SpyShelter S-L 8.6 and SpyShelter FW 2.6

Discussion in 'other anti-malware software' started by ichito, Oct 15, 2013.

Thread Status:
Not open for further replies.
  1. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    -http://www.spyshelter.com/program-history
     
  2. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
  3. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    253
    Location:
    router
    SpyShelter Stop-Logger 8.7 and SpyShelter Firewall 2.7 updates:

    Windows 8.1 32 & 64 bit is now supported
    Minor fixes
     
  4. roady

    roady Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    262

    About time...THX for the info,finally able to install my beloved antikeylogger again...:thumb:
     
  5. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    A good program, but 50 pounds = $80! Too steep for me, even though it is lifetime. I wish the Personal Free supported 64-bit.
     
  6. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    It appears their pricing model has changed, bought the FW a while back, I believe it's lifetime, for somewhere around 40 bucks.
     
  7. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,077
    Location:
    Netherlands
    For those lucky enough to have an 32 bits system, use it as a free smart HIPS and AppGuard replacement.

    1. Disable all protections except HIPS
    (Protection menu --> click all yellow 'light bulbs' except System Protection, they will turn into grey bulbs)

    2. Auto allow signed programs (in the internal trusted list of SpyShelter) by default
    (Settings menu --> Advanced tab --> Certified Applications drop down list {auto Allow medium level})

    3. For 'signed internet facing software I have to close the auto allow hole of 2'.
    (Rules menu --> choose 7th icon = add execlude file -> I added Internet Explorer, Outlook and Windows Media Player, Adobe reader or any other PDF reader and finally the DLL of Adobe Flash Player, located in C:\Windows\System32\Macromed\Flash, offcourse when you also run java, silverlight and shockwave player you have to a deny for these plug-ins also)
    (right click the just excluded list entry --> choose 6th menu option = make it denied)

    4. Run all programs resricted from user space
    (Restricted Apps --> Restricted apps list
    a) right click choose "Add removeable drives"
    b) right cllick choose "Add folder", add
    - C:\Users
    - any Data partitions you may have created on your harddisk

    ==> before installing something you have to disable protection (make sure to set Windows Update to inform you and update manually).

    ==> it is a pitty the "run unrestricted" is not a contect menu option. Spyshelter has an VT-upload richt click option in the free version. so you can check before installing.


    What is the security effect?
    a) All drive-by's (from user space) and drive-in's (from USB) run in a limited user sandbox (enforced by 4, but supercedes 1-2-3)
    b) You have restricted vulnarable programs with a HIPS default deny safety net (enforced by 1-2-3).


    Regards Kees
     
    Last edited: Oct 26, 2013
  8. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    Nice and interesting tips Kees but I don't think they are always useful because of users preferences
    - AG is powerfull app but not every app should be compared to it
    - SS...even free...is strong anti-logger so I don't find some reason to disable such features (exept that when we want to have only HIPS)
    - "default deny" for first added and than blocked apps is really fine and can be useful
    - it's similar with other drives but not always good for some users which are using LV apps...I think is not reasonable to download and save binaries on disk C: so probably it force us to do it on others lokal disk...in such way adding some disk/areas to restricted list could be problematic in specific situations.
    :thumb:
     
    Last edited: Oct 27, 2013
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    Nah.. I definitely will not be replacing Appguard on 32bit systems with Spyshelter. I hardly see Spyshelter as a good replacement for AG. I'm sure Spyshelter is a good product, but they function completely differently. Appguard functions more like a policy based AE, and not like a HIPS at all. I would prefer to just use them together.
     
  10. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,077
    Location:
    Netherlands
    SpyShelter's run restricted is policy based, it intercepts writing to 'admin' space (Windows, Program Files and HKLM registry).

    AppGuard's memory protection is like any other HIPS based on intercepting OS-functions.

    Two programs hooking same System Service Descriptor Table entries does not add up to doubling the protection, in stead it increases the change of interference hence and lower protection (only veteran member Easter managed to double SSDT hooking without conflicts on his XP machine, but he is still searching for an equivalent on his newer OS).
     
    Last edited: Oct 27, 2013
  11. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    Are we only talking about memory protection here? Are you only discussing XP x32? I though you was talking about all X32 Windows OS's. AG sandboxes by policy using it's conclave method.
     
  12. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,077
    Location:
    Netherlands
    Yes: AppGuard's memory protection is a single vulnability area HIPS

    Yes: All x32 OS-ses

    Yes: Try Spyshelter's restricted apps, but add folders instead ;) does the same as AppGuard's run guarded
     
  13. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    I have used Spyshelter with AG in the past, but most of my machines are 64bit. I only have 2 left that are 32bit, but i'm not using them right now. I'm getting ready to replace the Windows XP Pro I have on them with Linux. I have not decided which flavor of Linux I will use yet.
     
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    Well, Appguard has read/write memory protection. It does not allow guarded apps to read or write to the memory of other apps, or to the system space. It gives an option to make exceptions as needed though.
     
  15. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Wish they'd fix that price bug. Good stuff but super expensive for someone who has Wilders Syndrome. Do they ever do promos like 50% off?
     
  16. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    I've seen some really good deals in the past at some of the Promo sites. I remember seeing a really good deal for Spyshelter at Malware Tips back a few months ago. They actually had some really good deals on several security applications at Malware Tips. I hate to say it, but you may have to wait a while for a good deal. I hope that's not the case. If I was not having financial difficulties I would get a license for my self. I have been spending around $700 a year to license the security software for all my machines until recently when unforeseen events forced me into a tough bind.
     
  17. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    -http://www.bitsdujour.com/software/spyshelter-premium-
    The redirect doesn't work for me though...
     
  18. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    253
    Location:
    router
  19. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
  20. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    836
    Location:
    Québec, Canada
    Re: SpyShelter Firewall Gets 60 Percent Discount for a Limited Time

    Great, thanks!
     
  21. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    That good to know now that I am updating to windows 8.1 64 bit, at Amazon.com I see only 32 bit in Windows 8.0 (old version).
     
  22. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    Re: SpyShelter S-L 8.x and SpyShelter FW 2.x

    Latest build of SpyShelter Stoplogger and Firewall
    -http://www.spyshelter.com/program-history-
     
  23. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    253
    Location:
    router
    thanks ichito
    search feature very good
    but in some older version i test fw version below and passed all
    https://www.grc.com/x/ne.dll?bh0bkyd2
    but in this version also i test again and get this result
    Solicited TCP Packets: RECEIVED (FAILED)
    Unsolicited Packets: PASSED
    Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests
    i run that 3 time.different is one time also first test passed also.
    so i must worry about that?
     
  24. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,077
    Location:
    Netherlands
    Is it already ASLR enabled (I thought Didier Stevens made some remarks in the past over this), I know the developers react a bit growly when you mention ASLR (do you know a malware misusing it, rest a sure No I don't)
     
Loading...
Thread Status:
Not open for further replies.