Wednesday, July 31, 2013

Anti-Executable 5.0


A traditional signature-based antivirus utility checks files against a database of malware signatures. Behavior-based monitors detect malware by looking for signs of malicious activity. Anti-Executable 5.0 ($45, direct) takes a much simpler approach. Any program that's not on the list of permitted applications just can't run, period. Version 5.0 streamlines the user experience a bit, but it still has a few quirks.

Think of your antivirus utility as the doorman at a fancy nightclub. Bitdefender Antivirus Plus (2014) includes traditional signature-based detection; that's like a doorman with a list of undesirables who are banned from the club. The behavior-based SONAR detection built into Norton AntiVirus (2013) is like a doorman who sizes up the crowd and only lets in well-behaved patrons. As for Anti-Executable, it's the guy who just growls, "You're not on the list!"

In addition to the Standard edition reviewed here, Faronics offers a version specifically tuned for use on servers. There's also a centrally managed version designed for Enterprises. But at the core of all three is the same "default deny" technology.

Getting Started
The download package for Anti-Executable includes the PDF-based documentation, and you'd do well to read it before proceeding with installation. That way you'll know why you're being prompted to define an Administrator User password and a Trusted User password, and what it means if you check the "Include DLL files when creating control list" box.

The install process has changed since the last edition. Previously, you could choose whether or not to have Anti-Executable scan your system and add files to the whitelist. Opting out of that initial scan left you with a blank whitelist, meaning every program would be blocked. Sensibly, the current version always runs an initial scan.

Anti-Executable does assume that your system is malware-free. Its initial scan whitelists absolutely every program it finds, without considering whether it's malware or not. For best protection, you'll want to pre-scan the system with a free, tough cleanup tool like Malwarebytes Anti-Malware 1.70, Comodo Cleaning Essentials 6, or Norton Power Eraser.

As for including DLLs in the scan, doing so will help protect against threats like malicious Browser Helper Objects that don't run from an .EXE file. You can also set it to monitor Java JAR files. In theory, increasing the types of files tracked might affect performance, but I didn't notice any difference.

Execution Control List
The previous edition's separate whitelist and blacklist are now merged into a single Execution Control List. As noted, by default Anti-Executable whitelists every file it finds in a scan. You can go through the list and set it to block specific programs if necessary. Not sure about a file? From the list you can launch a Google search, or look it up in the Faronics Identifile database.

Note that if you check the box to include DLL files, you'll need to update the list. Otherwise launching an authorized executable could trigger dozens of alerts for not-yet-authorized DLLs used by that executable. Just click the Add button, select all relevant drives, and re-run the scan. You can also scan any particular folder and allow or block all found items in that folder, or in that folder and its subfolders.

There's an option to mark any executable on the list as Trusted. That means it's permitted to launch other executable files that aren't whitelisted. This seems a bit dangerous to me; I'd think twice before checking the Trusted box.

You can also whitelist files by publisher; just click Show Publishers and run a scan. Faronics sensibly removed the ability block publishers, since any program not explicitly allowed won't run. This edition also gives you granular control over publisher-based whitelisting. Most often, you'll whitelist all files signed by the specified publisher. Now, though, you can also whitelist based on the product name, the filename, and even the specific file versions. I'm not seeing the value of control at this level of detail; perhaps it's more significant in Enterprise settings.

Source: http://feedproxy.google.com/~r/ziffdavis/pcmag/~3/9q1soIZYppo/0,2817,2422344,00.asp

The Internship d day French Open 2013 dunkin donuts NBA 2K14 Roland Garros bay news 9

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.