-Reghide: when the Reghide.exe is allowed to run now for the curent action, the "systems internals" hidden key was created and not shown by SafenSec.
When the curent action is blocked, the hidden key can't be created.
But SafenSec failed because the "can't touch me" value was not shown on the alert.
SafenSec is the winner against Registry tests.
SafenSec can't prevent its own process memory to be read, written or modified.
SafenSec was not able to deny the access to the physical device memory.
SafenSec failed against memory manipulation tests.
***Data theft (with Trojan demo):
SafenSec has detected all the action made by the trojan demo and was able to block the data stealing.
SafenSec is the winner.
-Install a service: SafenSec has detected the call to the service registry keys and has also the ability to block it.
SafenSec is the winner.
-Service termination: i was not be able to stop or suspend the service with TakeControl or EkinX.
I consider that SafenSec is the winner.
-service/driver modification: SafenSec is the winner (good self-protection)
-unloading a driver: SafenSec does not detect that the Trace.sys driver is loaded by Kapimon.
SafenSec is the winner against service/driver manipulation tests.
SafenSec has detected the CDROM and has prevented it from running.
SafenSec is the winner.
-open/close the CDROM drive: SafenSec has detected the current action and was able to block it ("block alway this current action": SafenSec is the winner.
-Launch several windowsapplications at the same time: each application was detected before running and was blocked by SafenSec: SafenSec is the winner.
SafenSec is the winner against Jokes tests.
SafenSec has detected the calls made by SDTester but not really the Buffer overflow and has also failed with the OverflowGuard test.
SafenSec failed against Buffer/heap overflow tests.
***Deactivation methods (with Autorun3):
-trachscan: SafenSec is the winner.
-Blacklisting: SafenSec failed.
SafenSec failed against deactivation methods.
-as a registry/application firewall, SafenSec is one of the most impressive among all tested products (total mode).It provides really a powerful activity control on the system,
-effective self-protection (the service can't be terminated),
-effective protection during the boot,
-works as a system start service (more effective during the boot than auto-start ),
-easy and intuitive configuration of programs, applications, actions (three zones: trusted, restricted, partially trusted/restricted and each kind of answer generates a list of applications in of these zones),
-answers to the alerts: "current action'on this session" are already checked and then we just have to click on "allow" or "block" (it's important to answer quickly in case of a suspect event).
-process termination utility,
-exellent support and reactive team,
-nice graphic interface,
-exhaustive informations for the user: pdf on the web site and help file in the set up package,
-consume too much resource,
-does not protect against advanced attacks and threats,
-more Detection than Prevention protection (then requires to be an experienced user and many interventions for alerts),
-very minor bug in the translation: SafenSec likes to remember us that it's a russian product!
SafenSec is a new product which could be interesting for the user who wants:
-to have a complete protection with the best value for money (full package with the antivirus),
-to control the activity on his system.
If the "total mode" is really effective to control activities, it requires from the user the "know-how" to distinguish legitimate behaviours from suspect ones.
I've tested this product for the first time at the end of 2004 and the trial was a real torture (no help file, internet connection needed, searching for activation key...).
Anf it's a good sign to notice that the SafenSec team has taken into consideration users opinions (on Wilders forum for instance) and many improvements have been made since the last year (installation more easy and quick, manual, support etc).
NB: i'd like to say a big thanks to Konstantin who sent me a special 30 days trial for my test (10 days only for the classical one).
Safe'n'Sec est un logiciel russe d'une société spécialisée dans la protection des licenses logiciels contre les pirateries et autres contrefaçons.
Safe'n'Sec existe en deux versions, l'une avec l'antivirus integré de BitDefender, et l'autre avec Safe'n'Sec uniquement.
Safe'n'Sec est avant tout un contrôleur d'activité basé sur les technologies dite "pro-active".
Son contrôle s'opére au niveau des appels vers le registre oû toute activité est intérceptée, puis signifiée à l'utilisateur par une alerte.
Agissant comme un service pour plus d'éfficacité et de sécurité, il fonctionne selon trois modes d'administration: trusted (confiance), normal (strict) et total, dernier mode avec lequel Safe'n'Sec fait preuve d'une prècision assez impressionnante.
Chaque réponse à un alerte génére automatiquement une liste d'action/application vers trois zones distinctes: trusted/autorisée, restricted (interdite) et partiellement autorisée.
S'il est à même de détecter l'activité d'un parasite, seul l'utilisateur éxpérimenté capable de discerner une activité légitime d'une activité suspecte peut reélement en exploiter tout le potentiel.