Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyshelter


  • This topic is locked This topic is locked
31 replies to this topic

#1 John Bull

John Bull

  • Banned
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 PM

Posted 12 January 2011 - 12:56 PM

I have searched the Forum for this, but nothing came up. Apologies if it is a duplicate.

What are the members opinions of Spyshelter ?

My opinion ? I consider it a marvellous program that gives a very comprehensive cover and all for FREE.
Mainly anti-keylogging, but it covers several other security areas. First class program which I would recommend to anybody 100%. Would not be without it.

It blends in with all my existing AV and AM programs etc. with no problems. BUT - you cannot run SS with KeyScrambler, it results in an immediate screen freeze up and crash on the power button.

John

BC AdBot (Login to Remove)

 


#2 ichito

ichito

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 13 January 2011 - 04:52 AM

What are the members opinions of Spyshelter ?

I'm user of both versions SS...Premium (paid) and Personal (free). It's for me one of the best complement to protect your computer...easy to use, lightweight system, very efficient (I think more than Zemana), has strong but for user easy HIPS (during installation of some software you can switch to installation mode...no more alerts - it works perfectly :)) SS offers 4 levels of protection and you can easily choose the best one for each user...I have the highest :)
SS whit other security soft?...no conflicts...no problems. AV, firewalls, anty-spyware, virtualization software...it does not matter, everything works perfectly...KeyScrambler also :)

Edited by ichito, 13 January 2011 - 06:02 AM.

Vista: SpyShelter Firewall + Shadow Defender + Keriver 1-Click Free

XP SP3: Kerio 2.1.5 + SpyShelter Premium + NVT ExeRadar Pro + Shadow Defender + Keriver 1-Click Free


#3 John Bull

John Bull
  • Topic Starter

  • Banned
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 PM

Posted 13 January 2011 - 10:13 AM


What are the members opinions of Spyshelter ?

I'm user of both versions SS...Premium (paid) and Personal (free). It's for me one of the best complement to protect your computer...easy to use, lightweight system, very efficient (I think more than Zemana), has strong but for user easy HIPS (during installation of some software you can switch to installation mode...no more alerts - it works perfectly :)) SS offers 4 levels of protection and you can easily choose the best one for each user...I have the highest :)
SS whit other security soft?...no conflicts...no problems. AV, firewalls, anty-spyware, virtualization software...it does not matter, everything works perfectly...KeyScrambler also :)


Well Ichito, congratulations. Out of 87 views, you have the unique honour of actually replying. Whilst you and I fully understand the value of SS, it seems that everybody else has no interest or appreciation whatsoever for one of the finest and most efficient security freebies on the entire net. Their loss Ichito, not ours.

John

PS - This subject generated 3,981 views and 104 replies on another very popular Forum. Looks like I am wasting my time on BC. Hasta la vista, don`t call me, I`ll call you.

#4 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:38 AM

Posted 13 January 2011 - 11:22 AM

Wow. Well John, I did not comment because I have never heard of, or used the product begin discussed. I wish you well with your future endeavors.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,928 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:38 AM

Posted 13 January 2011 - 12:17 PM

I am not familiar with it either. I suspect most of our members do not use that program as your search revealed so they would have no opinion to provide. That probably also accounts for a lot of views out of curiosity.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 13 January 2011 - 02:16 PM

Well John, if you really want to know, SpyShelter was not able to block the following injection method:
http://blog.didierstevens.com/2010/02/08/excel-with-cmd-dll-regedit-dll/

It's something I developed a year ago, but I've still to find a security tool that will prevent this.

This forum is not the place to discuss injection techniques, that's why I didn't reply (initially).

And I'm pretty sure I can do keylogging too, without SS detecting it.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 13 January 2011 - 02:20 PM

Thanks Dider Stevens. Had thought about trying it out on a test PC. You just saved me the trouble.

That is the problem with many security apps. They can promise the world. But not deliver a thing.

#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 13 January 2011 - 02:58 PM

That is the problem with many security apps. They can promise the world. But not deliver a thing.


Just to be clear: I'm not saying that SS doesn't work based on one test I did. I did just one injection test, and SS (default install) didn't block the injection.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 13 January 2011 - 03:09 PM

Understood.

Trying it out on my Bench\Test machine. It see`s a lot of infected drives attached for scanning as well as flash drives and cards.

Even with auto-run disabled I figured one more layer of security that does run pretty lite on resources and does not conflict with the other apps installed won`t hurt.

#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 13 January 2011 - 03:20 PM

@ThunderZ If you're interested in tools to prevent infections from removable drives, take a look at my open-source tool Ariad:
http://blog.didierstevens.com/programs/ariad/

Windows XP, Vista & 7, but it's 32-bit only, for 64-bit I need to find a sponsor to buy a code-signing certificate. :-)

And it's very stable, I know a company that uses it on 500+ laptops for more than a year now. Caused no BSOD.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#11 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 13 January 2011 - 03:29 PM

Many thanks Dieder Stevens.

Grabbing it now and will give it a test spin ASAP. XP 32.

After a quick glance at what it does I may even use it to replace the old\no longer supported but venerable Process Guard that has been a staple in my protection scheme for years.

#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 13 January 2011 - 03:51 PM

After a quick glance at what it does I may even use it to replace the old\no longer supported but venerable Process Guard that has been a staple in my protection scheme for years.


I remember PG, it's been a while since I used it.

Making an open-source process creation monitoring tool is on my todo list. Hope to do it this year.
Since Windows Vista SP1, there's a new kernel function (PsSetCreateProcessNotifyRoutineEx) one can use to be notified each time a new process is created. The notified program can decide to prevent the creation of the new process.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 13 January 2011 - 04:00 PM

Making an open-source process creation monitoring tool is on my todo list. Hope to do it this year.
Since Windows Vista SP1, there's a new kernel function (PsSetCreateProcessNotifyRoutineEx) one can use to be notified each time a new process is created. The notified program can decide to prevent the creation of the new process.



The new kernel function sounds like it has promise for security Developers such as your self to tap into\use.

The program used to allow block would be interesting. But the question arise`s. Is it block by default\allow with User consent. Or just block without notification. That is the fine line, one I do not envy, that programmers have to walk. Just how much do you count on the EU to make the right decisions?

#14 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 PM

Posted 13 January 2011 - 04:12 PM

Just how much do you count on the EU to make the right decisions?


Many EUs can't make the right decision. That's why my tools don't come with a setup program. You need some tech skills to install my tools. I assume that if you have these skills, you also have the skills to make informed decisions.

Skilled users can also setup my tools for unskilled users, and configure them so the EU is not prompted.
The process monitoring tool would support whitelisting.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#15 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 13 January 2011 - 04:25 PM

I assume that if you have these skills, you also have the skills to make informed decisions.


Have managed with PG for years. :wink: The full version with all features enabled.
It`s the first app I install after a clean install of the OS. It can get a little click :busy: crazy finishing up installing\tweaking the system. But I know it starts clean and stays clean.

PG had a form of whitelisting in the type of permissions the EU allowed on first run of programs. Allow once, always allow, ignor changes, etc.

Looking forward to setting down on my bench machine and having an in depth look and configuring Arid.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users