Luketan/freeware

Interesting "shadow" software similar to Returnil, Powershadow. But in chinese only.

Essentially, you go into shadow mode and any changes after that is "virtual". when you reboot all changes are gone

Fairly well known hardening tool. Just updated

"Small tool which disables the default threats of a Windows XP installation. Besides disabling Windows and some of its components to communicate with Microsoft servers, xpy improves privacy settings and your system's security.

Features:
- Disable Windows communicating with Microsoft
- Disable questionable services
- Tweak Internet Explorer and Windows Media Player
- Remove Windows Messenger
- Improve privacy and security
- Improve performance"

Only for XP.

Vista users should use Vispa

VirtualBox is a open source virtual machine competitor to the well known vmware. It was recently acquired by Sun. This 1.6 is the first version released since then.

From the page: "COMODO Vulnerability Analyzer Version 1.0.0.9 (BETA) Released

Comodo Vulnerability Analyzer adds a critical layer of security to your PC by making sure that the software you have installed is up to date and does not contain any vulnerabilities.

* Scans your machine for software in which vulnerabilities have been discovered
* Checks that the software installed on your machine is the latest version and notifies you if there are updates available
* Notifies you when one of your applications has reached 'end of life' and is no longer supported by the vendor
* Provides a clear solution to each problem with links to patches, advisories and recommendations
* Updates every day with new advisories to deliver real time security against the latest threats



Following are setup details:

32-bit Setup
--------------
download.comodo.com/cva/download/setups/CVA_Setup_1.0.0.9_XP_Vista_32_BETA.... [download.comodo.com/cva/download/setups/CVA_Setup_1.0.0.9_XP_Vista_32_BETA....]
Size: 3.12 MB (3,276,560 bytes)
MD5: 7d40b6082d0f8d155f13eff11d01fa2b
SHA1: 92ca8d5173829640d0f914b10ac10b234c0b605b

64-bit Setup
--------------
download.comodo.com/cva/download/setups/CVA_Setup_1.0.0.9_XP_Vista_64_BETA.... [download.comodo.com/cva/download/setups/CVA_Setup_1.0.0.9_XP_Vista_64_BETA....]
Size: 6.32 MB (6,627,600 bytes)
MD5: f6b5ffac32be7c0cd24bc2bb44a4d4b4
SHA1: c0d9b5bfb2c0579f1567e30a47f57c7915a46264
"





Currently I think the more established Secunia Software Inspector is more polished and stable despite both it and Comodo's vulnerability analyzer being in beta.

Comodo's version of this, generates quite a few false positives (for instance it alerts on Java, based on the directory name alone). In some cases, the alerts are genuine. It differs from Secunia in that it will alert on vulnerabilities that have no patches out yet (usually for relatively minor problems).

From the page: "ThreatExpert Memory Scanner (TEMS) is an experimental lab product developed by the ThreatExpert team.

TEMS is a "post-mortem" diagnostics tool designed to detect a range of high-profile threats in different regions of a computer's memory.

This tool is designed to assist in answering a common question asked by many customers whose systems have been susceptible to threats: "Is my system still infected?"

A threat may potentially slip under the radar of conventional malware scanners by engaging in stealth techniques to stay undetected as long as possible. Often, in such a scenario, the original threat file is encrypted with polymorphic encryptors which rely on anti-debugging and anti-emulation techniques, presenting a challenging task for malware scanners in detecting it.

However, when such a threat is loaded in memory, it needs to decrypt its own malicious code, completely or partially, or it is unable to run. These stealth techniques are used by threat families including Citwail/Pandex/DieHard, Storm and Mailbot/Rustock.

NOTE: ThreatExpert Memory Scanner targets threats that are already active on a clientâ€s computer system. It does NOT provide you with any protection or defence, nor does it replace conventional antivirus or antispyware products.

In the current beta release, the Memory Scanner does not attempt to remove any detected threats."

From the page: "Comodo HIPS and Firewall Leak Test Suite

The HIPS and Firewall Leak Test Suite contains five separate tests that simulate a range of dangerous exploits â€" including Root Kits, Background Intelligent Transfer attacks and process, injection attacks.
Test Details:

Rootkit Installation 1 - Loads a driver in via ZwSetSystemInformation API. A very old, known and effective way to install a rootkit.

Rootkit Installation 2 - Loads driver by overwriting a standard driver (beep.sys) and starting it with service control manager (e.g. Trojan.Virantix.B).

DLL Injection 1 - Injects DLL into trusted process (svchost.exe) by injecting APC on LoadLibraryExA with "dll.dll" as a param. The string "dll.dll" is not written into process memory, it's from the ntdll.dll export table which has the same address in all processes. The APC is injected into second thread of the svchost.exe which is always in alertable state.

DLL Injection 2 - An old technique. The DLL is injected via remote thread creation in the trusted process, without using WriteProcessMemory.

BITS Hijack - Downloads a file from the internet using "Background Intelligent Transfer Service" which acts from the trusted process (svchost.exe)

Download Comodo HIPS and Firewall Leak Test Suite"

DeepMonitor is an hidden process detector, for Windows XP SP2 only, defeating most all rootkits technologies. Can also detect some hidden injected modules technics.

This is a free security tool from china, designed to counter malware that alter system time settings.

In particular, malware is currently bypassing the popular Kasperksy antivirus by changing system time. E.g it changes the system time to 2050, and KAV will die because the license period becomes invalid.




Designed for chinese users, the 4 buttons (see screenshot above) are as follows

1)Install the Time Protect - 2)Uninstall the Time Protect
3)Enable the Time Protect - 4)Disable the Time protect


Currently untested

And yes it's in chinese, kind of obvious with the statement "designed for chinese users" no?