StormShield Personal Edition

Anyone using it? I installed it running smooth here on vista 32 bit..

 

Re: StromShield Personal Edition

Is there a link so we can check it out or any more information on what this software does or you want us to google it

 

Re: StromShield Personal Edition

Did you spell it correctly?

 

Messed up the spelling..lol..The link
-http://www.skyrecon.com/en/StormShield-Personal-Edition-

 

StormShield Personal Edition
Vulnerability protection
Keylogging protection
Registry protection


Key features

Sounds too good and for free and not listed on any major software download websites like Majorgeeks,Softpedia etc.

 

Looks interesting.

 

Hi,

This is not a new HIPS ! i've already integrated it in my discontinued blog list more than 4 years ago: http://kareldjag.over-blog.com/article-3470338.html ), but it was the corporate version.
A few info on my previous post:
https://www.wilderssecurity.com/showpost.php?p=1835332&postcount=10
The last business version is combined with Avira antivirus.
Skyrecon is a part of Arkoon, an hardware firwall specialist:
http://www.arkoon.net/-English-.html
I'm unfortunately quite sceptical and pessimistic about the future of system expert/classical/anomaly detection/behavioral based HIPS (SSM, viguard and some others are dead): the user wants maximum security with the minimum of efforts (knowledge, experience)...
So let's give a chance to StormShield!

Rgds

 

As I had some time this morning and StormShield seemed interesting I decided to test and review it.
Instead of using a virtual machine, I used the “Try and Decide” function of Acronis TrueImage (like Comodo TimeMachine). I use CIS and Zemana on my computer. I first uninstalled Zemana and set to disabled all CIS protections, then installed Stormshield. The installation was fast; at the completion I was asked to reboot my system. The initial startup was very slow- thinking that Stormshield was doing some initial setup, I let things sit for 5 minutes and shut the computer off. Upon starting up again the same thing happened- bootup was significantly lengthened.

Grade- Startup Time—Fail

I opened Task manager and saw that StormShield had 2 modules using 25K combined (vs about 12K for the most excellent Zemana)
.
Grade- Resource Use—Fail

On to testing- (note that I opened Stormshield and maxed out all of the settings.):

1).Zemana Keylogging Test- Opened Word 2010, opened and started ZKT. Started typing. Stormshield did alert me to a keylogging attempt. I hit “Block” and continued to type- My input kept getting Logged.

Grade- ZKT- Fail

2). Spyshelter Antitest- Out of all of the tests, Stormshield did stop the keyboard Hook. It also blocks the Registry Access tests, but fails all others.

Grade- SA- D+

3). System Shutdown Simulator- An old test, but I have it. Stormshield blocked an AutoStart registry key from being created, but failed a Shutdown Call and the creation of an Eicar File.

Grade- SSS- C

4). Finally I tried a virtually unknown keylogging program called Steel Keylogger. I like to have this program on hand as Stormshield may have been coded to recognize and block common keylogging tests and programs to make itself look good but may actually not work at all in real life (But you may at this point say: Cruelsister, although you are beautiful beyond that level any mortal should be, you are too suspicious. No one would stoop so low as to do this, certainly?).
So I opened up Word 2010, opened up Steel and started typing:

Grade- Steel keylogger- FAIL (very, very Fail)


I then rebooted my system, restored it to its prior state, deleted the Stormshield setup file and will never think of it again.

 

thanks for information ....i tested it by myself and nothing good can be mentioned with due all my repsect to that company maybe the best thing about it is freeware

 

I gave it a spin. It did not seem to work well with Windows SP1, service did not load anymore (after SP1 update). It uses very little CPU and I?O access and still provides some nice registry protection. For a freebie on x64, its registry protection is worth the few extra CPU cyles and virtally no disk load (when it works again I will check it again).

On x32 I would prefer Spyshelter freebie

 

Can someone please post a screenshot of it? there is none to be found on the web.

Thanks.

 

Here you go.

http://oi53.tinypic.com/2a857hc.jpg

 

is this hips 64 bit ready?

 

They have a 64 bit version available for download. I'm still on 32, so I didn't try it out.

 

i think it is beta too

 

Nice GUI.

Thanks for the screenshot.

 

@ Kernelwars

Thanks for posting

I can't remember hearing about it before, even though i know i've read ALL of kareldjag's excellent reviews/tests and advice etc in the past. Good to see his www is still up

Obviously as this is a free version we can't expect the same protection that the paid version has And i was Extremely surprised at how comprehensive the Pro version seems to be Pages & pages of descriptions of what it can offer. It's possible to apply for a free trial of it, if anyone wants to take it for a test drive Be interesting to hear how it performs, considering ALL the claims it states

 

Hi there,

First of all, English isn't my mother tongue so I would like to apologize in advance for my upcoming mistakes
That being said, I'm here to give some few inputs about SPE as I actually belong to its R&D team.

1) Yes, SPE is 64bit ready but only for Windows Seven
2) It is now compatible with Seven SP1 x86/x64 (build number >= 3.1.1.18659),
users of the 3.0.x version should switch to 3.1.x by downloading the latest installer from our website
3) SPE indeed only offers a subset of the 'pro' version functionalities

I've also seen some talk about registry and keylogging protection but nothing about vulnerability protection yet !
You may want to give it a try against infected PDF, browser based memory overflow exploits, and so on

Criticisms are must welcome as long as they are constructive

@cruelsister :

Could you be more specific please ? We didn't notice any delay at boot time during our tests...

This one isn't very fair... 25ko is virtually nothing, don't you think ?

Thank you for this input, we will look into that as soon as possible !
[edit]: The keylogging attempt was correctly detected... but due to an incomplete buffer cleaning
the keystroke was still readable through it's scancode. This bug has been fix in the last update (3.1.2.18666).

Those kind of functionalities are available in the 'pro' version. (as it has nothing to do with keylogging, registry or software vulnerabilities )

There was a minor bug in the getAsyncKeyState keylogging detection method, fixed in update 3.1.1.18659.

Thank you again for reviewing our product !

 

Hi Ishan,
Welcome to the forum. Its good that you guys have worked hard for fixing the bugs in the product. Have a nice stay here..

 

Thank you !

We would really like some inputs on the 'vulnerability protection' as well
It is a protection against 'zero day' attacks, the ones that defeat a fully patched system with up-to-date anti-virus...
Anyone here willing to test this protection, in its x86 and/or x64 mode, is welcome !
(it covers software vulnerability exploitation, like memory overflow, use-after-free, and so on... in PDF, flash, web browser...)

It would also be nice if we could have some other feedbacks on the key-logging and registry protection, now that they have been fixed

Cheers,

Skyrecon SPE R&D team

 

Hi Ishan,
Thank you so much for this super software.. I am using it on both 64 bit and 32 bit workstations..Awesome..loving it..Please keep the development and my best wishes

 

Not sure why it says "Degraded protection" on my Intel Atom N270 and Windows XP SP3. After checking, this particular CPU does support Execute Disable Bit support (also called DEP). So why degraded protection?

 

Hi,

could you check in the boot.ini (c:\boot.ini, it's an hidden file) for the boot entry corresponding to your windows xp-sp3 ?
The entry should look like something like this :

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

If there isn't any 'noexecute' option or if it is set at 'alwaysoff', then the protection will not function normally.
If the option is correctly set then it means that it has been deactivated through your BIOS.

Regards,

Skyrecon SPE R&D team

 

CPU supports it, boot.ini has that setting, BIOS doesn't have any tweaks at all and Windows XP DEP doesn't seem to complain about anything (like not being able to enable DEP). So it should work.

 

Could you open a shell prompt and try those commands please ?

"Wmic OS Get DataExecutionPrevention_Available"
-> should return 'TRUE'

and "wmic OS Get DataExecutionPrevention_SupportPolicy"
-> should return a value above 0

more information about these commands here : http://support.microsoft.com/kb/912923/en-us

Thank you !

Skyrecon SPE R&D team