Screenshot from next GSS build

lol no no..still champions league was fine achieved!....but at the end has nothing to do with Portugal (as a country) indeed! my excuses!

 

Really, no problem...

 

I was discussing the dynamic stopping of services would most likely go into AppDefend. Permanently stopping the service/driver through the registry will still occur if you don't have something like RegDefend installed.

Again you can manage to protect yourself against this with the free version of RegDefend, you just miss out on the other benefits of the full version.

 

Jason... while we are on the subject.

Is there any possibility to have a minimum "full" version of RD while purchassing AD ? Personally i do not care as i have both product, but immagine that scenario:

1) Client X does not want a registry protector.
2) Client X have a fear of rootkit
3) Client X have seen on GSS website that appdefend protect againt those
3) Client X buy appdefend
4) Client X run an infected file. He allow it to run as he think it come from a trusted source.
5) The inside the "trusted" file is a "trojan-horse-like" rootkit that install itself using normal driver method. This is done by using registry not covered in appdefend.
6)Rootkit have access to ring0 and render appdefend 100% useless

7) Client X think appdefend is a scam as it did not protect against rootkit as advertised on the website


---------------------------------------------

The easiest solution is to provide a mini or lite licencese of RD when you buy AD. This can allow you to fully protect like 5 key of your choice. Those key are setup by default to the install driver keys. RD can then work in 3 mode:

Enabled : Limited free version
Enabled : Lite version: only alert of those key
Disabled.


If you buy RD you migth get a feature of AD free too. Eg block physical memory access. This will prevent a rogue program to disabel RD.

 

Hi f3x,

I don't advertise AppDefend as the "ultimate/perfect" protection package. AppDefend covers what it covers (mostly pertaining to process protection and other related activities), and what it covers does not offer complete system protection.

I leave it up to the user to decide if they do or do not want AppDefend or RegDefend, as they can be either disabled or enabled. I also offer free versions of AD/RD so if you only want one you still get something useful out of leaving the other enabled. If anything I am heading towards "Ghost Security Suite" being the ultimate collection of tools to keep systems clean and the users informed, not any one particular module.

 

Jason,

what are the features disabled on free version of AD?

 

From web page:

-----------------------
What does AppDefend protect against?
• Rootkit Installations
....

-----------------------

I do know about one part being covered by RD rather than AD because i spend a lot of time on those forum. However the general public when reading that will say AppDefend protect against rootkit installation. While in fact it protect against some cases not covered by RD. In any way some adjustement migth need to be done. Maybe pointing on the web page that some feature of AD need RD to complete the coverage is a better solution for you. This unfortunately happens when we try to simplify feature for marketting purpose, you end up saying thing that are not completely true.

I understand your point of view as i am myself going on the path of full GSS
However some clarification migth need to be done on the interaction between the products.

In my example, I did not imply appdefend was a perfect security product, I only imply it was doing *as advertised* on the website. Now that i think of it it migth be simpler of changing the advertisement than changing the program itself

 

Hi f3x,

That bullet point on the website should be clarified, I will update it soon. A lot of rootkits (most) use the methods that AppDefend covers (the undocumented ones). Whilst it is true a driver can still be installed in the "normal" way, it isn't usual for rootkits, which is why I used that terminology.

I agree it is hard to know all the "specific details" unless you follow security very well, like you do. That is why I encourage people to use all of GSS rather than only parts, and why there are free versions available. The average Joe can barely use an AV scanner, let alone something like AD/RD. Which is why it is important for developers like myself to ensure they are adequately covered without them fully knowing "why". As GSS progresses I hope to make it easier and easier to use, each new version should make it more accessible.

 

What was listed previously as being disabled on the free AppDefend will most likely be updated soon. A lot of work has gone into the new version making it a lot different and as yet have not made any more decisions regarding what features will be cut.

The beta versions of AppDefend have no feature limitations regardless of the length of trial.

 

There ever was something listed ??

Unfortunately the current licensing scheme (all licence separate for module and no way to buy the complete suite) make does not emphasis on teh idea that all componment works together. However i know it is quite a tempoary solution while appdefend is in beta.

 

Any news of the upcoming alpha / beta ?
4 weaks seamed to be long... back in the time

https://www.wilderssecurity.com/showthread.php?p=762397#post762397

 

Seven weeks. So quick.
Has the alpha been released?

 

Nope, we're still waiting after all these................................weeks/months.

 

How do you count berng ?

Since May 31 .... were more around 3-4 week than seven.

 

4 weeks in June and 3 in July.

 

I'm sure that Jason has his reasons for taking longer and I expect one of them is that he is making sure that he maintains a high standard for the product that he is delivering

It might be nice if Jason gave progress updates if his estimated dates slipped a little, that way people wouldn't have to keep coming back and checking...

 

I guess that this would be more correct:

I fully agree with gottadoit.

I know it'd ruin all the discovery / fun effect however a current changelog or a nigthly/weekly cvs or anything that can show some progress would also make ppl stop worying about their beloved security app

 

And I also agree with gottadoit. But I guess we're talking to the wind. In this and other threads we've asked Jason over a dozen times for timely updates.

 

I found this thread which mentioned about the Ghost Security Suite 1.11beta. Is it a new or an old one?

https://www.wilderssecurity.com/showthread.php?t=139591

 

Well, i can understand why Jason does not want to give any dates anymore, so far every estimate he has given has been totally inaccurate so far, it was first said (jan 5th) the next beta would be out in 1-2 weeks, then when defenestration asked what had happened to it (feb 4th), the answer was that, he had decided to implement new functionalities, 4½ months later................. someone asks again and is given the answer that the next beta is 4 weeks away in his estimate....this is now 7 weeks ago and no alpha/beta yet.

Just for the record, i'm as anxious to see the new beta as everyone else, just laying out the facts as i see them, i'm sure there are good reasons why things are progressing this slow.

 

Thats just the update (driver, i think), that can be very hard to install, you have to be fast with the mouse, at least thats what i think.

 

That is an old one, I believe that this new one coming will be version 1.2.x

 

As an update, the public alpha will be given out to the private testers tonight (just to make sure nothing major has slipped up), and the public release to those who signed up will be occuring tomorrow.

 

Good to hear Jason - Looking forard to trying it

Pilli

 

Where exactly do i sign up...or is this us who have payed for RD/AD who will be notified?