SpyShelter 9.2 released

Discussion in 'other anti-malware software' started by pablozi, Sep 18, 2014.

  1. Great news for 32 bit OS-owners, it is fast with little overhead, exprerienced HIPS users can start it in highest security mode and respond to allow/block pop-ups to their liking.

    I think it is great for people running 32 bit systems and wanting a low noise/pop-up second layer protection. I know it is not intended to be used this way, but it works great and silent

    Use spyshelter as smart HIPS protecting ring0 (admin level intrusions)
    1. Run it a while with default security setting (auto allow medium level)
    2. After a two weeks or so, tighten up security for all internet facing programs and rich content processing programs (IE, WMP, Outlook, PDF Reader etc).
    - open allow rules, disable the "now I am really pawned" defenses (see picture)
    - turn up security one level to "auto allow microsoft"

    This prevents user errors. Allow MS prevents wrong deny decisions (blocking the OS), denying internet facing after learning period prevents wrong allow decisions. Nicething about Spyshelter is that you can also add rules for dll's (e.g. flashplayer).

    Regards Kees

    Spyshelter.png
     
    Last edited by a moderator: Oct 6, 2014
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    @ Windows_Security

    Yes it's a cool for people who want total control, but I can't believe that it took this long to add this feature. Other HIPS had this stuff back in 2006. But when I buy a new machine I will probably also buy SS, I prefer it over Online Armor and Comodo.
     
  3. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    First...SS is since more than 4 years still better and better and currently is the "number one" among anti-loggers and its main task is to protect against loggers in different types....system/kernel protection (HIPS feature) is only one of all others. The latest changes give us more advanced features that is much useful for users like you...I think....so I don't understand you Rasheed in your mention...sorry...
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    @ ichito

    Well, I'm not trying to bash SS, I actually like the app, but this feature should have been implemented a long time ago, it should be standard in any HIPS. Remember Neoava Guard? http://s14.postimg.org/h866f9jlt/NG_Sonar.png
     
  5. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    342
    Location:
    Boston
    Just to be clear..... are you using SpyShelter's Firewall and the Windows Firewall at the same time?
     
  6. Using free version here: noted that Spyshelter Exe is not signed (anymore). Have FW and Premium owners noted this also?
     
  7. Rules

    Rules Registered Member

    Joined:
    Mar 3, 2009
    Posts:
    697
    Location:
    EU
    Firewall user here and same as you, not signed.

    Rules.
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I just installed SpyShelter 9.4 premium. So far I love the changes that have been made. I would like to know the difference in mitigation methods used by SpyShelter in comparison to Online Armor since I use Online Armor. I don't think OA uses many user mode hooks, but i'm assuming SpyShelter does. I would check for the presence of user-mode hooks with GMER, but I can't use it on this particular machine because I get a BSOD when I reboot after using GMER. I'm testing SpyShelter without Online Armor. I'm not sure they can be used together. I would love to get some good feedback from SpyShelter, and Emsisoft about what methods they use to intercept possible harmful behavior. I would like to know if they solely use user-mode hooks, kernel mode driver, both, or some other method.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    @ Cutting_Edgetech

    You can ask these questions over here: http://www.spyshelter.com/helpdesk/

    On Windows 64 bit this whole "user vs kernel mode" discussion is not interesting, because of PatchGuard. You can not hook the kernel anymore in Win Vista/7/8 64 bit. So what I'm trying to say is, both SS and OA probably use the exact same techniques on both Win 32 and 64 bit.
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Is there any anti-execution component in it? Seems it doesn't intercept execution of executables like other classical HIPS.
     
  11. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    411
    Location:
    router
    yes it do this
    put it in ask user level(Probably except allow microsoft will work to,i just run SSF In a ask user)
    now every time you want run program SSF will ask you allow Deny
    if you deny program wont launch
    if you check current component can execute any application
    and also checked remember my choice
    then SSF not anymore ask you for execution of any program(when program launch via explorer.exe)
    and all program will run.
    to revert back you must just delete rule from application execution control
    in a explorer.exe rule you see one * at the and delete that
    (if you deny when you checked both item you can not run any program except allowed rule in SSF)

    Image 1.png
     
  12. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    I was using SS with OA during several months about 2 years ago...there was no issues, no conflicts connected with code or functions of both apps but sometimes when I tried to do something new for them I received too many pop-ups...I survived as you can see :)
    In regards to Kees's and co22's comments...thanks for advice.
    I can only add that SS offers others possibilities which can we consider as "anti-exe"
    - you can block each action in "Rule tab" directly from the list

    SS -menu block.jpg

    - in the newest versions you can also block permanently process and its actions using rules creator

    SS rule creator 2.jpg

    - on security level "Ask user" you can tick-on feature "Auto-block suspicious behaviour" what...as I think...can perhaps block every suspicious actions even if aplication is on own built-in white list of SS

    SS settings-auto block.jpg

    - you can restrict not only processes but also folder (removable drivers are already on list from r.m.b. menu) that included not trusted content like e.g. folders for downloaded files...one can do it in "Restricted Apps" panel, but don't forget add this folder to the list in "Folders with write access" tab because it will not able to write file in it.
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    thanks for the reply.
     
  14. Block rules have priority over allow rules.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Seems the HIPS rules and pop ups in SS are a bit confusing and not so user friendly. I wish they could make it easier and user friendly.
     
  16. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    411
    Location:
    router
    You get maximum pop up on ask user level and its normal
    you can put on other level
    Auto allow - Medium security level
    Allow Microsoft
    Auto allow - High security level

    you can reduce pop-up also with trusted signer option
    or using new feature "Create rules for a component" you can predefine rules
     
  17. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    50% off on bitsdujour web site today
     
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I have been using the trial version SS for a few days, and SS has disabled itself now. It says it disabled itself due to limitations of the trial version. It says I have 10 days left on the trial version though. Has anyone else experienced this? I'm using SS 9.4.

    Update: I just created a support ticket.
     
    Last edited: Oct 11, 2014
  19. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    411
    Location:
    router
    this is a new limitation in Trial version
    The Trial version has the following restriction: Protection will be randomly disabled after a couple of hours of using SpyShelter. To enable protection again you have to reboot the system.
     
  20. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    That's ridiculous! I will just uninstall SS then. That's a good example of bad company policy. I was considering buying a license, but not now. I will just save my money. I'm on a very limited budget right now anyways.
     
  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    SpyShleter responded to my support ticket, and informed me the same thing you did. My reply to them was the following below. I hope they realize this is bad policy.

    "I think this is bad company policy. A trial version should give the user uninterrupted full functionality. I think you will loss a lot of potential customers due to this bad policy. I will just uninstall SpyShelter".
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes I agree, this sounds really stupid, I'm also not sure if I want to buy a license anymore. :thumbd:
     
  23. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    But when you buy it, the restriction is gone, right?
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes correct, but I hate these kind of tactics.
     
  25. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Yeah... it is not usual...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.