Abtrusion Protector -

[BillR]

Abtrusion Protector
(For WinNT/2k/XP)

http://www.abtrusion.com/abtrusion_protector_ps.asp

I haven't tried it -- yet. It looks like a strong application control
similar to an application firewall.

(Site excerpts)
Abtrusion Protector™ prevents Windows from loading unrecognized or
unknown software. Only software that you have safely installed or
explicitly allowed can be loaded into memory. Contrary to typical
anti-virus scanners, Abtrusion Protector™ is not dependent on frequent
virus definition updates.

- Benefits
Prevents viruses and hacker tools on your computer
Abtrusion Protector™ stops any software that gets copied to your
computer without your consent. Only software that you have instructed
Abtrusion Protector™ to allow is able to run. This stops most viruses
and hackers.

- No virus definition updates
Since Abtrusion Protector™ knows which files to allow rather that
which to prevent, there is no virus definition database that has to be
updated. Abtrusion Protector™ works just as well against new viruses
as against old ones.

- Verifies digital signatures
Abtrusion Protector™ verifies digital signatures and will
automatically allow signed software from software vendors that you
trust.

- Monitors software installations
When you install new software, Abtrusion Protector™ will track all new
files copied to your computer. You can instruct Abtrusion Protector™
to automatically allow the new software.

- Works side-by-side with your existing security software
You don't have to throw out your existing security software to use
Abtrusion Protector™. It works side-by-side with your personal
firewall and even with anti-virus scanners. However, Abtrusion
Protector™ protects you against security threats against which these
products won't protect you.

-----
License - http://www.abtrusion.com/Downloads/aplicensepe.asp
Abtrusion Protector™ Personal Edition is free for non-commercial,
personal use on one workstation computer in a non-network environment.
If the product is installed on a server or on a computer connected to
a domain or a LAN or has a dial-up connection to a corporate network,
a paid license key will be required.

 

[TranZ]

Abtrusion Protector
(For WinNT/2k/XP)

http://www.abtrusion.com/abtrusion_protector_ps.asp

I haven't tried it -- yet. It looks like a strong application control
similar to an application firewall.
-----------------------------------
I installed it.
Abtrusion Protector requires detailed
configuration ( at least for a novice like myself )
I had some difficulty with this.

After "playing" with it for sometime
I decided to uninstall it but an
experienced user might find the
added protection useful.

 

[BillR]

Abtrusion Protector
(For WinNT/2k/XP)

http://www.abtrusion.com/abtrusion_protector_ps.asp

I haven't tried it -- yet. It looks like a strong application control
similar to an application firewall.
-----------------------------------
I installed it.
Abtrusion Protector requires detailed
configuration
( at least for a novice like myself )
I had some difficulty with this.

After "playing" with it for sometime
I decided to uninstall it but an
experienced user might find the
added protection useful.

Sort of like a firewall except inside the OS -- if not approved, can't
receive/send. Was the problem with setting up the product itself, or
was it with having to specify numerous rules (these applications are
approved to run, etc.). If the latter, was this an interface problem?
Easy once you understood how? Tedious because so repetitive?

Has anyone with System Safety Monitor (SSM) experience tried it? The
appear to have similar features.
http://maxcomputing.narod.ru/ssme.html?lang=en

Both of these appear to do a bit more than
WinPatrol - http://www.winpatrol.com
and
WinSonar - http://digilander.libero.it/zancart/winsonar/index.htm

Are there any freeware (or no $) intrusion detection systems that
combine monitoring file integrity (checksums, not just date), the
registry (intelligently), and executing process (i.e., real-time)?
Are they practical on dynamic systems?

Thanks,
BillR

 

[ocol]

"TranZ" <[email protected]> wrote in message

Has anyone with System Safety Monitor (SSM) experience tried it? The
appear to have similar features.
http://maxcomputing.narod.ru/ssme.html?lang=en

Both of these appear to do a bit more than
WinPatrol - http://www.winpatrol.com
and
WinSonar - http://digilander.libero.it/zancart/winsonar/index.htm

Are they practical on dynamic systems?

Thanks,
BillR

I have been using Abtrusion Protector alongside System Safety Monitor for
quite some time now and it provides much needed security (some say
overkill). Occasionally I did get problems, for example when my Antivirus
software would load a new .dll file after an update, Abtrusion Protector
would prevent the new .dll from being loaded. (Imagine if a Trojan was
trying to do the same) To solve these problems I just separated all software
into different ''software packages'' and gave individual files/appls/dll
execution rights. I think to use Abtrusion Protector and System Safety
Monitor, the user should have a very good idea of how the Operating System
on their computer should behave and which files it needs to run. I highly
recommend both of these software to anyone but I can definitely see why a
novice may experience difficulty with either of them.

With Abrtusion or System safety Monitor installed all of the recent Worm
outbreaks would have been prevented but nothing can really replace good old
common sense however.

 

[BillR]

I have been using Abtrusion Protector alongside System Safety Monitor for
quite some time now and it provides much needed security (some say
overkill). Occasionally I did get problems, for example when my Antivirus
software would load a new .dll file after an update, Abtrusion Protector
would prevent the new .dll from being loaded. (Imagine if a Trojan was
trying to do the same) To solve these problems I just separated all software
into different ''software packages'' and gave individual files/appls/dll
execution rights. I think to use Abtrusion Protector and System Safety
Monitor, the user should have a very good idea of how the Operating System
on their computer should behave and which files it needs to run. I highly
recommend both of these software to anyone but I can definitely see why a
novice may experience difficulty with either of them.

With Abrtusion or System safety Monitor installed all of the recent Worm
outbreaks would have been prevented but nothing can really replace good old
common sense however.

Both, wow. How do Protector and SSM compare to each other? Recommendation?

Thanks.
BillR

 

[Ogre]

----- Original Message -----
From: "BillR" <[email protected]>
Newsgroups: alt.comp.freeware
Sent: Friday, October 03, 2003 4:16 AM
Subject: Re: Abtrusion Protector -

"ocol" <[email protected]> wrote in message

<--snip-->> >

Both, wow. How do Protector and SSM compare to each other? Recommendation?

Thanks.
BillR

System Safety Monitor only deals with executables whereas Abtrusion
Protector will alert you if a program attempts to load a DLL that had not
already been permitted or added to its thumbprint database. System Safety
Monitor is more of a firewall in the sense that you can have it ask you
whether you wish to execute a program in real-time whereas with Abtrusion
you have to decide yes or no before.

For example, if you were playing a media player movie and it attempted to
use the (dangerous) built in scripting in order to open up an X rated
website, System Safety Monitor would give you an alert stating something
like ''mplayer.exe is attempting to execute Iexplore.exe''. At this point
you could create a permanent rule to disallow this action or you could
create a temporary rule.

With Abtrusion Protector, the fact that Media Player had attempted to
execute Internet Explorer is not perceived as a risk since both are already
on its ''allowed to execute'' list. It would only prevent this if Internet
Explorer had been replaced with for example a Trojan or it had been denied
execution rights earlier.

System Safety Monitor does things that Abtrusion cannot do and vice versa,
for example System safety Monitor can prevent DLL injection and ''piggy
backing'', for example if a program masqueraded as a permitted application
in your Network firewall rules in order to call out, System Safety Monitor
would alert you to this. If for some reason Internet Explorer wanted to
execute cmd.exe, System Safety Monitor would alert you to this (only if you
had set the advance rules). With Abtrusion Protector, it would allow
Internet Explorer to execute cmd.exe because both of them have already been
given execution rights. Also, Abtrusion Protector can give individual
programs execution rights and you can decide whether they are permitted to
install software or not.

So you can give a program limits to what it can do on your system. For
example, I use Trojan Defence Suite (TDS-3) and when you do a memory mutex
scan there is a DLL file that creates an EXE at runtime and then executes
this. To allow this to work I need to give this DLL execution rights and
click on ''allowed to install software'' otherwise every time it attempts to
load the dcsmutex.exe Abtrusion will prevent it since it sees this as trying
to install software.

In the advanced settings of Abtrusion Protector the user can enable self
protection, this protects Abtrusions Registry settings, installation folder
and prevents programs from ''killing'' it. Also you can add trusted folders.
You cannot do this with System Safety Monitor. You can also add Boot
protection for Abtrusion Protector.

One thing to remember is that System Safety Monitor is still in its Beta
stages and Abtrusion is not. Hopefully you can see why I recommend the use
of both since they compliment each other. Either used on their own would
provide extra security and for this I would recommend System Safety Monitor.
(I would not be without both though)

 

[BillR]

----- Original Message -----
From: "BillR" <[email protected]>
Newsgroups: alt.comp.freeware
Sent: Friday, October 03, 2003 4:16 AM
Subject: Re: Abtrusion Protector -

Huge snip of comparison of how Protector and System Safety Monitor
(SSM) compare

And huge thanks. Very informative. If we had a list on PL of
responsive posts, I'd nominate Ogre's.

BillR