A popular form of computer protection that has been growing in popularity over the past few years, are anti-executables. The concept being very simple...disallowing a program from executing. Traditionally, anti-viruses remove malware after it's already infected the system. This isn't to say that some anti-viruses don't have components that prevent that from happening, but overall, that's how it works. So my question to you all is, do you use an anti-executable? If you don't use an anti-executable, is it because you have faith in your anti-virus to prevent malware from permanently infecting your system, is it because you just haven't really taken the time to make that inquiry, or it simply that you feel yourself wise enough to avoid opening malware to begin with? I look forward to reading your responses.
- Jun 9, 2013
- 6,720
Yes i am a fan of VoodooShield it lets nothing run without my approval in my experience. 
Link for people who want to try it out. VoodooShield™ - The User-Friendly Toggling Computer Lock.
Link for people who want to try it out. VoodooShield™ - The User-Friendly Toggling Computer Lock.There is no other way to truly protect physical system against infection, damage, data theft, etc... block any unknown\untrusted files from executing on the system in the first place.
Anti-executables and software restriction policy softs have bugs, design flaws and vulnerabilities too. So it is best to combo with another layer of protection or two... a secure config doesn't need to be over-the-top with 67 layers of protection.
Anti-executables and software restriction policy softs have bugs, design flaws and vulnerabilities too. So it is best to combo with another layer of protection or two... a secure config doesn't need to be over-the-top with 67 layers of protection.
Last edited by a moderator:
- May 22, 2016
- 328
I use VoodooShield as my anti-executable program, it works very well.
- Apr 30, 2012
- 711
Usually I prefer HIPS over Anti-Executable. It gives more control. Though now we have a very limited choice of sound free HIPS. It's Comodo. Other variants are not so strong - Spyshelter or ZoneAlarm, WinPatrol - HIDS actually, or Rehips which is very promising but still in beta.
As for fee Anti-Executables I know the following:
VoodooShield - actively developed now,
NVT ERP beta - though it's development is stopped but anyway it's a robust Anti-Executable,
Simple Software-restriction Policy (here or here),
or in-built Windows tweaks with SRP or Applocker.
Cheers!
As for fee Anti-Executables I know the following:
VoodooShield - actively developed now,
NVT ERP beta - though it's development is stopped but anyway it's a robust Anti-Executable,
Simple Software-restriction Policy (here or here),
or in-built Windows tweaks with SRP or Applocker.
Cheers!
Last edited:
- Aug 2, 2015
- 4,286
Right now I'm running what I feel for me is a good balance with VoodooShield & Emsisoft IS
I too love ReHIPS and the potential it brings to the table, so once it's out of beta I will be
reinstalling it and purchasing a lifetime license and only running it and VoodooShield.
I voted yes, anti-exe's are a valuable asset in the fight against malicious software and
I feel will play an even bigger roll in the future.
Thanks Noxx, great topic.
I too love ReHIPS and the potential it brings to the table, so once it's out of beta I will be
reinstalling it and purchasing a lifetime license and only running it and VoodooShield.
I voted yes, anti-exe's are a valuable asset in the fight against malicious software and
I feel will play an even bigger roll in the future.
Thanks Noxx, great topic.
Of course, i even use 2 of them, it is my motto since years, how could people trust a obsolete system based on signatures, malwares are now polymorphic , encrypted, got legit certificates, etc... the time a signature is released the malware got thousands of variants.
If you observe all suites of big vendors, all of them have either an HIPS/BB , the AV engine is now a comfort feature , it is no more the most important features. Take KIS or Comodo, remove the engine, they will perform as good because they have several prevention features.
If you observe all suites of big vendors, all of them have either an HIPS/BB , the AV engine is now a comfort feature , it is no more the most important features. Take KIS or Comodo, remove the engine, they will perform as good because they have several prevention features.
- Feb 15, 2012
- 2,128
Yes. I use my favorite anti-exe NVTERP even though development has stopped (hopefully temporarily), it still works very well for me with only minor bugs.
Last edited:
- Feb 14, 2016
- 648
Is there a way that u want to try voodooshield? it is activly devloped and u can be sure if someone find a bug or some malware that get true it Dan wil fix it. with novirusthanksexe radar pro u never know if some bug is there that the security is on risk and it doesnt get any fixes or updates since along time now. just a kindly reminder that u can try to change to a active devlopment program. i know u are on wilders so u would get the pro version.
For not offtopic. I use voodooshield, sandboxie and zemana premium. Zemana just because i have a lifetime license and it is so light that u dont feel it, so why not.
For not offtopic. I use voodooshield, sandboxie and zemana premium. Zemana just because i have a lifetime license and it is so light that u dont feel it, so why not.
i agree with that
- Feb 15, 2012
- 2,128
I would love to use VS, but on my laptop it just doesn't run well for some reason.Is there a way that u want to try voodooshield? it is activly devloped and u can be sure if someone find a bug or some malware that get true it Dan wil fix it. with novirusthanksexe radar pro u never know if some bug is there that the security is on risk and it doesnt get any fixes or updates since along time now. just a kindly reminder that u can try to change to a active devlopment program. i know u are on wilders so u would get the pro version.
For not offtopic. I use voodooshield, sandboxie and zemana premium. Zemana just because i have a lifetime license and it is so light that u dont feel it, so why not.
I voted NO, I personally love IDS more (linux user).
I don't think using only Anti-EXE is the that amazing (I know people will love them because of the group thinking and VoodooShield videos and free pro licenses), even using only sandbox is not that amazing idea. With all the signed malware and always new tricks everyday, it's very hard to know what is malware and what is not (here I'm talking about most users), you can find more info about this in one of my last posts (where I talk about how easy is to sign maware and some ways to bypass cloud lookup).
The best way of protecting you is similar to Comodo & Avast. Having some type of Default Deny (sandbox for Comodo and hardened mode for Avast) then a way of checking your system (ViruScope/HIPS/BB) and in the end some type of Cloud lookup to always check the files even if the files looked clean at the beginning.
I don't think using only Anti-EXE is the that amazing (I know people will love them because of the group thinking and VoodooShield videos and free pro licenses), even using only sandbox is not that amazing idea. With all the signed malware and always new tricks everyday, it's very hard to know what is malware and what is not (here I'm talking about most users), you can find more info about this in one of my last posts (where I talk about how easy is to sign maware and some ways to bypass cloud lookup).
The best way of protecting you is similar to Comodo & Avast. Having some type of Default Deny (sandbox for Comodo and hardened mode for Avast) then a way of checking your system (ViruScope/HIPS/BB) and in the end some type of Cloud lookup to always check the files even if the files looked clean at the beginning.
The problem is that no matter what security solution is used - the herd thinking is that they should be able to do anything on a system yet remain protected 100 % of the time. It's the absolute face of stupidity and the end result will always be the same = infection of some sort or another - from browlock to getting their bank account cleaned out.
* * * * *
COMODO sandbox and HIPS are good, but I have seen both smashed by malware; shouldn't have executed the file(s) in the first place. (It was fixed, but... it's COMODO).
Sandboxie sandbox with custom config is good, but I have seen it smashed by malware; shouldn't have executed the file(s) in the first place. (It was fixed.)
Anti-executables\software restriction policy softs are good with default config, but I have seen them smashed by malware; shouldn't have executed the file(s) in the first place - and not used the default config.
Anti-executables\software restriction policy softs can be seriously hardened via a custom config that will not permit the malware smash (white-listing bypasses).
The problem with anti-executables\software restriction policy softs is that they provide no networking protections; a robust IDS is needed for that - and there are only a few really capable ones that are beyond most users to configure properly.
If you use Windows, then there is definitely a limit as to how well you can protect your system - even with multi-layered protection.
On Windows, the best anyone can do is just the same as driving\riding in a car:
Put on your seatbelt and trust airbags (protections of limited capabilities) and don't drive or ride with someone that drives like a reckless idiot (moderate your behavior)...
* * * * *
COMODO sandbox and HIPS are good, but I have seen both smashed by malware; shouldn't have executed the file(s) in the first place. (It was fixed, but... it's COMODO).
Sandboxie sandbox with custom config is good, but I have seen it smashed by malware; shouldn't have executed the file(s) in the first place. (It was fixed.)
Anti-executables\software restriction policy softs are good with default config, but I have seen them smashed by malware; shouldn't have executed the file(s) in the first place - and not used the default config.
Anti-executables\software restriction policy softs can be seriously hardened via a custom config that will not permit the malware smash (white-listing bypasses).
The problem with anti-executables\software restriction policy softs is that they provide no networking protections; a robust IDS is needed for that - and there are only a few really capable ones that are beyond most users to configure properly.
If you use Windows, then there is definitely a limit as to how well you can protect your system - even with multi-layered protection.
On Windows, the best anyone can do is just the same as driving\riding in a car:
Put on your seatbelt and trust airbags (protections of limited capabilities) and don't drive or ride with someone that drives like a reckless idiot (moderate your behavior)...
Last edited by a moderator:
you want network protection, buy those expensive Hardware Firewall , like Sophos UTM, Redsocks , etc...
Mehhhhhh, bwahahahahhah ! Fork over your cash $$$$$$$$$$$$$, Buhhhh-Deeee !
Redsocks - yeah !
- May 14, 2016
- 1,597
I use VoodooShield after some tests I made (1000 samples file).
- Sep 26, 2014
- 2,973
@Solarlynx thanks for the info about SSRP i didn't knew it.
It seems a simple and nice software, i will try it in the next days.
About the question of the post at the moment i don't use anti-executable software.
It seems a simple and nice software, i will try it in the next days.
About the question of the post at the moment i don't use anti-executable software.
- Mar 15, 2011
- 13,070
So far the best concept at all is indeed Anti-Executable followed by combination of HIPS/BB.
They are not perfect due to vulnerabilities but for a long run the investment returns big favor.
Anti-Executable needs a thorough setup because the complexity will affect your common programs at all, so the goal always is to block for any circumstances for dropping sensitive location.
Guaranteed no partial block will occur, but you need a scanner to disinfect the threats properly.
----------------------------------------
Through this thread, I understand the different sentiments yet Anti-Exe and HIPS/BB are the best solution that we can have for today's landscape.
Virtualization is another different story but still a + factor for protection base.
They are not perfect due to vulnerabilities but for a long run the investment returns big favor.
Anti-Executable needs a thorough setup because the complexity will affect your common programs at all, so the goal always is to block for any circumstances for dropping sensitive location.
Guaranteed no partial block will occur, but you need a scanner to disinfect the threats properly.
----------------------------------------
Through this thread, I understand the different sentiments yet Anti-Exe and HIPS/BB are the best solution that we can have for today's landscape.
Virtualization is another different story but still a + factor for protection base.
- Jun 24, 2016
- 636
Yes I use an Anti-EXE (VoodooShield)....IMO It is already a great Security Soft,and it will keep getting better & better as the AI training continues..
Every Security Soft has its limitations.None are perfect...IMO If the Soft does what it claims to do then that's all we can ask of it..
Having looked at many "Security Configs" on MT I have concluded that each member is quite unique in their views,and that that individuality is represented in the vast difference between the Specific Security-Software used by each member..
Members here (IMO) are sharp enough to do their own research and reach their own conclusions.
I would expect to see a higher level of "Group Mentality" had Kaspersky rolled out VoodooShield as a component of their Soft..
I like a layered approach..Anti-EXE (Voodooshield), Sandbox (Sandboxie) AV (Avast in Hardened mode) ,Cloud lookup (Crystal Security), HIPS (Spyshelter), HIDS (Glasswire)..
I don't see anybody here claiming that ONE Security Soft is the way to go,nor fighting over which ONE Soft that should be.
Every Security Soft has its limitations.None are perfect...IMO If the Soft does what it claims to do then that's all we can ask of it..
I am aware of the Psychology behind "Group Thinking" but IMO I do not think that is a factor here...
Having looked at many "Security Configs" on MT I have concluded that each member is quite unique in their views,and that that individuality is represented in the vast difference between the Specific Security-Software used by each member..
Members here (IMO) are sharp enough to do their own research and reach their own conclusions.
I would expect to see a higher level of "Group Mentality" had Kaspersky rolled out VoodooShield as a component of their Soft..
I agree with what you are saying,@NullByte ...Using only ONE type of protection is a bad idea IMO..
I like a layered approach..Anti-EXE (Voodooshield), Sandbox (Sandboxie) AV (Avast in Hardened mode) ,Cloud lookup (Crystal Security), HIPS (Spyshelter), HIDS (Glasswire)..
I don't see anybody here claiming that ONE Security Soft is the way to go,nor fighting over which ONE Soft that should be.
Similar threads
