Friday, January 25, 2013

[Review] Spyshelter Firewall 2.3

The Good :

- First class Anti-logger with innovative anti-sound capture module
- Policy-based restriction mode for processes
- Light on system
- Easy to configure and use
- Keystroke encryption (x64 only)
- Firewall

The Bad :

- Some options are obscure to the user (Hard Hook mode)
- Some modules doesn't support Win8 x64


Ok, There is my review of Spyshelter Premium 8 (SSP)


I want to precise that i cant test it against malwares since it creates BSODs on my Virtual Box, so it will be a descriptive and usability review.
i will do a malware test later.

One interesting thing, is when you install it , it ask you if you want it start with high or normal security after the reboot.

SSP sit on my system between 20-30mb WS of RAM, i don't feel any visible slowdown.

[Image: ZxMBwl.jpg]

1- Protection Tab

Spyshelter is an Anti-Keylooger and also an HIPS, here we can see the various protection modules, SSP, it share the common protection with other products but where it is innovative is the "Anti-sound module" that protect your system against VOIP sound trojan loggers and other sound capture.
Note: the kernel module is only for x86 systems

2- Rules tab

Here is the place where the rules will be shown, you can alow/deny/check/add/edit/remove them ,you can also impot/export some rules, clean old ones (from uninstalled programs) and check all component and details of them, i like the Virus Total integration, when a process is allowed/denied, you can upload the file to it.

3- Log tab

Here is shown all the decision made by SSP or by you, nothing very exceptionnal there.

4- Restricted Apps tab

Here is an interesting feature of SSP, it is in fact a kind of policy-based "Sandbox" (like OAP's Runsafer or Comodo's Auto-sandbox), with the addition of selecting which folder/file access will be allow/deny to be writed.
When an process is run restricted, its windows will got the "Restricted" tag (if selected in the settings)

5- Firewall

SpyShelter firewall module is designed to control (permit or deny) network transmissions based upon a set of rules.It's commonly used to protect computer system networks from unauthorized access while permitting trusted communications to pass.
SpyShelter Firewall supports IPv6 protocol

6- Keystroke Encryption

This feature (available for x64 system only) will encrypt any of your keystrokes (a la "Keyscrambler") so even if a keylogger successfully leaks datas to the attacker , he will not be able to read them.

6- Settings tab

There are the settings options

a- General : here nothing special except the auto-clean option of the rules, quite convenient.

b- Security: here you can allow how SSp will react when confronted to a process, you can select one of the 4 options, "Allow Microsoft" is the less intrusive, "Ask" the most (means more popups)

c- Advanced: here you can increase the protection by terminating processes and their child

Use Hard Hook seems to be an option to enforce compatibility with other security apps.

d- List of Monitored Actions : here you can decide what actions SSP will react from. When a popup will appears the number of the action will be shown so you can know what happened.

Hope you enjoyed the review Wink

1 comment: