SpyShelter - an overview of my own settings, tips and useful information

Discussion in 'other firewalls' started by ichito, Nov 28, 2018.

  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    ALOHA!

    Yeah that's the harsh rub of anything. To our dismay and frustration times and conditions change and much too often for taste.
     
  2. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    342
    Location:
    Boston
  3. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    @henryg -- Thanks for the link. I posted a comment in that forum, asking for the basis of that one member's *opinion* that SS is "dead."

    If the folks at SS are seeking to sell (as opined by that one MT member), I wish them a VERY profitable success.

    Of course we all know that there is a viable option for higher-risk users needing a HIPS. To wit, ESET has a high quality, built-in HIPS in its AV (I'm not sure which versions include that feature & which do not).
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I didn't know that Datpol was trying to sell the whole SS product line for €25000, that seems to be quite cheap. Perhaps we can crowdfund David Xanatos LOL. But like I said in the other topic, SS's network monitor is quite excellent so why remove those features? Also, any good anti-logger should have outbound connection control IMO. So I don't understand the reasoning behind this decision. BTW, I'm using TinyWall because SS hasn't got an autoblocking feature.
     
  5. Space Ghost

    Space Ghost Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    190
    Location:
    Poland
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Not sure what that discussion was about, but I wouldn't be surprised if they are actually trying to sell SS though. But if it's really only for €25000 then I guess Datpol's revenue was never that big, or that they simply want to get rid of it. I mean look at Zemana, they are dead too. The good news is that my old SS version still works on Win 10, but I doubt it will work on Win 11, so I hope they will continue development.
     
  7. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    342
    Location:
    Boston

    I also hope that they continue with their development. Their premium version (non-firewall) still needs an updated driver. Without it... HVIC cannot be used to mitigate the ability to execute shellcode/unsigned code within the Windows kernel. So, we're still unable to utilize Core Isolation.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes I believe you mentioned this earlier, I haven't got a clue why they haven't fixed this yet, and if it's perhaps difficult to achieve. But would be quite sad if SS died, together with Comodo it's the only standalone HIPS, but I'm not into Comodo at all. Although I do have to say that the newer SS versions gave me problems, that's why I'm still using an old version on Win 8 and Win 10.
     
  9. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    There's ReHIPS -- VERY powerful HIPS -- waaay beyond SS or Comodo. IMO, it's mainly for high-risk users who are skilled users of HIPS. Plus -- it isn't free. If someone's job or safety depends heavily on having a secure computer system, then ReHIPS is a super powerful layer to add to his or her system's defenses.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    I, too, am pulling for DataPol's SS to make a come-back.

    I think DataPol has a bit of a cash flow problem. Thus, a short while ago, SS had a very good sale. Problem is, the license-period for the SS version purchased at sale price would begin to run immediately. Since I have a license with several months to go, it didn't make sense for me to take advantage of the sale price.

    Thus, the sale made sense for NEW users, only -- but SS sent their email notices to their list of CURRENT users. Thus, one group of prospective users (new users) never knew about the sale, and the other group of prospective users (current users of SS) were not able to tack the added license-period onto their existing license period. Ergo, I doubt the sale met DataPol's expectations.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Thanks but I hate ReHIPS, it's not my cup of tea at all. It's not a good replacement for Sandboxie and it's certainly not a replacement for SpyShelter. But from what I understood, Datpol has sold SS to some American company that is going to continue development and SS Firewall has simply been renamed to SS Premium.
     
  11. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I don't think so. SS Premium Version 14 has just been released, replacing version 12.9. All of SS Firewall's components have been moved into SS Premium, EXCEPT for the firewall itself. Thus, Datapol has truly discontinued its firewall. In the process, Datapol has upgraded SS Premium into an even more powerful, many-layered security app.

    In other words, Datapol has done just exactly what they promised to do. Shazam!
     
  12. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    512
    Location:
    Bulgaria
    Excuse me, but are you kidding? ReHips is not a HIPS at all, despite the name. It is more like GesWall, DefenseWall and these are not HIPS. So can't be compared to Comodo's HIPS.

    Comodo is a good replacement for both since it has HIPS and the only application that have Auto-Containment. But if you don't like it, then you can probably add WiseVector StopX next to Sandboxie. It has HIPS as well, and it is free, at least for now.
     
    Last edited: Oct 23, 2022
  13. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    No, it hasn't. Although an excellent anti-keylogger, it really does not protect against much else (like ransomware. worms, RAT's, etc) even at High Security level.
     
  14. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    "High security" level it's related only to accepting certificates of processes/apps that are acting some detected action. It has no effect on others features/option included in other modules that user should...if needs...enable or edit. It has also nothing to do with automatic allowing actions mentioned in the "List of monitored action".

    Important info for SS users:
    I share info hat I posted on MT earlier

    "My post will be more fornal and it's related to old licence - I mean lifetime licence for Firewall version.
    It's vital matter for me...in this context... because I have two such licence so I asked new owner about it. Not digging into details - all of you who is using lifetime licence for Firewall version please e-mail owned code to new developer using adress
    helpdesk@spyshelter.com
    You shoul do this ASAP to get new number."
     
    Last edited: Oct 23, 2022
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Exactly. Thank You @cruelsister in pointing that out here.
     
  16. Space Ghost

    Space Ghost Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    190
    Location:
    Poland
    and now prove your theses with reliable tests...
     
  17. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I find that the HIPS and the Application Execution Control components of SpyShelter (SS) are very good security layers. I feel that those are much more than just anti-keyloggers in that they give SS anti-exe/whitelist capabilities with considerable granularity.

    SS does NOT whitelist executables in the sense that "this executable is clean so give it free rein". Rather, SS whitelists an executable for only those specific rules it is allowed to ignore, and for only those specific executables it is allowed to execute.

    Further, user can instruct SS to remember (or NOT) each specific decision the user selects. Example: I am paranoid about allowing an app to do a rundll so -- whenever I allow rundll -- I have never yet let SS remember my choice.

    Recently I put all of my extended family's computers on Comodo Firewall+HIPS using @cruelsister 's configs. Those configs often employ default/block so they are unintrusive yet VERY powerful security.

    For my own use, however, I came back to SimpleFW + SS because, every so often, that combo prods me to learn a bit more about computer security while -- at the same time -- providing good protection. Whether by luck, or by good security, or by a fortuitous combination of both, I haven't had an infection in many many years. Neither has my extended family.
     
    Last edited: Oct 24, 2022
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes correct, I believe it's not like SS at all.

    I use it in ''ask user'' mode, so at the end of the day I decide whether something is normal app behavior or not. Of course SS can't protect against stuff that it simply doesn't monitor. But yeah, I don't expect SS to protect against more sophisticated malware, I feel like SS developers dropped the ball a bit. For example, I believe SS only monitors for basic code injection methods. But it can't automatically block process hollowing.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Thanks, but I'm not into WiseVector at all, I wasn't impressed with the HIPS. And Comodo always gave me problems but I'm sure that the auto containment is pretty good, I would like to see something like this in Sandboxie Plus.

    OK I see, so no outbound monitoring but what about the network monitor? That's actually a must have feature in my book.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.