software with HIPS. But to put it on top of OA seems not to be necessary.
...............................................................................................

After refreshing my memory by going back to the Dutch HijackThis forum:

When I had the cracker problem I posted earlier, it looks like I made a mistake. Again...

I had been on a Russian website to read an article in English. Unsandboxed because I had gone to download some Windows updates first, and forgot to activate the sandbox afterwards. So Sandboxie is not to blame.

It was a targeted hacker/cracker attack my machine received -according to the man of the HijackThis forum who attended me and posted info on this particular Russian issue- and OA nearly constantly showed the following IP data on its Firewall Status panel:

Russian Federation:
94.100.189.179:80.....(img.mail.ru)
213.180.204.44:80.....(img.yandex.net)
94.100.178.50:80.......(img.mail.ru)
93.158.134.44:80.......(img.yandex.net)

And SAS found a trojan, but instead of letting it remove it, I allowed it to stay because I wanted to see if MBAM would detect it too. It did.
This was the result:

SAS:
Trojan.Agent/Gen-FraudLoad[Crit]

MBAM:
Downloader.Trojan

To see if Avira would also find it I still did not remove it. Avira did not detect it then, but later I found it had quarantined this 3 days earlier:

HEUR/HTML.Malware suspicious code.

I scanned again with SAS but it did not find it anymore. Nor did MBAM. I guess it hid itself after it was prodded by those two. Probably reason Avira did not find it.

So curiosity got the cat...

I felt out of fairness to OA, Sandboxie, SAS, MBAM, and Avira I had to confess this.

 

Yeah but atm money is tight. I only bought MBAM pro cause of the special offer they had ha ha

 

It's a onetime €24.95 fee for a lifetime SpyShelter license.

I don't need it I feel -having OnlineArmor- but it's a good deal for those without HIPS software.

PS:
Remembering what happened -and OA seemingly not having blocked the attack- I am still wondering whether I should get SpyShelter anyway after all...

 

agree

 

OA's and SS' HIPS seem to tango fine together so far after 3 days of free trial.

Plus every time I go online I see SS' AntiNetworkSpy blocks the setting of hooks of my browser, whether Opera, Firefox, or IE9. I guess it will block malware hooks from cracked or malicious websites as well.

 

I think that the popups that you are reading is telling you that can not set the hook over the browser that means that can not protect your browser for some reason.

Maybe is because you are using PrevxSOL, sandboxie, or other security app or you are running them in restricted mode.

 

Can anyone tel what is antinetworkspy actually? Any POC for it?

Thanks

 

SpyShelter AntiNetworkSpy proactive module prevents dangerous trojans from stealing your private information during important SSL internet transactions. It blocks HTTP/HTTPS logging and also POP,SMTP,FTP and other loggers as well.

 

Thanks but I can,t understand how these loggers will be different from other loggers that capture data from keystrokes, from browsers etc.

Seems just a marketing thing to me.

 

Because they stop malware that hooks Wininet.dll (IE), nsp4.dll (Firefox) (etc) in order to intercept and inject fake forms into your https traffic. Normal anti-keyloggers won't work because they are designed to stop keyboard, clipboard, screenshot logging only.

 

what's the diference?

 

hmm.... very interesting. Thanks

Do you know any POC or real malware names using this technique?

 

http://malwareresearchgroup.com/malware-tests/

http://malwareresearchgroup.com/wp-content/uploads/2009/01/Banking-Report-2011-Final-WM.zip

Take a look to the report.

 

Ah... ok thanks.

 

Thank you.
And here I thought the blocking of hooks was a good sign... not realizing SS uses them for protection...

I am using Sandboxie, but even when surfing unsandboxed just now -to test it- this showed up for example:
"Setting hooks for process firefox.exe (PID=2792) is blocked."

It also happens with Online Armor's and Avira's WebGuards disabled.
I'm also using SAS Pro and Immunet free, MBAM free, Hitman Pro free, and EAM free. I doubt that they would cause this.

Come to think of it, OA detected and blocked all of SS' AntiTest runs, until I allowed them. So maybe SS will not protect me more than OA does.

But as you can see, I'm not exactly a pc nerd...