Get Firefox!

Tuesday, August 05, 2008

Almost forgot, still waiting for the latest review from Av Comparatives, they should came out with the August report, it should be very interesting cause some known AV didn't do so good last time http://www.av-comparatives.org/

Stay tuned (again) as soon as the report comes out i will analyze it and write a Human explanation for all people out there .

Cheers

Hi Guys,

As i promised i will make a big big ok Huge comparison between HIDS and some Hybrid Security Suites .
The test will include individual tests and face 2 face dual between the products.

Stay Tuned

Cheers :-)

Friday, May 16, 2008

Hello Again.

It's been a long time (too long) since I posted anything, however I back strong then ever, so again a short review what's this blog is all about, All security issues, software , exploits and mainly security software review, I will bring any security news I get and each week I will review a new\updated security software mainly End User security software.
The software will be checked for numerous issues from Security abilities and Ease of use , I will also check the software ability to stand known and unknown security attack's ranging from Trojan to Rootkits etc.

So looking back to be back J

First review will be ZoneAlarm Force field, I'm a big fan of Checkpoint and after all Checkpoints is the proud dad of ZoneAlazrm so we will start there.

Upcoming Reviews

BoClean from Comodo

Gswall

Please be free to ask review and I will check any Security Software you want to know how well is it.

Cheers Mates

Let the games Begin….

Friday, December 23, 2005

Hi Guys,

I'mmmmmmm Back , sorry i didn't write anything cause i started a new work as the Information Security department manager at Yes DBS in Israel and i gotta tell you guys i got things to do up to my neck.

I hope to write the Prevx Pro review this week and then have the Showdown between all software.

btw: you can check out Download.com it's seems that Trustware are giving it a go uploading some free versions of there product for specific use

So cheers

Painkiller

Sunday, November 27, 2005

Hi Guys,

I'm very sick so I didn't write the PrevX review although I did test it ...going to do it in the up coming days ... and then I can start the massive security check of all reviewed programs and other .

As I wrote in some forums... the showdown will also check to see if any of the reviewed programs can replace our AV, by preventing the propagation of known and unknown in our computer without using Blacklist methodology.

Cheers

Painkiller

Sunday, November 20, 2005

Safe’n’Sec Personal Version 1.1 Review

General:

Just like AntiHook Safe’n’Sec promises to be the next generation security software, mainly come to add some horsepower to our weak AV, however can even (carefully) installed without any other Security software (maybe only personal firewall), the main idea behind Safe’n’Sec is very similar to AntiHook and is that anything and everything can damage your OS, so the software basically catch every move in the system, from DLL loading, Global Hooking and even Driver installation.
Star Force tried to be smarter and add a nice feature that ingrate the Safe’n’Sec with a Anti Virus (OEM), indeed a great and very needed supplement.

Lets hope that Safe’n’Sec doesn’t have the Management issues like AntiHook and will not becomes a hassle to work with the computer that every time an annoying alert (popup or some kind of message) comes and ask you a question regarding some operation in the system, many times you don’t even understand what is going on.Installation
Nothing to it, a simple windows installation.

General operation

Just like the case of AntiHook This is the complex part, as seen before many HIDP like AntiHook and others Safe’n’Sec has the same problem.
Management and day to day work, I did hope that Safe’n’Sec will be able to overcome this issue, it does seems that they did a better job then AntiHook team.

There is no doubt that Star force dev team did try to change this status, first a better looking UI, with a nice summary regarding to what is protected and not, however it does seems that in my two testing computers the UI has crushed many times living you in a idiotic stage, you cant administer the product (you lose control over you computer)

Regarding the Management in general , Star force team again did a nice work, the look and feel give you a more comforting feeling (not like in AntiHook and BufferZone), the management is very easy you get much information about the Process running in what stage, like Trusted, partially trusted or restricted.

Alerts are more intuitive, however yet again they give much info that only computer savvy guys will understand, one thing I didn’t understand it’s what happen after I choose a way of action, like when I get an alert and I choose to allow the process to do something, I didn’t find a place where I can change this rule, meaning no Rule editor or am I mistaken, cant I change things I did … it’s like shooting your self in the kneecap.
Star force did had an ability to control the Activity control module, by default it is Strict and that cool m does give you a good security (at least that what I saw) , however when moving it to total, the computer get Crazy and you got like 100 alerts from any process that the computer can think about and then you cant go back to the management console till you answer all alerts, you cant change it back… it’s very annoying .

I can give a thumbs up for the idea to integrate it with a AV scanner, so you can scan from the product anything … it’s a great idea but nevertheless you still need to buy the Safe’n’Sec package with the AV

Security tests

I did many security tests, mostly using well known Trojan and Security test products, thus are the resultsNote: Pass = Safe’n’Sec blocked it, Fail = Safe’n’Sec didn’t was able to stop or catch it.

trojdemo - pass

procx = pass

leaktest1.2 = pass

Advance process termination = fail - kill 2,5,6,7

PcAudit = pass

PcAudit 2 = Fail

Ghost = pass

Copycat = Fail

AWFT = pass

tooleaky.exe = pass

regtest (ghost) = fail

zapass.exe = fail

WMI_Start_Notepad.vbs = Fail

Overall

I think that first thing Star Force should deal with the Security issues they have in the product, after all it’s a security product. The Safe’n’Sec suite is better then AntiHook regarding to UI and also much BufferZone, in the security section it’s a different story , first if you want total control over all aspects in the product and security in your PC go AntiHook, if you want a mix of it Go BufferZone, if you are an computer noob, go Safe’n’Sec

Grade = 7/10

Monday, November 14, 2005

BufferZone Home 1.6 - 08 Review

General

There is a Belief that only when using two computers you will be 100% protected, one computer for the Internet and the other for the confidential files like bills and other.
You can see this approach in many government and military organization, but for the Home user it's nor economical or strait forward to maintain two separate computers for Home usage.
To this market plunged Trustware with there BufferZone product, not only Trustware, you can see some new competitor for there product, like GreenBorder or SecureOL.

The technological solution is name Virtualization, basically having a computer in a computer, like PC in a PC.

BufferZone creates a virtual zone in the PC, this Zone is separated from the real OS, however it's very flexible and transparent to the user, in the virtual zone named BufferZone you can do whatever you want, even run viruses and they will not effect the real OS , where all you vital info is located.
More in the General Operation section.

Installation

The truth nothing to it , just next and some more next and you can restart it and start working.

General operation

Again like many products the general operation is the section where you get most of the problems.

In the general speaking the product is transparent, you start to work and can do whatever you want, Trustware did some cleaver thing, they and we know that programs like IE and Messengers or even SkyPe pusses a security Hole in the computer, so in the default many known programs (you can see the list in the BufferZone UI ) are running in the BufferZone e environment , meaning running in the Virtual environment separated from the real OS, running IE in the BufferZone has great benefits, like going to any site and even installing Spyware in malicious way , the every program running in the BZ (BufferZone) don’t get real File system nor Registry, so by installing any Spyware, Trojan and running Viruses in the BufferZone you computer doesn't get infected nor Trojan can take information from your Computer and send it to the outside world.
Programs running in the BufferZone are given Network acess only if ther are part of the List of known programs, this list can be edited by the user using the Local UI of BufferZone, by doing that a Trojan that is not from the Lost cant get network access (cool).

Anything running in the BZ has certain restrictions place on it :-Can't modify trusted files (eg virus behavior, or Trojan injection etc)-Can't create hooks (keyloggers)-Can't autostart (virtual registry is not read at startup)-Can't install drivers-Can't copy&paste from trusted files

Some other cool features you got is the forbidden option, by righ clicking any file you get a nice shell of BufferZone allowing to move files from the BufferZone to the Real OS and the opposite, also you can Forbid from a file to run, that’s a great feature adding the ability to control the BufferZone configuration by password, you can forbid programs running (good parental protection) also many time you have Trojan that you can delete so you can just right-click them and choose forbidden so files will not run anymore.

The greatest thing about BufferZone, it's that you don’t see any popup or nag screen, everything is strait forward and that’s could be also the product Achilles' heel , cause not getting any alerts doesn’t say it is a good thing .. you cant never know that you are really protected without getting any feedback from the product.

Also the UI client is not so clear, you don’t understand what is protected and what is not, also when moving files to the BufferZone environment they are moved to a location and you get a Virtual File, that kinda annoying you never know what file you are dealing with.

Security tests

TrojDemo.exe = pass

tooleaky.exe = Pass

ProcX.exe = Pass, the ProcX.exe couldn’t kill the BufferZone process

firehole.exe = Pass

pcaudit.exe = pass

pcaudit2.exe = pass

Modified Taskman = pass. Couldn’t kill the BufferZone process

Ghost.exe = pass

Advanced Process termination = pass

Copycat = pass

AWFT = pass

Overall

Great Concept, Nice product, but needs more work.
Also in the contrary to the AntiHook, Trustware BufferZone is pin point the (Stupid) Home user that doesn't know and don’t want to know only to be protected , savvy users will probably stick with more Alert wise application , but hi you have more Home (stupid ) users than computer Savvy users .. it's a good deal for Trustware

Grade = 8/10

Wednesday, November 09, 2005

Hi you all,

Didn't had time to start the test for BufferZone Home edition, I will probably do it tomorrow in order to advance to other reviews.

I was thinking that after reviewing the HIPS system I will review some Personal Firewall in order to find the best, there where some changes in Personal Firewall market, like new version from Agnitum, the buying of Sygate company what will lead probably to stop the developing of Sygate personal firewall (free and Pro) and same new comers to the Personal firewall market.

So what do you think guys???


Cheers

Painkiller