Trust-No-Exe

Discussion in 'other anti-malware software' started by bellgamin, Oct 20, 2006.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I first heard about a program called trustnoexe from a post by Kareldjag.

    In a nutshell, trustnoexe is a free program that hooks your kernel & will detect/block any excutable unless you have put that executable on your "allowed" list.

    The purpose of my posting here is to ask a question of anyone who has used this program. I downloaded trustnoexe's manual, but couldn't find the answer.

    My question is this: Does trustnoexe calculate a hash (MD5, SHA-1, etc) of executables on the allowed list?
     
  2. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    I guess someone asked this before. Why are you intending to use trust-no-exe when you already use SSM.

    Thanks
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I answered them over yonder.

    Besides I have friends who don't use SSM who might have use for trustnoexe.
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Trust-No-Exe sounds like Anti-Executable.
    Seems like you have more work with Trust-No-Exe than Anti-Executable.
    How do you create your "allow list" ?
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I have tried neither of these 2 programs. There is a detailed explanation of TNE yonder plus a user's manual (pdf) downloadable from a link about 3/4 down that web page.

    The only thing missing from the site & manual is whether or not TNE uses hashes. That's the question I asked to start this thread. I hope someone has used the program so that they can give me an answer. Otherwise, I shall reluctantly have to try the program myself to get an answer.
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Well it certainly looks like Anti-Executable and it works with the same kind of whitelist and this whitelist contains not only .exe-files, but many other executable file extensions. Anti-Executable claims to recognize more than 80 executables.
    If it works like Anti-Executable, you have a pretty strong protection.

    I don't think it will protect you against malwares that use legitimate executables (= exploits) to do their evil job. My knowledge is poor regarding malwares. So I could be wrong.

    The latest version is pretty old.
    But that doesn't mean anything, because only the bugs and improvements need to be corrected in such softwares.

    My feeling is that AE is better. AE is almost INVISIBLE on your computer, never seen such a software that hides it so well. Without RTFM you can't do anything with AE. Even the AE-icon, which can be hidden too, doesn't work like a normal icon.

    I'm going to TRY this one in combination with Prevx1, because my trial Anti-Executable stopped working. I don't know if it will work in a frozen snapshot, because AE had a few minor problem with it, that could be fixed with a lower security level.

    Keep in mind that such softwares are a pain, if you change your softwares all the time. This is not a problem for me because I work with snapshots.
     
    Last edited: Oct 21, 2006
  7. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    I tested Trust-no-exe from yonder
    for 15 minutes using vmware at yonder and Windows Xp at yonder .

    The answer appears to be no.
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Bummers! If TNE doesn't hash your trusted executables, how will it know if one of them is being spoofed or has since gotten infected? To me, this is a critical flaw in TNE.:(
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's why I rely on clean backup files, clean archived snapshots and temporary frozen snapshots only.
    All these security softwares don't do their job and you need too many of them to protect your computer. It's hopeless. The only ones who have fun on computers are the bad guys.
     
  10. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Well i guess it all depends on how you use it.

    It's used more I think to restrict what paths allow executables to run than to stop specific exes (altough it allows that).

    The manual gives an example of stopping the running of attachments directly from the email client for example or via the temp folders, and says that the user can of course save the attachment in some other approved directory and run it......
     
Thread Status:
Not open for further replies.