SpyShelter Free

[Lenny_Fox]

For people with a little PC-security experience running an all Microsoft setup (e.g. using Simple Windows hardening and Configure Defender) and feeling the need to add some additional protection (HIPS and Firewall), this is really a great add-on.

 

[shmu26]

What features is it lacking as compared to the paid version? Or maybe I should ask: what features does it have?
Last I remember, the free version was an anti-keylogger without kernel hooks. This looks quite different.

 

[Nautilus]

What features is it lacking as compared to the paid version? Or maybe I should ask: what features does it have?
Last I remember, the free version was an anti-keylogger without kernel hooks. This looks quite different.

here is comparison chart between the various products they offer :

Best Free Antispyware Software 2024 | Download SpyShelter

Download SpyShelter Antispyware FREE software. Get instant protection against spyware. Easy to use.

www.spyshelter.com

 

[ichito]

What features is it lacking as compared to the paid version? Or maybe I should ask: what features does it have?
Last I remember, the free version was an anti-keylogger without kernel hooks. This looks quite different.

Here is what was changed in last free version.

SpyShelter 12.3 Released

SpyShelter version 12.3 is live now! New version of SpyShelter brings support for Windows October 2020 Update. You can either update via SpyShelter directly or download new installer from our Download Page. IMPORTANT NOTE: Due to issue in new buggy Windows API introduced in 20H1 and 20H2 (not...

malwaretips.com

Analysing the list of monitored actions we can see it's differ to officially mentioned features. Eventhoug we still have free long time developed app that offers solid protection.
BTW @Lenny_Fox thanks for review

 

[Lenny_Fox]

What features is it lacking as compared to the paid version? Or maybe I should ask: what features does it have?
Last I remember, the free version was an anti-keylogger without kernel hooks. This looks quite different.

I think most important features free is lacking is
1. Ability to kill the process which is flagged by the HIPS or FW module. FREE can only block or allow the intercepted action (by HIPS or FW)
2. Not able to fine tune monitored actions by HIPS.
3. I suspect HIGH level monitoring does not had all protections enabled in FREE version
4. Less granularity in FW rules

For moderate experienced users like me only the first is something worth considering paying for premium.

 

[ChoiceVoice]

is free still only for 32 bit? that's the way it used to be. i bought a lifetime many years ago and ardently like this software.

 

[ichito]

I think most important features free is lacking is
1. Ability to kill the process which is flagged by the HIPS or FW module. FREE can only block or allow the intercepted action (by HIPS or FW)
2. Not able to fine tune monitored actions by HIPS.
3. I suspect HIGH level monitoring does not had all protections enabled in FREE version
4. Less granularity in FW rules

For moderate experienced users like me only the first is something worth considering paying for premium.

ad.1 I have to check it but I didn't notice that as I remeber
ad.2 Do you mean editing advanced rules of process in separate window of settings? I could normaly open it, change avaliable option and save it but I didn't check how behaviour of SS have been changed. To check.
ad 3. Level of protection does not depends on number of monitored action. It depends on used by SS trusted certificates (Allow MS, Auto high and Auto medium level) or only by user decision. That's when we don't tick "auto allow signed" in box on list of monitored actions. Here is the test how used level of protection affects on alerts and rules.

SpyShelter 11

I just installed 11.4 RC on Windows 10 X64 Pro version 1709 and it set itself to Medium Security Level after installation. During the installation...

www.wilderssecurity.com

ad. 4 I could agree but only partiary - some action were removed but it looks thet they are still monitored (#48, 53, 54) and proper rules are created - e.g. blocking rule for STDUViewer and rules for Firefox - see below

is free still only for 32 bit? that's the way it used to be. i bought a lifetime many years ago and ardently like this software.

Why do think so? It's working on my Win 7 64-bit normaly in version 12.3 and earlier 12.0.

 

[Lenny_Fox]

Ad1. Free does not allow to kill a process
Ad2. Free does not allow to disable a monitored action in the rules section, meaning SpyShelter does not monitor that action for all processes.

 

[ichito]

Ad1. Free does not allow to kill a process
Ad2. Free does not allow to disable a monitored action in the rules section, meaning SpyShelter does not monitor that action for all processes.

OK...agree with first point - it doesn't offers action "terminate"

but...you can always use command "deny" and then find this one rule on rules tab, call context menu and use line "block the component execution". As an effect we can't launch process and interresting thing is - not listed monitored actions are stil working and as an example is action connected with described issue. If we use "deny" not presented action #53 (execution an application) start working what means that even not offered feature is working as hidden

Similar situation we can observe with rules #48 and #54.

According to second point - I still don't know what you mean. Here is a comparison of context menu in free and firewall version - they are the same (although each view of rules list offers different number of commands)

 

[Deletedmessiah]

@ichito you stated in changelog of free version of some features being added and some removed. Some firewall related features were removed but I don't understand technical details. I want to ask if the firewall in free version is still sufficient for regular users?

 

[ichito]

@ichito you stated in changelog of free version of some features being added and some removed. Some firewall related features were removed but I don't understand technical details. I want to ask if the firewall in free version is still sufficient for regular users?

Yes, I think so...it allows
- detect internet connection in/out

used also by parent/child processes

- it offers creation of custom single/group rules using advanced rules setting window and box on the top
- if you use zone settings you can choose "undefined" and by this way all accesses without rules are prompted
- in network activity tab you can enter into listed connection and see recent serwvers list...each one you can block (adress IP or host name)

 

[Deletedmessiah]

Yes, I think so...it allows
- detect internet connection in/out
View attachment 249190View attachment 249192
used also by parent/child processes
View attachment 249191
- it offers creation of custom single/group rules using advanced rules setting window and box on the top
- if you use zone settings you can choose "undefined" and by this way all accesses without rules are prompted
- in network activity tab you can enter into listed connection and see recent serwvers list...each one you can block (adress IP or host name)
View attachment 249206

Thanks for the info.

 

[LDogg]

This does look like a pretty good product though.

~LDogg

 

[Lenny_Fox]

@ichito A picture tells more than a thousend words

I liked the idea of auto-allowing Microsoft signed and enabling auto-blocking of suspicious actions. To prevent me from shooting myself in the foot I tried to enable only user-land based protection rules. I have set UAC to deny elevation of unsigned and running Microsoft Defender on Max, so executables are sort of whitelisted. Spyshelter HIPS could monitor user land / medium IL processes not turning rogue. This is only possible in the paid version (which I understand, not complaining).

@LDogg after using it for 6 months I can confirm it is a nice program. Spyshelter has a good data base of trusted vendors to make this a quiet HIPS in HIGH or MEDIUM mode. With my extra Exploit Protection settings most Microsoft applications are only allowed to load Microsoft Signed DLL's. Combined with Simpel Windows Hardening this raises some extra barriers for Microsoft programs to turn rogue (hence the auto-allow M$-signed).

 

[ichito]

@ichito A picture tells more than a thousend words

I liked the idea of auto-allowing Microsoft signed and enabling auto-blocking of suspicious actions. To prevent me from shooting myself in the foot I tried to enable only user-land based protection rules. I have set UAC to deny elevation of unsigned and running Microsoft Defender on Max, so executables are sort of whitelisted. Spyshelter HIPS could monitor user land / medium IL processes not turning rogue. This is only possible in the paid version (which I understand, not complaining).

Haha...it was an "attack by obfuscation"...first you wrote about rules tab not list of monitored and yes...a picture is more informative Already I know what you mean. Yoe are right - disabling monitoring of an action is not allowed in free version but...always is some "but" ...sometime you can bypass this limitation editing advanced rules (if needed behaviour is avaliable).

 

[HarborFront]

If using Spyshelter's firewall do I need to turn OFF Windows's default firewall or Spyshelter's FW needs Windows's default firewall to work?

 

[Lenny_Fox]

If using Spyshelter's firewall do I need to turn OFF Windows's default firewall or Spyshelter's FW needs Windows's default firewall to work?

It is so long ago I installed SpyShelter, but when my memory serves me right the setup offers an option to use WFP (Windows Filtering Platform) and or an óther driver (forgot the name). I know I use WPF for certain, but don't remember whether that was the default. I did not turnoff windows FW (thinking Windows FW also uses WFP).

BTW still using SpyShelter HIPS + FW with auto-allow Microsoft signed.

 

[HarborFront]

There's an image of Spyshelter free which I downloaded from the net. What does TDI firewall driver means? If I choose TDI firewall driver does that mean I can disable Windows firewall? Will Spyshelter auto disable Windows firewall here?

Assuming I choose WFP firewall driver does that means I can disable Windows firewall ie WFP CANNOT be disabled. Here can I still use Spyshelter firewall?

 

[Lenny_Fox]

There's an image of Spyshelter free which I downloaded from the net. What does TDI firewall driver means? If I choose TDI firewall driver does that mean I can disable Windows firewall? Will Spyshelter auto disable Windows firewall here?

Assuming I choose WFP firewall driver does that means I can disable Windows firewall ie WFP CANNOT be disabled. Here can I still use Spyshelter firewall?

Sorry something lost in translation, I intended to post that I have kept it enabled.

Spoiler: Windows FW settings

 

[HarborFront]

Ok found the answer between using TDI and WFP firewall driver as below in FAQ 2.14

What is the difference between TDI and WFP firewall drivers?

Windows XP users should use TDI driver, while Windows Vista/7/8/10 should use WFP driver. SpyShelter detects your system version and uses recommended driver automatically. You can read more about them on the internet. While it is possible to change the currently selected Firewall driver, we strongly advise to not do it.

SpyShelter Help

SpyShelter Help

www.spyshelter.com