Malware Defender 2 beta

Discussion in 'other anti-malware software' started by xiaolin, Dec 29, 2008.

Thread Status:
Not open for further replies.
  1. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    To ,.-
    Thanks for the bug report. :)
     
  2. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    I will test it. Thanks.
     
  3. wat0114

    wat0114 Guest

    Thank you for the clarification, xiaolin. Did you see my possible bug report in post #39, or is MD not intended to fully function under a limited account? Thanks in advance!
     
  4. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    Hi Xiaolin.

    Let say someone want to block every executables creation at the root of the Documents and Settings folder because he knows that the only things that goes there are normal and hidden folders. The natural behavior will be to make rules with the "deny" option for "files only" using the write permission. By doing so and not creating a whitelist for antimalware programs we're using, we're creating two kinds of protections: a protection against malwares trying to write/copy themselves at the specific location and a protection FOR malwares as antispywares, antivirus and other softwares will not be able to remove the file due to "write" which include the create and delete permission in the same package.

    That's why, in my opnion, that the implementation of create, read, modify and delete as separate permissions is important. Having only read and write permission (implemented as: read=read & write and write=create & delete) for file protection is somewhat extremely restrictive, a little bit confusing and it makes rules conceptualization very hard.

    Alcyon.
     
    Last edited: Jan 2, 2009
  5. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    I will separate the write permission to create/write/delete.
    Thanks.
     
  6. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    MD need administrator privileges to work properly. I will verify the possibility to make MD running under limited accounts.
     
  7. wat0114

    wat0114 Guest

    Thank you xiaolin. At least the flexibility in XP Pro allows me to work around the limitation.
     
  8. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    295
    Hi Xiaolin, is it possible to add an option to MD to tell it to use a fixed .sys filename instead of a random one? My other security programs kept saying that MD had suspicious actions when creating a driver with such a randomized name. I understood that this might be used to enhance MD's self-defense against malwares but I would rather prefer this as an option for compatibility reasons.

    Thanks.
    Lu Chin
     
  9. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    I got a blue screen when I tried to transfer dozens of Garmin mapsource files (in total about 400 MB) to my Garmin GPS via USB. MD was running in learning mode. I did not get a blue screen when I tried again and MD was completely shut down. I believe that this is probably the same bug as reported before. (I did not have the time, however, to repeat and verify this finding. Need to pack my bag for a snowshoe trip. Yeeha!)
     
  10. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    I will think about it.

    There is a benefit of using random driver name. If you upgrade to a new version, you can run MD without reboot.
     
    Last edited: Jan 3, 2009
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yes please but only as an option (detail), so I only have to specify with certain files.

    Is it possible to differentiate between driver loading and installation also

    Thanks
     
    Last edited: Jan 3, 2009
  12. spidey

    spidey Guest

    My vote would be to leave the random driver name as it is. This is a nice benefit!
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    As good as MD is i also favor the random driver name because sooner or later malwares dogs are gonna be trying to compromise the sharp features xiaolin is been making his way to place into it as an added protection.
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I agree but to solve the problems of some others, it,s best to be optional.

    BTW wilders has no more official HIPS forums. So why not MD? :D :D
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Hi xiaolin!

    U r working hard. Let me suggest something. If u are serious to make some money, you need to implement default mode( for dummies) and an advanced/ custom mode in MD.

    Default mode is for dummies. It might have just simple execution/ dll/ memory acess etc conttrol without complex child parent control, without detailed registry defence and having very basic file defence. Also this mode should auto allow everything on C partition/ drive( scanninf C:\ and making allow/ trusted rules for everything there) and should have a huge whitelist. Look at OnlineArmor, AppDefend and Process Guard but I believe it can be made even simpler and user friendly.

    Keep all other complex parent child control, full reg defence and detailed file defence for advanced mode that is for security freaks.

    Just my idea. :) I has suggested same thing to Comodo people but not sure if they ever listened to it.
     
    Last edited: Jan 3, 2009
  16. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    295
    Thanks Xiaolin, a simple option to override the default random driver name will be good enough for folks who prefer.

    Lu Chin

     
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Great suggestion aigle

    That way a new user could simply go with the basics without worry or learning and the more inquisitive & experienced can do their own thing.

    I second that motion. Is reasonable/logical no doubt.

    EASTER
     
  18. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    976
    The network module doesn't work at all for me in Vista 32. Learning mode adds no new network rules and even manually added DENY rules have no effect. Everything else seems to be running fine.
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    your signiture looks great:thumb:
     
  20. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    Sorry, I forgot to mention that the network protection feature does not work on Vista RTM(SP0). You must upgrade to vista SP1 if you want to use the feature.

    There is a warning message, but you will not see it if you install the beta on old version.
     
  21. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    Many thanks for the suggestions. :)
     
  22. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    976
    I am using SP1. I uninstalled and reinstalled again with the same result.
     
  23. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    I'm running 2.0.0 b2 on three Vista SP1 systems without any problems. Are you running a software firewall? The first beta had issues, I believe, with Jetico, LNS, and, in my case, Vista's firewall.

    Nick
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    me too here without any problems vista sp1:thumb:
     
  25. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    976
    Hmmm... nothing else installed except Avira and Sandboxie.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.