Battle VoodooShield vs. Re:HIPS vs. RansomOff vs. OSArmor

imuade

Level 12
Thread author
Verified
Top Poster
Well-known
Jul 29, 2018
566
Hi there, what's your opinion about these SWs which can run alongside a traditional AV ?
If you wanna add any other app, please do it. But please, just add FREE SW (for example, SecureAPlus is not an option since it's free for 1 year only)
 
  • Like
Reactions: vtqhtr413
5

509322

Right. I wonder how many people will actually be able to claim anything from the $50 million allocated for settlements from the Yahoo breach in 2016.

How many hospitals and government agencies are using your products? I fear the day when we p*** off China/Russia, and they launch an all-out attack on our infrastructure. We need all the protection we can get.

IT security and medicine are the same in one very fundamental way - people\organizations do not listen, refuse to take and follow advice even in the face of dire consequences.

For example, how many people go to a doctor and say: "Hey Doc, I am sick. Please help me ?"

Doctor replies: "If you want your improve your condition, then you must do these things..."

The person leaves the Doctor's office and does not do a single thing that the Doctor told them to do.
 
  • Like
Reactions: ebocious

ebocious

Level 5
Verified
Well-known
Oct 25, 2018
232
IT security and medicine are the same in one very fundamental way - people\organizations do not listen, refuse to take and follow advice even in the face of dire consequences.

For example, how many people go to a doctor and say: "Hey Doc, I am sick. Please help me ?"

Doctor replies: "If you want your improve your condition, then you must do these things..."

The person leaves the Doctor's office and does not do a single thing that the Doctor told them to do.
Having worked in IT for a couple of small businesses, I know exactly what you mean. But it is my understanding that some of them have already deployed AppGuard. And I know you've had a bit of recognition, including an IoT Evolution Product of the Year award for LinkGuard. I was just curious as to how far word of your success has spread.

Truth has to travel a long, hard road full of obstacles. Any budding enthusiast posting what he thinks he knows about tech can make an impression on somebody, who takes his word as gospel and never looks any further. But there are those of us who appreciate the difference between paper and practice. I've seen Cruel Sister's video on AppGuard, where she installed it on an already infected system, and had it block the malware upon reboot. I have AppGuard Personal installed on one VirtualBox VM, which also contains a couple of purchased apps that I wanted to preserve on a hardware-independent image so I never have to lose them. The only reason I don't have AG installed on every one of my machines is because I can't afford it.
 
5

509322

But it is my understanding that some of them have already deployed AppGuard.

In the SRP\default-deny arena, AppGuard is a global leader.

There is global interest and deployment. At this time most are in Japan and U.S. That includes large-scale, single deployments in excess of 30,000 endpoints. Clients include large enterprises and government agencies at all levels. There is large-scale consumer installs via the various 3rd-party channel resellers.

And I know you've had a bit of recognition, including an IoT Evolution Product of the Year award for LinkGuard.

LinkGuard is the IoT version of BorderGuard, which is a product developed by Blue Ridge Networks. BRN is a major shareholder of AppGuard INC.

Microsoft heavily promotes default-deny at the IT Pro\Enterprise level. It is a recommended best practice to have a multi-layered default-deny system that includes SRP. That includes ASR by disabling what is not needed.

You will see an individual or two on the forums saying that if it is shipped with Windows, then it should not be permanently disabled. That advice is contrary to Microsoft's own best practice guidelines. And what Microsoft promotes is IT Security 101. Contrary to what only a few ignorant individuals will say - because they don't know what they're talking about - disabling stuff does not cause serious breakages. There are multiple test systems and countless default-deny configurations that confirm that fact. SRP and Microsoft have proven across decades, upon millions of systems, that disabling what isn't needed provides the highest attainable security possible. Otherwise, Microsoft would never promote it.

Without some form of whitelisting in-place, there is little resistance that an attacker faces in a post-exploit environment.

AppGuard as a product offers the user a means to lock down the system in a simple, lightweight package. It is up to the user to decide what type of policy they wish to apply - from lenient to an extensive lock down. Contrary to what others say, learning SRP is simple. There are children and grandmas who do it. If children and grandmas can do it, anyone can do it. So the usability objections are bogus. If you have a 10 year old child and a 92 year old woman who, both not knowing the first thing about IT security, can use AppGuard, then usability is not an issue.

I've seen Cruel Sister's video on AppGuard, where she installed it on an already infected system, and had it block the malware upon reboot.

Malware running from User Space with an autostart. As CS pointed out, it was an unconventional use case. Nevertheless it shows the product works.
 
Last edited by a moderator:

ebocious

Level 5
Verified
Well-known
Oct 25, 2018
232
Contrary to what others say, learning SRP is simple. There are children and grandmas who do it. If children and grandmas can do it, anyone can do it. So the usability objections are bogus. If you have a 10 year old child and a 92 year old woman who, both not knowing the first thing about IT security, can use AppGuard, then usability is not an issue.
Agreed. In a lot of cases, the most vehement naysayers are people who have never used the product. To me, the most annoying false positives are when an AV product quarantines something, and then you have to pause protection, restore the file, and whitelist it. VS looks fairly simple by comparison.

Malware running from User Space with an autostart. As CS pointed out, it was an unconventional use case. Nevertheless it shows the product works.
I realize it isn't the purpose for which AG was created. Nevertheless, it was impressive to see a dozen malicious programs crippled in an instant. The point I'm trying to make is: I'm a fan. :)
 
  • Like
Reactions: vtqhtr413
5

509322

In a lot of cases, the most vehement naysayers are people who have never used the product.

There is really only a dedicated trash talker on the forums. They talk trash on SRP not even knowing that it is a Microsoft best practice. And then they don't even understand what SRP is and what it is not.

AppGuard doesn't have a competitor in the default-deny space. AppGuard's closest competitor is Microsoft, and even then they're not really a competitor since their AppLocker product is limited to the Enterprise\Education Windows versions. Furthermore, our product is a successful paid product.
 
  • Like
Reactions: In2an3_PpG

dinosaur07

Level 12
Verified
Top Poster
Well-known
Aug 5, 2012
572
To me ReHips is more innovative and straightforward. I like it a lot plus i have some licenses for it and i am really amazed about its features.
 
  • Like
Reactions: shmu26
E

Eddie Morra

maybe abit offtopic but i would choose secureaplus. its abit like voodooshield with vt results, antiexe, cloudav+offline av(clam, totaly usless)
SecureAPlus is actually not too bad AFAIK but I do not have enough experience to comment properly. I've heard good things though.
 
  • Like
Reactions: shmu26

imuade

Level 12
Thread author
Verified
Top Poster
Well-known
Jul 29, 2018
566
Hi there, what's your opinion about these SWs which can run alongside a traditional AV ?
If you wanna add any other app, please do it. But please, just add FREE SW (for example, SecureAPlus is not an option since it's free for 1 year only)
I didn't add SAP because it's not really free, but it's a good option indeed.
I tried it for a while, but I liked VS more because of the VoodooAI.
OSA is very simple and mostly quiet, but recently I've switched to Re:HIPS and I have to say it's working very well alongside WD
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Anyone familiar with ransomOFF, to compare it against OSA?

I have ran syshardener on max, and using ransomoff on easy mode. I kinda think i have everything from OSA + ransomware protection.
I have added MBAE due anti-exploit. They run well together with Windows defender ( safe mode) but i dont think i have much to benefit from MBAE

I would probably use RE:HIPS right now, if i had license :unsure:
 

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
Anyone familiar with ransomOFF, to compare it against OSA?

I have ran syshardener on max, and using ransomoff on easy mode. I kinda think i have everything from OSA + ransomware protection.
I have added MBAE due anti-exploit. They run well together with Windows defender ( safe mode) but i dont think i have much to benefit from MBAE

I would probably use RE:HIPS right now, if i had license :unsure:
It sounds too complicated config, much of a headache to have specific solutions for specific threats:) and maybe some conflicts.Would it be easier to have a product that covers everything like KIS,BIS CIS etc.?
 

imuade

Level 12
Thread author
Verified
Top Poster
Well-known
Jul 29, 2018
566
Anyone familiar with ransomOFF, to compare it against OSA?

I have ran syshardener on max, and using ransomoff on easy mode. I kinda think i have everything from OSA + ransomware protection.
I have added MBAE due anti-exploit. They run well together with Windows defender ( safe mode) but i dont think i have much to benefit from MBAE

I would probably use RE:HIPS right now, if i had license :unsure:
I used RansomOFF for a while and it was very light, but I had a problem when I removed it. It left some leftovers and it messed up my taskbar and browser settings (don't know why).
Re:HIPS can be used even with the free license. I have Firefox Portable and it always uses 4 processes, so it can work sandboxed without problems (the free version limits the concurrent sanboxed processes to 10 max), but Re:HIPS will offer a great protection even as anti-exe because it will inspect children (so, it can work as a post-exploit mitigation)
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
@Nestor well i have burnout from CIS, its great and i rely on their firewall but i kinda want something new. CIS just make too many processes compared to having cf only, for same result. Rather run cf + other av

I used RansomOFF for a while and it was very light, but I had a problem when I removed it. It left some leftovers and it messed up my taskbar and browser settings (don't know why).
Re:HIPS can be used even with the free license. I have Firefox Portable and it always uses 4 processes, so it can work sandboxed without problems (the free version limits the concurrent sanboxed processes to 10 max), but Re:HIPS will offer a great protection even as anti-exe because it will inspect children (so, it can work as a post-exploit mitigation)
Im fine with re:hips free for personal use but i want to use products that i can install on someones elses computer without worry about demo product warnings. Not a big deal to turn isolation off on chrome tho, if everything else works fine indeed.

Not any issues yet with ransomOFF, even the build is post 1809 windows built

Im looking forward @cruelsister if she could test ransomOFF again someday
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Im fine with re:hips free for personal use but i want to use products that i can install on someones elses computer without worry about demo product warnings.
In that case, you can unisolate everything except for Internet Explorer, and other unsecure apps if you have any.
Make sure, when unisolating, to set that process to "inspect children". Often, it is already on that setting, but not always.
The unisolated processes will still be protected by ReHIPS anti-exe and application control, as @imuade said -- as long as they are set to "inspect children".

ReCrypt will kill me for explaining to people how to use his product without paying LOL :) but I think the anti-exe and application control is strong enough to protect the system, even without all that complicated isolation stuff. Of course, isolation provides even better protection, if you can afford it.
 
Last edited:

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Appreciate the explanation @shmu26!
Yeah appreciate it

Yes. Complicated with overlap. :eek:
I dont think theres overlap at all, going with re:hips is just lighter option than ransomoff . ( well atleast the performance is better right now than during cis)

Since i have syshardener @ ''max'' the scripts cant run anyways so anti-exe would be bit redundant, but i dont see reason to go without unless it affects my computing performance

I could get Rid of MBAE, but all good for now
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top