SecureAPlus: application whitelisting for additional security
Most Windows users these days run a firewall and up to date antivirus software, either those that ship with the operating system or advanced third party tools. Experienced users on the other hand often use other types of security related software to improve the system's overall security. This may include a sandboxing program like Sandboxie, exploit mitigation software like EMET, or programs that whitelist applications.
The latter is a simple but very effective concept. Only allow trusted programs to run on the program and block every other program that tries to run. Users get options to whitelist applications which is handy when new programs get installed or existing ones upgraded.
SecureAPlus Review
SecureAPlus is a program for Windows that combines application whitelisting with antivirus protection. What's interesting right from the start is that you do not have to install the antivirus component - it is ClamAV by the way - if you want to keep using your current security solution.
Note: The program uses an online installer by default which loads contents from the Internet during installation. You can request a link to an offline installer by mailing support.
When you start the program for the first time you will notice that it starts to scan the system to create the initial whitelist database. This can take quite some time depending on the programs you have installed on your system.
A click on status in the application whitelisting interface displays the current status of the process. If you see "in progress" or "running" there, you know that your system is still being crawled. You can browse the configuration here though to make changes to it while the database file is generated.
The default whitelist is generated based on a list of trusted certificates the application ships with. It includes a large list of companies, Adobe, Microsoft, Acer, Intel, Malwarebytes and many others. You can add or remove vendors easily from that list, for instance to reduce it in size or add vendor certificates to it.
It is possible to modify the certificate whitelisting, either to relax its rule set by trusting certificates as long as they are trusted by the operating system, or by securing it even more by limiting the list to files that need to have the certificate name and thumbprint in the trusted certificate list.
Another interesting feature that you will come across is the list of restricted applications in the Application Whitelisting interface. This refers to programs that may download, copy, or extract files from sources such as the Internet or removable media. While the programs listed here are still allowed to do so, SecureAPlus will limit the rights of files that land on the system by using those programs listed here.
The application supports process protecting as well, but it has not been built into the main graphical user interface. You need to open the program folder and start the process protector executable there to configure the feature.
It prevents code injection into processes that you specify here.
Once the initial setup is out of the way, your system is protected for as long as the program is running in the background. You will probably notice this the first time when you try to launch a new executable on your system. If it is not by one of the signed companies, it will spawn a notification window that requests that you make a decision on how to proceed.
The application displays the process name and ID, as well as a basic description of what it believes the process tries to do. A click on the more link displays additional options. You can allow the process for the session only, set the program to trust the file but do not add the process as a trusted installer, or notify the application that the process is not what it believes it to be.
Verdict
If you want to add application whitelisting to your defense lineup on your PC, then you may want to give SecureAPlus a chance as it appears to be well suited for that. The only downside to that is that the current version will expire in a year's time. It seems possible to extend that period, but it is very likely that this has been implemented so that the program can be sold commercially at one point in the future.
That does not necessarily mean that there won't be a free version though.
Advertisement
There is already functionality like this built into Windows. It’s known as a Software Restriction Policy, or if you’re running Windows 7 Ultimate and/or Windows 8 Enterprise (for some reason Pro doesn’t have this) you can use SRP’s replacement which is called AppLocker.
Yes, but it’s not present in Windows 7 Home Basic/Premium.
Comment editing ? yes.
Testing, testing.
Editing… Nice, very very nice. :-)
Great addition.
p.s what with the date and time ?
It’s Aug. 14, 12:18 pm , Time on site is 5:18 am
It is showing server time.
Now if you can fix the scrolling problem :-)
Upper 1/3 part of the page scrolls down o.k, than scrolling continues with small jumps..
The server is in US ?
Yes
SecureAPlus- I tried this out but not sure why but it would crash my pc.I have uninstalled it and my pc is back to normal…..
… not on topic for this post but in keeping with the gHacks qotd…
The “peach” theme is nice.
The thin strip on top ties nicely with the logo and the grey nav bar calls more attention to the topics.
I still like the larger font and greater use of white space to make things feel less claustraphobic.
Still hatin’ the black reply buttons on the left.
Verdict: “white” is a very close second, but “peach” carries your site’s branding better – more unique / less generic.
I get to those reply buttons eventually, so much to fix right now. Thanks for your comment!
Any chance of adding “Edit” ?
I have added a plugin that lets you edit comments for 5 minutes after submitting them. Let me know if that works for you.
Comment editing?