iDefender (new HIPS for Windows)

I concur 100%. Don't know what it is about some of these computer security softwares from China, BUT THOSE I TRIED AND STAYED WITH were nothing short of very effective well coded innovations that worked great! They obviously are in a different precision mode when it comes to satisfaction and pinpoint efficiency.. The problem for the rest of us whom benefit from them is that they come and then just drop out of sight after a time.

 

I agree with you. Furthermore, in my opinion and speaking of paid software, not only from Chinese developers, the risk is more acceptable if the software is sold as a lifetime license with one-time payment, less if you have to subscribe for it. Maybe you pay for 3-4 years then the software is abandoned so you've spent a considerable sum of money and you are left with nothing.
Unfortunately nowadays lifetime licenses are very rare and most softwares, not only those related to cybersecurity, are subscription-based only. Other softwares that once were sold as lifetime licenses migrated to subscription model only (i.e GlassWire). I guess we have to live with this.

 

Yes, it rocked. For years I used SSM + VirusTotal and after that Neoava Guard + VirusTotal, no bloated, privacy invasive AV needed! And back then Windows Defender was a complete joke, Microsoft didn't care about AVs, until they saw an opportunity to make big bucks in the corporate cybersecurity industry.

Wow, totally forgot about this tool, I'm surprised the website is still up. I never did use it though.

All of them worked via kernel-drivers. But then came PatchGuard, so Microsoft locked down the kernel, that's one of the reasons why a lot of HIPS stopped development.

 

Yes, I'm not going to lie, I'm disappointed with the new SpyShelter 15, it's missing a lot of HIPS features. So that's why I was pleasantly surprised by iDefender, although the GUI could be better.

I don't think I would mess around with this stuff, it also mentions that you could hide processes via this feature? Now why would you want to do this? And I would need to have more info on what "Kernel Enhanced Defense" exactly is, because without it you should also be able to protect against most code injection methods, AFAIK.

I'm not going to lie, the world has changed in the last 15 years, so I'm not so sure if I would use software from certain countries. I would especially be careful with certain software like browsers and security tools, because they have full access to the system.

 

Wow, nice find. It seems to pass all of the Ransim tests?

I'm not sure if this was done by simply blocking access to folders though. Or if it's using advanced file monitoring techniques like HitmanPro.Alert and AppCheck Anti-Ransomware. And it's better to test it against actual malware samples, but the fact that it could block this simulator is a good sign.

https://www.knowbe4.com/free-cybersecurity-tools/ransim

 

This is tricky stuff though. I have read that security tools on macOS are a bit crippled because they don't have full kernel access. So in my view, it might make Windows less secure against advanced malware.

On the other hand, I also sometimes had to reinstall Windows because of badly behaved drivers, this would become a thing of the past with security tools running strictly in user-mode.

But ByteJams (new security company) claims they have already developed their security tool to run in user-mode, and it will work exactly the same, I wonder if they did use the new Windows API.

https://bytejams.com

 

Unfortunately I haven't found any info about it. As I wrote in a previous post the official iDefender website could explain both Free and Pro features in a more detailed way and / or the developers could make a PDF manual available for download, if a manual does exist.
I agree with you that iDefender Pro is able to protect vs. code injection but enabling "Kernel Enhanced Defense" provides a better protection, so it's a matter of personal choice.

 

About prices comparison both iDefender Pro and SpyShelter Pro currently are in Flash sale and I've just noticed that iDefender Pro includes also a one-time payment for a Lifetime license. I appreciate this because I don't really like having to pay a subscription to use a software but, as I wrote in a previous post, nowadays it seems that the subscription model is prevalent, not only for the software related to cybersecurity. Lifetime licenses are very rare but if I decide to spend some money for purchasing a software I prefer the latter option, if I can afford the cost of purchasing, of course.
Furthermore iDefender offers options for 1-device only too, unlike SpyShelter. As I need to protect only 1 device several months ago I asked in SpyShelter official forum if they could add a subscription for 1-device only, at a cost lower than 39.99 $ of course (someone alse asked for it too), but they did not accept our request. Here it is the reason:



In the past I purchased other softwares licenses then 3 years ago I had to purchase a new PC as the previous one had some hardware failures and it didn't even turn on anymore. I was able to transfer those licenses from the old PC to the new one without issues, both by myself (i.e OSArmor) or by contacting those software's support (i.e. MiniTool ShadowMaker Pro). Evidently with SpyShelter Pro this isn't possible, at least that's what I understood from their answer. In any case, why should I pay for 3 devices when I only have one ? In my opinion, not adding a 1-device option at a lower price, they will lose some potential buyers.

Here is the activation guide for iDefender instead.



iDefender Pro prices



SpyShelter Pro price

 

Spoiler

 

Nice, at the moment I haven't installed iDefender yet because I prefer to wait a little longer to get more information about this software, so I didn't know that the developer included those links in "About" tab. @Mr.X thank you for letting us know.

 

New version and a note about iDefender development.

 

I asked for such feature via email. Very responsive dev. Nice.

Spoiler

It started with v5.1.1, links missing in v5.1.0. I checked it.
Hope dev wants to participate in the forums as well.

 

Yep, I already noticed that he's also very quick on replying on GitHub issues webpage https://github.com/wecooperate/iDefender/issues. Out of 39 posts only 4 are in English but it's good place where to post questions directly to the developer.

 

I asked about Kernel Enhanced Defense and Process Hiding in GitHub issues webpage https://github.com/wecooperate/iDefender/issues/43

 

Furthermore the changelog's note demonstrates that he's listening to forums users' comments. Good sign.

 

I got the quick reply

 

I used it till they discontinued the development. Some little issue during the setting process, but it was very granular and strong.

 

I think it's time to focus on iDefender only

 

you meant an updated test of this one? https://odysee.com/@Shadowra:f/iDefender-Free-(Presentation-and-Reviews):e

Because yeah only free / default settings were used and it was not that effective

 

Yes, I mean a updated test by using the Pro version. 3 days ago Shadowra agreed to do it but at the moment I don't know when the test is scheduled.

 

What do you mean with not effective? You can't review this tool as an AV, its job is basically to warn users about certain behavior, and the user can then block (and terminate) this app. If malware can still do damage, then it has failed. And obviously these tools are meant for expert users.

 

This will make iDefender work like a rootkit, so it will try to bypass kernel protection features from Windows, like PatchGuard. It's probably a bad idea. So I'm not saying that these guys aren't legit, but this is reason enough for me NOT to use this tool.

Yes this is cool, it seems that these guys know their stuff.

 

This is nice, so even when they stop development, it will continue to work on Win 10/11 unless Windows Update breaks it. What I noticed is that it offers some features that SpyShelter 15 doesn't, like:

- Blocking execution of system processes
- Blocking of process hollowing
- Blocking of Direct Syscall attacks
- Blocking of raw disk modification
- Blocking of downloads via BITS service
- Blocking of Fileless Attacks (execution and network access)
- Blocking collecting information from browsers

And in the Pro version:

- Ransomware Detection
- DLL Sideloading Detection
- Code Injection Detection

I would like to get more info about which type of code injection methods are detected, and how they block Direct Syscall attacks, which is often used to bypass AVs and EDRs. And I also wonder how they block fileless attacks. It would be nice if it was tested against ransomware and infostealers, with AV turned off.

 

Maybe did I missed because my connection is so slow that the video was blurry
a bit too much

What I meant that it did not prompt for the launch of what she downloaded and marked as missed at the beginning of the review, and they were effectively launched if I’m not wrong

also it seems that it does not ask for anything prompted first by UAC?

 

I will have to watch the video again, but it's not clear to me if it was tested with AV enabled or not. I would actually like to see a test with AV is disabled.

So if malware is run, I would like to see the alerts that it generates, and if malware is being terminated or not. Now that I think of it, an ''autoblock'' function would be nice, not sure if this feature is already present.