Trust-No-Exe

I first heard about a program called trustnoexe from a post by Kareldjag.

In a nutshell, trustnoexe is a free program that hooks your kernel & will detect/block any excutable unless you have put that executable on your "allowed" list.

The purpose of my posting here is to ask a question of anyone who has used this program. I downloaded trustnoexe's manual, but couldn't find the answer.

My question is this: Does trustnoexe calculate a hash (MD5, SHA-1, etc) of executables on the allowed list?

 

I guess someone asked this before. Why are you intending to use trust-no-exe when you already use SSM.

Thanks

 

I answered them over yonder.

Besides I have friends who don't use SSM who might have use for trustnoexe.

 

Trust-No-Exe sounds like Anti-Executable.
Seems like you have more work with Trust-No-Exe than Anti-Executable.
How do you create your "allow list" ?

 

I have tried neither of these 2 programs. There is a detailed explanation of TNE yonder plus a user's manual (pdf) downloadable from a link about 3/4 down that web page.

The only thing missing from the site & manual is whether or not TNE uses hashes. That's the question I asked to start this thread. I hope someone has used the program so that they can give me an answer. Otherwise, I shall reluctantly have to try the program myself to get an answer.

 

Well it certainly looks like Anti-Executable and it works with the same kind of whitelist and this whitelist contains not only .exe-files, but many other executable file extensions. Anti-Executable claims to recognize more than 80 executables.
If it works like Anti-Executable, you have a pretty strong protection.

I don't think it will protect you against malwares that use legitimate executables (= exploits) to do their evil job. My knowledge is poor regarding malwares. So I could be wrong.

The latest version is pretty old.

But that doesn't mean anything, because only the bugs and improvements need to be corrected in such softwares.

My feeling is that AE is better. AE is almost INVISIBLE on your computer, never seen such a software that hides it so well. Without RTFM you can't do anything with AE. Even the AE-icon, which can be hidden too, doesn't work like a normal icon.

I'm going to TRY this one in combination with Prevx1, because my trial Anti-Executable stopped working. I don't know if it will work in a frozen snapshot, because AE had a few minor problem with it, that could be fixed with a lower security level.

Keep in mind that such softwares are a pain, if you change your softwares all the time. This is not a problem for me because I work with snapshots.

 

I tested Trust-no-exe from yonder
for 15 minutes using vmware at yonder and Windows Xp at yonder .

The answer appears to be no.

 

Bummers! If TNE doesn't hash your trusted executables, how will it know if one of them is being spoofed or has since gotten infected? To me, this is a critical flaw in TNE.

 

That's why I rely on clean backup files, clean archived snapshots and temporary frozen snapshots only.
All these security softwares don't do their job and you need too many of them to protect your computer. It's hopeless. The only ones who have fun on computers are the bad guys.

 

Well i guess it all depends on how you use it.

It's used more I think to restrict what paths allow executables to run than to stop specific exes (altough it allows that).

The manual gives an example of stopping the running of attachments directly from the email client for example or via the temp folders, and says that the user can of course save the attachment in some other approved directory and run it......