Battle Why Do You Not Use an Anti-Executable ?

[hjlbx]

Hello All,

Question: Why do you not use an anti-executable - such as AppGuard, NoVirusThanks Exe Radar Pro or VooDooShield ?

In the face of a never-ending onslaught of new malwares, antivirus vendors cannot generate signatures fast enough. Consequently, users get infected. We all know the signature-only based protection model has been obsolete for many years now...

One tactic that effectively reduces over-reliance on signatures is to create a default-deny system - whereby the user "white-lists" (Allows) legitimate applications on their system and "black-lists" (Blocks) everything else. This is accomplished by using an anti-executable (AE).

All the AE vendors are addressing issues with their user-interfaces, fixing problems with software\Windows updates, adding features, etc. Current versions are vastly improved from those from a few years ago. However, anti-executables remain vastly under-utilized and seem to be generally ignored...

Let's see what the perception of AEs actually is versus reality. Vote !

Please select as many that apply...

 

[Ink]

Would Default Deny methods used by certain software in Antivirus or Internet Security, be considered an Anti-Executable or not?

 

[Dani Santos]

You should add annoying xD

 

[enaph]

You should add annoying xD

Can you explain why? I have used ERP for a couple of months and it hasn't been annoying - more like "set and forget" because I spent like 15 minutes on it and I could set ERP in lockdown mode. So no pop-ups and everything was working fine.

 

[Dani Santos]

Can you explain why? I have used ERP for a couple of months and it hasn't been annoying - more like "set and forget" because I spent like 15 minutes on it and I could set ERP in lockdown mode. So no pop-ups and everything was working fine.

I play a lot of indie games most them get blocked. Super annoying now i use common sense internet security 2016 beta 2 and some on demand scanners

 

[Cch123]

Would Default Deny methods used by certain software in Antivirus or Internet Security, be considered an Anti-Executable or not?

By definition yes.

I do use application white listing as part of my security setup, however, something important to note that this is not a panacea for all malware problems. There are many in the wild techniques to easily bypass anti-executables. The main purpose of anti exe for home users in my opinion is to prevent yourself from accidentally running malware or making dumb decisions. It is getting less and less effective at blocking exploit payloads, especially the ones from Angler exploit kit. I did quite extensive testing with the available standalone anti-exes, and I can say that angler successfully bypasses all but 2 of them. (An important thing to note is that Angler is now the most popular exploit kit, so its not that rare to encounter one) Also, kernel malware, dll injection, process hollowing...are not blocked by anti-exe. Hence for moderately knowledgeable home users, is it really worth it to put up with the alerts? You decide for yourself

Anyway in summary, what I am saying is to never treat anti-exe as a must-have in your setup and that it would end all your malware problems.

 

[Mr.X]

Average user: because I'm too lazy or busy to study/acquire new knowledge.
Savvy/enthusiast: I have no excuse not to use one imao.

 

[Azure]

I play a lot of indie games most them get blocked. Super annoying now i use common sense internet security 2016 beta 2 and some on demand scanners

Voodooshield and EXE Radar Pro have learning/training mode. Once configured, you can get the program to grow accustomed to your games. Or, in the case of EXE Radar Pro(haven't used the paid version of Voodooshield), you can manually add files to the whitelist.

 

[hjlbx]

By definition yes.

I do use application white listing as part of my security setup, however, something important to note that this is not a panacea for all malware problems. There are many in the wild techniques to easily bypass anti-executables. The main purpose of anti exe for home users in my opinion is to prevent yourself from accidentally running malware or making dumb decisions. It is getting less and less effective at blocking exploit payloads, especially the ones from Angler exploit kit. I did quite extensive testing with the available standalone anti-exes, and I can say that angler successfully bypasses all but 2 of them. (An important thing to note is that Angler is now the most popular exploit kit, so its not that rare to encounter one) Also, kernel malware, dll injection, process hollowing...are not blocked by anti-exe. Hence for moderately knowledgeable home users, is it really worth it to put up with the alerts? You decide for yourself

Anyway in summary, what I am saying is to never treat anti-exe as a must-have in your setup and that it would end all your malware problems.

I agree with Cch123...

AEs are nothing but a preliminary shield. Once the user "Allows" - or otherwise - certain infections to be installed there is really not much the AE will do to protect the system; AE is not meant to be a stand-alone system protection - other protection modules are needed.

Which AEs does Angler exploit kit not able to bypass... ???

 

[Azure]

Perhaps another reason people don't use it is the believe that UAC would do the same thing.

 

[hjlbx]

Would Default Deny methods used by certain software in Antivirus or Internet Security, be considered an Anti-Executable or not?

Yes.

I use Comodo and Kaspersky with anti-executable\default-deny configuration.

However, I suppose I was more interested in learning why more people do not use AEs... next will be to explore same regarding anti-exploit apps.

 

[Av Gurus]

One more program like this is SecureAPlus and it have cloud AV engine.
You can set it in Lock down mode for extra protection.

 

[jamescv7]

Simply for me, I don't need it as part of being well experience in computer experience. (Not professional though)

Anti-Executable is pretty effective on the setup but for some reason it can affect from your productivity mode which you usually do on your computer, since consist of setting it up and allow the alerts manually.

Based on my true to life experience, most people I've encountered are using Twitter, Facebook and Instagram always and never infected; An AV is enough. Common sense surely help them by ignoring some spam post.

It depends on which things you really need cause if part of browsing on same site everyday then nothing should happen at all. Make sure everything are updated to prevent any vulnerabilities.

But the type of default-deny is more capable to the savvy users who wants different experience on their configuration.

 

[bunchuu]

appguard didn't have free version for testing. Voodooshield didn't compatible with UAC. Exe radar pro interfere software installation.
in UAC we trust...

 

[Azure]

appguard didn't have free version for testing. Voodooshield didn't compatible with UAC. Exe radar pro interfere software installation.
in UAC we trust...

You can have Voodooshield and UAC both on. But because Voodooshield essentially covers what UAC does, it is consider redundant to have both on.
Latest beta builds of EXE Radar Pro have an "install mode" for installing and uninstalling softwares.

 

[hjlbx]

I configure my system with those apps that work best on my specific rig and work best for me... then I lock it down with AE.

I have not experienced any issues... and the AEs do protect the system.

It comes down to personal preference.

 

[Andrew999]

I like crystal security http://www.crystalsecurity.eu/

 

[Av Gurus]

I configure my system with those apps that work best on my specific rig and work best for me... then I lock it down with AE.

I have not experienced any issues... and the AEs do protect the system.

It comes down to personal preference.

WHat about the Windows update.
Do you update automatic or manual?
Do you have to turn off AE when update or not?

What about the other software update (Chrome, Firefox, CCleaner...)?

 

[hjlbx]

WHat about the Windows update.
Do you update automatic or manual?
Do you have to turn off AE when update or not?

What about the other software update (Chrome, Firefox, CCleaner...)?

No issues with automatic Windows updates using AppGuard - even in "Lock-Down" Mode; do not have to disable AppGuard to update Windows on my AMD W8.1 system.

With AppGuard you can add software publisher names to a list that will allow automatic application\software updates.

With VDS and ERP I likewise have no issues with automatic Windows updates and updating white-listed softs...

The AE vendors have addressed a lot of the user complaints regarding updates.

From what I understand, problems with Windows and softs updates is highly system specific... so I'm sure there are users who cannot update Windows and\or some softs without disabling the AE, updating, and then re-enabling the AE.

To me that is not that big of a deal for the increased protection provided by the AE.

My attitude and desire is to reduce dependence upon signature detection... although signature detection is still a valuable protection layer. With an AE I am able to accomplish this goal to a large extent... with a strong baseline level of protection.

I supplement my system with an anti-exploit: MBAE-P

AEs work for me ...

 

[Deleted member 2913]

Average users cannot handle UAC default properly. I have experienced this with my family, relatives, friends, etc... They simply click allow on both UAC & FW prompt.
If they knew to disable UAC, they will surely disable it as they find it irritating.
I know users who try to find UAC in Add/Remove so that they can uninstall it.

So AE is simply out of question for the average users.