What exactly does Winpatrol Free do?

Okay... on ako's freeware list it's described as a lightweight classical HIPS. But as far as I can tell, it's a poller, exclusively a poller, and nothing but a poller, with no capability to block anything.

I assume the freeware list is incorrect on this? Or does Winpatrol also use userspace hooking?

 

It using Polling but the PRO (PLUS) version uses hooking. It may not be your number 1 tool in computer security but its very handy

 

Ah, thanks... Unfortunately I figured as much.

 

Since I am still learning about this stuff, I have to ask, is polling as worthless as it sounds here? And is hooking a big enough improvement over polling to make it worth the upgrade?

 

Is polling worthless? Well... pretty much yes, AFAIK. Sure, a poller could tell you something bad happened after the fact, but there's no reason the malware couldn't subvert the poller and keep it quiet.

Is hooking that much better? Well for some sorts there are exploits that can bypass it (e.g. SSDT hooks and the TOCTOU thing)... I'm fairly hazy on that. Suffice to say it provides some protection, whereas polling provides none whatsoever and may not even give a useful warning.

Is it worth the upgrade? Well, seeing how sucky the free version appears to be I'm not sure I'd trust Pro...

 

Oops..

 

PLUS is worth it

 

I know nothing about polling and hooking, but these make me wonder about your post:

http://download.cnet.com/WinPatrol/3000-8022_4-10129149.html

http://www.pcworld.com/downloads/file/fid,22728-page,1-c,security/description.html (look at user reviews there)

http://majorgeeks.com/WinPatrol_d3380.html (4.78 there)

http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm#HIPS (used by author)

etc.

 

IMO that is quite accurate, as far as it goes. In a layered set-up, a HIPS can protect the poller's integrity while the poller checks security matters that are not within the scope of the HIPS.

However, I agree with Gullible that WinPat is "sucky". WP was great in its day, which is long passed -- nowadays there are many other apps that do similar jobs & do them much better.

 

If it's a poller, then AFAIK those are all completely wrong about the free version. Pro is another matter, though as I said, I'm still not sure I'd trust it.

 

I thought WinPatrol, among other things, did something similiar to the program TinyWatcher, which you recommend. I remember this user's comment at CNET's review of TinyWatcher when I was looking into it a while ago: "if you want something like this and for free then get winpatrol."

But I don't know much about Windows security yet, so I just read and learn what I can. Can you suggest which modern apps you are thinking of that do similiar jobs? Thank you.

 

Wait till the next version is release, from what I have read its going to have a registry guard (Plus Only I think)

 

A couple examples of other that are similar and do better?
Thanks,
Jerry

 

I think I can probably clear some questions up but I'm grateful for everyone's support.

The free version of WinPatrol does use a polling method to check for changes to your system. The polling time is something a user can configure based on their own worries. By default I worry more about new Startup programs than Cookies but everyone might not feel the same.

At all times during the 10+ years of WinPatrol development I have tried to balance a users need for regular performance and the danger of threats to their system. Having a tiny WinPatrol monitor work its best without interfering with other programs has been a big goal. In this case, lightweight is a complement.

As far as security goes, the free version has a great record of protecting users from systems changes and will help you clean up infections. If you download a program whose first goal is to format your hard drive then WinPatrol isn't going to help. Fortunately, there isn't much reward for malware writers to permanently damage your system. Instead, they want to get cozy on your system so they can strike when it's profitable. Having WinPatrol Free detect an infiltration while polling for changes is still effective.

As many of you have reported, the PLUS version of WinPatrol doesn't use polling and instead uses a real-time method based on certain triggers. You can read more at http://www.winpatrol.com/rid.html

Thanks,
Bill

 

Would be interesting to compare that registry guard with RegGuard in RegRun.

 

Thanks for clearing things up Bill. By the way can't wait till Winpatrol 18, I thought about helping beta test but I figured I should only run one beta at a time

 

Yes, I fully agree.
Keep up the good work, Bill !

 

User is full of pablum.

TW is totally & solely a file integrity checker that executes on-demand. WP is a narrow-scope HIPS that runs in real-time.

 

If WinPatrol is still being actively developed, why do you say "WP was great in its day, which is long passed -- nowadays there are many other apps that do similar jobs & do them much better." What are they, because I would like to try them. In my experience WinPatrol is light and unintrusive, and is a good compliment to Sandboxie.

 

In my opinion Winpatrol is the easiest and effective HIPS in the market.

 

Bless you BillP!!

You and WinPatrol have set a standard for ethics,dedication,and integrity,that should be an example for all.

Some way,I am going to figure out how to work that little "yapper",Scotty,
back into my system!!


rat

 

I want to ask something as well.

When I go to services tab, why I can't right click and select "disable" or "remove", as I can with Start Up Programs tab?

 

To appreciate Winpatrol you need to look at all of its' capabilities. It's not just a "lite HIPS". It has a great startup manager, BHO manager and running services tab to name just a few features. It brings together information that normally is accessed from many different locations in Windows. With regard to security it has definitely helped me spot problems, and makes it easy to kill auto-starting malware and infected BHOs. It's not a substitute for real-time AV & AS, however I've not found another application that's a good replacement for Winpatrol either. It's a "swiss army knife" of information

 

@ Victek123

The convenient information plus the tools is why I use it also.

 

Services have options available to change their status which are much more flexible than startup program. If you click on Info... you can change that status. Instead of disable you can set it to Manual, Disabled or Automatic.

Since these options are built into Windows it allows WinPatrol to use the same convention as other programs.

For instance, WinPatrol's "Disable" is different the what MSConfig does. Changes to Services will be reflected in the same way if you use the Services.msc app.

Having a "Remove" is something on my list and as I see more malware being installed as services the priority will increase. Right now letting folks set a Service to manual is less risky then someone removing a required Service by mistake. Removing the wrong service could easily turn a Windows PC into a brick. I'd like to make sure this never happens.

Bill