SpyShelter 9.2 released

Discussion in 'other anti-malware software' started by pablozi, Sep 18, 2014.

  1. pablozi

    pablozi Registered Member

    Joined:
    Oct 24, 2010
    Posts:
    190
    Location:
    Oudenbosch
    SpyShelter 9.2

    New SpyShelter version brings a couple of new advanced functions as well as many other improvements, which will increase SpyShelter’s performance and stability.

    Biggest improvement since SpyShelter 9.1 is the possibility of creating customized rules. We have put a lot of work into it, and we hope that you are going to enjoy this fully customizable rule creator, which also allows to edit existing rules.
    http://www.spyshelter.com/wp-content/uploads/2014/09/customrules.png
    Furthermore, in this release SpyShelter Firewall has received some major updates.
    SpyShelter Firewall 9.2 features brand new custom network rule creator, which will allow you to filter out connections from specific IP’s and ports.
    http://www.spyshelter.com/wp-content/uploads/2014/09/rulec.png
    Another new feature which you will surely like is Network Activity Tracker. It displays every application that is currently communicating with the Web, data sent, received, and also shows servers addresses!
    http://www.spyshelter.com/wp-content/uploads/2014/09/networkactivity1.png
    Update your SpyShelter now and discover new features!

    Download:
    Code:
    http://www.spyshelter.com/download-spyshelter/
     
  2. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Still no 64-bit free version? Meh. Sorry if I don't agree that 64-bit compatibility should be a paid feature.
     
  3. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    More features and options...more fun and exitement :) Screenshots from some new options
    editing rule for existing app/process (the name of app is on the top of window)
    eng ss edit rule.jpg
    create rule for new app/process
    eng ss create rule.jpg
    network activity
    eng ss activity.jpg
     
  4. FOXP2

    FOXP2 Guest

    They should fix that by charging for the 32 bit version, too.
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,947
    Location:
    USA
    I agree. They should charge for both. They can't just give everything away for free. Their business would fail, and there would be no more SpyShelter then.
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,947
    Location:
    USA
    I don't use SpyShelter, but I have in the past. I think the new features look great! It says you have the option of Allow, Deny, and Default. What is the default action that will be taken? Will it ask the user? I would expect to see Allow, Deny, and Ask User?

    Edit: Maybe what Brandonn meant to say is SpyShelter should have a free version for 32bit, and 64 but limit the features for each in the free version. I think that would be a better business model myself. Maybe he can clarify his statement.
     
    Last edited: Sep 19, 2014
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,947
    Location:
    USA
    Does SpyShelter Log blocked packets? What protocols does the firewall support filtering (tcp, upd, icmp,etc.)?
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Vetty Interesting. Seeing as I have always been and always will be a (Customized) rules driven security addict, this might just be of some serious interest to me now that rumor has it my prized and FREE Qihoo 360 IS may be ending.

    Thanks for posting this and the screenshots!
     
  9. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,060
    Location:
    Netherlands
    Should be called SpyShelterManager now (the new SSM :thumb:). Are all executables ASLR enabled now?
     
  10. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    SpyShelter is based on its own internal rules and rules added by user what is connected with security level...quote from help file
    In this way option "default" could mean "is rule true or not in comparison to the internal list of trusted certificates?"...if YES it's OK without questions, if NO we perhaps should see an alert. We should remember that we still have the list of monitored actions in "Settings" tab that are active so when actions is suspicious and is listed in such tab we just receive some pop-up. When we set main security level on "ask user" default action is probably "always ask" if no other rule is created.
    I've noticed when we set in rules editor the main rule in box "All general actions" on "allow" or deny" all other boxes are greyed except these: "Ingoing - and Outgoing network traffic" and "Executions of an application" set on "default"
    ss rule all actions.jpg

    We can make rule for TCP and UDP and apply this rule to ICMP traffic...I didn't find log with blocket packet.

    Perhaps YES :) SpyShelter could be called SpyShelter Manager or Suite but the second would be not the tribute for old SSM :)
     
    Last edited: Sep 20, 2014
  11. CGuard

    CGuard Registered Member

    Joined:
    Mar 2, 2012
    Posts:
    145
    I was trialing SS (FW) 9.1, last week (W7U 32-bit). Definitely more than a Anti-Logger + simple Allow-Deny UDP/TCP Connection (9.1 version) Firewall (coexisting with WFW). More of an Anti-LeaK, i would say. "Restricted Applications" & configurability of Security/Monitoring Actions/Alerts Level are very interesting features. It can be set-up in different ways depending on the Monitoring Actions and Exclusions. Taking advantage of the latter, an SRP (file path- or hash- or publisher-based) approach can be achieved. With the new features, i guess it can be set-up as a classical HIPS or an Anti-Executable (last ichito's pic).
    During the installation, it offers the option to install for all users. Once installed, there is an option, in Settings, for allowing access to its GUI only for an Admin account. The GUI can be password-protected too.

    On the downside, 1) it's a little bossy (it doesn't play well with SB, e.g.) and b) even though i wasn't able to terminate its process through Process Explorer (as Raymond had noticed/guess they fixed it), i did terminate it (9.1) through Process Hacker -i bet (haven't tried it) that the same can be achieved through any anti-root/bootkit program (Antispy, PowerTool, PCHunter etc.) that installs drivers/hooks. They should definitely focus on SS's Self-Defense. That's the main reason i'm not willing to purchase it just yet.

    @ichito: Do you know if, when in "Ask User" mode, a user's response/rule that matches an internal rule is displayed in the "Rules" window? Alternatively, are the internal rules accessible somehow?

    PS. Filtering the svchost's connections by service would be a very interesting addition...
     
    Last edited: Sep 20, 2014
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    @ ichito

    Remember a while ago I asked for this feature? So I'm very happy to see the new "customizable rule creator". :)

    I just might give SpyShelter a chance again, it is now definitely the most advanced HIPS on the market. They do need to fix some spelling errors like "accessing to webcam", it should be "access to webcam", but this is only minor of course.
     
  13. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    @CGuard
    Such easy closing of SS is interesting and disturbing but should be probably resolved by unchecking option "Allow terminating SpyShelter via Tak Manager"...screenshot below

    termination.jpg

    ...unfortunately it doesn't work by that way. After unchecking that box I was able to terminate SS using Process Hacker and Anvir Task Manager and it was just easy. Using other similar apps like Process Explorer, HiJack Free (EEK) or system task manager it was impossible. It should be reported to the SS support.
    As regards to internal rules...I found info about it in changelog for ver. 5.11 more than 3 years ago and it's perhaps the latest info...it was at this time about 10 000 signers so we can guess that there is much more trusted apps/processes in base. No info who is on trusted list except Microsoft...i think...what is connected with one of security levels. Some updates from such changelog
    http://www.spyshelter.com/blog/spyshelter-changelog/
     
    Last edited: Sep 20, 2014
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    @ ichito

    A general question about the "restricted apps" feature: does it run apps in "low integrity mode"? You can check this with Process Explorer. The reason why I wonder about this, is because VoodooShield will soon offer a "sandbox" feature which will run apps with less privileges. I wonder if apps (like browsers) will still be able to run correctly.
     
  15. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    Unfortunately SS runs apps added to "restricted"...in my case...in high level what can be connected to my administrator account in which I'm working. SS runs app in this mode with lower rights and some others restrictions...quote from help file
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Yes a bit weird since Win Vista should offer this feature. Or perhaps SS does not run apps with "low integrity" at all. Because I'm not even sure if restricted SID is the same as running apps in "low integrity mode".

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa379316(v=vs.85).aspx
    http://blogs.technet.com/b/voy/archive/2007/04/01/write-restricted-token.aspx
     
  17. Visigoth

    Visigoth Registered Member

    Joined:
    Sep 25, 2014
    Posts:
    1
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    @ Visigoth

    I'm not really into Matousec anymore, but still nice to know that SS performs quite well against the Matousec leaktests. :)
     
  19. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    Yes..it's good news :) Thanks for info.
     
  20. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,066
    I have sent the following suggestion

    If you agree you can open a ticket here http://www.spyshelter.com/helpdesk/
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
  22. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    Do I need to uninstall previous version before installing 9.2 release ?
     
  23. natZONE

    natZONE Registered Member

    Joined:
    Oct 8, 2012
    Posts:
    26
    Location:
    Germany
    SpyShelter Firewall v9.3 is out. Panda Free Antivirus classifies the installed SpyShelter.exe (SHA1: 370E985E843A753A9EF954132C600CAA59F03133) as a Trojan. If you run Panda, stop it before you begin to install SpyShelter Firewall via fwsetup.exe. After installation is done, put SpyShelter.exe on Panda's exclusion list, re-enable Panda and reboot your PC.
     
  24. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    253
    Location:
    router
    firewall part become more usable i hope they make it more better since its new.(ask deny for each request)
    startup speed very good in this version but still it take 2 minutes to change from gray to blue.
    plus in new version ASLR Enabled
    Image 1.png
     
  25. Rules

    Rules Registered Member

    Joined:
    Mar 3, 2009
    Posts:
    532
    Location:
    Europa
    Last edited: Oct 4, 2014
Loading...