I will not be able to have the trial version, they propose only to buy it...
Make your video test requests!
- Thread starter Shadowra
- Start date
I will not be able to have the trial version, they propose only to buy it...
That's stupid of them, IMO. I repeat: Do you have a way that I can donate the subscription price in case you decide to test it?
Some programs don't give you free trial, when they offer you free trial it is at most 15 days, spyshelter is an example of them only 14 days trial.
F
ForgottenSeer 97327
@bellgamin
In Windows-XP era, a decent firewall had to deal with all sorts of intrusions to prevent 'trusted' applications being a mule for malicious code. That is why Comodo Firewall always scored best in firewall leaktests, because it had a full fletched HIPS. Today even the Grand Lady of MT and WS advises to disable the HIPS of Comodo Firewall with Cruel Sister settings, because there are simply to many 'sponsors' or LoLbins which could be used as a mule for malware seeking outbound connections (and containment of applications when they are trying to get in at first launch is a more effective approach than a HIPS trying them to stop them going out).
When Glasswire first appeared on WS, I used it for a while and what I can remember that it checked outgoing applications on VirusTotal. The effectiveness of this check depends on whether Glaswire repeats this check every time a program tries to go outbound (I used the free version, so don't know). When Glaswire has a setting to trust applications, my guess is that these applications are NOT checked again at VT, but simply allowed. This would make Glaswire blind for applications being misused as mule or piggyback for malware going outbound.
Bottem line: I fear a real world test with staged attacks would show Glaswire to be of little use. I think the benefit of Glaswire for corporations is that IT-managers are able to track which applications have a lot of outbound traffic (to prevent employees leaking information or hostile third-parties to steal information). I think it is designed as a data usage monitor to discover information-theft/leak, not as intrusion prevention tool.
The name glasswire also indicateds that it shows (glass = transparent) what goes over the wire.
In Windows-XP era, a decent firewall had to deal with all sorts of intrusions to prevent 'trusted' applications being a mule for malicious code. That is why Comodo Firewall always scored best in firewall leaktests, because it had a full fletched HIPS. Today even the Grand Lady of MT and WS advises to disable the HIPS of Comodo Firewall with Cruel Sister settings, because there are simply to many 'sponsors' or LoLbins which could be used as a mule for malware seeking outbound connections (and containment of applications when they are trying to get in at first launch is a more effective approach than a HIPS trying them to stop them going out).
When Glasswire first appeared on WS, I used it for a while and what I can remember that it checked outgoing applications on VirusTotal. The effectiveness of this check depends on whether Glaswire repeats this check every time a program tries to go outbound (I used the free version, so don't know). When Glaswire has a setting to trust applications, my guess is that these applications are NOT checked again at VT, but simply allowed. This would make Glaswire blind for applications being misused as mule or piggyback for malware going outbound.
Bottem line: I fear a real world test with staged attacks would show Glaswire to be of little use. I think the benefit of Glaswire for corporations is that IT-managers are able to track which applications have a lot of outbound traffic (to prevent employees leaking information or hostile third-parties to steal information). I think it is designed as a data usage monitor to discover information-theft/leak, not as intrusion prevention tool.
The name glasswire also indicateds that it shows (glass = transparent) what goes over the wire.
Last edited by a moderator:
@Max90 wrote:
My post suggested that @Shadowra test several firewalls -- including but not limited to Glasswire. Goal: to find the best of those FWs chosen to be tested.
Glasswire is undoubtely not bulletproof. Hmmm... is ANY firewall bulletproof? (As the saying goes: There never was a horse that couldn't be rode BUT there never was a rider that couldn't be throwed.)
My post suggested that @Shadowra test several firewalls -- including but not limited to Glasswire. Goal: to find the best of those FWs chosen to be tested.
The problem with firewalls and malware unless the firewall does not have a block rule for certain exe or msi or whatever executable it will access the internet.
And in the other case where it has the capability to default deny access to unknown files it will block it or like WFC ask to allow/block it while temp blocking it.
It's fairly simple, I'm not sure what a test would prove other than what I stated. Firewalls are really dumb, basically it's allowed or block.
And in the other case where it has the capability to default deny access to unknown files it will block it or like WFC ask to allow/block it while temp blocking it.
It's fairly simple, I'm not sure what a test would prove other than what I stated. Firewalls are really dumb, basically it's allowed or block.
It seems to me that SWH is not compatible with Win11 22H2 since there is this
@Andy Ful correct me if I'm wrong
F
ForgottenSeer 97327
@Shadowra
On my wife's laptop (which came with Windows11 home) SRP still works. On her PC Smart App Control is disabled. I think that when you have Smart App Control enabled, SRP does not work anymore on Windows 11. You could give H_C it a try (and only block powershell as sponsor) to test whether SRP is also depreciated when SAC is in AUDIT mode.
On my wife's laptop (which came with Windows11 home) SRP still works. On her PC Smart App Control is disabled. I think that when you have Smart App Control enabled, SRP does not work anymore on Windows 11. You could give H_C it a try (and only block powershell as sponsor) to test whether SRP is also depreciated when SAC is in AUDIT mode.
Last edited by a moderator:
Yes, it is not fully compatible:
Question - Simple Windows Hardening
Post updated in October 2022. The current build of Windows 11 ver. 22H2 (clean installation) is not fully compatible with SWH. The SRP settings in SWH will work well if Windows has been upgraded from Windows 10 or updated from version 21H2 (or from the prior version). Unfortunately, SRP does...
malwaretips.com
The same is true for H_C.
Here are the planned tests!
- Webroot SecureAnywhere (the video is shot, will be posted tomorrow)
- Trellix Endpoint (video is shot, will be released Saturday morning, before my Christmas break)
- ESET vs Kaspersky (after Christmas, probably Tuesday or Wednesday) @anirbandutta01
- F-Secure SAFE
- ESET vs Acronis (the video is very late and I apologize @gary_seven )
- Microsoft Defender + ConfigDefender MAX + SAC or SWH @Max90
- The Avira Engine Battleship @Gandalf_The_Grey
- Comodo IS (@cruelsister settings)
- WiseVector + Comodo Firewall
- Webroot SecureAnywhere (the video is shot, will be posted tomorrow)
- Trellix Endpoint (video is shot, will be released Saturday morning, before my Christmas break)
- ESET vs Kaspersky (after Christmas, probably Tuesday or Wednesday) @anirbandutta01
- F-Secure SAFE
- ESET vs Acronis (the video is very late and I apologize @gary_seven )
- Microsoft Defender + ConfigDefender MAX + SAC or SWH @Max90
- The Avira Engine Battleship @Gandalf_The_Grey
- Comodo IS (@cruelsister settings)
- WiseVector + Comodo Firewall
Last edited:
That's quite an ambitious list...I love it.
I'm waiting...
F
ForgottenSeer 97327
It will depend on my time
In a day, I can shoot several videos and edit them
Never saw a test of Trellix before. Definitely looking forward to this one.
What can I say, you are the best, thank you
Hello
Before starting, I wish you a happy new year 2023
Then, I want to apologize, I didn't keep my promise of one video per day...
Shooting a video takes time: In preparation (malware research, sampling, shooting, editing etc) and I wanted to set the bar too high... and also because I have a girlfriend who came into my life and I wanted to enjoy it.
Then, I resume my training tomorrow. So I'll be going to 3 reviews a week (Tuesday, Thursday, Sunday).
And in the middle of January, I'll take a week break for the videos because I need it
I'm releasing 2 videos this week and one video that I'm shooting on Wednesday
Take care of yourself
Shadowra
Before starting, I wish you a happy new year 2023
Then, I want to apologize, I didn't keep my promise of one video per day...
Shooting a video takes time: In preparation (malware research, sampling, shooting, editing etc) and I wanted to set the bar too high... and also because I have a girlfriend who came into my life and I wanted to enjoy it.
Then, I resume my training tomorrow. So I'll be going to 3 reviews a week (Tuesday, Thursday, Sunday).
And in the middle of January, I'll take a week break for the videos because I need it
I'm releasing 2 videos this week and one video that I'm shooting on Wednesday
Take care of yourself
Shadowra
Happy New Year to yourself. You have nothing to apologize for, we are only grateful for all the work you put in for us.Hello
Before starting, I wish you a happy new year 2023
Then, I want to apologize, I didn't keep my promise of one video per day...
Shooting a video takes time: In preparation (malware research, sampling, shooting, editing etc) and I wanted to set the bar too high... and also because I have a girlfriend who came into my life and I wanted to enjoy it.
Then, I resume my training tomorrow. So I'll be going to 3 reviews a week (Tuesday, Thursday, Sunday).
And in the middle of January, I'll take a week break for the videos because I need it
I'm releasing 2 videos this week and one video that I'm shooting on Wednesday
Take care of yourself
Shadowra
Take good care of yourself too
Could you please possibly squeeze in a test of Huorong Internet Security when ever the dust settles from all your other activities ?
Thank you ever so much Shadowra for all the time and effort involved
Regards Eck
Thank you ever so much Shadowra for all the time and effort involved
Regards Eck
You may also like...
-
Entreprise Antivirus Comparative : Cylance - CrowdStrike - Cynet - DeepInstinct- Started by Shadowra
- Replies: 18
-
-
Shadowra's Big Comparative - Episode 3 Entreprise Antivirus
- Started by Shadowra
- Replies: 64
-
POpera One R3 rollout continues with new ways to customize your Tab Islands
- Started by Patrick Curtin
- Replies: 0
-
SOpera One R3 arrives with new AI, Google integrations, and more
- Started by Santiago Benavides García
- Replies: 0