Top articles

  • ABTRUSION PROTECTOR

    20 mai 2005 ( #HOST INTRUSION and PREVENTION SYSTEM TESTS )

    Abtrusion Protector free personal edition: It's now an "old" product which has not been updated since 2 or 3 years. The primary benefict of this product is the ability to recognize and certify files with strong hashes algorithms (MD5, SHA-1). During the...

  • ABTRUSION PROTECTOR Part 2

    20 mai 2005 ( #HOST INTRUSION and PREVENTION SYSTEM TESTS )

    ***Simulate a trojan with Trojan Simulator: Abtrusion Protector can prevent the execution of the trojan test. AP is the winner. ***Memory manipulation: -with UH: AP can't prevent its own process memory to be read and written: AP failed. -Access to physical...

  • ABTRUSION PROTECTOR Part 3

    20 mai 2005 ( #HOST INTRUSION and PREVENTION SYSTEM TESTS )

    CONCLUSION: * **The pros : -Abtrusion Protector works as a sandbox and can prevent unknown or unwanted files from running on the system with its integrity features (can certify files with strong hashes algorithms): that which is not recognized and certifified...

  • GENERAL POINTS

    15 juin 2005 ( #HOST INTRUSION and PREVENTION SYSTEM TESTS )

    ABSTRACT A classical defense with anti/virus/trojans/spywares has shown some limits against advanced threats like worms, network backdoors or rootkits. The security of computers has to evolve in an innovative and more efficient way. Among many scanners...

  • SECURITASK 2005

    15 juin 2005 ( #HOST INTRUSION and PREVENTION SYSTEM TESTS )

    SecuriTask2005 Securitask 2005 is a french product which is considered as a firewall application by its authors. This software prevent unwanted process from running on the system. Securitask2005 has also the ability to block/lock unwanted/untrusted services...

  • SYSTEM SAFETY MONITOR

    17 juin 2005 ( #HOST INTRUSION and PREVENTION SYSTEM TESTS )

    System Safety Monitor System Safety Monitor is another russian product which is considered by its author as an application firewall. System Safety Monitor does not only provide the ability to control activities on the system. It's an exhaustive product...

  • PROCESSGUARD

    02 juillet 2005 ( #HOST INTRUSION and PREVENTION SYSTEM TESTS )

    ProcessGuard. ProcessGuard is an australian product from DiamondCS, a small business but dynamic enterprise specialized on security softwares for home users. "ProcessGuard was created out of the need for a solution to be found for a very big problem that...

  • VIGUARD

    03 juillet 2005 ( #HOST INTRUSION and PREVENTION SYSTEM TESTS )

    Viguard Like its forefather Invircible, Viguard is more considered as an antivirus without signatures. It's a french product which is well known in administrations and corporate environment in Fance or in USA (the general public is more familiar with...

  • OSSURANCE DESKTOP

    06 juillet 2005 ( #HOST INTRUSION and PREVENTION SYSTEM TESTS )

    OSsurance Desktop "OSsurance Desktop Technology involves Executable Authentication Management which authenticates system calls against a trusted list of files and executables". OSsurance Desktop from the canadian security firm OSSecurity is pre-eminently...

  • ANTIHOOK V2.5

    09 juillet 2005 ( #HOST INTRUSION and PREVENTION SYSTEM TESTS )

    ANTIHOOK V 2.5 AntiHook V2.5 This update only concerns changed results: others ones remain the same. ***Registry test: -with Regtest 1: AntiHook is the winner. -with Scoundrel Simulator: AntiHook detects the startup entry in the registry but failed against...

  • SOFTCLAN INTEGRITY 2005

    17 juillet 2005 ( #HOST INTRUSION and PREVENTION SYSTEM TESTS )

    SoftClan Integrity 2005 SoftClan Integrity is a spanish product available since 2000. The old version is always available in english version but only concerns Windows 95/98/ME. SoftClan Integrity 2005 protects the integrity of the system and also any...

  • PODIUM and OVERALL

    25 juillet 2005 ( #HOST INTRUSION and PREVENTION SYSTEM TESTS )

    PODIUM ProcessGuard (PG) VS System Safety Monitor (SSM) VS Viguard NB. the secure mode (administrator for SSM, "blocking new and changed applications" for PG) is not enabled. Viguard with critical files protection (Windows\System32, INI etc). ***Rootkit...

  • ABUSE SHIELD

    12 janvier 2006 ( #HOST INTRUSION and PREVENTION SYSTEM TESTS )

    AbuseShield " Globesoft AbuseShield" is a comprehensive tool for monitoring and controlling your desktop or server environments so that only the software you specify can run. AbuseShield also monitor file system activities.This means that even if you,...

  • ALL-SEEING EYE

    06 novembre 2005 ( #HOST INTRUSION and PREVENTION SYSTEM TESTS )

    All-SEEING Eye All -Seeing Eye is another Desktop Intrusion Prevention System designed to monitor several system's areas : -processes, -loading dlls, -services/drivers, -Browser Helper Objects (BHO), -ActiveX, -HostFile, -Winsock LSP, -registry keys,...

  • Dimanche/Sunday 08/05/2005

    08 mai 2005 ( #NEWS and RESOURCES )

    ***Spammers launch Tony Blair Trojan. ***Bugwatch: Next generation "zero day" attacks. ***How to Audit your Network via Packet Analysis. ***My days with Longhorn. ***Genome may be future step for virus writers. ***Brits fall prey to phishing. ***Fighting...

  • News and Tools

    04 juin 2005 ( #NEWS and RESOURCES )

    -Botnets: who really "owns" your computers? -Hackers plot to create massive botnet -Device drivers filled with flaws, threaten security -Phishing alert: multiple french banks -Le phishing s'attaque aux banques françaises. -The future of Mozilla Firefox:...

  • INTEGRITY/HASHES/CHECKSUM Utilities

    07 août 2005 ( #FREE TOOLBOX )

    Here we're only interested in Integrity verification tools, not in more advanced integrity host protection. Ici nous ne nous intéresserons qu'aux utilitaires de vérification d'intégrité, non aux systèmes plus évolués de protection par intégrité. Ditmar...

  • FILES MONITORS

    24 septembre 2005 ( #FREE TOOLBOX )

    Sometimes an user can need to see what changes have been made by a software installation or to monitor some files and folders for suspect activity prevention. In this case, files monitoring softwares are very helpful. L'utilisateur a parfois besoin de...

  • HARDENING The TCP/IP STACK

    20 juin 2005 ( #LINE DEFENSE )

    HARDENING WINDOWS HOST Part 1: Hardening the TCP/IP Stack By default, all Windows systems come with a defenceless TCP/IP stack. It's suited to harden it against network attacks like Syn flood (a kind of DOS). Par défaut, les systèmes Windows sont livrés...

  • Hardening Windows Host part 2 : WINDOWS SERVICES CONFIGURATION

    20 août 2005 ( #LINE DEFENSE )

    Windows comes with unnecessary services which require to be configured properly to gain memory resources and to increase the security level. The configuration depends on each environment, that's why we can't define recommended rules for any user: it must...

  • Hardening Windows Part 3: Closing critical ports

    10 septembre 2005 ( #LINE DEFENSE )

    Closing critical ports/Fermer les ports critiques Disclaimer: Close only ports that which are not necessary in your configuration. For a single computer only used to surf (no Messenger and so on), only port 80 is required. Avertissement: Fermez uniquement...

  • ADVANCED INTEGRITY CHECKERS

    13 janvier 2006 ( #LINE DEFENSE )

    In a previous article, we've reviewed some free integrity checkers. On this article, we'll focus in advanced ones (paid for most of them). Integrity checking for change detection is an important feature for security softwares, especially in intrusion...

  • WHY YOU SHOULDN'T RUN ONLY WITH AN ANTIVIRUS + FIREWALL AND WHY A PROACTIVE PROTECTION IS NECESSARY

    25 janvier 2006 ( #LINE DEFENSE )

    In this first article we’ll just show that the couple scanner (antivirus/antitrojan/antispyware) + Firewall is not sufficient to mitigate security risks for home users. Then we'll review and list available Desktop/Host Intrusion Prevention Systems designed...

  • WINDOWS ROOTKITS COUNTERMEASURES Part 2: Profiling a Rootkit: HackerDefender

    17 décembre 2005 ( #LINE DEFENSE )

    HackerDefender is the rootkit that which is the most used in the wild. It was included in the threats list of the Microsoft Removal tool this year. HackerDefender or HxDef is the favourite rootkit of Script-Kiddies for many reasons: -light (199 ko for...

  • Profiling a rootkit: Hacker Defender Section 2

    18 décembre 2005 ( #LINE DEFENSE )

    Registry Tracking with RegMon: 2712 56.77157974 hxdef100.exe:448 OpenKey HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionshxdef100.exe NOT FOUND 2713 56.77293015 hxdef100.exe:448 OpenKey HKLMSystemCurrentControlSetControlTerminal...

1 2 > >>