Deprecated Changes at SpyShelter (SpyShelter Firewall Discontinued)

Andrezj

Level 6
Nov 21, 2022
248
Trust me, it's not worth the bother. Although very good as an anti-logger (they covered all the hooks), it was not very good at all against other malware forms (and I did so want them to succeed).
improper testing:
select allow option in each security alert during malware testing
spyshelter does not prevent any actions when the user selects allow option - except for child process of user defined restricted apps

correct testing:
select terminate option in each security alert when executing malware testing

user must know what is customary behavior on their system
alert system is just to notify user of potentially unsafe action
user must be able to disambiguate alerts
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
improper testing:
select allow option in each security alert during malware testing
spyshelter does not prevent any actions when the user selects allow option - except for child process of user defined restricted apps

correct testing:
select terminate option in each security alert when executing malware testing

user must know what is customary behavior on their system
alert system is just to notify user of potentially unsafe action
user must be able to disambiguate alerts
1). Install SpyShelter Firewall
2). Set at High Security level
3). reboot
4). verify protection:
a. run valid application- VirusTotal Uploader. At popup alert choose Terminate
b. run Coinminer malware: 9cf5b3676ddc2e66483d1894dc9a2a2bd02bfaa9926822451b5af1db4bf98269
At popup alert choose Terminate.
5). Verify system clean
6). run Hello Kitty: c2498845ed4b287fd0f95528926c8ee620ef0cbb5b27865b2007d6379ffe4323
No Alerts-System Infected

Quod Est Demonstrandum
 

Andrezj

Level 6
Nov 21, 2022
248
2). Set at High Security level
improper security configuration
must be configured to notify always

yes, you exposed weaknesses of predefined security profile "high security" that allows actions without alert
but you did not demonstrate "Trust me, it's not worth the bother. Although very good as an anti-logger (they covered all the hooks), it was not very good at all against other malware forms (and I did so want them to succeed)."

a fair point is made, this is not a personal slight
there is no question of the results of your prior test
the testing outcome probably would be much different if all was configured to maximum possible secure settings
 
Last edited:
  • Like
Reactions: piquiteco

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
1). Install SpyShelter Firewall
2). Set at High Security level
3). reboot
I gave you the answer on Wilders some time ago
and here is how protection levels are working and how protection depends on SS's built-in list of trusted vendors/certificates - High Level is not the highest
b. run Coinminer malware: 9cf5b3676ddc2e66483d1894dc9a2a2bd02bfaa9926822451b5af1db4bf98269
At popup alert choose Terminate.
5). Verify system clean
6). run Hello Kitty: c2498845ed4b287fd0f95528926c8ee620ef0cbb5b27865b2007d6379ffe4323
There are a lot features and settings that can be set or enabled to elevate SS protection e.g. "Terminate child processed" "Terminate all instances" (Security/Advanced) and it appears it's reasonable use them to prepare SS before test
No Alerts-System Infected

Quod Est Demonstrandum
SS never alerts about infection! What popups would you expect? It doesn't use signature, no cloud and AI somwere outside - everything depends on enabled features, choosen settings and rules/decisions made by user. Nothing else.
 

bellgamin

Level 4
Verified
Well-known
Oct 11, 2016
160
This is a tempest in a teapot. Spyshelter (SS) is designed to run alongside of a good AV, so as possibly to catch those rare nasties that get by the AV. OSArmor (OSA) is designed to do the same adjunct job.

OSA & SS both have a defined, finite set of actions that are often performed by malware & seldom performed by everyday, clean apps. SS has 66 such "malware-type actions" in its scanning kit.

Unlike some security apps, such as WiseVector SX, neither OSA nor SS are "smart" apps. That is, they do NOT "learn" from the malware that they scan. Thus, the static nature of their finite list of malware-type actions is their weakness. However, both OSA & SS enable user-developed rules -- a partial compensation for their lack of learning ability.

SS has a good HIPS but NO learning ability (heuristics, AI, machine learning, et al). In fact, SS's internal processes haven't been updated in a very long time. Ergo, SS has fallen far behind the technology of 2023.

BOTTOM LINE: SS has new owners and they must quickly up-date SS to become a "smart app" or SS will become history. Even so, implying that SS is worthless is simply incorrect. Because its "suspicious actions" list is static & finite, SS won't catch everything that gets by my AV but it WILL catch some of it. Some is better than none, wot?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top