LUSHER
-
Posts
89 -
Joined
-
Last visited
Posts posted by LUSHER
-
-
People should read about it before blindly downloading and installing it
Amazing!, there are people who haven't heard of Online Armor?? Talk about the ignorance...
-
This time its spyware terminator forum that is hacked (though not as seriously).
http://forum.spywareterminator.com/Default...osts&t=3036
-
a well-known security company got hacked HAHAHA
i'd like to shake hands with that hacker
although he made it so that the innocent users browsing that page get exploited, thats not very cool
Piriform might be next....
-
Ouch... you would think a security firm would have their stuff secured.
Yes , absolutely shocking.
-
BTW guys visiting AVASt! forum in the last 24-48 hours should be careful, apprently the forum was hacked and it was trying to infect people via a iframe and security exploit (should be okay if you have patched?)...
http://www.wilderssecurity.com/showthread.php?t=183634
Do a full scan just in case.
-
If the 2.0.2 access the net when the AnalyzeThis button is pressed, shouldn't the firewall give probably 2 alerts, one is HJT hooking to the browser and the other one HJT connecting to the net? In that way we may have chances to see if the article is just made by a wacko.
Definitely wacko. I spoke to several big names and they all agreed .
-
If something isn't active or operating, how does it protect you?
Surely something what be watching for it to know when to do something? That sounds really active to me? Like if you are using host files, something must be watching for the system to make domain lookups and then block them if the domain is set to loopback....
And trust me, I know how Spywareblaster and all the other things you mention work (probably better than most of you on this thread), but this whole/active passive thing puzzles me.
Seems to me what you are referring to is using built in windows features like setting activex killbits (spywareblaster), to do this "passive protection". It is built in, so you don't really need spywareblaster running (hence the myth about such protection using zero resources). In fact you don't realy need spywareblaster, you could edit the registry directly really...
Same for hosts files, it is just built into windows.
But this theory fails, when you start talking about adblock plus...Since that definitely isn't part of windows by default. Hack it isn't even part of firefox typically... Why do people think adblock plus is "passive" protection. Because it shares the same memory space as firefox, so people think this protection is "free"...??
I mean why isn't third party firewalls considered passive protection (or is it?). Because people see it appears as a seperate process in the task monitor?
Never mind, I think too much...
-
Thanks, DennisD, this is really helpful. Just curious, when it's all said and done, does the "host file" function somewhat similarly to "SpywareBlaster?"
Of course it's different, one blacklists domains via dns lookups, another stops activex controls.
-
What's the definition of "passive protection" (as opposed to active) again?
From the examples you gave it seems to mean blacklists.. But then antivirus are really just very complicated blacklists really...
Or does passive protection mean "low resources consumption protection". But that does seem to be the case... otherwise why not simply say that?
-
http://www.runscanner.net/download.aspx
Changelog 1.0.3
Added trusted zones HKLM
Added HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
Added HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
Added HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Added HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Added 105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
Fixed minor bug with incorrect filter
Fixed minor sorting bug in text log file
Changed behaviour with 068 -> download lsp-fix
Changed ctrl+c (copy) formatting
Google lookup now also searches for GUID, registry entry if no exename available.
-
Changelog 1.0.2
Fixed bug with "problem with shortcut , searching for file gui"
Fixed false positive warning with AVG antivirus
(Thanks to Lusher for reporting the bug)
Hmm the author "fixed" it so it is no longer detected by AVG. Plus fixing another bug I found
-
mine AVG detects it also But im not afraid
AIRPORT101
That's your choice. I'm just presenting facts.
-
well done
it is very easy to use and it is free
the best bit its not a big download
AIRPORT101
It's a bit slow compared to AutoRuns though. And AVG detects RunScanner as a trojan.
-
1.0.1 release out.
This fixes a fairly serious bug that makes it miss appinitdll entries.
-
That's not 100% reliable of course.
-
"Some" is not that much as "many"
Whatever. some/many is still wrong, when it's not even ONE month.
It's more like 1-2 weeks.
Wait, I kinda know your name... yep your the one.You shouldn't have included McRappy. You know the point.
Yeah whatever dude. You don't like me, i don't like you either.
-
SafeSpace was posted in Wilders some months ago. Many of them are kinda hesitant in using it. It is also like GeSWall
"Many months ago??" That's a lie! It was first posted on Wilder's on 9th Aug, how is that "some months" ago??
And I question the whole "many of them are kinda heistant", besides many of them are just sheep.
-
SafeSpace - Sandbox. Similar in many respects to Sandboxie . Free for personal use. beta
Comodo Firewall 3.0 beta - Firewall. This beta version adds a lot of HIPS features
McAfee? VirusScan Plus – Special edition from AOL - Replacement for AOL ActiveShield. Includes firewall.
EQsecure 3.4 (direct link) - Fully featured HIPS. Offers full Application, File and Registry control.
Neoava Guard beta 3 - Another totally free HIPS comparable with EQSecure , SSM Pro etc.
Comodo Memory Guardian (beta) - Protection from buffer overflows. Will be future part of Comodo security suite. See here for more information.
RGguard - SiteAdvisor competitor, add a toolbar that advises you about dangerous executables on websites.
RunScanner - Promising auto-starts listing tool. Version 1.0 just released.
MANDIANT Red Curtain - Interesting tool that tries to determine heuristically, how dangerous a file is based "on entropy (in other words, randomness), indications of packing, compiler and packing signatures, the presence of digital signatures, and other characteristics to generate a threat 'score'". For advanced users.
ThreatFire (beta) - Renamed CyberHawk. This security HIPS program detects malware based on behavior. This new beta, includes fully configurable advanced custom rules (formerly only for paid version) for the free version.
BE CAREFUL, MOST OF THE ENTRIES IN THIS THREAD ARE BETA. USE AT YOUR OWN RISK!
-
New version is quite nice:
Here is an example of a log (mine) if anyone wants to see a clean one:
http://www.runscanner.net/report.aspx?repo...51-80b813ff71eb
Again I would like to stress that uploading your report online is strictly OPTIONAL. It works fine without doing this, you can also save a txt file (.run) locally.
-
RunScanner 1.0 is finally out! Final release!
Changelog 1.0 (final release)
Rewrite of the "beginner - wizard" screen
Added version check in beginner mode
Added list of specialist helper forums
Removed "no zone defined" entries from trusted zones
Whitelisted microsoft trusted zones in textlog:
Whitelisted 063 default items
Whitelisted 036 default items
Whitelisted "::1 localhost" in vista hosts file
Whitelisted default 180 entries in log file
Whitelisted default 106 entries in log file
Fixed bug with incorrect "file not found"
Several other small bug fixes
-
lusher: "Let me know your thoughts/remarks"
Nice application. Very complete.
The only reservation I have about it is that it wants store and show information in the online database. Of course, for all I know that may be a good thing. . .maybe I'm just paranoid.
"The outbound traffic is to clr.microsoft.com and to verisign to check the authenticode signatures of the files. (there is a warning on the top of the first screen)
A "Quick scan" is expert mode doesn't do this check."
This is harmless, don't believe me, use a packet sniffer and you can see exactly what is being "sent".
This is actually one of the best features of runscanner actually, so you can filter out obviously safe entries.
And no it doesn't store information on the online database, not unless you select online malware analysis.
Even then any and all personal indentifying marks will be stripped and it will store it for a maximum of 30 days , and the url will be a unique url that you can give to some expert to look (no one else will know the url). It's exactly the same as posting on a forum , except the forum will keep your postings of logs forever!
-
Build 0.9.6.1 uploaded (minor release)
Changed : restricted sites/zones are now ignored
Redesigned the beginner screen
Fixed performance issues with uploading
As to the question able whether I'm the developer, the answer is no. I'm just one of the 'agents' (er shrills) of RunScanner. Sorry for the confusion, I was just using the template the author developed. As penance for not doing the quotes thing I will not post here in the future.
-
Runscanner 0.9.6.0 released (almost final version)
New feature : "Beginner mode" is targetted at "novice" forum users.
Let me know your thoughts/remarks
I'm looking for some people to test this on "real" infected machines.
Changelog 0.9.6.0
Fixed bug with links to folders in global startup.
Fixed description bug with internet explorer buttons (added buttontext)
Fixed bug with incorrect host file path
Fixed bug with importing of existing .run file (history)
Fixed bug 063 fix not working
Fixed bug difference string / expandstring in registry
Signed executable with authenticode certificate
Changed icons for signatures (green, blue)
Changed textlog for tasks items (added description)
Added : Beginner, expert mode (wizard)
Added : Backup & restore function
Added : Scheduled jobs now show the application started by the job
Added : free filter/search (you can now search on part of words ex: "f-secure" show all items with the phrase "f-secure")
You can search in path,executable,company,md5
Added : filesize to .run file
Added : extra info window (easy for debugging and to copy/paste)
Added : basic tutorial to the site
Added : extra backup info window in the history tab
Added extra vista UAC support
Added vista support : now program asks to run as administrator by default
Added item : 001 : hosts file location
Added item : 001 : hosts file entries <> 127.0.0.1 (count)
Added item : 047 IE trusted zones
Added item : 048 IE ESC trusted zones
Added item : 008 Autorun registry entries .default user
Added item : 009 Autorun registry entries System user
__________________
-
Take a look at the following list of free anti-rootkits
It's divided into Anti-rookits by Antivirus Companies , Relatively well known antirootkits and Others
It's somewhat dangerous to use anti-rootkits from unknown sources, hence the categories above will help you decide. Rootkits from AV companies should not be malicious, and well known anti-rootkits are probably not malicious as well given the amount of scrunity they have being subjected to.
That said even if the anti-rootkit is not malicious on purpose it is still possible to damage your computer because of either user error, or incompatiabilities. Users running Kaspersky based engines should be particularly careful.
Online Armour Free
in Software
Posted
Yes, a nice feature. IIRC some other HIPS are starting to include that, on top of of the old "learning mode" that Diamond CS processguard had. Another feature I like is a "install mode" to allow more comfortable installation of software packages.
That's a windows specific function not a firewall specific function? Just give the normal permissions and it will work.
One major problem though I could be wrong but while you can set rules using specific ports, you can't set filters based on ip? Can someone confirm?
Some confusion here. Real AV scanning (kaspesky engine) is only available in paid OA+ . OA does have a small blacklist - which should not be confused for av signatures , and can recognize certain processes and files as malicious, but you should not rely on that for protection. Use another AV instead.