Advice Request Other standalone Default-Deny software?

[shmu26]

Default allow is much better suited to the average user.

1 There are not so many average users on this forum
2 A skilled friend or family member can set up a default/deny system for the average user in a way that will work for them.
3 The problem is mainly with average users who like to install new programs and have a lot of software. There is another kind of average user: the one who doesn't even know how to install programs. For them, using a default/deny system is as easy as can be.

 

[Janl1992l]

Besides Cfw/cs is there any standalone software that is considered Default/Deny or can be configured that way?

Only one i know that is not listen alrdy here is SecureAPlus. a realy nice Anti-exe+cloud av(10 engines in the cloud)+AI local av(its new but surprinsingly the detection rate from the AI av is realy decent, it pick things up that main avs are missing. only downside is the false positive there, quit noticable.

 

[shmu26]

Only one i know that is not listen alrdy here is SecureAPlus. a realy nice Anti-exe+cloud av(10 engines in the cloud)+AI local av(its new but surprinsingly the detection rate from the AI av is realy decent, it pick things up that main avs are missing. only downside is the false positive there, quit noticable.

SecureAPlus is probably the easiest of them for average users,.
There is another one that I don't know if was mentioned: Excubits Bouncer. It is the hardest of them for average users.
And there is ReHIPS, which has an anti-exe component, although it has other components, too. Admittedly, it is not recommended for the average user to set up ReHIPS by themselves.

 

[Freki123]

Plus ERP and Voodooshield are one man operations. One man operations tend to be spread thin that results in spotty update schedules and insufficient product support.

Sorry but i don't realy see that as a point. Erp has a free beta that gets often updates and VS has a free version and every few week(s) a new beta. So what has a free user to lose if they check the forum to see if real problems haven't been addressed? It's not like only because a company is big it's programms are bug free / never had any security risks.

 

[shmu26]

Please re-read what I posted. I said average users. Average users do not check back for updates. They don't do manual updates. They expect updates to be automatic.

It certainly is a very important factor.

What happens if something happens to the developer ? What happens if the developer decides to abandon their product because they just don' t want to do it anymore ? What happens if the developer moves on to other projects and does not have time to support it any longer ? Shadow Defender and ERP went for two years without a product update and resulting problems. So it does happen.

Average users should stick to products with sufficient staff and support where they can be much more assured of ongoing product continuity and protection.

I hear your point. Boutique security applications such as ERP do require the user (or the geek overseeing their system) to log onto the support thread every once in a while.
Comodo is big enough to push out updates to the masses, so that's not an issue.
On the other hand, the average user often ignores those "stupid, annoying" messages that their AV gives them when the subscription runs out, and the data base is no longer updated. so...

 

[shmu26]

Default deny is a silly solution for the average person who has to do it on their own. They don't have someone who is going to go to their house and configure it and come back every single time default deny causes a problem. Not to mention average users think things are a problem when they are not, and cannot identify an actual problem.

The products like ERP and Voodooshield that generate alerts, average users cannot handle such products. They end up always allowing or always blocking because they don't know what to do. So they end up with no security or destroying their system.

A product like AppGuard is beyond the scope of an average user. They cannot handle it.

Comodo you might as well forget. With its complexity there is no way an average can use it.

Which leaves us with native Windows Security. The stuff that Microsoft is baking into Windows 10 is atrocious. I am constantly getting requests to come and fix stuff for people. The ones who play around with the settings just end up causing all kinds of problems. They enable ransomware protection and then cannot install programs. They enable core isolation and application control and stuff breaks along with BSODs.

Native Windows security on Windows 10 is sufficient to protect a typical user.
A typical user is someone who doesn't torrent cracks that come in rar files. A typical user is someone who might click on a cat pic in drive-by download (it will open in an appcontainer-isolated app by default on Windows 10) or someone who might download risky software (it will be blocked by SmartScreen).
As long as a typical home user doesn't turn Windows Defender off, or do something stupid and illegal, he will be safe.

I am not talking about security in a business environment. That's a different story.

Please note that people who deliberately download cracks cannot be protected by any security solution, because they will always turn off their security in order to run their cracks.

 

[Janl1992l]

There is another one that I don't know if was mentioned: Excubits Bouncer.

Oh i alrdy forget it. Used it awhile ago. it was a masterpiece blocking dlls, drivers and so on. But without a user interface it was just to much for me to maintain. Is a interface avaiable or is it still without?

 

[ebocious]

Default allow is much better suited to the average user.

Know what else is better suited to the average user? Malware. FGAV, heuristics, etc. have failed. In epic fashion. They can't keep up with millions of new samples every day. If they could, then drug trafficking would still be the world's #1 largest criminal industry. But it's not; it was surpassed by cybercrime in 2004.


Millions of Americans become victims of identify theft every year. Hospitals pay hefty ransoms, hoping the ransomware authors will be merciful. The bad guys are large and in charge. Meanwhile, proponents of default allow methods keep recommending discipline to Internet users. Install your traditional three-pronged security suite, keep all your software up to date, avoid opening emails from unknown senders, scan unknown files at VT, stay away from dodgy websites, etc., etc., etc.


None of this discipline will protect you when a legitimate website like NFL.com or other gets compromised, and drops a 0-day meltdown/spectre exploit on your machine. It would be more effective to discipline them to properly use something that actually works, by stopping the code before it executes and unleashes its payload.


BTW, it doesn't have to be one or the other. Keep your antivirus if you choose; VT has a 128 MB file size limit anyway, last I checked. But don't just flat-out tell people not to use a program that stopped WannyCry dead it its tracks, even on outdated computers.


Twenty years from now, average users will be more than capable of properly using something like AppGuard. Until then, I'll leave the light on for them here in Utopia.

 

[shmu26]

Oh i alrdy forget it. Used it awhile ago. it was a masterpiece blocking dlls, drivers and so on. But without a user interface it was just to much for me to maintain. Is a interface avaiable or is it still without?

Still without.

 

[kylprq]

Comodo you might as well forget. With its complexity there is no way an average can use it

with cruelsisters settings comodo not that too much complex

 

[shmu26]

@Pixy Stix so please tell us, what to you suggest for the average user?

 

[kylprq]

A lot of people around here install Comodo because it is free and there are a few online reviews that give it high accolades.

just not the reason we use comodo

if comodo sandbox/block some legimate ones they can click don't sandbox/block again option when CF give them pop up we can help about it here

 

[bribon77]

Friend @Pixy Stix, I agree that the default denial is not for an inexperienced user and nobody in MT says otherwise

 

[ebocious]

The future of security will continue to be default allow.

I seriously doubt that. And I'll tell you why: AV vendors themselves are starting to move away from it (with varying degrees of success).

It sounds to me like you haven't used AppGuard. Because if you have, then you should know that those who don't know how to use it will not be able to use it at all. AppGuard doesn't throw up an alert asking you what to do about unrecognized programs; it just blocks them and notifies you (you can disable the notifications if you like). But without getting into the nitty gritty of configuration, the simple way to use it is to drag the lever down before installing something, and drag it back up afterward (or let it automatically resume default protection after 20 minutes). Looks real hard, doesn't it?

While I can't speak to individual end users, Blue Ridge claims that, in 20 years, not a single client has been breached. If that weren't true, then I'd expect a client or two (or three, or four...) of theirs would have set the record straight by now.

iOS is default-deny, and so are macOS and Linux to an extent. The average user doesn't know much about Linux, but the Mac is working its way up to 15% OS market penetration. I was at a picnic a few years ago, watching a three-year-old play games on her mom's iPhone. As I watched, she proceeded to open the App Store, click "purchase" on a new game, download and install it, and start playing. Look where we are now indeed!

 

[shmu26]

I will find out what the future is when I get there. In the mean time, since I have learned enough on MalwareTips, I will probably continue to apply advanced security solutions. But I don't expect everyone else in the world to do what I do.

 

[ebocious]

Did you not read my previous post? How will an average user "go around" AppGuard and allow? It doesn't give them the option! It just blocks everything and notifies you afterward that it did so. In order to install something, you have to put AppGuard on install mode before you launch the installer. And even if you forget to re-enable protection after doing so, AppGuard automatically boosts itself back up after 20 minutes. And once an app is installed, it's installed. You can use it freely, unless it tries to inject code into another process, or launch PowerShell, or run a macro.

On a normal day, you don't even know AppGuard is there, because there's nothing happening on the system that AppGuard cares about. And this isn't after months to years of training; this is right out of the box. You also missed where I said that iOS, macOS, and Linux use default deny. And the former two are widely used. So much for there being no viable economic future for home user default deny.

Next time, maybe stop and read a post before you respond to it? You don't have to have the last word no matter what; it's okay to be wrong.

 

[Andy Ful]

Pixy Stix
Most of the things you are trying to say on this thread is true. But, have you noticed, that your posts are out of topic? This thread is not for average users and it is not about default allow. So, what is the point to reason with people here for a long time, that default allow is generally better for the average users?
Furthermore, everybody here knows it without your true and passionate argumentation.
Maybe you should open a separate thread?

 

[shmu26]

Pixy Stix
Most of the things you are trying to say on this thread is true. But, have you noticed, that your posts are out of topic? This thread is not for average users and it is not about default allow. So, what is the point to reason with people here for a long time, that default allow is generally better for the average users?
Furthermore, everybody here knows it without your true and passionate argumentation.
Maybe you should open a separate thread?

Well said. Off-topic it is.

 

[Moonhorse]

RansomOFF with advanced mode has lockdown mode/ hips , tweaked right it works as default deny IMO ( advanced mode isnt that easy and probably cause nothing to run, so some patience is probably needed)

About above comments, I'd like to use H_C but i has problems with the whitelisting still sometimes...and comodo firewall is just too easy to set up & you have access to sandboxing browser etc.

Would it ever be possible to H_C work as like VS do, set up your computer > snapshot > lockdown

 

[shmu26]

RansomOFF with advanced mode has lockdown mode/ hips , tweaked right it works as default deny IMO ( advanced mode isnt that easy and probably cause nothing to run, so some patience is probably needed)

About above comments, I'd like to use H_C but i has problems with the whitelisting still sometimes...and comodo firewall is just too easy to set up & you have access to sandboxing browser etc.

Would it ever be possible to H_C work as like VS do, set up your computer > snapshot > lockdown

If Comodo works good for you, how's about this for ya: run H_C with the config for Avast Hardened mode. This config is good also for Comodo at CruelSister settings. The big difference here is that the SRP is now set to default/allow, since Comodo is watching your exe files. This way, you probably won't even notice H_C at all. It won't block regular stuff. It will just harden your system.
@Andy Ful might be able to give some details/corrections.