The beta version is available for download at
http://www.torchsoft.com/download/md_setup_2.4.1_b3.exe

what's new?
- Added protection against killing processes by terminating job object.
- Added support for verifying file signature of process modules in background.
- Added support for managing registry, shutdown and lego notify routines.
- Fixed a bug when handling relative path.
- Fixed a bug when displaying application rule dialog on low resolution screen.
- Fixed a bug that cannot log denied actions when accessing protected processes.
- Fixed a bug when scanning kernel DPC timers.
- Fixed bugs in the hex file viewer.

Thanks for testing. :)

Thanks Xiaolin.

Just tried it. There is bug with the tray icon (remains gray like disabled protection) so I reverted back to 2.4

Thanks for keep updating though.

Thanks xiaolin

Running great here. Thanks Xiaolin!

Upgraded and running well for me on XP, Vista, and 7. Thanks Xiaolin.

Excellent job.

Thanks.

Thanks xiaolin will download and give it a spin, your beta's have always been very stable for me.

PS. Any news on "Replace Regedit" for Registry Workshop?

-{ Quote: "
PS. Any news on "Replace Regedit" for Registry Workshop?" }-
I can't find a solution yet. :-[

This post is both a bug report and a feature request.

I wish MD provided more flexibility in establishing "logging" settings, at least to the extent that it could be set to copy the current logfile, when full, to incrementally-named (mdlog2.txt) backup files. Currently, it maintains a single fixed-size logfile and scrolls off (discards) the oldest lines of logged data.

Bug: After I edited MD's logfile (yes, it was protected, I had to disable protection to perform the edit)... when I restarted MD's realtime protection, my system (WinXP SP3) became unstable. The misbehavior persisted, across reboots. Uninstalling and reinstalling MD "fixed" the misbehavior... but I found it difficult to believe that MD would be so brittle as to choke due to "lack of logfile integrity". So, I again edited the logfile & verified that the problem immediately returned when MD's realtime protection was re-enabled.

Okay, I've learned it's necessary to COPY the logfile & perform edits on the copy (to munge data & remove duplicate lines) but still, MD's behavior shouldn't be dependent upon the integrity of its logfile!

related note (feature request):
The "logging" tab within the MD interface seems to present the logfile data in a grid-view container but, sadly, the data isn't sortable (by clicking column headers) or filterable (ala Sysinternals ProcessExplorer).

After reading the MD helpfile and searching MD-related discussion threads, I still cannot understand:

What is the the purpose, and the effect, of setting "Ignore" for a given rule?

I would like to have the ability to toggle enable/disable a given rule.
The docs do not mention this, but I discovered that such a toggle does exist -- a rule can be toggled disabled by right-clicking its listing in the "Rules" table ("Status" column) -- so, apparently "Ignore" is a separate consideration.

================

After trialing MD for 14 days, I would like to say that it provides EXCELLENT granular control... but instead, I must say that my usage has suffered from MD's inability to permit NEGATED rules. Example:

I certainly do not want a popup at every outbound (destination port 53) attempt. However, I *do* want a popup if any process requests a DNS lookup from an IP which isn't among my known/trusted DNS providers.
-=-
Actually, I have disabled the Win-native DNS caching client & proxy DNS requests through DNSKong

Similarly, I want every HOSTS file access to be logged by MD (and saved for my future examination, not scrolled off the top), every access EXCEPT those by proxomitron and/or other hand-picked apps. However, the "file access" rule(s) apparently take priority over the application-specific logging settings. As a result, the logfile is continually full of junk (uninteresting) entries.

The MD interface presents rules in an apparent "treeview".
The term "group" in the MD docs suggests inheritence.
-=-
I have read (and am stymied by) documentation stating something like "a newly-created (still empty) custom group will not be displayed in the rules pane"... because I fail to see custom groups included in the display even after one/several applications have been subjected to (right-click) "Move to Group>"

I have also read (within one of the Wilders threads) a statement something like "a group is actually a rule"

At some point, I stumbled across a context menu "Copy Rule" command. This would suffice (vs creating pseudo "group" membership assignment) but, darnit, the "Copy Rule" command seems to be missing every time (in every context) where I've thought it would be useful. Only network rules can be copied? Only application rules can be copied?

==========================

I want the permissions for every newly-created application rule to contain "Ask" across the board, and I haven't been able to figure out how to achieve this. (Yep, this causes the HIPS to be excessively "noisy"; I'm using the HIPS as a learning tool toward understanding and tracing process interactions.)

From the outset, I have used normal mode, NOT learning mode.
From the outset, I have not altered the default permission settings for the base (asterisk) application rule. Across-the-board, permissions are set to "Ask".
However, when each application is first seen (by MD) and a generates a popup, regardless what (granular) response I elected in the popup... when I return to the "Rules tab" and view the properties pane for each newly-added application rule, I find across-the-board permissions in the application-specific rule are set to "Ignore".

-{ Quote: "
I certainly do not want a popup at every outbound (destination port 53) attempt. However, I *do* want a popup if any process requests a DNS lookup from an IP which isn't among my known/trusted DNS providers." }-
Why don't you create global network rules for your DNS servers?
Like outpound/UDP/DNS address/remote port 53/allow.

This way you will only see a prompt for port 53 if an application tries to use a different server.


But I have also a question related to the network protection.
I currently use MD and Windows 7 Firewall together without problems.
But is this recommended?

Windows 7 Firewall supports IPv6 which seems to be not supported by MD, but I'm not quite sure. :-[

Also ICMP appear as RAW IP with MD, which is also a bit unusual for me.

If I create rules for MD and the Windows 7 Firewall, will they coexist in peace? ???

Cheers

-{ Quote: "I can't find a solution yet. :-[" }-

That's ok xiaolin, no need to worry over it to much. I have searched also, but not found any solution. I tried replacing all references to regedit.exe found in the registry and pointed them to RegWorkshop.exe with various arguments like "%1" and /g rebooting after each and no luck.

It must be some API thing, because everything still calls the native regedit.

2.4.1 b3 is going excellent also, thanks. :)

-{ Quote: "Bug: After I edited MD's logfile (yes, it was protected, I had to disable protection to perform the edit)... when I restarted MD's realtime protection, my system (WinXP SP3) became unstable. The misbehavior persisted, across reboots. Uninstalling and reinstalling MD "fixed" the misbehavior... but I found it difficult to believe that MD would be so brittle as to choke due to "lack of logfile integrity". So, I again edited the logfile & verified that the problem immediately returned when MD's realtime protection was re-enabled." }-
I cannot reproduce any "choking" on XP SP3 when, first, editing the log file while MD is disabled, and then re-enabling MD. The logging to file continues as expected despite the edits. I see no immediate instability and none after subsequent reboots.

On Vista SP2, however, I find that after editing the log file while MD is disabled, MD, when enabled again, no longer writes to mdlog.txt. As with XP, I see no subsequent evidence of instability on Vista.

I do strongly support your feature request for log archiving.

Thanks for checking, Nick.
After uninstalling/reinstalling MD, I retested.
Editing the logfile while protection is disabled, then re-enabling protection now seems to have a single side-effect -- any lines above the point of edit are not displayed in the MD "Log" tab. I checked across reboots; the logfile continues to grow, but those initial (before the point of edit) lines are never displayed in the "Log" tab.

This time 'round, "mdlog2.txt" is absent from the MD install directory. Perhaps that had been created when I installed the latest version of MD (into the existing directory).

=============================

ipdatabase.dat
I am not seeing any indication that MD is actually performing IP-to-country lookups.
Perhaps the feature is not yet active in this beta version?

xiaolin you said before you would look into my request of adding an option in the log settings, to add an option to make MD only log Denied actions, can you do this?

-{ Quote: "This post is both a bug report and a feature request.

I wish MD provided more flexibility in establishing "logging" settings, at least to the extent that it could be set to copy the current logfile, when full, to incrementally-named (mdlog2.txt) backup files. Currently, it maintains a single fixed-size logfile and scrolls off (discards) the oldest lines of logged data.

Bug: After I edited MD's logfile (yes, it was protected, I had to disable protection to perform the edit)... when I restarted MD's realtime protection, my system (WinXP SP3) became unstable. The misbehavior persisted, across reboots. Uninstalling and reinstalling MD "fixed" the misbehavior... but I found it difficult to believe that MD would be so brittle as to choke due to "lack of logfile integrity". So, I again edited the logfile & verified that the problem immediately returned when MD's realtime protection was re-enabled.

Okay, I've learned it's necessary to COPY the logfile & perform edits on the copy (to munge data & remove duplicate lines) but still, MD's behavior shouldn't be dependent upon the integrity of its logfile!

related note (feature request):
The "logging" tab within the MD interface seems to present the logfile data in a grid-view container but, sadly, the data isn't sortable (by clicking column headers) or filterable (ala Sysinternals ProcessExplorer)." }-
MD parse each line of the log file when starting. If the data of a line have some problems, the line will be discard.

-{ Quote: "After reading the MD helpfile and searching MD-related discussion threads, I still cannot understand:

What is the the purpose, and the effect, of setting "Ignore" for a given rule?

I would like to have the ability to toggle enable/disable a given rule.
The docs do not mention this, but I discovered that such a toggle does exist -- a rule can be toggled disabled by right-clicking its listing in the "Rules" table ("Status" column) -- so, apparently "Ignore" is a separate consideration.

================

After trialing MD for 14 days, I would like to say that it provides EXCELLENT granular control... but instead, I must say that my usage has suffered from MD's inability to permit NEGATED rules. Example:

I certainly do not want a popup at every outbound (destination port 53) attempt. However, I *do* want a popup if any process requests a DNS lookup from an IP which isn't among my known/trusted DNS providers.
-=-
Actually, I have disabled the Win-native DNS caching client & proxy DNS requests through DNSKong

Similarly, I want every HOSTS file access to be logged by MD (and saved for my future examination, not scrolled off the top), every access EXCEPT those by proxomitron and/or other hand-picked apps. However, the "file access" rule(s) apparently take priority over the application-specific logging settings. As a result, the logfile is continually full of junk (uninteresting) entries." }-
"Ignore" means continuing to search for lower priority rules. For a file rule, you can set "Read" permission to "Ignore", but set Write/Create/Delete permissions to "Deny".

-{ Quote: "Why don't you create global network rules for your DNS servers?
Like outpound/UDP/DNS address/remote port 53/allow.

This way you will only see a prompt for port 53 if an application tries to use a different server.


But I have also a question related to the network protection.
I currently use MD and Windows 7 Firewall together without problems.
But is this recommended?

Windows 7 Firewall supports IPv6 which seems to be not supported by MD, but I'm not quite sure. :-[

Also ICMP appear as RAW IP with MD, which is also a bit unusual for me.

If I create rules for MD and the Windows 7 Firewall, will they coexist in peace? ???

Cheers" }-
MD does not support IPV6 yet. You can use MD with the Windows 7 firewall. :)

-{ Quote: "xiaolin you said before you would look into my request of adding an option in the log settings, to add an option to make MD only log Denied actions, can you do this?" }-
I have added an option to log all denied actions, but not ONLY denied actions. :)

-{ Quote: "I have added an option to log all denied actions, but not ONLY denied actions. :)" }-


yes but can you add an option for "ONLY denied actions" as well ?

-{ Quote: "yes but can you add an option for "ONLY denied actions" as well ?" }-
There is no space in the options dialog for additional log option. If I add this option, I need to redesign the options dialog in 8 languages. So I decide not to change it unless more peoples request this feature. :)

English version: http://www.torchsoft.com/download/md_setup.exe
French version: http://www.torchsoft.com/download/md_setup_fra.exe
German version: http://www.torchsoft.com/download/md_setup_deu.exe
Italian version: http://www.torchsoft.com/download/md_setup_ita.exe
Spanish version: http://www.torchsoft.com/download/md_setup_esn.exe
Russian version: http://www.torchsoft.com/download/md_setup_rus.exe

What's new?
- Added protection against killing processes by terminating job object.
- Added support for verifying file signature of process modules in background.
- Added support for managing registry, shutdown and lego notify routines.
- Fixed a bug when handling relative path.
- Fixed a bug when displaying application rule dialog on low resolution screen.
- Fixed a bug that cannot log denied actions when accessing protected processes.
- Fixed a bug that may cause deadlock.
- Fixed a bug when scanning kernel DPC timers.
- Fixed bugs in the hex file viewer.

-{ Quote: "MD does not support IPV6 yet. You can use MD with the Windows 7 firewall. :)" }-
Thanks for affirmation.
That makes things easier as there is no need for an additional FW anymore.
At least I hope so.

Upgraded to 2.4.1 without problems and everything is fine. :thumb:

Cheers

The final version 2.4.1 is running fine here. :thumb:

Thanks Xiaolin.

English version: http://www.torchsoft.com/download/md_setup.exe
French version: http://www.torchsoft.com/download/md_setup_fra.exe
German version: http://www.torchsoft.com/download/md_setup_deu.exe
Italian version: http://www.torchsoft.com/download/md_setup_ita.exe
Spanish version: http://www.torchsoft.com/download/md_setup_esn.exe
Russian version: http://www.torchsoft.com/download/md_setup_rus.exe

What's new?
- Fixed bugs that may cause protections to be bypassed by malware.

-{ Quote: "Could you please provide any further details on that? Thanks." }-
Google killmdfile.rar. Xiaolin will have explain it to us in layman's terms: ProbeBypass attack techniques (http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://secplanet.appspot.com/comment%3Fkey%3DaglzZWNwbGFuZXRyDAsSBEZlZWQYg60GDA&ei=H2HqSvaSF5-ltgf-3Lgw&sa=X&oi=translate&ct=result&resnum=1&ved=0CAkQ7gEwAA&prev=/search%3Fq%3Dkillmdfile.rar%26hl%3Den%26client%3Dopera%26rls%3Den%26hs%3DeDO). The POC download link is at the end of the post.

Among other things, it appears to kill Malware Defender 2.4.1 (UI and service) at startup on XP SP3.

English version: http://www.torchsoft.com/download/md_setup.exe
French version: http://www.torchsoft.com/download/md_setup_fra.exe
German version: http://www.torchsoft.com/download/md_setup_deu.exe
Italian version: http://www.torchsoft.com/download/md_setup_ita.exe
Spanish version: http://www.torchsoft.com/download/md_setup_esn.exe
Russian version: http://www.torchsoft.com/download/md_setup_rus.exe

What's new?
- Fixed a bug that may cause file protection to be bypassed by malware.

Sorry for the inconvenience. :-[

-{ Quote: "Malware Defender 2.4.3" }-

I don't think you incremented the build number when you compiled, mine still says 2.4.2

Edit: Nah it's cool, my browser must of had it cached. I switched browsers and got 2.4.3

Thanks Xiaolin. :)

Looks like there is a 2.4.4 on its way soon, further bypasses fixed ......

-{ Quote: "Where are these bypasses suddenly coming from?" }-
The 3 POCs are the work of a Chinese security researcher known as mj0011. mj0011 coded the Tophet POC rootkit/bootkit last year. The English version of MD 2.4.4 beta 1 is available here: http://www.torchsoft.com/download/md_setup_2.4.4_b1.exe. It addresses the third and most recent POC.

-{ Quote: "Thanks for the information. Any chance we can get our hands on those POCs?" }-You can get them here: <Snip>. Don't use Google translate. The POCs can be found in the fourth folder down.




Edit: Please don't post links even to POC malware

For those who are interested in bypassing MD,check <SNIP>. It's also why new versions come so frequently.

-{ Quote: "It's also why new versions come so frequently." }-
and the contest may go on for a while...

-{ Quote: "This is the third issued a breakthrough MD file protection code, all current attacks are directed at treatment of MD right NtCreateFile hook, while the rest of the hook MD Department are about 3,40 ~ just NtCreateFile, at least there are five kinds of The attack left :)" }-

-{ Quote: "and the contest may go on for a while..." }-

Well,I guess mj0011 will lose interest in attacking it soon. I'm not being ironical on MD though.

-{ Quote: "I'm not being ironical on MD though." }-
This is a good thing for MD. I want the security apps that I use to be given serious scrutiny.

-{ Quote: "Well,I guess mj0011 will lose interest in attacking it soon. I'm not being ironical on MD though." }-

mj0011 is doing us a good favor here, I don't think he is making pocs to give MD a bad name, instead he is making pocs to improve MD and make it better by finding security holes.

This indicates mj0011 must think very highly of MD. Its good to know we are using a product such as MD where an expert like mj0011 who also probably uses it.


Anyway why all of a sudden can't anyone post harmless pocs any more? can some one please pm me a sample?

I'm sure this is a dumb question, but can someone tell me what the acronym POC stands for? Thanks!

-{ Quote: "I'm sure this is a dumb question, but can someone tell me what the acronym POC stands for? Thanks!" }-
Proof of Concept

Thanks DOSawaits!

So far, I'm failing to understand how to use "Groups" within MalwareDefender.

I understand how to CREATE a group:
click "Rule" in the toolbar, then "Application Groups..." in its dropdown menu
then, in the window titled "Application Groups", click "New Group".
-=-
A dialog box titled "Edit Group" pops up.
an everpresent notice in the dialog box reads: "A group will not be displayed in the rule window after it is created, you must create a rule to use it."
Here you type the label name for the group
(filling the text name is the ONLY action you can perform in this dialog)
and click "Okay" close the dialog.

you must create a rule to use it
CREATE a rule? Or does this mean 'empty' groups are not displayed -- must ASSIGN/MOVE at least one application (application rule item) to cause the groupname to show up in the treeview display? OR... regardless whether a custom group is empty or not empty, custom groups are NEVER displayed in the treeview?

Right-clicking an application rule for one of the apps I wish to place in my newly-created custom group, when I hover at "Move to Group" in the context menu flyout, I DO NOT SEE MY NEW 'APPLICATION RULE GROUP' LISTED AMONG THE GROUP NAMES.

While adding the application groupname, I noticed the "New Object" button, but I hadn't added any "object" (because I had expected that I would be adding an existing "application rule" item into the group)... so I return to the "Application Groups" window and click "New Object". I'm presented with the multi-tabbed window which is used to create new rules (any rules: network, file, application) with its "General" tab preselected. Both "select an application" and "select an application group" radio buttons are grayed-out, but the "File path" textbox shows a cursor (has focus)... so I browse/assign the exe file for one of the apps I wish the group to contain, and click "OK".
-=-
The icon for this "object" exe is now displayed beneath my custom group in the "Application Groups" popup window, but the custom group STILL isn't displayed in the treeview of the main (Rules tab) window. Thinking to myself "Gee, the custom group STILL doesn't have any unique permissions set"... once again I return to "New Object" and click the "Files" tab. (In this example, the intended purpose of the group is: restrict applications listed in it from writing to my D:\ drive.) At the files tab, I enter the D:\ path and tick "files and folders"... and clicking the "OK" button has no effect.

This seems confusing and awkward. With every other similar app I've used, at this point I would expect to see an icon for the newly-created group in the treeview, and would expect to be able to drag one or several apps onto (into) the group.

What aspect of the workflow am I missing here?

inka, an easy way to display the new Group is to right-click -> New Rule -> Application Rule, then select the radio button: "Select an Application Group" then find your newly created Group folder from the drop-down list and select it -> <OK> You should then see it just above "Application Rules - System".

Yes, it worked exactly as you described. Thank you!

-{ Quote: "Yes, it worked exactly as you described. Thank you!" }-

You are welcome!

Somewhat OT, but it appears mj0011 has turned his attention from Malware Defender to Comodo Internet Security. No POC...just a demonstration video. Something about "RING3 kill any process in CIS" (http://translate.googleusercontent.com/translate_c?hl=en&ie=UTF8&langpair=zh%7Cen&u=http://bbs.kafan.cn/viewthread.php%3Ftid%3D585206%26extra%3Dpage%253D1%2526amp%253Bfilter%253Dtype%2526amp%253Btypeid%253D6&rurl=translate.google.com&usg=ALkJrhhgLcKIj0aonvABD7bGP4sIu-2oiQ).

I think mj0011 should bring his attention back to MD. who cares about comodo lol.

Anyway as of late I have changed my way of thinking a bit. for these pocs to bypass MD you first have to allow the creation of the files, then you have to allow them to execute and run before they can actually do anything. I'm not worried as much as I used to be about controlling the behaviour of things. xiaolin once said to me a while ago in a pm convo that should malware be allowed to run there are many ways malware can bypass security apps.

Offtopic? This wasn't titled as an update thread, or posted to the updates subforum... so I sure hope the mods won't close the thread.

As users, we have no English-language support forum at the Torchsoft site... and xiaolin is busy, earnestly releasing patches in several languages. This (one) thread is probably easier for him to monitor. On the other hand, perhaps xiaolin doesn't favor seeing a thread bearing a non-current version in its title being bumped to top. (Hmm, thread starter can edit the title of a thread? Maybe that would be a bad idea though, messing up search engine results?)

So far, this thread has been my support lifeline (so again, thanks!) and I wonder whether y'all are reading/translating a non-English forum to learn about "antics of mj0011" and such. I haven't found discussions elsewhere & if not for the discussion here, I doubt I would have trialed MD. Wandering onto the Torchsoft site, bearing ONE measly screencap, I wondered "Is this a rogue?" and when I search for backlinks to torchsoft.com, I found VERY few of them.

-{ Quote: "for these pocs to bypass MD you first have to allow the creation of the files, then you have to allow them to execute and run before they can actually do anything." }-

More than just a security "app", I believe MalwareDefender represents a security "platform". Can't say/claim/advocate that it is best-in-class, because it probably isn't (er, it's current default ruleset) isn't suitable for a general audience. It would be regarded as "too noisy" by some users...

...and, for others (Hi! wave {blush}) it's powerful enough to enable the user to shoot himself in the foot. It's late, I'm tired; eek, what was that allow/deny popup I just absentmindedly clicked? I find myself often running to the "Log" pane, right-click the most recent entry, "Jump to rule" to double check.

Although I recognize many of the system executables and DLLs popping up, I'm at a loss to guess which of them merit "allow shared memory" (or whaterver) rules, so I'm too-often relegated to responding to popups with temporary "Allow" rules.

My point: Given a too-sparse default ruleset, a "strong" HIPS is subject to (and its effectiveness suffers from) cumulative user error(s) related to rule creation.

There are bugs in the implementation of MD's file protection. I will fix the bugs soon, and will redesign it in the near future.

Thanks,
Xiaolin

-{ Quote: "HIPS is not stronger than AV. It looks so because HIPS softwares do not draw as much attention as AVs do to hackers as the majority is using AVs rather than HIPS. -mj0011" }-
:thumb:

-{ Quote: "HIPS is not stronger than AV? That can be debated from both sides.

However, (and there's a danger of generalising here) with all things equal, the HIPS is much stronger than the AV.

Is HIPS ("default-deny") not stronger than AV?" }-

Maybe I should have used the word "superior" rather than "strong".

-{ Quote: "
Finally, does anyone remember the latest AV-comparatives test of "proactive detection"? This basically tested the ability of the AV program to detect unknown malware - the top score was 69%, and most of the other programs scored below 50%.
" }-

This is simply because AV vendors prefer usability than HIPS vendors do,rather than that AV companies do not have great programmers to write an effective but noisy HIPS. You may argue that HIPS can be not noisy,but to average Joes,it is not only noisy but also confusing.

-{ Quote: "HIPS is "superior" in the right hands. But in the wrong hands, it is nearly useless.
" }-

I think I've got my point here. The fact is that we have far more "wrong hands" than "right hands" in this world. Hips provides more security than AV. That's for sure,because few people try to break it. The advantage we have to average Joes is the knowledge we have,not the programs.

Guy's this is a great thread. Lets not get into the HIPS vs AV debate, doesn't really belong in this thread.

One user said he hoped the thread stayed open. It will if we stay on topic and avoid the big no no, personal swipes

Pete

-{ Quote: "The English version of MD 2.4.4 beta 1 is available here: http://www.torchsoft.com/download/md_setup_2.4.4_b1.exe. It addresses the third and most recent POC." }-

Nick S, did Xiaolin send you this beta link? I'm a registered user and the last email I got was for 2.4.3. I'm hesitant to install this one.

-{ Quote: "Nick S, did Xiaolin send you this beta link? I'm a registered user and the last email I got was for 2.4.3. I'm hesitant to install this one." }-
Xiaolin only posted the link in the Chinese forum. No email here either. That said, I've been running 2.4.4 beta 1 on my laptop since its release with no problems. My desktops still run 2.4.1.

Thanks Nick. Weird how no word from Xiaolin here or via email about this release. Where is the Chinese forum for MD?

http://translate.googleusercontent.com/translate_c?hl=en&sl=zh-CN&tl=en&u=http://bbs.kafan.cn/forum-80-1.html&prev=hp&rurl=translate.google.com&usg=ALkJrhjehtl4NoaXt3Da9fDcpyDFq_yCBQ

Thanks arran. I'm currently enjoying the avatars and animated gifs, not to mention trying to make sense of Google's translation. :)

-{ Quote: "Thanks arran. I'm currently enjoying the avatars and animated gifs, not to mention trying to make sense of Google's translation. :)" }-

Sandworm is a.k.a Xiaolin. :)

-{ Quote: "Thanks Nick. Weird how no word from Xiaolin here or via email about this release. Where is the Chinese forum for MD?" }-
The beta1 version does not fix all the bugs. I will release a new beta version soon.

Thanks.

It's an uphill battle finding sense in the translated bbs.kafan.cn forum pages.
The translation fell apart in handling idioms & phrases, I suppose.
"sand table" == sandbox ?
"cattle people" == cowboy (renegade? maverick?)
"rice card" == ???

A few of the stickied threads atop the forum hold some promise
title: md rules file and folder scope
and
title: Malware Defender resource index

-{ Quote: "It's an uphill battle finding sense in the translated bbs.kafan.cn forum pages.
The translation fell apart in handling idioms & phrases, I suppose.
"sand table" == sandbox ?
"cattle people" == cowboy (renegade? maverick?)
"rice card" == ???

A few of the stickied threads atop the forum hold some promise
title: md rules file and folder scope
and
title: Malware Defender resource index" }-
LOL :argh:
Sorry for OT.
"Cattle people" means people who's got skill. Literally it means someone who's strong like a bull.
kafan is the short form of "Kaspersky fans". The forum was founded for Kaspersky fans at the beginning. But now it becomes a general security forum.
Rice has the same pronunciation with fan in Chinese,and ka is somehow translated to card by google... :wacko:
I have no idea what sand table means. I'll try to figure it out. ;D