DefenseWall Is Preventing Me From Installing RegRun Platinum 4.5

Discussion in 'other anti-malware software' started by CogitoErgoSum, Dec 31, 2005.

Thread Status:
Not open for further replies.
  1. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,046
    Ilya

    Is this the same as setting the sevice to start manually?

    2. Set "Start" field of the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dwall" registry key to "3" and restart.
     
  2. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Not exactly. It is for the driver, not for the service.
     
  3. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,046
    Changing the service would have a similar effect? and is a bit easier
     
  4. Ilya don't you agree that your job should help users find an easy way to disable DW? By easy i mean methods accessible in the GUI, not registry hacks, or forced deleting sys files.

    This sounds exactly like what you would do for malware, because they don't allow themselves to be shut down from within the program, and you need to do extra steps outside the program to shut it down.

    Granted, many malware are far more resistant then DW to shut down with multiple protecting services and programs.

    I appreciate your fear of malware processes easily shutting down DW, but
    for many users, if they don't find an easy way to shut down some software, they will yell malware. You surely don't want that to happen.

    As a compromise why not do a system like captcha. Whenever there is a requests that DW be shut down, a randomised series of images will be shown, and DW will only be shut down if the correct input is entered.

    It is highly unlikely that any malicious process will be able to beat it, and it has the advantage over passwords that, the system always runs even if the user does not borther to set up a password.

    Of course, the drawback is , it's possible that the malicious process is being guided by a real human intelligence.....

    Another question, what happens if 'netstop' is used against your service? How about providing a bat file or reg file to allow users to easily turn off DF?
    Any restricted process, which tried to exploit these methods would fail, since their child processes would not have sufficient privlages right?
     
  5. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    I just don't understand why somebody need to switch off the defense? I always thought that my job is to protect users, but not to disable their protection.

    In fact, all the anti-malware software must protect their defense core from being shutted down by the malware processes, as malware must protect themself from being shutted down by the user. But it doesn't mean that anti-malware softwate===malware. Yes, in this case there is the same ideology, and so on? If you don't like DW you can always uninstall it......

    I don't think so.

    I don't think it is good idea. If you know how the program generate the picture it is always possible to make recognize engine. It is too risky. I have no right for that.

    Nothing will happens. Service runnes only during the OS start process, after that it is inactive. You won't be able to stop the service which is not running. Anyway, the defense is 100% kernel mode, you will be unable to unload the driver.

    Yes, I could make it. Untrusted process won't be able to use it because of the DW restrictions. But, anyway, it will need restart that 1)changes start it's action 2)to clean up the untrusted processes zone. You will see two .reg files within the next release's package of the DW (1.5).
     
  6. devilish

    devilish Guest

    Well here's one very common reason- For testing to see if it is causing a conflict?

    Yes, and they all provide a relatively simple yet secure (not 100% nothing is) to shut it down temporarily, something your product doesn't.

    Well what if I only want to turn it off temporarily? As i said i appreciate your concern with helping to protect users, but i'm afraid such a policy where you don't allow users a simple way to shut down DF is going to lead to people abandoning your software.


     
  7. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    OK. Your arguments are reasonable. I'll integrate the "Disable/Enable" item into the DW context menu. But, anyway, user will have to restart their computer to make sure that, even if this action is initiated by the malware, all the untrusted processes will be closed before the protection will be disabled and malware won't get any advantages from this point. Also, the "Help" menu item will be integrated (some users can not find the help from the "Start"->"Programs"->"DefenseWall" menu). Next release (1.15) will be soon......
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.