SpyShelter S-L 8.6 and SpyShelter FW 2.6

-http://www.spyshelter.com/program-history

 

I think some of the fixes are an answer to what was discovered here
https://www.wilderssecurity.com/showthread.php?t=353447

I have asked to Spyshelter what they have fix exactly related with the test.

 

SpyShelter Stop-Logger 8.7 and SpyShelter Firewall 2.7 updates:

Windows 8.1 32 & 64 bit is now supported
Minor fixes

 

About time...THX for the info,finally able to install my beloved antikeylogger again...

 

A good program, but 50 pounds = $80! Too steep for me, even though it is lifetime. I wish the Personal Free supported 64-bit.

 

It appears their pricing model has changed, bought the FW a while back, I believe it's lifetime, for somewhere around 40 bucks.

 

For those lucky enough to have an 32 bits system, use it as a free smart HIPS and AppGuard replacement.

1. Disable all protections except HIPS
(Protection menu --> click all yellow 'light bulbs' except System Protection, they will turn into grey bulbs)

2. Auto allow signed programs (in the internal trusted list of SpyShelter) by default
(Settings menu --> Advanced tab --> Certified Applications drop down list {auto Allow medium level})

3. For 'signed internet facing software I have to close the auto allow hole of 2'.
(Rules menu --> choose 7th icon = add execlude file -> I added Internet Explorer, Outlook and Windows Media Player, Adobe reader or any other PDF reader and finally the DLL of Adobe Flash Player, located in C:\Windows\System32\Macromed\Flash, offcourse when you also run java, silverlight and shockwave player you have to a deny for these plug-ins also)
(right click the just excluded list entry --> choose 6th menu option = make it denied)

4. Run all programs resricted from user space
(Restricted Apps --> Restricted apps list
a) right click choose "Add removeable drives"
b) right cllick choose "Add folder", add
- C:\Users
- any Data partitions you may have created on your harddisk

==> before installing something you have to disable protection (make sure to set Windows Update to inform you and update manually).

==> it is a pitty the "run unrestricted" is not a contect menu option. Spyshelter has an VT-upload richt click option in the free version. so you can check before installing.


What is the security effect?
a) All drive-by's (from user space) and drive-in's (from USB) run in a limited user sandbox (enforced by 4, but supercedes 1-2-3)
b) You have restricted vulnarable programs with a HIPS default deny safety net (enforced by 1-2-3).


Regards Kees

 

Nice and interesting tips Kees but I don't think they are always useful because of users preferences
- AG is powerfull app but not every app should be compared to it
- SS...even free...is strong anti-logger so I don't find some reason to disable such features (exept that when we want to have only HIPS)
- "default deny" for first added and than blocked apps is really fine and can be useful
- it's similar with other drives but not always good for some users which are using LV apps...I think is not reasonable to download and save binaries on disk C: so probably it force us to do it on others lokal disk...in such way adding some disk/areas to restricted list could be problematic in specific situations.

 

Nah.. I definitely will not be replacing Appguard on 32bit systems with Spyshelter. I hardly see Spyshelter as a good replacement for AG. I'm sure Spyshelter is a good product, but they function completely differently. Appguard functions more like a policy based AE, and not like a HIPS at all. I would prefer to just use them together.

 

SpyShelter's run restricted is policy based, it intercepts writing to 'admin' space (Windows, Program Files and HKLM registry).

AppGuard's memory protection is like any other HIPS based on intercepting OS-functions.

Two programs hooking same System Service Descriptor Table entries does not add up to doubling the protection, in stead it increases the change of interference hence and lower protection (only veteran member Easter managed to double SSDT hooking without conflicts on his XP machine, but he is still searching for an equivalent on his newer OS).

 

Are we only talking about memory protection here? Are you only discussing XP x32? I though you was talking about all X32 Windows OS's. AG sandboxes by policy using it's conclave method.

 

Yes: AppGuard's memory protection is a single vulnability area HIPS

Yes: All x32 OS-ses

Yes: Try Spyshelter's restricted apps, but add folders instead does the same as AppGuard's run guarded

 

I have used Spyshelter with AG in the past, but most of my machines are 64bit. I only have 2 left that are 32bit, but i'm not using them right now. I'm getting ready to replace the Windows XP Pro I have on them with Linux. I have not decided which flavor of Linux I will use yet.

 

Well, Appguard has read/write memory protection. It does not allow guarded apps to read or write to the memory of other apps, or to the system space. It gives an option to make exceptions as needed though.

 

Wish they'd fix that price bug. Good stuff but super expensive for someone who has Wilders Syndrome. Do they ever do promos like 50% off?

 

I've seen some really good deals in the past at some of the Promo sites. I remember seeing a really good deal for Spyshelter at Malware Tips back a few months ago. They actually had some really good deals on several security applications at Malware Tips. I hate to say it, but you may have to wait a while for a good deal. I hope that's not the case. If I was not having financial difficulties I would get a license for my self. I have been spending around $700 a year to license the security software for all my machines until recently when unforeseen events forced me into a tough bind.

 

-http://www.bitsdujour.com/software/spyshelter-premium-
The redirect doesn't work for me though...

 

SpyShelter Firewall Gets 60 Percent Discount for a Limited Time

SpyShelter Firewall Gets 60 Percent Discount for a Limited Time at softpedia

http://news.softpedia.com/news/SpyS...cent-Discount-for-a-Limited-Time-395958.shtml

 

Re: SpyShelter Firewall Gets 60 Percent Discount for a Limited Time

Hi There,

One has to be careful. It is the 1 year license, rather than the Lifetime license.

Best regards,

 

Re: SpyShelter Firewall Gets 60 Percent Discount for a Limited Time

Great, thanks!

 

That good to know now that I am updating to windows 8.1 64 bit, at Amazon.com I see only 32 bit in Windows 8.0 (old version).

 

Re: SpyShelter S-L 8.x and SpyShelter FW 2.x

Latest build of SpyShelter Stoplogger and Firewall

-http://www.spyshelter.com/program-history-

 

thanks ichito
search feature very good
but in some older version i test fw version below and passed all
https://www.grc.com/x/ne.dll?bh0bkyd2
but in this version also i test again and get this result
Solicited TCP Packets: RECEIVED (FAILED)
Unsolicited Packets: PASSED
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests
i run that 3 time.different is one time also first test passed also.
so i must worry about that?

 

Is it already ASLR enabled (I thought Didier Stevens made some remarks in the past over this), I know the developers react a bit growly when you mention ASLR (do you know a malware misusing it, rest a sure No I don't)