Deprecated Changes at SpyShelter (SpyShelter Firewall Discontinued)

[Andrezj]

Trust me, it's not worth the bother. Although very good as an anti-logger (they covered all the hooks), it was not very good at all against other malware forms (and I did so want them to succeed).

improper testing:
select allow option in each security alert during malware testing
spyshelter does not prevent any actions when the user selects allow option - except for child process of user defined restricted apps

correct testing:
select terminate option in each security alert when executing malware testing

user must know what is customary behavior on their system
alert system is just to notify user of potentially unsafe action
user must be able to disambiguate alerts

 

[cruelsister]

improper testing:
select allow option in each security alert during malware testing
spyshelter does not prevent any actions when the user selects allow option - except for child process of user defined restricted apps

correct testing:
select terminate option in each security alert when executing malware testing

user must know what is customary behavior on their system
alert system is just to notify user of potentially unsafe action
user must be able to disambiguate alerts

1). Install SpyShelter Firewall
2). Set at High Security level
3). reboot
4). verify protection:
a. run valid application- VirusTotal Uploader. At popup alert choose Terminate
b. run Coinminer malware: 9cf5b3676ddc2e66483d1894dc9a2a2bd02bfaa9926822451b5af1db4bf98269
At popup alert choose Terminate.
5). Verify system clean
6). run Hello Kitty: c2498845ed4b287fd0f95528926c8ee620ef0cbb5b27865b2007d6379ffe4323
No Alerts-System Infected

Quod Est Demonstrandum

 

[Andrezj]

2). Set at High Security level

improper security configuration
must be configured to notify always

yes, you exposed weaknesses of predefined security profile "high security" that allows actions without alert
but you did not demonstrate "Trust me, it's not worth the bother. Although very good as an anti-logger (they covered all the hooks), it was not very good at all against other malware forms (and I did so want them to succeed)."

a fair point is made, this is not a personal slight
there is no question of the results of your prior test
the testing outcome probably would be much different if all was configured to maximum possible secure settings

 

[ichito]

1). Install SpyShelter Firewall
2). Set at High Security level
3). reboot

I gave you the answer on Wilders some time ago

SpyShelter - an overview of my own settings, tips and useful information

I am very concerned that something happened to one of their key security experts. SS has been around for quite a long time. People age. Times and...

www.wilderssecurity.com

and here is how protection levels are working and how protection depends on SS's built-in list of trusted vendors/certificates - High Level is not the highest

SpyShelter 11

I just installed 11.4 RC on Windows 10 X64 Pro version 1709 and it set itself to Medium Security Level after installation. During the installation...

www.wilderssecurity.com

b. run Coinminer malware: 9cf5b3676ddc2e66483d1894dc9a2a2bd02bfaa9926822451b5af1db4bf98269
At popup alert choose Terminate.
5). Verify system clean
6). run Hello Kitty: c2498845ed4b287fd0f95528926c8ee620ef0cbb5b27865b2007d6379ffe4323

There are a lot features and settings that can be set or enabled to elevate SS protection e.g. "Terminate child processed" "Terminate all instances" (Security/Advanced) and it appears it's reasonable use them to prepare SS before test

No Alerts-System Infected

Quod Est Demonstrandum

SS never alerts about infection! What popups would you expect? It doesn't use signature, no cloud and AI somwere outside - everything depends on enabled features, choosen settings and rules/decisions made by user. Nothing else.

 

[cruelsister]

SS never alerts about infection!

"b. run Coinminer malware: 9cf5b3676ddc2e66483d1894dc9a2a2bd02bfaa9926822451b5af1db4bf98269
At popup alert choose Terminate."

 

[bellgamin]

This is a tempest in a teapot. Spyshelter (SS) is designed to run alongside of a good AV, so as possibly to catch those rare nasties that get by the AV. OSArmor (OSA) is designed to do the same adjunct job.

OSA & SS both have a defined, finite set of actions that are often performed by malware & seldom performed by everyday, clean apps. SS has 66 such "malware-type actions" in its scanning kit.

Unlike some security apps, such as WiseVector SX, neither OSA nor SS are "smart" apps. That is, they do NOT "learn" from the malware that they scan. Thus, the static nature of their finite list of malware-type actions is their weakness. However, both OSA & SS enable user-developed rules -- a partial compensation for their lack of learning ability.

SS has a good HIPS but NO learning ability (heuristics, AI, machine learning, et al). In fact, SS's internal processes haven't been updated in a very long time. Ergo, SS has fallen far behind the technology of 2023.

BOTTOM LINE: SS has new owners and they must quickly up-date SS to become a "smart app" or SS will become history. Even so, implying that SS is worthless is simply incorrect. Because its "suspicious actions" list is static & finite, SS won't catch everything that gets by my AV but it WILL catch some of it. Some is better than none, wot?