Get Firefox!

Sunday, November 27, 2005

Hi Guys,

I'm very sick so I didn't write the PrevX review although I did test it ...going to do it in the up coming days ... and then I can start the massive security check of all reviewed programs and other .

As I wrote in some forums... the showdown will also check to see if any of the reviewed programs can replace our AV, by preventing the propagation of known and unknown in our computer without using Blacklist methodology.

Cheers

Painkiller

Sunday, November 20, 2005

Safe’n’Sec Personal Version 1.1 Review

General:

Just like AntiHook Safe’n’Sec promises to be the next generation security software, mainly come to add some horsepower to our weak AV, however can even (carefully) installed without any other Security software (maybe only personal firewall), the main idea behind Safe’n’Sec is very similar to AntiHook and is that anything and everything can damage your OS, so the software basically catch every move in the system, from DLL loading, Global Hooking and even Driver installation.
Star Force tried to be smarter and add a nice feature that ingrate the Safe’n’Sec with a Anti Virus (OEM), indeed a great and very needed supplement.

Lets hope that Safe’n’Sec doesn’t have the Management issues like AntiHook and will not becomes a hassle to work with the computer that every time an annoying alert (popup or some kind of message) comes and ask you a question regarding some operation in the system, many times you don’t even understand what is going on.Installation
Nothing to it, a simple windows installation.

General operation

Just like the case of AntiHook This is the complex part, as seen before many HIDP like AntiHook and others Safe’n’Sec has the same problem.
Management and day to day work, I did hope that Safe’n’Sec will be able to overcome this issue, it does seems that they did a better job then AntiHook team.

There is no doubt that Star force dev team did try to change this status, first a better looking UI, with a nice summary regarding to what is protected and not, however it does seems that in my two testing computers the UI has crushed many times living you in a idiotic stage, you cant administer the product (you lose control over you computer)

Regarding the Management in general , Star force team again did a nice work, the look and feel give you a more comforting feeling (not like in AntiHook and BufferZone), the management is very easy you get much information about the Process running in what stage, like Trusted, partially trusted or restricted.

Alerts are more intuitive, however yet again they give much info that only computer savvy guys will understand, one thing I didn’t understand it’s what happen after I choose a way of action, like when I get an alert and I choose to allow the process to do something, I didn’t find a place where I can change this rule, meaning no Rule editor or am I mistaken, cant I change things I did … it’s like shooting your self in the kneecap.
Star force did had an ability to control the Activity control module, by default it is Strict and that cool m does give you a good security (at least that what I saw) , however when moving it to total, the computer get Crazy and you got like 100 alerts from any process that the computer can think about and then you cant go back to the management console till you answer all alerts, you cant change it back… it’s very annoying .

I can give a thumbs up for the idea to integrate it with a AV scanner, so you can scan from the product anything … it’s a great idea but nevertheless you still need to buy the Safe’n’Sec package with the AV

Security tests

I did many security tests, mostly using well known Trojan and Security test products, thus are the resultsNote: Pass = Safe’n’Sec blocked it, Fail = Safe’n’Sec didn’t was able to stop or catch it.

trojdemo - pass

procx = pass

leaktest1.2 = pass

Advance process termination = fail - kill 2,5,6,7

PcAudit = pass

PcAudit 2 = Fail

Ghost = pass

Copycat = Fail

AWFT = pass

tooleaky.exe = pass

regtest (ghost) = fail

zapass.exe = fail

WMI_Start_Notepad.vbs = Fail

Overall

I think that first thing Star Force should deal with the Security issues they have in the product, after all it’s a security product. The Safe’n’Sec suite is better then AntiHook regarding to UI and also much BufferZone, in the security section it’s a different story , first if you want total control over all aspects in the product and security in your PC go AntiHook, if you want a mix of it Go BufferZone, if you are an computer noob, go Safe’n’Sec

Grade = 7/10

Monday, November 14, 2005

BufferZone Home 1.6 - 08 Review

General

There is a Belief that only when using two computers you will be 100% protected, one computer for the Internet and the other for the confidential files like bills and other.
You can see this approach in many government and military organization, but for the Home user it's nor economical or strait forward to maintain two separate computers for Home usage.
To this market plunged Trustware with there BufferZone product, not only Trustware, you can see some new competitor for there product, like GreenBorder or SecureOL.

The technological solution is name Virtualization, basically having a computer in a computer, like PC in a PC.

BufferZone creates a virtual zone in the PC, this Zone is separated from the real OS, however it's very flexible and transparent to the user, in the virtual zone named BufferZone you can do whatever you want, even run viruses and they will not effect the real OS , where all you vital info is located.
More in the General Operation section.

Installation

The truth nothing to it , just next and some more next and you can restart it and start working.

General operation

Again like many products the general operation is the section where you get most of the problems.

In the general speaking the product is transparent, you start to work and can do whatever you want, Trustware did some cleaver thing, they and we know that programs like IE and Messengers or even SkyPe pusses a security Hole in the computer, so in the default many known programs (you can see the list in the BufferZone UI ) are running in the BufferZone e environment , meaning running in the Virtual environment separated from the real OS, running IE in the BufferZone has great benefits, like going to any site and even installing Spyware in malicious way , the every program running in the BZ (BufferZone) don’t get real File system nor Registry, so by installing any Spyware, Trojan and running Viruses in the BufferZone you computer doesn't get infected nor Trojan can take information from your Computer and send it to the outside world.
Programs running in the BufferZone are given Network acess only if ther are part of the List of known programs, this list can be edited by the user using the Local UI of BufferZone, by doing that a Trojan that is not from the Lost cant get network access (cool).

Anything running in the BZ has certain restrictions place on it :-Can't modify trusted files (eg virus behavior, or Trojan injection etc)-Can't create hooks (keyloggers)-Can't autostart (virtual registry is not read at startup)-Can't install drivers-Can't copy&paste from trusted files

Some other cool features you got is the forbidden option, by righ clicking any file you get a nice shell of BufferZone allowing to move files from the BufferZone to the Real OS and the opposite, also you can Forbid from a file to run, that’s a great feature adding the ability to control the BufferZone configuration by password, you can forbid programs running (good parental protection) also many time you have Trojan that you can delete so you can just right-click them and choose forbidden so files will not run anymore.

The greatest thing about BufferZone, it's that you don’t see any popup or nag screen, everything is strait forward and that’s could be also the product Achilles' heel , cause not getting any alerts doesn’t say it is a good thing .. you cant never know that you are really protected without getting any feedback from the product.

Also the UI client is not so clear, you don’t understand what is protected and what is not, also when moving files to the BufferZone environment they are moved to a location and you get a Virtual File, that kinda annoying you never know what file you are dealing with.

Security tests

TrojDemo.exe = pass

tooleaky.exe = Pass

ProcX.exe = Pass, the ProcX.exe couldn’t kill the BufferZone process

firehole.exe = Pass

pcaudit.exe = pass

pcaudit2.exe = pass

Modified Taskman = pass. Couldn’t kill the BufferZone process

Ghost.exe = pass

Advanced Process termination = pass

Copycat = pass

AWFT = pass

Overall

Great Concept, Nice product, but needs more work.
Also in the contrary to the AntiHook, Trustware BufferZone is pin point the (Stupid) Home user that doesn't know and don’t want to know only to be protected , savvy users will probably stick with more Alert wise application , but hi you have more Home (stupid ) users than computer Savvy users .. it's a good deal for Trustware

Grade = 8/10

Wednesday, November 09, 2005

Hi you all,

Didn't had time to start the test for BufferZone Home edition, I will probably do it tomorrow in order to advance to other reviews.

I was thinking that after reviewing the HIPS system I will review some Personal Firewall in order to find the best, there where some changes in Personal Firewall market, like new version from Agnitum, the buying of Sygate company what will lead probably to stop the developing of Sygate personal firewall (free and Pro) and same new comers to the Personal firewall market.

So what do you think guys???


Cheers

Painkiller

Monday, November 07, 2005

AntiHook 2.5 Review

General:

AntiHook is what we call a next generation security software, mainly come to add some horsepower to our weak AV, however can even (carefully) installed without any other Security software (maybe only personal firewall), the main idea behind AntiHook is that anything and everything can damage your OS, so the software basically catch every move in the system, from DLL loading, Global Hooking and even Driver installation, many things for such a small software about 1.5Mb.
Many people like to refer to this kind of software in the name HIDP, cause it can prevent intrusion attempt locally from Download files and anything that tries to resident in the computer.
Many times I have encountered such kind of programs and mostly they have the same problem, Management , is becomes a hassle to work with the computer that every time an annoying alert (popup or some kind of message) comes and ask you a question regarding some operation in the system, many times you don’t even understand what is going on.

Lets see how does AntiHook is dealing with this issue along with keeping the security level is high has possible.

Installation

The installation process is very easy, it’s a basic installation wizard and nothing to it .
One thing I didn’t understand, why do we have to install the Rule Editor separately, does InfoProcess company is so convinced that there product doesn’t need any Rule editing and it’s only for expert users … it’s a question to the company

General operation

This is the complex part, as seen before many HIDP like AntiHook and others has the same problem. Management and day to day work, I did hope that AntiHook will be able to overcome this issue, but in vain.
What AntiHook did it’s very simple, after the install stage the program goes into Fingerprinting mode, basically learns everything you do, like all of you I have bad experience with “Learning” system, even Gateways, the issue is that you can never learn everything, that what happened to me also with AntiHook, my system was on Fingerprinting mode for 3 hours and I did worked in the all stage of Fingerprinting mode. I was content and thought to myself “great all I have to do is change the mode to normal mode in order to get security” how boy how was I mistaken, not only I got Security I also got and annoying Alert from Antihook about things happening in my computer , wait I only moved my mouse and poof a Alert from Anithook that “something tried to do something” wait!!! I didn’t move the mouse in the Fingerprinting stage …
Damn what with the huge alerts that you can barley understand the error message nor understand what action to take, and don’t forget that I’m kinda of technical savvy, what will happen with the Home user that will see this messages …the amazing thing that I got many messages about things that I already did in the Fingerprinting stage and it also gives you the option to turn on the Fingerprinting mode for like installation … so what happens if in the installation has a DLL Injection Trojan ???
However lets not forgot that we have a Rule editor, part of the Win95 look and feel the Rule editor does let you control all aspects of the Computer and show all rules that have learned or you have entered your self.

Security tests

I did many security tests, mostly using well known Trojan and Security test products, thus are the results
Note: Pass = Antihook blocked it, Fail = Antihook didn’t was able to stop or catch it.

TrojDemo.exe (Trustware) = Fail , the TrojDemo was able to send the info without AntiHook preventing it from DLL injecting to the User Calc

tooleaky.exe = Pass

ProcX.exe = Pass, the ProcX.exe couldn’t kill the AntiHook process

firehole.exe = Pass

pcaudit.exe = pass

pcaudit2.exe = pass

Modified Taskman = pass. Couldn’t kill the AntiHook process

Ghost.exe = pass

Advanced Process termination = Fail, Kill 2 and 6 killed the AntiHook process

Overall
I think that AntiHook 2.5 it’s a nice supplement for AV in the security suite that we all are looking for, the issue is that it’s only can be used by Computer Savvy or Security expert and that’s shame cause I really think that Home user can benefit from the product and InfoProcess can benefit from selling to more that only Computer Geeks

Grade = 7/10

Sunday, November 06, 2005

Good morning all,

Just want to respond to the comments;

First I was thinking to add ProcessGuard from DiamondCS to the review, however ProcessGuard it's well known security software and was reviewed many times before, I will probably review it in the Benchmark stage against all other software.

Regarding to the second comment, you can rest assure that all i already checked the security software in the list and posting in CastleCops (one of the best Security Forums on the net) was after checking the Software discussed there.

So I will probably star the Reviews today ... so stay Tune ....

Painkiller

Btw: Have a great day.

Friday, November 04, 2005

Just finish the list of Security software that I'm going to Review in the up coming weeks, I decided to first check a bunch of Next Generation security product , many like to refer to them as HIDP or Hybrid AV + AT, one of the products will also introduce a new way of thinking "Security through virtualization" a new concept and sound promising, I will also do a Final show down between all checked products in order to find the best "Painkiller Blog Choose" Award.

So without further due please welcome the list.

1. AntiHook 2.5
2. BufferZone Home version
3. Safe'n'Sec Personal
4. Prevx Home

I hope to start the test on Sunday ;)

Something different I check the Norwich University Master in Information Security degree and it seems to be very interesting option to people who work in the IT industry and doesn't need a MBA

so have a great day and Cheers

Painkiller

Thursday, November 03, 2005

woow first post ... so what can i tell you all , first i will tell you little about my self, I'm a Information Security expert for about 10 years now, I worked in a few big security companies, however the majority of my work I did in 3 small startups that develop Security software.
I my self have a B.sc from Mercy College and new i'm starting to study for an MBA from Touro university , I also held CISSP and CISM certification.

My blog will be only about Information security and Security software mainly for the Home users, and ways to keep your Home computer Secure, each week I will Review a new Security software, the review will be very technical and will give also scoring in 6 different categories:
Overall Feeling, Customer Support, Value for the money, Product's ease of use, Ease of installation ,Product website, Reliability (Scoring will be on Scoring will be on scale of 1 - 10) , in addition the Review will also check the Secuirty of the Software using 15 Security tests.

Part of that I will post many info about computer Security issue ...

so stand tune .... but now I'm going to see some sport and then Sleep .. I'm dead tired

Cheers

Painkiller