New free HIPS-IDS-Behavior blocker

[Aaron]

Breakthrough Features for Ultimate Malware and Intrusion Defense!

Features --
Dynamic Security Agent is a signature-less, anti-malware and desktop
defense application comprised of several distinct technology layers
designed to block or mitigate the damage caused by intrusion, virus and
other malware attacks. DSA features the following layers of defense
technology:

- Application Monitor/Manager
- Registry Monitor
- Process Monitor/Manager
- Email Anomaly Analyzer/Manager
- System Anomaly Analyzer


DSA also detects malware and intrusions based on behaviors characteristic
of unauthorized system use. Some of these include:

- Attempts to access a protected registry area
- Attempts to access a protected object
- Attempts to Initiate a foreign process
- Attempts to control Windows service
- Attempts to create a DNS request
- Attempts to initiate outgoing TCP traffic

Dynamic Security Agent (DSA) -- the proactive, multi-layered defense
solution for Windows desktops and servers. Get DSA today -- it's FREE for
personal and non-commercial use!

Lots more info on http://www.privacyware.com/dynamic_security_agent2.html

My impressions , most of the features are fairly standard for security
software of this class (antihook/Processguard etc).

The system anomaly analayzer is a new feature at least in my experience,
it monitors the typical cpu usage, thread use of each process over a
training period and warns you when it goes beyond this baseline
indicating something is wrong.

I suppose your whole cpu usage profile will be very different if you get
infected, but I haven't tried it for a long enough training period
(minium 7 days) to see if it makes a difference , I'll try getting
infected to see if it makes a difference after 7 days.

The email monitor does pretty much the same thing but this time it tracks
typical email loads. I suppose if your system gets infected and starting
spamming emails like crazy, it will alert you. Same comment applies, need
to finish 7 days training.

On top of that as I said it has a fairly standard set of features, cover
most common autostart registry keys (but not as complete as some other
products that I can't mention because it is not freeware).

Altought it warns you of outbound connections, it doesn't not seem to
protect from inbound connections so if you are not protected by a router
or hardware firewall, you still need a personal firewall.

The bad thing is you can't selective turn off tracking of certain
features, so if you find "Attempts to initiate outgoing TCP traffic
" useless because you have something else that covers it, you can;t turn
it off globally.


'Attempts to access a protected object' - It has a pretty broad
definition of protected object, so be prepared for a lot of prompts. On
the plus side, if your system stays failing constant, it makes for a very
tight ship after the training period.


It's also pretty stable on my computer, and doesn't slow my system one
bit compared to some other stuff I have being trying (no names because
not freeware).


Inviato da X-Privat.Org - Registrazione gratuita http://www.x-privat.org/join.php

 

[Dave Turner]

lame.
like you said it does nothing that programs like ProcessGuard have been
doing for years. This is just a wannabe.

 

[gsalvato]

Dave & Aaron -

Thanks for your notes and comments. Dave - you are correct that
ProcessGuard does also include some of the features that DSA has. We
think PG is a good product and given Privacyware's focus on behavioral
approaches to detecting threats, we thought it would be interesting to
enhance what have become conventional capabilities with our specialty,
to improve end-users ability to defend against threats that do not map
necessarily to known patterns. Aside from detecting and blocking
potentially malicious activity, DSA also educates end-users about the
types of activity occurring on their systems. Our perspective is that
this free tool could be of great value to any PC user.

BTW, Dynamic Security Agent will be an integrated component within
Privatefirewall 5.0, so the essential endpoint/personal firewall
features (inbound/outbound filtering), while available today in PF 4,
will be integrated and available in the combined package this summer.
Virus and spyware scanning capabilities are also available via
Privacyware PC Security Suite.

We really appreciate your interest and willingness to post your
comments. We pay attention and are committed to making DSA as valuable
a threat defense tool as possible. So, please keep the positive
comments and the criticism coming!

Greg Salvato
Privacyware

 

[Aaron]

lame.
like you said it does nothing that programs like ProcessGuard have been
doing for years. This is just a wannabe.

A freeware fully featured 'wannable'.

Proccessguard is nice, but it's only liteware or even crippleware (in my
opinion).

And as mentioned there are somethings DSA does PG doesn't and viceversa.

Regards



Inviato da X-Privat.Org - Registrazione gratuita http://www.x-privat.org/join.php

 

[filo387]

I was curious about inbound filter as well and performed some
firewall/inbound/port scanning tests (pcflank, grc.com, etc), all of
which DSA passed! (although without alerts). This is a valuable tool
and is suitable imho for even novice users as it provides good (and not
that common) protection and yet is so simplistic.

My guess is that this program does not include certain alerts or log
files for inbound activity, but the protection is definitely there.
Sounds like from Greg's post that the priced products may have more
information/configuration capability compared to DSA.

 

[Aaron]

Hmm it has come to my attention that components of DSA apparently hide
themselves much like rootkits from the system, according to various rootkit
scanners.

Care to confirm this is true?

The only other legimate security software I'm aware that does this is
SpyCatcher http://www.tenebril.com/kb/showitem.php?faq_id=390

Aaron


Inviato da X-Privat.Org - Registrazione gratuita http://www.x-privat.org/join.php