Intrusion Detection Software: a Survey of Products
http://www.techsupportalert.com/intrusion-detection.htm
===
Freeware only list
1)Processguard (lite version)
http://www.diamondcs.com.au/processguard/
Solid product, protects your apps from termination, all processes not
whitelisted will be stopped from starting while awaiting your decision.
The current freeware version does not block global hooks,memory injection
etc
2)System Safety Monitor (freeware,time limited?)
http://maxcomputing.narod.ru/ssme.html?lang=en
Probably most complicated product on the list, lots of features -
monitoring processes, installation of services, memory/code/dll injection
, plugin also monitors registry for startups etc. Recommended only for
the most technie user.
The current version will expire in May 05, there are plans for a
commerical release as well as a free version...
3) Abtrusion protector (freeware)
http://www.abtrusion.com/
Getting old. But gets the job done. Basicly monitors executables and
stops unrecognised ones from running.
4)Winsonar (freeware)
http://digilander.libero.it/zancart/index.htm
Similar to Abtrusion protector, includes the function of automaticly
detecting if you are online and offering to autoterminate unknown
procceses.
5) Antihook (freeware)
http://www.infoprocess.biz/
Very new product.
"AntiHook is an Australian-developed desktop intrusion detection and
prevention application that protects against such threats, blocking any
suspicious activity rather than pattern matching or waiting to be given a
list of threats. It does so in real time by requesting the user's
permission before allowing programs to do risky things such as load
Windows Hook DLLs or Browser Helper Objects, write data to an area of
memory that belongs to another process or create threads that run in the
virtual address space of another process."
http://smh.com.au/articles/2004/12/13/1102786984219.html?oneclick=true
6)LOMHeuristic
http://www.lommage.co.uk/lomheuristic/
"The main aim of this software is to create a free, low resource usage
anti-virus scanner for everyone. It's open source and protected by the
GPL so that the continuation and progression of its technology can be
added upon as and when virus's come into circulation. The technology
isn't like other Anti-Virus scanners, there is no 'signiture file' which
catalogues virus's when they are released, this software uses heuristic
detection to analyse 'what' a file is trying to do, and based on what its
trying to do, will warn the user of malicious intent."
The idea is relatively simple, it associates itself with extensions like
com,bat,exe so when such files are run it will analyze the file and tell
you what the file is likely to do.
Note: The author is known to be a former trojan writer, but the source is
for this proggie is available, so if you can check it out and compile it
yourself it should be safe.
7) WehnTrust
http://www.wehnus.com/products.pl
"WehnTrust is a Host-based Intrusion Prevention System (HIPS) that
provides secure buffer overflow exploitation countermeasures.
* Randomized Image Files (DLLs, EXEs with relocations)
* Randomized Memory Allocations (Stack, Heap, etc)
* Randomized PEB/TEB
* Application and Image File Randomization Exemptions "
It looks good, but i've found that the "Randomization" will confuse some
security programs that need to keep track of processes. For example,
software firewalls.
8) Winpatrol -http://
www.winpatrol.com/
Probably most popular product on the list.
9) Teatimer
Aaron
