What's a good way to know about changes to the system & software? HIPS, BBs, etc.

Discussion in 'other anti-malware software' started by justenough, Nov 8, 2010.

Thread Status:
Not open for further replies.
  1. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    What are lightweight, reliable ways to know what has been changed in the software that shouldn't be? If it gave an alert to suspicious activity, even better.
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    for sure a pure hips will alert you just about of any kind of system activity;)
     
  3. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    I guess I should also say non-intrusive. In other words, not too many pop-ups.
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    :D in that case not hips:D
     
  5. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    I've tried Mamutu and WinPatrol, and I can deal with that level of alerts. Mamutu might be a little heavy, and some have said WinPatrol isn't as thorough a guard as it could be. So I wonder if there is something in between, or a method completely different that I don't know about.
     
  6. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    D+ is very good and also the hips component that comes with private firewall is good too:thumb:
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    PE Guard is what you want;)
     
  8. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    I tried loading PEGuard recently but it didn't start up. Something about being unsigned. I'll give it another try.
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    for 64 bits:)
     
  10. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Can I use PEGuard on 64bit anyway?

    Also trying HiJackFree. Lots of information to figure out, not seeing any alerts. I'll have to read up on this program.
     
  11. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    not sure
     
  12. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    PEGuard wouldn't work on my computer.
     
  13. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Thanks for the suggestion, Kernelwars.

    I know Bellgamin likes TinyWatcher. I'm about to try loading that one.
     
  14. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Be aware when using x64 of file redirection issues. You might run into that with TinyWatcher.

    I use the snapshot feature of Autoruns and What's Running to check for system changes.
     
  15. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Thank you for warning me before I did any damage, MrBrian. Uninstalled TinyWatcher. Looking into What'sRunning.
     
  16. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :). The danger isn't that TinyWatcher would damage your x64, but rather that it could perhaps miss some changes in \windows\system32.
     
  17. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Oh.

    Autoruns and WhatsRunning look like they require an understanding of computers that I just don't have yet. I probably need a program that already knows what to look for, and pops up an alert that I can research. Sounds like Mamutu and WinPatrol, doesn't it. I was hoping there was something else I'd overlooked. Maybe I'll keep HiJackFree on and just study the information there and eventually move up to your two programs.
     
  18. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    It seems like you're looking for something like Mamutu, ThreatFire, Prevx or other behavioral analysis software.
     
  19. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Have you tried any Comodo products? From what I remember, they were extremely chatty. Things might have changed in the past few years, but I somehow doubt it. If you need that kind of granularity it might be worth a shot.

    If you want to see what happened after you did something, I always use InstallRite. I don't know if it works on x64 or not, but it works nicely with win7 x32.

    If you were using x32 you would have many more options. One of the reasons why I refuse to go with a x64 system quite yet. Still too many softwares I like that work best on x32. OT but threads like this are good for reminding me when I am tempted to use x64 ;)

    Sul.
     
  20. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Maybe I am having trouble with this category of security because it's not really what I need with Sandboxie. Something I'll have to think about. Thanks for the suggestions.
     
    Last edited: Nov 9, 2010
  21. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    this is something i've always been interested and still haven't got a satisfactory answer to.

    i'd like to be able to see 2 different snapshot of my system side by side and be able to tell what has changed; registry, files, etc...

    is there any app that can let me do this?
     
    Last edited: Nov 9, 2010
  22. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Last edited: Nov 9, 2010
  23. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
  24. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    after looking at the link provided by andyman35 i can see there are only 2 apps that are still developped: WhatChanged and SysTracer.

    WhatChanged costs a fortune and is geared for ITs. SysTracer might be just what you're looking for and it's decently priced.
    they have a price for home user vs business user.

    there are freebies in andyman's link but those haven't been developed in years so i don't know if they would support Vista and 7.
    i tried a couple and they seem to work but still...
     
    Last edited: Nov 9, 2010
  25. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    IMO, I think WinPatrol Plus would be the best answer for you at this point. It gives access to the Plus database for questionable things Scotty barks about. It's nice to have some extra, legitimate help when things are a bit confusing.

    I run AV, Sandboxie, UAC on the highest setting and WinPatrol Plus on my Win 7 PCs (along with full image backups.) I doubt much would get through without me knowing about it.
     
Loading...
Thread Status:
Not open for further replies.