LUSHER

Spyware terminator's forum was hacked as well... plus blogs belonging to "Security experts" before that...

Why the heck is this thread derailed?? Back to talking about RunScanner okay? What do you like about it? what do you dislike about it? What do you want to see from it in the future? Me? I think it's time for consolidation, for stability and bug fixing... I can always think of more features but that shouldn't be added without further thought.

More choices never hurt anyone. Well okay it hurts those who are already confused on what to get, even when limited to just freeware ha ha ha.. I guess it's not a good time to say that in the next 6 months, more such useful and powerful freeware will be going out....

I guess the sky is falling ...

On demand antivirus Specific malware removal tools (more specific) Online Scanners Taken from here

Sounds like BS to me. If the password is checked and validated on your computer, why the need for TLS? Also even if everything is local (e.g javascript) , you can imagine scenarios with XSS attacks etc. Granted all this is very unlikely, but that's not my point away. The reason why i said i did "paranoid or not....", has nothing to do with whether it can be exploited or not. Rather I was trying to imply that doing so doesn't give you any meaningful information really. You already know how strong or weak (roughly) your password is, or really you are wasting your time here...

yes, I've heard. It's new. No doubt it's questionable too. Personally i would just stick with virustotal if it's variety of av engines you want and it's reasonable quick. That's why runscanner loads suspect malware to virustotal (with permission) and not some other site...

Paranoid or not, it's silly to enter your real passwords into such "checkers" whether TLS or not.

RunScanner is not a online (or even local) malware scanner!!!!

Someone posted this on the castlecops wiki a few days ago in the section on AV tests. I let it stay, but I'm dubious about the methodology really.

Just like Hijackthis too.... One wonders why RunScanner is still not as popular as the outdated Hijackthis though.

Not bad. Tony. But I know of another 2... http://www.viruschief.com/index.html http://scanner.virus.org/ So in total for multi-engine virus scanner online there are actually 5 of them to my knowledge (including jotti). http://wiki.castlecops.com/Online_antiviru...le_engine_scans

To pass leak tests/ outbound filtering definitely. The leak tests already runs on your system, if it is running completely unrestricted it has dozens of way to beat your firewall. HIPS is just a complicated way of restricting what it can do to tunnel out./..

RunScanner is a completely free windows system utility which scans your system for all configured running programs. You can use runscanner to detect autostart programs, spyware, adware, homepage hijackers, unverified drivers and other problems. 1) Very comprehensive autostart list * Freeware. * Scanning of 80+ hijack locations, hosts file editor, process killer, online malware/whitelist analysis. * One executable, no installation required. * Backup / restore of deleted items. Malware will find it harder than ever to hide. 2) For beginner and expert users ** Beginner mode ** This is for novice users that want to do a scan and upload their results to a malware specialist forum. You cannot make any changes in this mode! ** Classic mode ** Classic scan mode with easy click and fix all. This mode only shows non whitelist items and it's primary use is to remove malware. ** Expert mode ** This is for advanced users, all startup tweaks, scanning, reporting, filtering and delete features are available. 3) Powerful file inspection RunScanner makes it easier to determine which entries are likely to be malicious. * Authenticode signature analysis - Check all the certificates of your started files and verify if you trust the publisher. * Virustotal integration - Upload suspect files to Virustotal with a click and have them checked by multiple anti-virus engines. * FileAdvisor integration - Compare the MD5 hash of your files with the online Fileadvisor database, just with one click.Currently 4.028.732.854 hashes available. * Castlecops integration. - Compare the MD5 hash of your files with the online Castlecops database, just with one clicj. Currently 31.743.604 hashes available. *Runscanner online database integration. (+ online malware analysis) Compare the MD5 hash of your files with the online Runscanner database. Currently 160.000 (startup file) hashes available. * Powerful filtering. - Show unsigned files, classic mode shows only none-whitelisted (trusted publishers and known clean entries) files. * Google search integration. - Search information for suspicious files on Google. 4) Log analysis made easy *Plain text file logging with only the items that need your attention. * Saving and importing of text files to .run files (all information available) - A user with problems can save the .run file, an expert can mark the items that need fixing and send the .run file back to the user. http://www.runscanner.net/why-runscanner.aspx 5) Malware removal abilities and misc *Powerful process killer. *Kill multiple processes at once. *Kill and rename. *Kill and delete. *Delete at next reboot. *Analysis of loaded modules. *Regedit jump. *Explorer jump.

Let me explain something to you. The only way to pass most leak tests is to employ HIPS like functions. This mean watches various system functions, monitoring inter-process communications, protecting process memory space, handling OLE etc. All major firewalls that aim to beat leak tests have already being using these (HIPS) techniques for ages. The jump from comodo firewall 2 to 3 isn't one from 0 hips to 100% hips as you seem to think, but rather a formal recognition of what already exists (plus even more system monitoring). So in the past when they did the same stuff, except they didn't call it defense+ Another difference between full blown HIPS and hips like functions employed by firewalls (that do not claim hips), is that the later only monitors a smaller subset of processes that directly does network communication while the former does all processes. But the same basic thing is monitored. If a firewall stuck only to basic firewall functions it would pretty much fail all leak tests , since it would be filtering only network connections and would be blind to higher level transactions. BTW pcflank test is considered a fairly primative test these days. http://www.matousec.com/projects/windows-p...sts-results.php shows that a fairly large number of firewalls block it.

It used to be good, it has being going downhill steadily since. The version 3 is the most bloatest piece of nonsense I have seen. And you are talking to a guy who has used pretty much every most paranoid/control freak security program HIPS. I wrote all of the HIPS related information on castlecops wiki and have tested and used pretty much every HIPS out there for home use and even i find Comodo 3's Defense+ module unbearable. Comodo 3 outdoes almost all of them (with maybe 1 or 2 exceptions) in terms of generating prompts and alerts. There is no way in hell, the average guy is going to use this.

About time. People are really slow to appreciate good stuff. By the time they realize it, it already sucks. e.g AVG

20,000 USD per month seems to be a lot of incentive even if you live in first world countries, unless you are very wealthy...

Lusher notes that defraging thumbdrives might not be the brightest idea.

Anything is possible i guess, but some things are more likely than others.

Lusher notes that when Lusher wrote that vm's work fine, lusher obviously meant that everything was working, including Lusher's internet connection. Lusher wonders if humpty might have blocked something by mistake?

Lusher thinks you might have a problem with your setup configuration as Lusher as never had problems with running DSA in virtual machines. Lusher used VMware though.

I will not update this thread anymore, because of the rude response (not to mention false accusation) i got.

Lusher also has a small blog (at a undisclosed site) with mini-reviews (actually more like screenshots plus intros of features) of various new freeware security, like Webroot desktop, online armor free.... As Lusher pointed out, this firewall includes the HIPS DSA. DSA has being tested at the following http://membres.lycos.fr/nicmtests/Dynamic-...s/DSA_index.htm http://membres.lycos.fr/nicmtests/Unhooker...oking_tests.htm http://www.pcmag.com/article2/0,1759,2073057,00.asp Of course, Lusher is not always the most reliable person to listen to.....

Oh I forgot I'm talking to a noob , who needs a big fat "disable/allow file sharing" instead of manually setting up the rules himself. My bad.