Rec to Dev: Focus more on Spyware threat models rather than just simple Startup startup protection

Detect and prevent info-stealers. Keep a Database of common file and maybe registry locations that info-stealers use. Like Popular Browser data locations, Popular software that info-stealers target, like Steam, Discord, etc and use methods like warning user when an un-signed package tries to access these locations.

Detect RATs: These are used by many hackers to watch what their victims are doing(WebCam, Screen, etc) and mess with them, runs scripts. Maybe detect Remote access protocols, not just ports. And alert user.

Detect Crypters(These are used to bypass anti-virus): Most Anti-Virus use blacklist signature detection. This is a problem for hackers because most use common RATs. So, criminals buy and use software called crypters. These just encrypt the malicious software so that they appear unknown to the Anti-Viruses. These crypters are constantly updated through the internet so that Anti-Viruses can’t keep up. By the time Anti-Virus signature is updated, most malware has updated to the latest version. This can be prevented by somehow detecting if the software is encrypted and shows the signs of a crypted executable. Rather than a simple Signature or Cetificate detection.

Hope peo

@ DogBark

I’m afraid that SpyShelter will not get these features, I have also asked for some of them.

At the moment it offers detection of:

Webcam and mic usage, service/driver installation, screenshot making and it has a whitelist of allowed executables. I’m not sure if it protects the registry. But you can also protect folders from being accessed.

What it misses is:

Protection against keyloggers, protection against code injection, protection against memory reading and a network firewall/monitor. This is the stuff that the old SpyShelter 12 used to offer on Windows 10.

@DogBark thanks for your feedback. @RasheedHolland mentions that we are struggling a bit on some of these new ideas. We are currently putting more focus on AppControl that we made as more of a monitoring software due to the security struggles we have faced recently with the latest Windows versions.