Windows 7 Starter SRP/Applocker Alternative

Discussion in 'other anti-malware software' started by AdamL, Dec 8, 2011.

Thread Status:
Not open for further replies.
  1. AdamL

    AdamL Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    116
    Location:
    France/Fife
    Hi :D

    I am using AppGuard on my Windows 7 Netbook at the moment.

    This got me thinking, I am running UAC at max, occasional scan with HMP and generally being sensible online - what could replace AppGuard?

    Ideally I would like to use SRP/Applocker - although I would need to upgrade to Pro/Ultimate for this.

    So....what alternatives exist to allow SRP/Applocker functionality in Windows 7 Starter?

    I would appreciate any suggestions....

    Thanks,

    Adam
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You don't need to upgrade Windows for SRP. You could use Sully's tool PGS (Pretty Good Security) -http://mrwoojoo.com/PGS/PGS_index.htm

    You can also look this forum for Safe-admin/safe admin, and you'll find threads started by user Kees1958. Give those threads a reading.
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Only one caveat with win7 and SRP. You must use UAC/LUA, as the ability to be Admin and the SRP option of "Basic User" does not work in win7 now. Well, at least not very easily. Otherwise, Default Deny SRP is available.

    Sul.
     
  4. AdamL

    AdamL Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    116
    Location:
    France/Fife
    Thanks both :)

    I am having a look at both the tool mentioned and the other threads. Is this all possible without the Group Policy Editor? I ran PGS, although I am not exactly sure what I am doing, if it needs to be kept running, does it auto start etc. I will have a look at the website.

    Thanks,

    Adam
     
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    You will see in the threads that SRP only requires a registry value to work. PGS is only a shell to create/manage the registry items. You run the tool or merge .reg files, logoff, logon, and the changes are effective.

    Sul.
     
  6. AdamL

    AdamL Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    116
    Location:
    France/Fife
    Ok, thanks for the explanation :)

    Is it possible to use SRP in Windows 7 Starter without any 3rd Party Apps?

    I am running an Admin account, can you please explain the SRP problem and how to get around it without having multiple accounts on my machine?

    Thanks,

    Adam
     
  7. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Every version of windows, from XP on, has the ability to use SRP. It is built into the core, and only needs the registry values to exist for it to work.

    Higher end versions have Group Policy, of which the SRP interface belongs to, so to speak. So, no GPO, no SRP. But it isn't that it does not exist, only that the interface to is missing in lower level versions of windows.

    The threads you will see here talk about merging registry values to enable it. PGS only takes this a step furhter by letting you manage the registry entries.

    In XP and Vista, there is a flag you can use called "Basic User". When SRP was enabled for a specific .exe for example, you could start that .exe "as a basic user" when you were an admin, so you could start firefox.exe with the rights of a user level, instead of your admin rights. This made a nifty tool for those who ran as admin.

    In win7, although the flag is still there, it no longer works the same, and for all intents and purposes, no longer works.

    Instead, you really are stuck with the option to deny execution, which is how most people probably use SRP, to create a default deny situation.

    Sul.
     
  8. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    There is the 'GPE for Win7 Starter/Home versions' prog at TheWindowsClub.com link.
    I haven't used the GPE prog myself (yet) so I don't know if it's up to par.
    But as Sully's 'PGS default-deny' might be just what you need, I'd start with that.
     
  9. chris1341

    chris1341 Guest

    AdamL, for what it is worth I too started my son's Win 7 Starter netbook with Appgaurd but have moved to Sully's great little PGS tool. I set him up as a standard user and selected 'Set-up SRP policies if you are a user or use a LUA'. Nice guide on the link previously provided or directly from here http://mrwoojoo.com/PGS/PGS_HowTo.htm

    HMP & MBAM scanning occassionally and while the odd malware executable is found (mostly toolbars, free 'games' etc he has TRIED unsuccesfully to install) nothing has gotten through.

    I have another Win 7 machine (Home Premium) that runs Admin with SBIE reducing the rights of sandboxed applications, folders etc and the default deny setting achieved via PGS implemented on my direct access folders and directories. That has worked really well for a long time now.

    I think AppGuard is great and would recommend to anyone it but I have found these SRP via PGS approaches viable, lightweight alternatives.

    Cheers
     
  10. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    I have used Parental Controls + Standard User to accomplish a similar effect. Works great.
     
Loading...
Thread Status:
Not open for further replies.