AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    -It probably can't. As I said: "the common consensus on this forum is that security software cannot protect from them."
    Do you have a source about Chrome protecting against it? Perhaps Chrome didn't/doesn't support the Truetype font, so it can't be exploited.
    -It's not a browser exploit, it is a kernel-exploit, the browser is just an application that happens to use to vulnerable Truetype font.
    They protect indirectly against exploits, each with their own mechanisms.(Since there aren't much testing reports available on exploits I don't know how effective they're. The exploiting of the vulnerability itself is not blocked, software like EMET can help with that.
    This includes browser and other(plugin, pdf, media etc.) exploits, but kernel exploits are another kind of exploit.
    Because if you exploit the kernel directly, you don't need to exploit another application like a browser first.
    The underlying part/core of the OS is vulnerable, throwing software on top of it doesn't fix that. A (perhaps not so good) comparison is a a bridge. If the piers of the bridge are not strong enough to prevent the bridge from collapsing under heavy load, fortifying the upper part of the bridge won't help much to prevent that.


    Sorry for the confusion. I know about that, but since the last few pages there was a lot of talking about exploits and Barb also posted about the internal test so I thought that was the main concern in the posts I responded to.
     
  2. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    This may have been a fluke but while running in locked down mode the appguard log (after many hours prior to checking it) showed that it was blocking changes to system space from applications that were never guarded. No ill effects were noticed but this doesn't seem normal. This included changes from notepad (unable to save) ini files after manually editing (which is when I was noticed and then checked appguard) to security programs (installed in program files)being unable to alter files within their own directory or system apps being unable to alter registry keys. It's only occurred once the last few days but it may be something to keep an eye out for as it *may* be an issue down the line. Hopefully it was just a fluke but the event logs are still here. (For now)

     
    Last edited: Aug 16, 2014
  3. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    First of all, thank for your answers, I thought you simply had enough of me and left, second I'm not the one who is claiming that Chrome has protection against TrueType font vulnerability, it was Malwar who posted me with private message.

    I also remember Fleischmann said the following:
    "Exploit a Chrome tab and you have extremely restricted file-system and registry access (not even read and write for both in all cases), you can't create new processes, can't read the clipboard and many other things. Exploit an Anti-Virus and you have admin rights, lol."

    Fleischmann also said:
    "From my understanding: just because there is a CVE for Chrome, it doesn't necessarily mean that it constitutes a sandbox escape and a full system compromise. For what it's worth it could just mean the ability to achieve remote code execution in a Chrome process, along with all the restrictions that come with it. Unless these restrictions are bypassed, the mere RCE doesn't give the attacker very much.
    It would be nice if someone, who is educated in these things, could verify or correct this assumption."

    so, what do you think?

    Malwar also said: Sandboxie's read and write protections are for keeping programs in the sandbox from reading and writing, Chrome has no read or write to the whole Windows file system.

    This is the main reason why everyone, with Google Chrome, should use AppGuard for an extra security:
    http://web.nvd.nist.gov/view/vuln/search-results?query=chrome&search_type=all&cves=on

    Malwar says that: "Most of those vulnerabilities were publicly disclosed after they were patched and were not used in zero days attacks on Chrome's users.
    Sandboxie can be used as additional layer of security but quickly checking through that list I didn't find many vulnerabilities that would allow attackers to bypass Chrome's sandbox."

    Supposedly, Chrome can be considered secure compared to other browsers. It uses system built-in security mechanisms (Windows Vista and above) and it has good sandbox-but I still don't believe it is the most secure web browser (far from it) and this is why I use AppGuard and Sandboxie.

    Malwar says that IE (Internet Explorer) 11 with Protected mode plus Smart screen filter (I think) only sandboxes iframes Chrome sandboxes everything and Chrome patches faster every sandbox escape has been patched in under 24 hours. IE has about a 99 percent malware blocking rate in realtime, Chrome has about a 84 percent rate and it warns about downloading .exe files, The blocking rate is NOT the amount of malware the sandbox blocks.''

    Important note: Of course I should stop now, but you can send me answer if this right or wrong within private message, since this is not really the subject of this thread.

    Boerenkoo you can answer here:
    https://www.wilderssecurity.com/threads/is-google-chrome-truly-that-vulnerable.365739/#post-2400799
     
    Last edited: Aug 18, 2014
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    For this thread the most important point. There is nothing wrong with discussing this in another thread.
     
  5. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    464
    Updated to 4.1.45.1 after AG notified me. Particularly appreciate the direct click on Activity Report in the GUI.

    Got a new popup when selecting Install as Protection Level

    AG install.JPG

    which I am unsure about, any comments?
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    That's normal. It is just re enabling AG protections.

    Pete
     
  7. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    Personally, I'd open a new thread but somehow I do not believe anyone would answer me, because I'm more like needle in haystack person (or I should say that I'm one needle in 10 trillion haystacks person), this is why I am sentenced to post private messages and hopefully I will get any kind of response whatsoever), until everyone lost nerves with me and start ignoring me with giving me no reply..
    And besides, it's August, people are on vacation btw, nuff-said.
     
    Last edited: Aug 18, 2014
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Coolwebsearch

    Please if you don't think someone would answer in a new thread, then re evaluate the need to post it in this thread. It just creates confusion for a new users looking for Appguard info.

    Thanks,

    Pete
     
  9. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,941
    Location:
    UK
    Just wondering if anyone who has the new version has noticed in the Windows Event Viewer under Applications, Event ID 1015 for Windows Installer (MSI) at every boot (failed to connect to server)
     
  10. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    646
    Location:
    Sydney Australia
    I was having that problem until I unchecked 'Periodically Check for AppGuard Updates' in the advanced tab.
     
  11. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,941
    Location:
    UK
    Thanks stackz, I'll give that a try to see if that stops it for me also.

    (wonder why it gives that error)
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Appguard uses MSIEXEC to check for updates.
     
  13. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,941
    Location:
    UK
    After unticking ''Periodically check for AppGuard updates'' on both XP and Windows 7 64bit, I can confirm that this stops the 1015 event viewer warning.

    On Windows 7 each event id 1015 warning is immediately followed by event id 1035

    These Windows Event entries only started happening after installing the new version. Perhaps Barb might want to comment on this.
     
  14. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    Sorry, I didn't visited this thread for a long time: my Appguard version - licensed - is 4.0.17.0 on 32 bit: there is any update or 4.1.45.1. is only for 64 bit ? Thanks.
     
  15. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    I'm running 4.1.45.1 on 32-bit.
     
  16. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    I checked out Appguard website. I am afraid Appguard is a hype. It talked a lot about how innovative and strong it is in protecting your PC, but these wording catches my eyes: "AppGuard doesn’t need to identify the threat, scan for viruses, update its software, or disrupt your activities to provide its protection. It easily and transparently extends its protection to your complete computing and network environment including documents, attachments".

    The statement in red color about appears to be BS to me, and the rest statement appears to be typical hyped marketing language targeted to non-tech general mass without critical and independent thinking. How could you prevent a potential threat, while you doesn't need, or does not have to identify that there is a threat first? This is against the basic logic. No matter what technique it uses, first you have to identify the problem, then deal with the problem. Without this first step, all the rest is pure BS. I assume its strategy is to stop any software installation that will install a driver, will modify some system files, whether the installation is user-initiated, or malware initiated. How convenient. My assumption is supported by this statement in the Q&A on their website:

    "http://www.appguardus.com/index.php/appguard/faqs

    6. I am having trouble installing a new software product. What should I do?

    When installing new software programs, open the AppGuard main interface.

    http://www.appguardus.com/images/graphics/AG_Install_4.png

    Reduce AppGuard’s protection level to Install mode, and the Install option will be displayed.
    If the software installation requires a reboot to complete, uncheck the Automatically resume ... checkbox.
    Remember to raise the protection level once the software installation is complete."

    At most, Appguard is simply a more advanced version of Windows UAC with fancy GUI, and maybe a whitelist of legitimate programs, but using the same principle as UAC.
    It recommends and encourages the concurrent use of other AV and firewall product. If it is truly so innovative, why not just tell its users to eliminate other outdated AV products and rely solely on Appguard?

    All logical discussions are welcome.
     
  17. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    Thanks, updated. ;)
     
  18. guest

    guest Guest

    i believe you don't know/understand what is an anti-executable; read this:

    AppGuard 4.x 32/64 Bit

    before criticizing a product , you should understand what it does.

    i run Appguard on one of my machine without any AVs and i am not yet infected even after i purposely launched some FUD 0-day malwares, they are just unable to run.

    to make it simple, imagine Appguard as a force-field around your house, nothing can pass unless you allows it . In comparison the AV will be a security guard that only protect you by using a list of unwanted people (the signature database).
     
  19. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    Yes I understand all that, anti-exe, App control, all the fancy stuff, and knows exactly what these do. Unfortunately it all comes down to the principle of white list. Windows UAC uses it, many other security uses it, so there is no magic here. Read my post again: "Appguard is simply a more advanced version of Windows UAC with fancy GUI, and maybe a whitelist of legitimate programs, but using the same principle as UAC." And tell me if you think this statement is not accurate.

    The most significant weakness of such kind of anti-exe, App guard/control is that it relies heavily on a users judgement on the safety of some programs. It will first block the unknown app from running, like the UAC, then if you say yes, it will allow the program to run, otherwise block. If the program is well known and in Appguard's while list database, then it will simply allow the program to run without blocking. Yeah I know all that, but to be honest, I don't know if I know if all other programs I am going to install is safe or not. In case I don't know but I do want to run it, App guard most likely will not help.

    I can tell you, I don't even need anything like Appguard to achieve the same level or better protection. I use Applocker that comes with Windows Enterprise to prevent any exe, com, msi, script and any other Windows executables from running from anywhere other than the C:\Windows and C:\Program Files folders. This way, any drive-by downlaods won't be able to run, and I can select what programs to run, just like what Appguard is doing. Only that Applocker is better because it's system level protection, while Appguard is still program level.




     
  20. guest

    guest Guest

    kinda indeed but you have far more options than UAC


    this the whole point of an Anti-executable/HIPS and similar softs; you have to know what you are running and if you are not sure you don't run it.

    if you are very thirsty and you find a bottle with a black liquid inside, will you drink it and hope you body immunity system will cure you if it is toxic? i guess no. Those kind of apps will ensure that nothing can run without your allowance, not to verify if the thing you run is good or bad.

    many people do not have access to Enterprise versions, so for those in this case (like me) , Appguard is a proper replacement.
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Oliverjia

    If you have questions, want to try Appguard, that is great. But all you have done in trying to rip apart Appguard is demonstrate you have no understanding of how it works. It doesn't need to have any knowledge of where something is a threat... It does indeed protect without that.

    Also I completely understand you may feel you don't need it, and that's fine, but then I don't see any need for you to post in this thread either.

    Pete
     
  22. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    Thanks for your reply. Yes that's what Appguard does. I mean, it's fine at what it is designed to do, but the description on its website is IMO a hype that is full of boast. There is nothing really new there, it's just another piece of anti-exe.

    I won't call Appguard "revolutionary new software product that stops computer viruses and malware – even zero-day malware – from harming you and your PC". Simple fact is, no it can not do what it claims to do without relying on the user's judgement for unknown programs. And reality is, not every user knows what should he/she does, therefore users need to rely on the security software to make the decision(at least to some extent) but not the other way around. So the real use of Appguard is limited.

    I am not against Appguard, I just feel there is too much hype and misleading information on its website.


     
  23. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    Can not believe this post is from a mod.

    If you think I don't understand how it works, then please, demonstrate that you understand with facts, not a simple general statement that I don't know. Tell me where is wrong in my post, I am here to learn.

    I understand you like Appguard so much, but if all you do is burying your head in the sand, and ask ppl not to share their opposing opinions, then FINE, I can leave this thread. But before I leave, you will have to demonstrate that what I said was either wrong or ignorant, using facts, not trying to shut me up using your privilege as a mod. That's not the way how you run a forum.

    The reason why I posted in this thread, as I stated in my post above, is that I don't feel comfortable seeing some hype and boasting marketing language, so I really want to learn what's so innovative and novel about it. Please do tell me, with facts.



     
    Last edited: Aug 19, 2014
  24. guest

    guest Guest

    nothing revolutionary but it does its job very very well. The rest is marketing , i won't blame them for that , the market is very populated and get a room in it is hard works

    anti-exec are in my opinion not destined to be used by beginners but people with some knowledge in computing.
     
  25. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    Please try the program and/or read the manual. Cause it's far more than just an anti-exe, the whole concept of guarded apps goes far behind anti-exe applications. With AG you can run apps but with hips type of restrictions (f.e. restrictions in memory read/write, restrictions for folders etc.)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.