Battle VoodooShield vs. Re:HIPS vs. RansomOff vs. OSArmor

imuade

Level 12
Thread author
Verified
Top Poster
Well-known
Jul 29, 2018
566
Hi there, what's your opinion about these SWs which can run alongside a traditional AV ?
If you wanna add any other app, please do it. But please, just add FREE SW (for example, SecureAPlus is not an option since it's free for 1 year only)
 
  • Like
Reactions: vtqhtr413

imuade

Level 12
Thread author
Verified
Top Poster
Well-known
Jul 29, 2018
566
I like this setup, and I don't see how you can go wrong (don't know about Immunet however). I have a question, though. What about AppCheck A/RW in place of RansomOff? Anyone can compare the two as is now? I am using AppCheck free with OSA, and it's been good as far as I can tell for 3 years now with constant updates and positive developments etc.

I second what @Moonhorse said :)
RansomOff comes with 6 modules:
  1. Ransomware protection
  2. MBR protection
  3. App lockdown protection
  4. Backup and restore protection
  5. Folder protection
  6. HIPS-lite
I'm currently using 1, 2 and 6
I also use SysHardener, I didn't mention it because it's like "you use it once and you're done" :)
@AtlBo Ransomoff offers complete lock down, if you set it up well it will have more features than appcheck do, appcheck is just lighter + install&forget
Also it has hips, immunet will cover rest just replace osarmor with syshardener on max:emoji_innocent:

Also, I was reading about the new Kaspersky free program here:
Q&A - Kaspersky Security Cloud Free
It's like Kaspersky A-V Free with some extra protections. Maybe a good choice for your situation idk...

I tried both KSC and KAV, but had bugs with both
The only issued I had with KFA is that it doesn't automatically update signatures, I think it's a bug.
About the ability to configure every module's settings, you can use Kaspersky Cloud Security Free. I tried it and it was quite good, but I think there is a bug there too.
Even if the Free version doesn't have a Firewall, I got a warning on Windows Security Center because Kaspersky Firewall wasn't working... and when I clicked "open Kaspersky Cloud Security for more details", the Firewall options actually opened
 
  • Like
Reactions: stefanos
D

Deleted Member 3a5v73x

Im confused, im not sure are you trolling or not. But well then
No trolling. I was referring to Elders 65+ who just bought their first laptop and young ones as who just started going to school 7+. Just sharing my experience what works the best for people I know. Nobody knows here about any OSArmor, VoodooShield, etc. programms. People blindly use here what is more advertised in media and apologies for misunderstanding. :giggle:
 
F

ForgottenSeer 69673

Now I wish I would have saved that video I watched the other day about todays youth trying to use a rotary phone. Now that was funny.
I am in the 65 year old class and got my first Sinclair 1000 computer in the 70's and have been messing with AV's and other software for many years. ( think dialup) . It took all night to download a 3 meg file. I still use Voodooshield and like ForgottenSeer 58943 says, there are very few FP's now days. I had one yesterday after installing Kaspersky Cloud Free.
that file was bcdedit.exe.
 
F

ForgottenSeer 58943

Isn't immunet just ClamAV?

You are better off using ClamWin w/Clam Sentinel than Immunet if you are relying Clam. Maybe Immunet has changed, but I always remember it using Clam.
 
  • Like
Reactions: AtlBo

imuade

Level 12
Thread author
Verified
Top Poster
Well-known
Jul 29, 2018
566
Isn't immunet just ClamAV?

You are better off using ClamWin w/Clam Sentinel than Immunet if you are relying Clam. Maybe Immunet has changed, but I always remember it using Clam.
Immunet uses ClamAV, ETHOS and SPERO engines and all of them can be turned off.

Generic Signature Engine (ETHOS)
  • Known as the Fuzzy Fingerprint
  • One-to-Many matching
  • Algorithmic detection engine
  • Applied to Good and Bad Files
  • Captures an infection and all variants
  • Enables the Cloud to data-mine characteristics of good files and bad files
  • Uses automated created of generic signatures

Machine Learning Engine (SPERO)
  • Fast Heuristic Engine
  • Classifies the PE from over 400 characteristics including:
    • PE Header
    • Referred DLLs
    • Common Object File Format (COFF) attributes
  • Enables the Cloud to data-mine characteristics of good files and bad files
  • Uses “Big Data” techniques to distinguish Good files from Bad files
I think there is a 4th engine (Cisco Talos AMP ?) that can't be turned off, based on what I read on Immunet Forum (even if a bit outdated) A Question About Spero And Ethos.

SPERO and ETHOS are both generic engines. To be precise SPERO is an engine which is trained using machine learning techniques and is reliant on file 'features' versus a signature per se. ETHOS is an engine which actually uses an algorithm designed to do 'file clustering'. You can turn off both and still be protected from the 20X million threats. That number is derived from the number of files we know we stop with 'one to one' matching which is driven off an engine in the product which cannot be turned off.
 
Last edited:

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
@AtlBo Ransomoff offers complete lock down, if you set it up well it will have more features than appcheck do, appcheck is just lighter + install&forget

OK thx very much. Think I will see if I can find the most recent test of R/O :)
 
  • Like
Reactions: Moonhorse

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,714
I agree about SysHardener, if you set it and something is not working, then it's difficul to understand which setting you have to revert.
But about OSArmor, I think it's extremely easy to use, since you can make an exclusion from the popup (in this it's very similar to VS, but less annoying).
With my current setup, the used RAM (from task manager) is around:
  • Immunet: 30Mb
  • OSArmor: 15Mb
  • RansomOff: 120Mb
CPU and disk usage is nearly zero for each of them, plus I don't see any delay when I launch an app or I browse my folders or I use internet. And that's what matters most for me.
With Syshardener, first have a backup if you are unsure of something. If you are worried, don't enable multiple settings at once, try them one by one.
 

imuade

Level 12
Thread author
Verified
Top Poster
Well-known
Jul 29, 2018
566
I checked the last malware samples https://malwaretips.com/threads/8-08-2018-20.85814/#post-755763 on Cisco Talos File Reputation Talos File Reputation - Cisco Talos

Detection is 12/20 (maybe ETHOS and SPERO engines could have added something)

c79ce6758d33880e7253ed62381b9cdc2b5a743986a645ca4f0ed6026ee17996
Evaluating

fda98eadf21eb3f3dc5e54a30240b2bfa6b52740bf6ead2093370487dbc5fd2d
Evaluating

2a7cb979327a2ced7fefc60d2c3f082c9b7600400c84845208f12133a4a4b915
Malicious

d6c2df18bd0ecf89d6c022fc2d7251352fcbb69ea2a2e219935b3d0d2bc93c94
Malicious

c7a52944ee636a34e88a3c79c2cb851191f6978c2d4efe5781a8c3bff24b782f
Evaluating (only Qihoo has detected it)

7d50cb316652d8ea2e10547563a494e0206d8871efcc6704577e9365e4604628
Malicious

f4974a68b01ccd04e55baae2e6308afa0620f497c8a9caf011c827eac8ce891e
Evaluating

49ed281e4ebef985841f7aee04e4ea0f8b6b4fc345b3cad3bcc6e18b7d08b48f
Malicious

f3946e1562efc1f609d6cf9474d70d1baf722d184aa2b20f13a801f3b21f0937
Evaluating (only Cyren has detected it)

269b7698524026377fac300bfd32619e14cfc9397cff8a5b369bc346bbaa36ef
Malicious

9c21f57897846e479f4da33c7ecc19aab323a92485fa3c3481ff37b18382237c
Evaluating (only Cyren and Kaspersky have detected it)

83ab9a5435bd4089d1348473c62baa24a996e8c6379a9ccb700aa8b64c6ee43f
Malicious

9ac75fcf374ae0dabd43dd103ee57420ffce1de1fb7d7c8467f1d0f248ced602
Malicious

ead42f1829a0c14ec81749b08ef67fc70ef6308ef6fa92291f26c573dfd0108f
Malicious

9e233042c950c05203087293c55d41edccd1ef3fd7108683c6e5b71eeb8c8bcc
Malicious

77fb19a29a7c56aeaffcf6cc663318010bdf24d86ba63d2f523e0438c01990da
Evaluating (only ESET and Qihoo have detected it)

a498e1270e27b453ba5fe0ee8be4dfadfbb4e186cbb5da6ae88f0baa09d2789e
Malicious

b37cc3be89e120642ff8e1dbf8cb5052ee21fecc5211d5df412bd9c647b8720c
Evaluating (only Fortinet, Rising and TrendMicro have detected it)

b629851831f8c1c82b40d4fa4fce40ab65e9e654acc16f1293d74ab4c437c63b
Malicious

8a279856a9c441bd2f216fb512500794d970e9bef19b3de935d8884c33189d1c
Malicious
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684

imuade

Level 12
Thread author
Verified
Top Poster
Well-known
Jul 29, 2018
566
when I scanned it with immunet 2 hours ago, it detected 9/20. immunet only deleted .exe and office extensions. It didn't support script files
only the cloud engines enabled, disabled clamAV

only 1 exe left in the folder
So, I don't understand if and how Cisco Talos is integrated in Immunet...
Anyway, adding OSArmor to Immunet is "mandatory" to increase protection, especially vs. scripts (y)
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
So, I don't understand if and how Cisco Talos is integrated in Immunet...
Anyway, adding OSArmor to Immunet is "mandatory" to increase protection, especially vs. scripts (y)
or syshardener is enough except malwares infecting via cmd
syshardener blocks most scripts by defaultith no resource consumption
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Someone that runs ccav ( default block mode untrusted files) wich one of these would he benefit most? Since malware with valid signature will pass ccav, hips /bb are only that could notify it? But anti-exploit like osarmor + syshardener can slow down that a bit, or even prevent it to run? Wich would be smartest choise if you think system resources to take care of that problem

edit: i have to check re:hips
 

imuade

Level 12
Thread author
Verified
Top Poster
Well-known
Jul 29, 2018
566
Someone that runs ccav ( default block mode untrusted files) wich one of these would he benefit most? Since malware with valid signature will pass ccav, hips /bb are only that could notify it? But anti-exploit like osarmor + syshardener can slow down that a bit, or even prevent it to run? Wich would be smartest choise if you think system resources to take care of that problem

edit: i have to check re:hips
Now CCAV has the option to use Viruscope to monitor apps running out of the sandbox too, so that's already an added layer.
SysHardener is a great tool to reduce the attack surface and it doesn't take any resources since it doesn't run in background (you open it, set what you want, reboot and that's all).
OSArmor is a good BB, very customizable and very quiet. On my PC it just takes 15Mb of RAM, so I'd suggest anyone to use it, no matter what security SW they already have
 
  • Like
Reactions: harlan4096

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Now CCAV has the option to use Viruscope to monitor apps running out of the sandbox too, so that's already an added layer.
SysHardener is a great tool to reduce the attack surface and it doesn't take any resources since it doesn't run in background (you open it, set what you want, reboot and that's all).
OSArmor is a good BB, very customizable and very quiet. On my PC it just takes 15Mb of RAM, so I'd suggest anyone to use it, no matter what security SW they already have
Well thats a good point didnt even think about viruscope
Syshardener + OSA+ CCAV + webfilter extensions would be nice. But really doesnt matter what i run since performance always is kind of same.
Only i could think is lacking web shield would speed up things ( even my eye wont notice it) kaspersky might affect bit on browsing
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top