SpyShelter 9.2 released

hi
i think you can test an earlier version 9.2 or 9.3 and i don't thinks this limitation is on that version
and if this Satisfied you then buy it (but i think this program worth to buy even without trial test )

 

@ Peter2150

The market is small indeed, on the other hand, Zemana and SpyShelter have survived for 4 years now. I'm also using 2 HIPS that are dead at the moment, so a good app is worth the money even when development will stop.

 

I informed SpyShelter that their trial limitations are bad company policy, and that they will lose lots of potential customers. Their response was the following below. I thought to myself, how does giving limited functionality of trial software prevent it from being used beyond the trial period. I strongly disagree with these type of sales tactics. I hope they realize how bad of policy this really is. Well, i've stated my opinion on this so it's time to move on.


Thank you for your message.

This policy actually prevents people from cheating and using our software beyond trial period.
We are giving away free, feature packed trial version.

We do respect your opinion and choice, and we hope that someday you will change your mind

Sincerely,
Daniel Brom

 

OK so they are afraid that some people are able to crack the trial limit, I understand it a bit better now. But it's the first time that I heard of a company using this tactic.

 

Limiting functionality of the trial version should not have anything to do with preventing it from being used beyond the trial period. I guess they just want to annoy the users so much that they want to uninstall it before the trial period ends lol!

 

True, but compare this to long rule set of SSM/NG you use, I am using the free version, no pop-ups, the protections of HIPS apply a stronger than LUA policy container. I allow Microsoft signed by default, but the rich content/scipt processing applications are excluded (general block rule). I have SRP but Anti-Exe will always allow rich content because your allow the programs processing this content.

 

@ Windows_Security

Yes of course, SS is more advanced than older HIPS, when it comes to certain stuff. The "restricted apps" feature is interesting indeed, if I understood correctly it will basically strip privileges from apps + deny them access to part of the file system and registry, even when they are already running with "medium/non admin" rights. It's basically a policy based sandbox.

 

Signed & ASLR enabled, perfect

 

@ichito

I recall you had contact with the developers in the past, when not apologize for asking

The help file tells global hooking is part of the HIPS, while the settings show it is part of another module, see pic

 

On their website, they say the Free version is 32 bits only.
Does that mean it protects only 32 bits software on Windows 7 x64 for instance ?

 

No the free version runs only on 32 bits OS.

Running a 64 bits OS has an obvious security advantage (kernel patch protection, ASLR has twice the randomization space), performance wise the current 64 bits-OS have little advantage over 32 bits systems. Theoretically the software should run 20 percent faster, of which only maximum of ten percent materializes (software is developed to be independant from hardware/instruction sets). You need a CPU with a large CPU cache and 8GB or more RAM to obtain these 10%.

On cheaper CPU's with less CPU cache 64 bits OS runs slower as a 32 bits OS, because commands are larger (64 bits) so less commands are cached/predicted in the pipeline. So when you have an ordinary CPU, you could consider downgrading your OS and take advantage of free 32 bits software.

 

Thanks for the explanation, much appreciated!
Time to downgrade to 32 bits I think!

 

Haha You are right...it's a fine shot I did never pay attention to these differences but we should say about one more thing - "Hooks Guard" feature that is in "Keystroke Encryption" module. OK...it's self-defense of SS

 

Not twice but, say, assuming x86/x64 processor, physical space is 256 times as much.
(x64: 40-bit=1TB
x86: 32-bit=4GB)
Of course virtual memory of each process is different story though.

Bruteforcing ASLR on 32bit process is quite easy so I don't recommend to downgrade your OS to 32bit.
64bit OS also has driver codesigning restriction, so much more secure than 32bit.
I don't think 64bit OS actually cause serious performance down on old CPU due to cache but if so you can replace HDD with SSD to complement it's disadvantage.
128GB SSD is bit cheaper than OS itself.

 

I thought x64 keys worked also on x86, agree better to buy an ssd than an x86 OS. With gpedit, it is also possible to block unsigned drivers. That easy to brute force is only easy when you can attack program continuously and the setup runs with low memory as I understood. I have 3.4 GB RAM which is a lot for 32 bits and set explorer to terminate on heap corruption, so I am more likely to move to 64 bit Linux as 64 bits Windows.

 

I found a source and it says 32bit process on x86 has 32bit->4GB virtual memory but 64bit process on x64 has 44bit->16TB so actually 4096 times as much.

Really? I didn't know that, sorry.

If target machine don't have other mitigation, attacker can combine NOP sled with heapspraying to reduce # of trials.
Well, though remotely doing this won't be always easy but still possible.
In 64 bit, it's practically impossible.

I know most ITW exploits use other way to bypass ASLR, but I personally think downgrading OS for just a bit performance gain is not a good trade.
Yeah, some Linux distro are good new home if you don't need to use Win-only software, as they are free!

Okay back to topic, is SS still incompatible with sandboxie?
I once thought to use it but gave up because I want to use sandboxie.

 

New...9.5 version

https://www.spyshelter.com/blog/spyshelter-changelog/

 

ASLR on 32 bits systems uses the upper 20 bits, on 64 bits CPU's it uses upper 44 bits. That is why I said twice the randomization space. But you found the right math.

 

I recently format an old laptop with Windows XP Home. Today (after the last update) was the third time that I try to install SpyShelter but everytime I return with BSOD after the restart. The pc has nothing special installed except from the drivers of the laptop and Microsoft Office. Am I doing something wrong?

 

SpyShelter 9.5 released

Release Notes :

1. Windows 8.x BSOD – We have received a couple of reports about Windows 8.x crashes. Thanks to cooperation with users who experienced this issue, we were able to find and fix it.
2. Custom Rules Scaling – We have fixed a bug where Custom Rule window would not display correctly when zoomed.

https://www.spyshelter.com/download-spyshelter/

Rules.

 

thanks

 

Unticking "check for update at application start" has no effect. SSP still checks for updates on bootup...

 

I use the firewall version and never experienced that.

I' ve just make a test on a other machine with the Premium version, install 9.4, restart, SSP prompt me that a new version is available to download, ok open settings, untick "check for update at application start", Restart the machine, no more popup.

Check :

-Go to the Spyshelter folder in Roaming folder (if you can't found this folder, go to folder options in control panel and tick show hidden files in display tab), open the settings.ini file with notepad and make sure the "AutoCheckForUpdate" is set to 0.

-Open msconfig, look at the startup entry of SSP, it should have no attribute.

- Open your TaskScheduler if you see any Schedule for SSP, remove it.

You can open a ticket at : https://www.spyshelter.com/helpdesk/