Just tried it after a long long time( my first experience was when it was just launched). I am really really impressed. :thumb:

It really forced me to make a thread. I am using CFP Defence Plus but MD seems to be ahead in coding, snapiness, features and user friendliness. Here are the things I like as compared to CFP.

1- System seems more fastrer and snappier in the sense that the pop up alerts appear immediately. In case of CFP their always is some lag betwwen my click on an executable and the execution pop up alert.

2- Very very detailed and useful log. This is most important feature of MD IMO. So many issues problems and events can be analyzed by this.

3- Very clear and user friendly interface.

4- Detailed pop up alerts

5- On the fly creation of specific and general rules via pop up alerts. Very very usefull feature that CFP lacks indeed. It,s must for any classical HIPS to reduce pop up alerts.

6- Very granular control

May be there are many more features that I am still missing. I used it just for a while today. I wish MD to live long, unlike other calssical HIPS.

Most imp feature for the wish list from my side will be a default Basic Mode that will scan C drive partition with auto-creation of rules like ProSecurity and OA and will give very few further alerts just like OA. This will be for ordinary users otherwise ordinary users can,t be attracted towards it due to the obvious reasons. Power users can switch to Advanced Mode that is its default mode at the moment.

What you people think about MD? :)

-{ Quote: "


What you people think about MD? :)" }-


My only concern at the moment is: it is again an only one man program, though if Torchsoft sells it. If the developer goes away or stops is work, MD'll die. If it was fre, I'll use it, but I don't want to spend for it if I'm not sure about his future. Do you remember ProSecurity ?

-{ Quote: "
My only concern at the moment is: it is again an only one man program, though if Torchsoft sells it. If the developer goes away or stops is work, MD'll die. If it was fre, I'll use it, but I don't want to spend for it if I'm not sure about his future. Do you remember ProSecurity ? " }-and ProcessGuard also:)man i loved this one

-{ Quote: " Personally, I've moved on from classical HIPS though - the balance between good usability/convenience and good security has shifted for me in the last few weeks!
" }-

You'll be back to classical HIPS before too long...you won't be able to handle the thought that something just might be happening on your PC without you knowing :) :)
Seriously though, MD is a superb HIPS and is actually very easy to use once you overcome the initial learning curve. I really do hope the development continues. It's in the same league as DW and SBIE in my opinion.
The 'issue' that it is a one-man operation is not the issue in my opinion. If the product offering, market and business model is right then the product can develop and prosper.

-{ Quote: "and ProcessGuard also:)man i loved this one" }-
ans SSM:)

I still use SSM though, because, compare to MD, it offers a much easier way to switch into "Install Mode" with the simple click on the dropdown box. In MD, installing something means a complete and endless clickfest, no matter how many times you point a newly created .tmp file to be treated as an installation file.

yeap that one too:)

-{ Quote: "Just tried it after a long long time( my first experience was when it was just launched). I am really really impressed. :thumb:

It really forced me to make a thread. I am using CFP Defence Plus but MD seems to be ahead in coding, snapiness, features and user friendliness. Here are the things I like as compared to CFP.

1- System seems more fastrer and snappier in the sense that the pop up alerts appear immediately. In case of CFP their always is some lag betwwen my click on an executable and the execution pop up alert.
" }-

Yes it certainly is very snappy and quick at INTERCEPTING activities before they happen. I also find it to be much lighter than comodo D+ I personally found D+ to be to bloated.


-{ Quote: "
My only concern at the moment is: it is again an only one man program, though if Torchsoft sells it. If the developer goes away or stops is work, MD'll die. If it was fre, I'll use it, but I don't want to spend for it if I'm not sure about his future. Do you remember ProSecurity ? " }-

well Tzuk the sandboxie vendor is also a one man army and yet he is still around. the most important thing is that the MD vendor stays around long enough to make MD run stable on windows 7. once windows 7 arrives and MD is running stable on windows 7 then we would have a very good HIPS for the entire life time of windows 7 so we wouldn't have to worry about getting another HIPS until we are forced off windows 7 which won't be for years away.

Originally our friend Alcyon who made the EQS rules was the one who recommended MD to me. he would also probably be using it to if he had got 32bit but I think Alcyon is running 64bit windows 7.

Tomorrow at peters request I am going to make a new thread of how to have apps in lock down mode while at the same time have other apps in learning mode.

-{ Quote: "I'm not sure what you mean with D+ being bloated, but I do agree that MD is faster at INTERCEPTING activities than D+ in general. However, it's not as fast as SRP (I think simply because SRP is fully integrated into the Windows OS). Of course, SRP is completely off topic here haha, and is more of an anti-executable than a HIPS.
" }-

at intercepting executables from running with MD it is INSTANT it would be just as fast as SRP.

regarding intercepting other activities from apps that are allowed to run the faster the better. if there is any delay with your HIPS product at intercepting it posses a security risk.

indeed MD is a good HIPS even it take more than usually time to learn all its abilities.
i think its fast but not as faster as SRP coz SRP is simple windows tweak !
so what can do faster than a simple // little tweak to windows?


@arran

if u take a look how to set SRP u will understand its only few mouse click not a software installed and coz of that it will be fastest ,and less pc consuming ever :D

cheers

-{ Quote: "ans SSM:)

I still use SSM though, because, compare to MD, it offers a much easier way to switch into "Install Mode" with the simple click on the dropdown box. In MD, installing something means a complete and endless clickfest, no matter how many times you point a newly created .tmp file to be treated as an installation file." }-

This is pretty easy if you ask me, right click task icon and select learning:

211922

As for MD being a one man developer, i'm not overly concerned. With the nature of a HIPS not needing signature updates, it really doesn't need constant new versions and updates. It received it's last update only 3 weeks ago, and it works with Win7 so considering i will be running XP for a long time it should last me many years to come as it stands today.

-{ Quote: "

@arran

if u take a look how to set SRP u will understand its only few mouse click not a software installed and coz of that it will be fastest ,and less pc consuming ever :D

cheers" }-

some of us like myself are on windows xp home so we can't use SRP. and we also still need a HIPS to control the behavior of apps that are allowed to run.

-{ Quote: "ans SSM:)

In MD, installing something means a complete and endless clickfest, no matter how many times you point a newly created .tmp file to be treated as an installation file." }-

LOL it doesn't have to be an endless clickfest. you just don't know how to use it properly.

I'd rate MD as the best HIPS I've ever used. System Safety Monitor comes in a close second.

-{ Quote: "LOL it doesn't have to be an endless clickfest. you just don't know how to use it properly." }-
And what does "Learning Mode" stand for ?

Allow and set permission rules for every process that runs, and everything it does.

Result : You end up with more rules for temporary installation stuff than rules you actually want.

As I don't want to be an ass, I registered Registry Workshops years ago, and I understand that Xiaolin is someone I can trust. His website is there for years, and his programs are updated regularly, so I full confidence that MD will be more polished, hopefully with some clever features the abandoned SSM has.

Setting a HIPS in Learning Mode every time you install a program is definatelly not a sign that your know how to use it properly. How do you clean all that trash installation rules, if I may ask ?
If there was an "Installation Mode" that would set TEMPORARY rules for everything as long as the original process is running, and wipe all temp rules as soon as the process closes, we would have a very big step forward in usability.

-{ Quote: "
Setting a HIPS in Learning Mode every time you install a program is definatelly not a sign that your know how to use it properly. How do you clean all that trash installation rules, if I may ask ?
" }-
I agree with that. I just disable my HIPS.

-{ Quote: "I agree with that. I just disable my HIPS." }-that is the easy way;)

-{ Quote: "that is the easy way;)" }-

the hard way is approve tons of pop ups during software install until u freaked out :o :wacko: :o :wacko: :o

-{ Quote: "I'd rate MD as the best HIPS I've ever used. System Safety Monitor comes in a close second." }-

I agree 100%. You get what you pay for and Malware Defender is definitely worth the price. Plus, I got a deal at checkout by buying MD with Registry Workshop, which is the best registry editor I've ever used.

I'm not concerned about MD being a 1 man show. Getting support from Xiaolin via this forum has been superb. I can't say that for very many of the larger security vendors. And I paid for the product that was offered at the time I purchased - not for the promise of future updates for all eternity.

And getting back to the question asked by the original poster, I love MD! ;D

-{ Quote: "And what does "Learning Mode" stand for ?

Allow and set permission rules for every process that runs, and everything it does.

Result : You end up with more rules for temporary installation stuff than rules you actually want.

As I don't want to be an ass, I registered Registry Workshops years ago, and I understand that Xiaolin is someone I can trust. His website is there for years, and his programs are updated regularly, so I full confidence that MD will be more polished, hopefully with some clever features the abandoned SSM has.

Setting a HIPS in Learning Mode every time you install a program is definatelly not a sign that your know how to use it properly. How do you clean all that trash installation rules, if I may ask ?
If there was an "Installation Mode" that would set TEMPORARY rules for everything as long as the original process is running, and wipe all temp rules as soon as the process closes, we would have a very big step forward in usability." }-


Cleaning trash rules is easy. Open the GUI, and click on Rule>Remove Stale Rules and click Okay. All those temporary rules from the install are gone. There is even an ignore list in case you don't want a particular rule deleted.

Pete

Best security app I've ever used.

Thanks xiaolin.

-{ Quote: "And what does "Learning Mode" stand for ?

Allow and set permission rules for every process that runs, and everything it does.

Result : You end up with more rules for temporary installation stuff than rules you actually want.

As I don't want to be an ass, I registered Registry Workshops years ago, and I understand that Xiaolin is someone I can trust. His website is there for years, and his programs are updated regularly, so I full confidence that MD will be more polished, hopefully with some clever features the abandoned SSM has.

Setting a HIPS in Learning Mode every time you install a program is definatelly not a sign that your know how to use it properly. How do you clean all that trash installation rules, if I may ask ?
If there was an "Installation Mode" that would set TEMPORARY rules for everything as long as the original process is running, and wipe all temp rules as soon as the process closes, we would have a very big step forward in usability." }-

-{ Quote: "I agree with that. I just disable my HIPS." }-

you don't need to compromise system security by disabling MD. one way is like peter said.

another way is to reset the apps rules by deleting it from MD's list then adding it back again and put the app in training mode and it will be given brand new rules. this is only normally for apps that get updates.

Usually with new programs there is a separate executable from the actual app, it is the Installer program, and it is the installer program which contains all the installation junk rules. so after the installer has finished installing the app you simply delete the installer program from MD's rules.

So there is no need to have an xtra feature in MD HIPS for TEMPORARY rules.

XP VM.

Installed MD and ran malware sample "foto.exe". MD stopped it cold straight up but I permitted all actions till the very last before the vm would crash where I hit "Deny and Kill the Process" but the vm still crashed.

There were over a dozen popups before the last.

211963

-{ Quote: "I'm not sure what you mean with D+ being bloated, but I do agree that MD is faster at INTERCEPTING activities than D+ in general.

" }-
The assertion seems to be that the interception only occurs at the time of the pop-up do you have any evidence for that ? There isn't necessarily any correlation between how fast the software intercepts a process and the appearance of a pop-up.

MD is very impressive. I would also like to see a scanner to update installed applications. It would be nice to see some of the users here who wrote rulesets for EQsecure get some good secure rulesets created. Arran has made MD easy to understand and secure. It only gets better from here. I bought a license for MD a while back didn't have a chance to use it properly. In Win 7 MD & DW is all I need.

I think an Installer application group should be created that locks down the installer from viruses but is still
able to install the ordinary applications. I'll give that a go myself.

MD provides superb protect even with minimum tweaking. Its default rules are excellent, right out of the box.

I have hopes for a long and bright future for Torchsoft, the proponent of MD. Torchsoft is not a 1-product outfit. I am hoping that, as time goes by, Xiaolin will develop more software products & hire more people.

-{ Quote: " It would be nice to see some of the users here who wrote rulesets for EQsecure get some good secure rulesets created." }-

with my method of using a locked down folder etc. you can't really make it any more secure than that.

while the apps are in training mode and MD is creating the needed permit rules so as the app and work properly you are in effect creating a working "WORKING ENVIRONMENT" when the app gets moved into the locked down folder all other
actions are default denied and logged.

-{ Quote: "XP VM.

Installed MD and ran malware sample "foto.exe". MD stopped it cold straight up but I permitted all actions till the very last before the vm would crash where I hit "Deny and Kill the Process" but the vm still crashed.

There were over a dozen popups before the last.

211963" }-
what this malware is supposed to do?

I think it must be vm aware and deliberately crashes the system?

Dunno what it does to a real system, will pm you.

Yes, so far I like this Malware Defender.
It could definitely be a contender to replace this CIS installation I have which I've been trying to ditch for so long.

This one-man-show business is a signifcant cause for concern to me, however.
Frankly I am tired of investing time and money (especially the TIME) in products which have vanished.

This guy could get run over by a bus, have a heart attack, win the lottery, attain nirvana, develop an aversion to coding, etc. etc.

No CIO of any large corporation would take such risks.

-{ Quote: "Yes, so far I like this Malware Defender.
It could definitely be a contender to replace this CIS installation I have which I've been trying to ditch for so long.

This one-man-show business is a signifcant cause for concern to me, however.
Frankly I am tired of investing time and money (especially the TIME) in products which have vanished.

This guy could get run over by a bus, have a heart attack, win the lottery, attain nirvana, develop an aversion to coding, etc. etc.

No CIO of any large corporation would take such risks." }-
or become alcoholic or a chef;D

-{ Quote: "Yes, so far I like this Malware Defender.
It could definitely be a contender to replace this CIS installation I have which I've been trying to ditch for so long.

This one-man-show business is a signifcant cause for concern to me, however.
Frankly I am tired of investing time and money (especially the TIME) in products which have vanished.

This guy could get run over by a bus, have a heart attack, win the lottery, attain nirvana, develop an aversion to coding, etc. etc.

No CIO of any large corporation would take such risks." }-
Yeah, but on the other hand, most one-man-show business offer support which we could call support, because their income is partially from replying to every customers, while in CIO or large corporations, people are getting paid for watching porn all day long or doing their fingernails.

I also like MD...

I never found clearest popups...in one alert you can configure that rule in the simplest possible way...
In one click you can see all the permissions about that process..
CIS, imho, loses under these points of view...

When you try MD, it is difficult come back using other software...:'(