SpyShelter (free)

View previous topic View next topic Go down

SpyShelter (free)

Post by noorismail on 29/9/2010, 19:59

@ssj100 & Others:

Hi ssj100 & Forum Friends!!!
I have added SpyShelter free version,"AntiKeylogger", as a real-time alerter of key logger activity,while operating in ShadowMode,of ShadowDefender,in Sandboxed Firefox 3.6.10(set up via your settings).

This adds a certain amount of RAM/CPU use.
(negligible maybe,and I know not all are as RAM challenged as myself.)
Do you thank this addition,(SpyShelter) adds anything worthwhile to my Sandboxie,(your configuration)+Shadow Defender setup?

It seems a lot of folks thank you must have a HIPS,and this is the lightest/simplest/free version I can find.

thanks
noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: SpyShelter (free)

Post by ssj100 on 29/9/2010, 23:27

What exactly is the role of the HIPS in your setup?

I used to think a HIPS was important too. Then I realised that all I needed was something to deny initial execution (probably the most powerful method to block all malware). The fact was that trusted applications I used should have full access to whatever they needed (and I found that when I had a Classical HIPS, I'd just allow all the pop-ups anyway).

In my opinion, installing new dodgy programs from dodgy sources on the REAL system is just asking for trouble - I doubt even the experts can consistently tell if something is malware or not by looking at the pop-ups from the HIPS. Therefore, I concluded that for me, the Classical HIPS is fairly useless. And when I discovered SRP, I didn't look back.

However, I felt a little "naked" without the HIPS. Sandboxie's anti-execution component is pretty decent, but it only really blocks .exe executions. It does not directly block DLL loading, although it contains it. At the same time, I wanted to minimise the number of third party applications to avoid potential conflicts (both discovered and undiscovered). For me, I think it's more likely for anti-malware applications to "cancel themselves out to some extent" than to actually get infected by malware.

Some argue that an "anti-keylogger" program is the most important line of defence. However, if something can't execute, then how can it run/infect? Also, using Sandboxie to sandbox all malware threat-gates and to effectively always start out with "clean web-browsers" etc is probably more effective than running an "anti-keylogger" program in real-time.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: SpyShelter (free)

Post by noorismail on 30/9/2010, 07:33

Thanks SSh100.
I thought that the anti-Keylogger/HIPS,SpyShelter would give
me real time warning of screencaptures,key logging,etc,that might occur during a Sandboxed ShadowMode browser session.
After thought I concluded,Who cares?
If some someone is able to capture a screen shot of my machine at a
security forum or "b" grade horror movie site?
I don't do E-Commerce,or buy on-line,and if I do,buy a book or so online, it is with trusted sources with a fresh sandboxed IE8.
I concluded:
1.Not worth the resource.
2.Not worth the (brief) training period.

noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: SpyShelter (free)

Post by ssj100 on 30/9/2010, 09:24

Yes I agree.

Sandboxie's anti-execution component would block any eg. keylogger that tried to spontaneously run in a browsing session anyway.

Regardless, using Sandboxie to sandbox malware threat-gates and using a "fresh sandboxed" web browser for "banking" has got to be the strongest method to protect against logging malware. This is what purists would do before doing any eg. online banking:

1. Close all open sandboxes (thereby terminating any running logging malware).
2. Open a "fresh sandboxed" web browser.
3. Go straight to your banking site and happily do your online banking.
4. Once you close the "fresh sandboxed" web browser, Sandboxie automatically deletes all contents, and you're automatically ready for future banking sessions (go back to step 1.).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: SpyShelter (free)

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum