StormShield Personal Edition

Discussion in 'other anti-malware software' started by Kernelwars, Mar 1, 2011.

Thread Status:
Not open for further replies.
  1. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    Anyone using it? I installed it running smooth here on vista 32 bit..:)
     
  2. brainrb1

    brainrb1 Registered Member

    Joined:
    Mar 15, 2010
    Posts:
    475
    Re: StromShield Personal Edition

    Is there a link so we can check it out or any more information on what this software does or you want us to google it o_O
     
  3. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    267
    Location:
    Philippines
    Re: StromShield Personal Edition

    Did you spell it correctly?
     
  4. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    Messed up the spelling..lol..The link
    -http://www.skyrecon.com/en/StormShield-Personal-Edition-
     
  5. brainrb1

    brainrb1 Registered Member

    Joined:
    Mar 15, 2010
    Posts:
    475
    StormShield Personal Edition
    Vulnerability protection
    Keylogging protection
    Registry protection


    Key features

    Sounds too good and for free and not listed on any major software download websites like Majorgeeks,Softpedia etc. :doubt:
     
    Last edited: Mar 1, 2011
  6. buckslayr

    buckslayr Registered Member

    Joined:
    Jun 1, 2009
    Posts:
    484
    Location:
    Michigan, USA
    Looks interesting.
     
  7. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    This is not a new HIPS :) ! i've already integrated it in my discontinued blog list more than 4 years ago: http://kareldjag.over-blog.com/article-3470338.html ), but it was the corporate version.
    A few info on my previous post:
    https://www.wilderssecurity.com/showpost.php?p=1835332&postcount=10
    The last business version is combined with Avira antivirus.
    Skyrecon is a part of Arkoon, an hardware firwall specialist:
    http://www.arkoon.net/-English-.html
    I'm unfortunately quite sceptical and pessimistic about the future of system expert/classical/anomaly detection/behavioral based HIPS (SSM, viguard and some others are dead): the user wants maximum security with the minimum of efforts (knowledge, experience)...
    So let's give a chance to StormShield!

    Rgds
     
  8. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    977
    Location:
    Paris
    As I had some time this morning and StormShield seemed interesting I decided to test and review it.
    Instead of using a virtual machine, I used the “Try and Decide” function of Acronis TrueImage (like Comodo TimeMachine). I use CIS and Zemana on my computer. I first uninstalled Zemana and set to disabled all CIS protections, then installed Stormshield. The installation was fast; at the completion I was asked to reboot my system. The initial startup was very slow- thinking that Stormshield was doing some initial setup, I let things sit for 5 minutes and shut the computer off. Upon starting up again the same thing happened- bootup was significantly lengthened.

    Grade- Startup Time—Fail

    I opened Task manager and saw that StormShield had 2 modules using 25K combined (vs about 12K for the most excellent Zemana)
    .
    Grade- Resource Use—Fail

    On to testing- (note that I opened Stormshield and maxed out all of the settings.):

    1).Zemana Keylogging Test- Opened Word 2010, opened and started ZKT. Started typing. Stormshield did alert me to a keylogging attempt. I hit “Block” and continued to type- My input kept getting Logged.

    Grade- ZKT- Fail

    2). Spyshelter Antitest- Out of all of the tests, Stormshield did stop the keyboard Hook. It also blocks the Registry Access tests, but fails all others.

    Grade- SA- D+

    3). System Shutdown Simulator- An old test, but I have it. Stormshield blocked an AutoStart registry key from being created, but failed a Shutdown Call and the creation of an Eicar File.

    Grade- SSS- C

    4). Finally I tried a virtually unknown keylogging program called Steel Keylogger. I like to have this program on hand as Stormshield may have been coded to recognize and block common keylogging tests and programs to make itself look good but may actually not work at all in real life (But you may at this point say: Cruelsister, although you are beautiful beyond that level any mortal should be, you are too suspicious. No one would stoop so low as to do this, certainly?).
    So I opened up Word 2010, opened up Steel and started typing:

    Grade- Steel keylogger- FAIL (very, very Fail)


    I then rebooted my system, restored it to its prior state, deleted the Stormshield setup file and will never think of it again.
     
    Last edited: Mar 1, 2011
  9. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    thanks for information :thumb: ....i tested it by myself and nothing good can be mentioned with due all my repsect to that company maybe the best thing about it is freeware
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I gave it a spin. It did not seem to work well with Windows SP1, service did not load anymore (after SP1 update). It uses very little CPU and I?O access and still provides some nice registry protection. For a freebie on x64, its registry protection is worth the few extra CPU cyles and virtally no disk load (when it works again I will check it again).

    On x32 I would prefer Spyshelter freebie
     
  11. littlebits

    littlebits Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    262
    Can someone please post a screenshot of it? there is none to be found on the web.

    Thanks.:D
     
  12. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    is this hips 64 bit ready?
     
  14. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    They have a 64 bit version available for download. I'm still on 32, so I didn't try it out.
     
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i think it is beta too:D
     
  16. littlebits

    littlebits Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    262
  17. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ Kernelwars

    Thanks for posting :thumb:

    I can't remember hearing about it before, even though i know i've read ALL of kareldjag's excellent reviews/tests and advice etc in the past. Good to see his www is still up :)

    Obviously as this is a free version we can't expect the same protection that the paid version has :p And i was Extremely surprised at how comprehensive the Pro version seems to be :cool: Pages & pages of descriptions of what it can offer. It's possible to apply for a free trial of it, if anyone wants to take it for a test drive :thumb: Be interesting to hear how it performs, considering ALL the claims it states :D

     
  18. Ishan

    Ishan Registered Member

    Joined:
    Mar 4, 2011
    Posts:
    9
    Hi there,

    First of all, English isn't my mother tongue so I would like to apologize in advance for my upcoming mistakes :rolleyes:
    That being said, I'm here to give some few inputs about SPE as I actually belong to its R&D team.

    1) Yes, SPE is 64bit ready but only for Windows Seven
    2) It is now compatible with Seven SP1 x86/x64 (build number >= 3.1.1.18659),
    users of the 3.0.x version should switch to 3.1.x by downloading the latest installer from our website
    3) SPE indeed only offers a subset of the 'pro' version functionalities

    I've also seen some talk about registry and keylogging protection but nothing about vulnerability protection yet !
    You may want to give it a try against infected PDF, browser based memory overflow exploits, and so on ;)

    Criticisms are must welcome as long as they are constructive ;)

    @cruelsister :
    Could you be more specific please ? We didn't notice any delay at boot time during our tests...

    This one isn't very fair... 25ko is virtually nothing, don't you think ?

    Thank you for this input, we will look into that as soon as possible !
    [edit]: The keylogging attempt was correctly detected... but due to an incomplete buffer cleaning
    the keystroke was still readable through it's scancode. This bug has been fix in the last update (3.1.2.18666).

    Those kind of functionalities are available in the 'pro' version. (as it has nothing to do with keylogging, registry or software vulnerabilities ;) )

    There was a minor bug in the getAsyncKeyState keylogging detection method, fixed in update 3.1.1.18659.

    Thank you again for reviewing our product !
     
    Last edited: Mar 4, 2011
  19. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Hi Ishan,
    Welcome to the forum. Its good that you guys have worked hard for fixing the bugs in the product. Have a nice stay here..:)
     
  20. Ishan

    Ishan Registered Member

    Joined:
    Mar 4, 2011
    Posts:
    9
    Thank you !

    We would really like some inputs on the 'vulnerability protection' as well ;)
    It is a protection against 'zero day' attacks, the ones that defeat a fully patched system with up-to-date anti-virus...
    Anyone here willing to test this protection, in its x86 and/or x64 mode, is welcome !
    (it covers software vulnerability exploitation, like memory overflow, use-after-free, and so on... in PDF, flash, web browser...)

    It would also be nice if we could have some other feedbacks on the key-logging and registry protection, now that they have been fixed :)

    Cheers,

    Skyrecon SPE R&D team
     
  21. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    Hi Ishan,
    Thank you so much for this super software.. I am using it on both 64 bit and 32 bit workstations..Awesome..loving it..Please keep the development and my best wishes :thumb: :thumb:
     
  22. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Not sure why it says "Degraded protection" on my Intel Atom N270 and Windows XP SP3. After checking, this particular CPU does support Execute Disable Bit support (also called DEP). So why degraded protection?
     
  23. Ishan

    Ishan Registered Member

    Joined:
    Mar 4, 2011
    Posts:
    9
    Hi,

    could you check in the boot.ini (c:\boot.ini, it's an hidden file) for the boot entry corresponding to your windows xp-sp3 ?
    The entry should look like something like this :

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

    If there isn't any 'noexecute' option or if it is set at 'alwaysoff', then the protection will not function normally.
    If the option is correctly set then it means that it has been deactivated through your BIOS.

    Regards,

    Skyrecon SPE R&D team
     
  24. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    CPU supports it, boot.ini has that setting, BIOS doesn't have any tweaks at all and Windows XP DEP doesn't seem to complain about anything (like not being able to enable DEP). So it should work.
     
  25. Ishan

    Ishan Registered Member

    Joined:
    Mar 4, 2011
    Posts:
    9
    Could you open a shell prompt and try those commands please ?

    "Wmic OS Get DataExecutionPrevention_Available"
    -> should return 'TRUE'

    and "wmic OS Get DataExecutionPrevention_SupportPolicy"
    -> should return a value above 0

    more information about these commands here : http://support.microsoft.com/kb/912923/en-us

    Thank you !

    Skyrecon SPE R&D team
     
    Last edited: Mar 7, 2011
Thread Status:
Not open for further replies.