Spyware Warrior

[suzi]

And no, not the kind you played in as a kid. Out of this list from Eric Howes' site, does anyone have any recommendations or feedback on any of them?

https://netfiles.uiuc.edu/ehowes/www/soft3.htm

[Longboard]

You might already know, but are these helpful
http://www.winrollback.com/
and Deep freeze or Freeze X http://www.faronics.com/australia/product.asp

Can lock your system while allowing testing then restore.

Be interested to see what you think
_________________
Never seek to know for whom the bell tolls...

[Moore]

Hi Suzi..

I know Regrun Gold will allow you to save multiple snapshots / profiles of your registry for restoring later.

I use an older version of Roxio Goback Deluxe as my last resort against anything I cant stop [ not much ] , a 100 times better than microsofts system restore , has saved me many times from reinstalling. Goback runs in the background though and it's now owned by Symantec , so not sure if its gotten any better or worse.

Shadow Surfer does sound good and Deep Freeze has also been recommended to me.

Also how about Vmware ? I know I saw something good about using this somewhere round the forum..

Will be interesting to see what other options there are.
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts |

[mikey]

Eric, since you have scripting controls like DCS Wormguard mentioned, shouldn't the other script controls like ScriptSentry be listed there too?
BTW DCS has a process filter available too;
ProcessGuard
http://www.diamondcs.com.au/processguard/index.php?page=download

BTW Suzi, process filtering/firewalling and sandboxing aren't really the same thing as most products mentioned here don't actually allow initiation 'inside the box'. Most would never understand the distinction tho.
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE

Spyware/Adware is NOT freeware, it costs all of us dearly.

Mikey's Stuff

Fiddler and friends...essential web diagnostic, forensic, & development tools.
-

[Tank863]

Suzi,

If you can remember way back... I was recoommending the use of the free version of Finjan's Surfin' Guard Pro.

Once Finjan ironed all the bugs out of it, they removed the free part of the equation...

But it is still a program that I use and recommend.

I can honestly say that the computers that I work on, and have installed Finjan SG Pro onto, they have never had an infection....

It is a combination of products that I use... but Finjan has been one of them...


_________________

Microsoft MVP
Windows Security
2005

[suzi]

Thanks for the info and links. I think what I really want is one of the apps like WinRollBack, Deep Freeze, ShadowSurfer.

Moore wrote:

[herbalist]

Suzi,
I'm using SSM, and it is one sweet program.
Unless I'm not reading your post right, you're looking for something that can monitor the entire installation process and tell you what files, folders, reg keys, etc have been added, changed, etc.
I use "Install Spy" and "In Control 5" for monitoring installations. Both seem pretty good. If a system reboot is required by the installation, In Control is better for those. I don't have links for either anymore, but I do have copies if you're interested.
Rick

[mikey]

[suzi]

Thanks Mikey. That helps me and I'm sure it will help others too. That's essentially what I thought, so you confirmed it. Yes, sandboxing is what I want. I thougt I remembered you posting about a sandbox app previously, but I couldn't find it.

What happened to sandboxie? Did it not turn out to be what you expected?

When you say the concept of sandboxing is problematic, what do you mean? I understand it can be tricky to use the apps and potentially problematic if you are not paying attention to what you are doing.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[war59312]

I use WinRollBack Private to roll back changes.

http://www.datapol.de/dpe/prod/winrollback/index.html
_________________
God Bless America

[mikey]

[Ad/Subtract]

Has anyone checked out the latest version? It's reported to be compatible with any browser or software running. Seems like an ideal shield for internet travel, without picking up parasites that may want long term relationships with you or your box.
http://sandboxie.com./

[suzi]

There is a discussion about it here that you might find helpful:

http://www.dslreports.com/forum/remark,12802027~mode=flat
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[Ad/Subtract]

Thanks a lot. I had trouble running Firefox in Sandboxie until I uninstalled ZoneAlarm and installed Kerio for firewall protection. Now I'd like to see how Sandboxie stands up to a test like Eric Howes is doing with the Adware apps. Perhaps this will satisfy many user's requirements for safe internet surfing, regardless of their browser of choice, without concern for longlasting malware relationships. Who knows, if this app has the power, multiple antiadware apps may no longer be required.

[mikey]

[muf]

My take on the apps i've tried from that list.

Finjan SurfinGuard Pro - This has stopped a lot of dodgy executables, scripts, ActiveX and downloaded files from running. It even stops things like Leaktest, based on it's behaviour. Leaktest is not dangerous(but the way it behaves is). SG Pro recognises the behaviour as dangerous and stops it. So if it was a real malicious app trying the same technique then it would have protected you. It's record for stopping known threats without the need for signatures is very impressive.
Here's a few of the recent threats it proactively protects against.
http://www.finjan.com/SecurityLab/AttackAndExploitReports/default.asp

RegRun - If you want a complete suite that protects everything form the registry to the file system then this is it. Great. So great that i upgraded from the standard version to the Gold version within two weeks.

System Safety Monitor (SSM) - Didn't like this. Too obtrusive. It pops up with an alert if you break wind. Well ok, maybe not that temperamental but it's constant pop-up alerts annoyed the hell out of me and i ditched it.

WormGuard - Great for protection against malicious scripts and worms(of course). I've had numerous times when it's popped up stopping something because of the content. You can allow or stop at your own choice. Look at some of the content and when you see things that are virii associated and you are just running a screensaver you downloaded then you get the choice to stop it and then you can delete the little bugger. It's all heuristic based, so no definition's needed. Takes up no resource as it hooks into the OS. Very nice addition.

Hope this helps.

muf

[mikey]

[Moore]

I've seen quite a few bad reports about Finjan products , but they were based on older versions , hopefully they have improved them with the help of their new research team.


Lately I've been testing the latest versions of Tiny firewall pro from 6.5.44 - 6.5.62 and I'm liking what I see very much , although I cant say I will ever be replacing my trusty Outpost with anything else.

I think I mentioned Tiny in another similar thread , but since it's very good I think it cant hurt to add it here as well.

The sandbox features in Tiny's windows security module are very similar to using SSM/Processguard/Regrun , and packaged all in the one program..

> TINY Link <

Tiny allows you to create application groups for installed programs which you can use to set restrictions on what access they have to various functions in the operating system itself. You can then restrict / control your browser and any other program from DLL and code injection , services installs and registry changes etc ..
> Windows Security Features Link <

Theres also a track and reverse feature which you can use to log installation activity -
> Track & Reverse liNK <

[jlowell]

Hi suzi,

You might want to take a look at Norton Go Back, I believe it meets all of your criteria. I have NGB on this machine as part of the Norton SystemWorks program but it refuses to cooperate with an aging DOS boot manager I've chosen to employ so I can't use it. It involves dealing with the installation as a phenomenon of the disc, but, somehow, the manner in which the boot manager tries to locate the installation partition after NGB goes into action becomes tangled, so I rely upon back-ups Ghosted from a device on another network computer instead. But I've got three discs and five OSs on this thing, it's complicated. In circumstances where Windows is the only installation, NGB ought to work perfectly well.

jlowell

[Ad/Subtract]

Mikey, regarding Sandboxie:

I think you're correct, but most people on the Net don't want a hi-tech fix. They want the minimum to surf safely. That means minimizing the number of apps to achieve the goal, and maximizing the safety of cruising whatever web page is referenced by...let's say...a Google search for "Your need of the present." If you happen to land on a grungeware site, are offered the latest "you must have this toolbar" click option, or "absolutely require our ..." if you click here option; then the option to dispose of this garbage after surfing the Net is a welcome option. If this app does not live up to its promises, that is a different story. From what I understand of it's developer, its worthy of a trial by those of the best in the business. What do you think?

[mikey]

[herbalist]

When I first started using SSM, it did alert on every process and every system component. How far that will go depends on what you set it to alert to. I spent a couple hours, starting every application from every possible location and made rules for each one. The hardest part is remembering all of them, especially ones launched by other applications. It's rare I see an alert now, except on the items I want alerts on. It does alert whenever an executable is updated, something of a pain when you run multiple scanners, but its abilities outweigh the inconvenience for me. This is one app I will buy when it's out of beta. For computers with multiple user accounts, SSM could be a goldmine, once you set it up. A lot of the apps I've seen discussed here don't run on my old box, but SSM does very well. I wish sandboxie did. I'd love to try that one.
Rick

[Ad/Subtract]

Mikey,

I'm willing to go out on a limb here. I value your opinion, but I think that the internet addicted users that you serve need an app that lives up to its promises. In my opinion, as and average user, this app has great utility for the average user in its current state, and I would recommend it. Others (DSL Broadband) have documented that Sandboxie has effectively dealt with malware installation on websites such as warez.com. So far, Sandboxie has not failed ANY challenge, and the problems addressed to the developer TZUK have been rapidly addressed. This app is definitely worthy of intensive scrutiny while it is still free.

[mikey]

@ AdSub;

While I'm sure that your motives here are completely on the high road and have nothing to do with any interest in marketing this product as part of your conglomeration, your comments still do not sway my thinking at all.

I've already stated that I don't want to publically review this product untill it has had a chance to mature some. I wonder why you can't respect that.

The tool, while being a very good effort so far, still has probs. It does not play well with the other resident & peripheral wares already installed. And the sandbox itself is still not foolproof yet. One example of that can be found by running the so called test described here; http://www.spywarewarrior.com/viewtopic.php?t=11406 In addition to what your eyes will tell you, I suggest you also run sys snapshots outside the sandbox...InCtrl5 will work fine. That so called test will give you a visual not afforded by many of the new generation of malwares that can still mask policy changes even from the tools designed specifically to root them out.

[jimmytop]

[Jay]

[suzi]

Hi Jay,

Welcome to Spyware Warrior. That list I originally posted is maintained by Eric Howes and I'll mention it to him.

Best regards,

Suzi
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[Peter2150]

Hi All

The closest thing to a Sandbox I use is Raxco's First Defense-ISR. In a way it is similiar to Goback without the lmitation of a finite history. (you can lose your ability to goback if you work with large files or to much time passes) FDISR, which does require adequate disk space, allows you to make a snapshot of your complete c: drive, and you can then boot into this snapshot. Once there you can install and run software, modify your system, even totally screw up your system to the point it won't boot. No worry. Just boot back into your primary snapshot and you are back to normal. About a 3 minute copy and the other snapshot also is restored to the same state as the primary. You can use the alternate snapshots just like a sandbox.

Pete

[Moore]

Hi , sounds good Pete. I'll have to check it out.

Goback is definitely annoying when it loses the information to go back to.. I have had that many times through too much disk activity , usually at the times when I really needed it. It has also saved me from a OS reinstall more times than I can count, so it has its good and bad points.

I've been running Deepfreeze for a week or so and its another very powerful alternative. I think it's already been mentioned a few times , and it works very well.

All system changes will be reverted back to the original saved state upon reboot while in the freeze mode , even formatting of the harddrive can be reversed. If you need to make any system changes you just reboot into thawed mode.

http://www.faronics.com/html/deepfreeze.asp
http://www.faronics.com/html/DFStd.asp
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts |

[Mind control 01]

Hello Suzi
Are these any good to you ? http://www.snapback.com/ & http://www.forensics-intl.com/safeback.html I found them in my antihacker tool kit book, remembered this post, I hav'nt used them yet, My back up is a cloned hard drive , One other thing I found is http://www.export.gov.il/Eng/_Articles/Article.asp?CategoryID=535&ArticleID=1021 is this a multi vm machine thing ? I think you could have some fun with this tool if you can get infected & not worry .

[Yar_]

I'm lookinf at this topic and can;t find the exact solution I want.

Basicly want a sandbox which allows files to be installed, tracked, monitored, md5'd, all in one report. Any hints or suggestions? Or am I going to have to build this one myself?


_________________
Search, Find, Identify, and Destroy Malware.

[Yar_]

I still haven't found a good enough program to do everything I want so I have begun building a new one. Whether or not I actually finish this is another question. If anyone else has an ideas that aren't on the list let me know.


_________________
Search, Find, Identify, and Destroy Malware.