What exactly does Winpatrol Free do?

Okay... on ako's freeware list it's described as a lightweight classical HIPS. But as far as I can tell, it's a poller, exclusively a poller, and nothing but a poller, with no capability to block anything.

I assume the freeware list is incorrect on this? Or does Winpatrol also use userspace hooking?

[Ibrad]

It using Polling but the PRO (PLUS) version uses hooking. It may not be your number 1 tool in computer security but its very handy

Ah, thanks... Unfortunately I figured as much.

[justenough]

Since I am still learning about this stuff, I have to ask, is polling as worthless as it sounds here? And is hooking a big enough improvement over polling to make it worth the upgrade?

Is polling worthless? Well... pretty much yes, AFAIK. Sure, a poller could tell you something bad happened after the fact, but there's no reason the malware couldn't subvert the poller and keep it quiet.

Is hooking that much better? Well for some sorts there are exploits that can bypass it (e.g. SSDT hooks and the TOCTOU thing)... I'm fairly hazy on that. Suffice to say it provides some protection, whereas polling provides none whatsoever and may not even give a useful warning.

Is it worth the upgrade? Well, seeing how sucky the free version appears to be I'm not sure I'd trust Pro...

[sg09]

Quote:

Originally Posted by Gullible Jones

Is it worth the upgrade? Well, seeing how sucky the free version appears to be I'm not sure I'd trust Pro...

Oops..

[Ibrad]

PLUS is worth it

[justenough]

Quote:

Originally Posted by Gullible Jones

Is polling worthless? Well... pretty much yes, AFAIK. Sure, a poller could tell you something bad happened after the fact, but there's no reason the malware couldn't subvert the poller and keep it quiet.

Is hooking that much better? Well for some sorts there are exploits that can bypass it (e.g. SSDT hooks and the TOCTOU thing)... I'm fairly hazy on that. Suffice to say it provides some protection, whereas polling provides none whatsoever and may not even give a useful warning.

Is it worth the upgrade? Well, seeing how sucky the free version appears to be I'm not sure I'd trust Pro...

I know nothing about polling and hooking, but these make me wonder about your post:

http://download.cnet.com/WinPatrol/3...-10129149.html

http://www.pcworld.com/downloads/fil...scription.html (look at user reviews there)

http://majorgeeks.com/WinPatrol_d3380.html (4.78 there)

http://www.techsupportalert.com/cont...world.htm#HIPS (used by author)

etc.

[bellgamin]

Quote:

Originally Posted by Gullible Jones

Is polling worthless? Well... pretty much yes, AFAIK. Sure, a poller could tell you something bad happened after the fact, but there's no reason the malware couldn't subvert the poller and keep it quiet.
...seeing how sucky the free version appears to be I'm not sure I'd trust Pro...

IMO that is quite accurate, as far as it goes. In a layered set-up, a HIPS can protect the poller's integrity while the poller checks security matters that are not within the scope of the HIPS.

However, I agree with Gullible that WinPat is "sucky". WP was great in its day, which is long passed -- nowadays there are many other apps that do similar jobs & do them much better.

If it's a poller, then AFAIK those are all completely wrong about the free version. Pro is another matter, though as I said, I'm still not sure I'd trust it.

[justenough]

Quote:

Originally Posted by bellgamin

IMO that is quite accurate, as far as it goes. In a layered set-up, a HIPS can protect the poller's integrity while the poller checks security matters that are not within the scope of the HIPS.

However, I agree with Gullible that WinPat is "sucky". WP was great in its day, which is long passed -- nowadays there are many other apps that do similar jobs & do them much better.

I thought WinPatrol, among other things, did something similiar to the program TinyWatcher, which you recommend. I remember this user's comment at CNET's review of TinyWatcher when I was looking into it a while ago: "if you want something like this and for free then get winpatrol."

But I don't know much about Windows security yet, so I just read and learn what I can. Can you suggest which modern apps you are thinking of that do similiar jobs? Thank you.

[Ibrad]

Wait till the next version is release, from what I have read its going to have a registry guard (Plus Only I think)

[JerryM]

Quote:

Originally Posted by bellgamin

IMO that is quite accurate, as far as it goes. In a layered set-up, a HIPS can protect the poller's integrity while the poller checks security matters that are not within the scope of the HIPS.

However, I agree with Gullible that WinPat is "sucky". WP was great in its day, which is long passed -- nowadays there are many other apps that do similar jobs & do them much better.

A couple examples of other that are similar and do better?
Thanks,
Jerry

[BillPStudios]

I think I can probably clear some questions up but I'm grateful for everyone's support.

The free version of WinPatrol does use a polling method to check for changes to your system. The polling time is something a user can configure based on their own worries. By default I worry more about new Startup programs than Cookies but everyone might not feel the same.

At all times during the 10+ years of WinPatrol development I have tried to balance a users need for regular performance and the danger of threats to their system. Having a tiny WinPatrol monitor work its best without interfering with other programs has been a big goal. In this case, lightweight is a complement.

As far as security goes, the free version has a great record of protecting users from systems changes and will help you clean up infections. If you download a program whose first goal is to format your hard drive then WinPatrol isn't going to help. Fortunately, there isn't much reward for malware writers to permanently damage your system. Instead, they want to get cozy on your system so they can strike when it's profitable. Having WinPatrol Free detect an infiltration while polling for changes is still effective.

As many of you have reported, the PLUS version of WinPatrol doesn't use polling and instead uses a real-time method based on certain triggers. You can read more at http://www.winpatrol.com/rid.html

Thanks,
Bill

[FanJ]

Quote:

Originally Posted by Ibrad

Wait till the next version is release, from what I have read its going to have a registry guard (Plus Only I think)

Would be interesting to compare that registry guard with RegGuard in RegRun.

[Ibrad]

Thanks for clearing things up Bill. By the way can't wait till Winpatrol 18, I thought about helping beta test but I figured I should only run one beta at a time

[FanJ]

Quote:

Originally Posted by Ibrad

Thanks for clearing things up Bill.

Yes, I fully agree.
Keep up the good work, Bill !

[bellgamin]

Quote:

Originally Posted by justenough

...user's comment at CNET's review of TinyWatcher when I was looking into it a while ago: "if you want something like this and for free then get winpatrol."

User is full of pablum.

TW is totally & solely a file integrity checker that executes on-demand. WP is a narrow-scope HIPS that runs in real-time.

[justenough]

If WinPatrol is still being actively developed, why do you say "WP was great in its day, which is long passed -- nowadays there are many other apps that do similar jobs & do them much better." What are they, because I would like to try them. In my experience WinPatrol is light and unintrusive, and is a good compliment to Sandboxie.

[sg09]

In my opinion Winpatrol is the easiest and effective HIPS in the market.

Quote:

Originally Posted by BillPStudios

I think I can probably clear some questions up but I'm grateful for everyone's support.

The free version of WinPatrol does use a polling method to check for changes to your system. The polling time is something a user can configure based on their own worries. By default I worry more about new Startup programs than Cookies but everyone might not feel the same.

At all times during the 10+ years of WinPatrol development I have tried to balance a users need for regular performance and the danger of threats to their system. Having a tiny WinPatrol monitor work its best without interfering with other programs has been a big goal. In this case, lightweight is a complement.

As far as security goes, the free version has a great record of protecting users from systems changes and will help you clean up infections. If you download a program whose first goal is to format your hard drive then WinPatrol isn't going to help. Fortunately, there isn't much reward for malware writers to permanently damage your system. Instead, they want to get cozy on your system so they can strike when it's profitable. Having WinPatrol Free detect an infiltration while polling for changes is still effective.

As many of you have reported, the PLUS version of WinPatrol doesn't use polling and instead uses a real-time method based on certain triggers. You can read more at http://www.winpatrol.com/rid.html

Thanks,
Bill

Bless you BillP!!

You and WinPatrol have set a standard for ethics,dedication,and integrity,that should be an example for all.

Some way,I am going to figure out how to work that little "yapper",Scotty,
back into my system!!


rat

[mike21]

I want to ask something as well.

When I go to services tab, why I can't right click and select "disable" or "remove", as I can with Start Up Programs tab?

[Victek123]

To appreciate Winpatrol you need to look at all of its' capabilities. It's not just a "lite HIPS". It has a great startup manager, BHO manager and running services tab to name just a few features. It brings together information that normally is accessed from many different locations in Windows. With regard to security it has definitely helped me spot problems, and makes it easy to kill auto-starting malware and infected BHOs. It's not a substitute for real-time AV & AS, however I've not found another application that's a good replacement for Winpatrol either. It's a "swiss army knife" of information

[siberianwolf]

Quote:

Originally Posted by Victek123

To appreciate Winpatrol you need to look at all of its' capabilities. It's not just a "lite HIPS". It has a great startup manager, BHO manager and running services tab to name just a few features. It brings together information that normally is accessed from many different locations in Windows. With regard to security it has definitely helped me spot problems, and makes it easy to kill auto-starting malware and infected BHOs. It's not a substitute for real-time AV & AS, however I've not found another application that's a good replacement for Winpatrol either. It's a "swiss army knife" of information

+1
totally agree!
wp free (and other decent free sec apps) ain't no privilege or a right. just an option, an option available out there which you can trust and get help from whenever u feel like having another simple yet effective layer of security.

even just for that, thank you so very much mr. bill and all other sw developers who (as stated by ratwing @post #21) "have set a standard for ethics,dedication,and integrity". keep up the good work! we luv tiny lil doggie!

[Threedog]

@ Victek123

The convenient information plus the tools is why I use it also.