Jump to content

Anti-Virus to become obsolete.


Recommended Posts

(no offense rythmnsmoke, I'm a bargain shopper and don't need bulletproof, just a decent shield)

No prob. Like I said, ImmE might not be for everyone. I'm having to format my g/f's mom's computer and re-install the OS. After that I'm putting on our older home use version of ImmE. She did have Norton on their, but it didn't stop here from getting spy-ware and other viruses when she didn't have the update. And now, here license is about to expire and she dosen't want to pay to re-new it....LOL. So, I'm just going to throw our stuff on, and I guess I'm going to have to train everyone.

Link to comment
Share on other sites


that's all nice for you, as you probably don't have to pay for the software

then there's people like me who would like to try it, and would spread the word IF I could get my hands on the software to make sure it is good

but, as the song says, "You can't always get what you want....."

Link to comment
Share on other sites

Well, rhythmnsmoke ...

As ^_^ stated it could be nice to try that old version of ImmE to compare with other security software. I guess ProcessGuard is not quite what I was after but if someone here on the forum tried it and liked it - oh well - I guess it wasn't all in vain to direct attention to it. After all it comes as a free or (more advanced) paid software.

I've come across similar-to-ProcessGuard software recently as well. That's Faronics' Anti-Executable which seems to work in a similar fashion ... Gonna try that in a day or so. Maybe that works in safe mode etc. ...

I guess maybe you would want to let some here on the forum try your 'old' version ImmE to see whether it's usable in real-life practise in their environment ...

the link to that Faronics Anti Executable is as follows:

http://www.faronics.com/html/AntiExec.asp

(remember - somewhere in this long thread someone suggested that Deep Freeze from that same software company was comparable to ImmE)

@^_^ -

If you go buy the PG software let us know how it performs with the added functionality - does it make it stronger etc. ?

I appreciate teh interest in this huge thread, I must say, good job, lads! :lol:

That's it for now ... Gonna hit the sack till tomorrow.

Greets

Jacob

Link to comment
Share on other sites

Well, guys - thread is still here so - guess there's some interest in it - know what I mean ... ;)

Or - hint - number of views is currently 7312 - that pretty darn much I'd say ... so maybe that's part of the reason i guess ...

Edited by techniquefreak
Link to comment
Share on other sites

*starts to fire off a few rounds of the shotgun*

why isn't this closed already !?

Maybe because it's real. And you can't deny that it's the next step in computer security.

That's Faronics' Anti-Executable which seems to work in a similar fashion ... Gonna try that in a day or so. Maybe that works in safe mode etc. ...

I haven't heard of that one yet. But if it's using system drivers, then the answer is no. But I will check it out.

(remember - somewhere in this long thread someone suggested that Deep Freeze from that same software company was comparable to ImmE)

Yes, someone did mention Deep Freeze. It is not very practical to use. You have to shut it down, just to make a text document. Otherwise, when you rebooted, it would be gone. It dosen't restore you computer back to it's normal state, until after you reboot.

If you go buy the PG software let us know how it performs with the added functionality - does it make it stronger etc. ?

Someone else is going to have to spend the $$, because I don't have it....I'm poor..lol. J/K, I use my money for modding my car, not buying software.

Edited by rhythmnsmoke
Link to comment
Share on other sites

Ok, here is the Low-Down on how the Old Home Use vers. of ImmE works compared to that of the new PG. Now this is based off the free downloaded(limited) vers. of PG. There are Pro's and Con's throughout both descriptions.

PG

-Does a good job of stopping executables from running.

-Can not erase the payload from your machine.

-Payload has to be executed in order for it to be detected by PG.

-Does not pick up nor stop un-compiled(scripts) programs from running.

-Have to reboot the machine 3 times in order for it to start working.

-There is no password to the console, allowing anyone to turn it off and on.

-Does not block the admin tools (cmd, registry, services, msconfig...etc..).

-Stops execution after it passes to the kernel.

-Must launch every program you need to use individually. (Very time consuming if you have a 200 GB HDD with a couple of thousand programs that need to run).

-It's nothing new and there is technology that comes with the OS that already does what PG does. Therefore, you pay for something you already have. PG just makes it easier for you to utilize it.

-You may download programs, and all you have to do is permit the setup program to run and you will be able to install.

-Provides no protection in Safe mode. (This feature is going to have merit when you are talking about deploying on a network in the corp./gov. sectors. Not as important for the home market. So, home users do not need this feature persay).

Old Home Ver. of ImmE

-Does a good job of erasing the payloads before they have a chance to run.

-Erases any payload that is not apart of the matrix, as well as payloads that have been moved from one part of the machine to the next.

-Payloads do not have to be executed in order to be detected and eradicated.

-Eradicates un-compiled programs, but will not stop them from running if you copy and try to double click on them real fast before the binary search sweeps it. However, it will knock them out of memory once they do run.

-May take 1 to 2 sec. to find the payload even on a 200 GB Hdd (The delay is set for a specific reason. See below for the explanation).

-Does not intercept the programs execution. Instead, it is designed to knock programs out of the memory stack that do not belong.

-After installation and the reboot, it builds the matrix automatically for you. All you have to do is wait till it's finished.

-The console is password protected.

-Overrides the Microsoft OS privileges(even if you are logged in as admin) to secure the admin tools (registry, services, computer management...etc.). However, it does not secure the command prompt.

-When downloading software, you have options, you can either filter the setup program into a designated folder, bring down your defenses to be able to deposit the setup.exe program (as in the bank vault senario I gave earlier in this thread), or if you were to leave the shields up, when you downloaded the program, the Home ver. will ask if you wish to ACCEPT or ERASE the newly deposited payload. If you ACCEPT, it will allow the payload to stay in the machine. However, it will NOT be apart of the matrix of the system, therefore it will(after a period of time) keep asking for you to ACCEPT or ERASE it until you tell it to be apart of the matrix.

-Truely a new design concept and philosophy, not duplicated by other technology.

-Protection from external device connectivity. Payload deposits from devices, and again will knock programs out of the memory stack if you try to just execute a program off the external device.

-Does not provided protection in safe mode. (Then again, this is the home ver.)

About the 1 to 2 sec. delay before it sweeps and eradicates the payload. When you download a file, it's going to take a couple of secs. to actually WRITE to the hdd. Obviously you can't erase something that's not there. Also note, if a virus was to try and write to your hdd, without your knowledge, it would have to be coded in such a way, that it would need to lauch at the same time (as it's writting) that it hit the drive. The write and execution would have to be SIMULTANEOUS, to squeak by the 1 to 2 sec. delay. And not to mention, it would have to operate in a manner to enter and leave the memory stack so FAST that the task manager doesn't even see it. As we all know, there are no viruses that are coded like that, nor have that level of sophistication.

Again, this was the old approach to ImmE. This approach is ancient to us now, seeing as how we have evolved into something far and beyond. This approach is still in place. We did not scrap it, we built more defenses on top of it. So, the network version does everything and then some.

Updates from the network version that will be added to the Home ver. are most likely going to be:

-The ability to intercept before it's passed to the kernel (which means protection from script execution because it already eradicates them if they are deposited).

-Securing the command prompt.

-Further securing of admin tools.

Edited by rhythmnsmoke
Link to comment
Share on other sites

so I guess you won't lend anyone the "old obsolete" version to test out either????

In order for me to do any of that:

1) I would have to ship it to you. Who is paying for the cost?

2) After you install it, you would have to call BBX to authenticate it, because we do not give you an authentication key with the software.

3) After that, I would have to provide you with technical support.

4) How will I be sure you removed the software after a period of time (given that we don't have a trial ver. available)?

Now, what will I be getting out of this deal....lol.

Edited by rhythmnsmoke
Link to comment
Share on other sites

IF I like it, then I'd spread the word.

If I don't like it, then I'll uninstall it

and I don't think I'd need technical support, unless it's way complicated

not only that, I wouldn't put it on my main machine, it would go on a crash test dummie so I could really thrash it :thumbup

oh, and you wouldn't have to ship, ever hear of winimage? make an iso file and send it to me :w00t:

Edited by ^_^
Link to comment
Share on other sites

IF I like it, then I'd spread the word.

What's stopping me from doing the same thing? 7,300+ views from my first ever post, I think I'm doing a good job at that. And I'm able to actually show people first hand, so who would you be able to tell that I wouldn't, without actually giving them the software to prove that it works? What's your credibility?

If I don't like it, then I'll uninstall it
Why would you uninstall software that does what I say it does?
and I don't think I'd need technical support, unless it's way complicated

Unless you like reading manuals, you will want to ask me technical questions personally. It's not difficult to install, if you read the manual. But it might take time getting use to how it operates. However, most people don't like to read the manual, therefore they result to contacting technical support. This software is a little different when it comes to installation. Installation is not like typical (run install shield and go) software installs. The manual would need to be read word for word.

not only that, I wouldn't put it on my main machine, it would go on a crash test dummie so I could really thrash it :thumbup

oh, and you wouldn't have to ship, ever hear of winimage? make an iso file and send it to me :w00t:

Did you forget that the Home Use ver. isn't available and we are not pushing it out to Home Users, and that I would have to clear something like that? You are just going to have to wait bro. I do apologize.

Edited by rhythmnsmoke
Link to comment
Share on other sites

Well rhythmnsmoke, I partially agree with ^_^ here ...

You could, as proposed lend few of us the "old" version ImmE so that we could test it on our own as long as that's in a controlled amount I see no harm in that possibility. Anyway - as long as that's an "old" version it'll not hit the shops anyway - like a beta version or so - right ...?

I'm already BT for F-secure, AVG and Symantec so it'd be a real treat to try this piece of SW.

If you're afraid it'd spread to P2P and warez places I'd say you need to be sure not to hand it out to just anybody of course ... :} But as long as you keep it very tight I see no risk, really.

Glad about your info though regarding PG compared to ImmE ...

Keep on going - maybe you'd take your time to make a comparison between ImmE and that Anti-Executable I mentioned in another post ... :)

Kind regards

Jacob

Link to comment
Share on other sites

Well rhythmnsmoke, I partially agree with ^_^ here ...

You could, as proposed lend few of us the "old" version ImmE so that we could test it on our own as long as that's in a controlled amount I see no harm in that possibility. Anyway - as long as that's an "old" version it'll not hit the shops anyway - like a beta version or so - right ...?

I'm already BT for F-secure, AVG and Symantec so it'd be a real treat to try this piece of SW.

If you're afraid it'd spread to P2P and warez places I'd say you need to be sure not to hand it out to just anybody of course ...  :}  But as long as you keep it very tight I see no risk, really.

And exactly who is it that I would be able to trust, and why would I trust them? You see, there is no sure fire way of avoiding handing it out to "just anybody", because everyone in here is "just anybody" to me.

Glad about your info though regarding PG compared to ImmE ...

Keep on going - maybe you'd take your time to make a comparison between ImmE and that Anti-Executable I mentioned in another post ...  :)

Kind regards

Jacob

Yes, that is my next task. I printed off their User Guide for the software, and will be reading it over. I will also be downloading a limited vers. of it onto my little Vaio. A lot of the time, you come across software that has many of the features that we have, but where the difference lies is how they operate. Sometimes it boils down to "HOW" things are done as appose to you actually being able to do it. True, some of our security features can be duplicated with System Drivers. But we all know that in the corp./gov. world as I explained, we have defined a new tier in computer security, and they are now requesting that you be able to opperate in safe mode. So, if it can't do that from the start, then we know the out come.

But I will be testing it here shortly.

Link to comment
Share on other sites

Ok techniquefreak,

I have downloaded a copy of that Anti-executable software. It's pretty good from what I can see. But that statement would be coming from a person who doesn't know anything about security. I think it's a little better than Process Gaurd. It runs in safe mode, to which I was delighted to see. However, I broke the system in about 15 min. I am now having to re-install the OS, because I deleted critical files on it. I have found major issues with Anti-executable. Now, I'm not here to bust it's chops. I'm just posting facts on what I was able to accomplish.

Failed test and my thoughts in the use of Anti-Executable Standard (free downloaded version):

Configuration of software was set to HIGH, with the Deletion protection Enable, and the Copy protection Disabled(Even with Copy Protection enabled, my test would still be accomplished).

Now, the software truely does an excellent job at protecting the Executables from being deleted. Also does an excellent job at protecting "ITSELF", but fails at protecting the rest of the system. Here are the test:

1) What I can and can't delete.

Pass:No way possible to delete the executables.

Failed:I was able to delete critical OS files. Autoexec.bat(not really

critical, but an OS file), Ntldr, and Boot.ini. If you attacked the Windows and

System32 folders and wanted to erase everything in it, only the executables

will be protected. We know there is more than just executables in the system.

2) What was left accessible.

Pass:Would not let me disable "IT'S" service. Also would not let me delete

it's registry entry for the service.

Failed:Does not secure the command prompt, services, folder options,

folder properties (basically all Admin tools). Does not stop me from shutting

off all other services, nor editing the registry of the rest of the computer.

3) User Friendly.

Pass:It's console is password protected.

Failed:With the Deletion Protection enabled, you can't even erase

executables off of your own floppy drive (I didn't see if it blocked the format

function for formating floopies). To UN-install a program you have to

go inside the console every time and disable the Delete Protection function. If

you burned a CD with MP3's, documents, data...etc., and a few executables, it's

it's going to pop up the "violation" message just from the sure act of you

browsing your disk.

4) What I can and can't run.

Pass:Would not let me run any new program on the sytem.

Failed:Still does not stop script(un-compiled code) files. If you wanted to

create a script that deletes your Ntldr and Boot.ini files, this is not going to stop

that. Causing you to restore the computer when you rebooted. Scripts will run

all day on this machine.

I even went to www.finjan.com/Security Lab/Security Testing Center and

downloaded a script into the machine to which it did not detect, nor did it stop

from running. The script I downloaded and ran created a folder on the machine

called "You Have Been Hacked" and copied some documents from my machine

into that folder. One of thoes documents contained the User Name: and the

Domain Name: of the machine. I was also able to copy an existing executable

to another section of the machine, and it ran. I just couldn't rename it is all.

5) Ability to clean the machine.

Failed:Everything I ran, did not get eradicated nor quarentined.

NOTE: They say in the user manual that Deep Freeze will work with this software, to work in conjunction with each other. Below is a description of how to install new software with both products on a system.

The instructions are as follow:

1) Boot the workstation Thawed.

2) Turn Anti-Executable off.

3) Install new software, update existing software, and make any permanent changes

to the workstation as required.

4) Restart the workstation if necessary and configure any new software as desired.

5) Turn Anti-Executable on.

6) Boot the workstation Frozen.

Just to install one piece of software, or update, it's going to take you 3 BOOTS! That does not go over to well when it comes to corp./gov. environments and networks. That is a MAJOR Fail.

I'm not trying to bash, but ImmE is an industry defining solution. If they can't meet on this playing field and be able to get over those Fails, then they are not even close to the level of security/usability that we provide. Even with their products combined, they are not going in the same direction as ImmE.

Anti-Exe/Deep Freeze = Great at protection from new compiled programs.

ImmE = Great protection from compiled/un-compiled programs + Great protection

from the Inside Threat!

PS...Thank You for reading such a long post.

Edited by rhythmnsmoke
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...