Alternative to SSM for Vista

Well the title pretty much says it all.

SSM's not working for me under Vista. I get the message that a driver is missing. So I want to have your opinion as to what a good alternative would be that would work with Vista.

Thanks

 

I´m sure that almost all hooking apps don´t work on Vista
They need new versions with new technology

 

The "alternative" unfortunately is to do without until Microsoft opens up the Vista kernel to third-party security developers (judging from Agnitum Blog: Microsoft to open Kernel Patch Protection for third-party security vendors? this may not be until Service Pack 1 for Vista is released).

 

I won't even think of using Vista until M$ fixes this kernel lock-out issue. I'm finally happy with XP, so I am no hurry at all to fix something that isn't broken.

A Mickeysoft rep said that the main competitor to Vista will be XP. However, I can think of 2 other competitors. Maybe M$ intentionally neglected to mention those 2 other hit-men who are making a name for themselves in Cybercity -- namely, Big Mac & Linny.

 

I cant understand why people would want microsoft to unlock the kernel so that they can buy a program to protect it. The fact that the kernel is wide open in XP is the main reason we need all of the 3rd party security apps.

When things in the world dont seem right, it always comes down to the fact that there is money involved. The security companys around the world have made a ****load amount of money due to MS insecurites. Hopefully that party is over. I for one, if given the option to unlock, would never unlock the kernel.. that is unless I am getting bored and want to purchase some 3rd party apps to protect it!

So I cover by basis here ..Vista will have outbound protection so please no posts about how we need to unlock for 3rd party firewalls.

 

I tend to disagree because despite the fact that the kernel in Vista is locked down there are still needs for other security applications. A simple outbound firewall is not sufficient for the more security cautious folks.

 

There are so many ways to circumvent a firewall that its not even funny. So you want to leave yourself open to rootkits, ect to have a "better" firewall? Anyways, we dont know how good the firewall in Vista is yet. If as good or better then leave the kernel alone!!!

 

budfox touched some sensible points here.
I don't know about the kernel, whether hackers can crack it or not if it isn't public (that's the key issue).
And yes, of course 3rd party security vendors would try that, no need to suspect them, its business as usual. They sell a product that has to work. Period. No drama.

And plz don't strike Microsoft everytime you can. Yes they're huge, but it's not that they didn't work for it...
As for greed, now we're on another level, but greed is everywhere, and you don't see rich people like Bill Gates doing what he's doing to help others!
Not forgeting that Microsoft opened a "Window" for me. I don't know about you WINDOWS users...

 

...which can all be blocked using appropriate third party security software with Win2K/XP.

Vista's kernel protection is by no means a reliable protection against kernel-modifying malware - it can and has already been bypassed repeatedly. However if security vendors don't have a sanctioned method of implementing their protections, they then have to continually update to deal with Microsoft's counter-measures as well as new malware.

Malware authors on the other hand don't have to worry about making their creations work on every system, just a significant number. They don't have to provide technical help to users, offer refunds or deal with bad PR. Therefore keeping abreast of Microsoft's changes is far easier for them - giving them a major edge over security software providers.

 

First off Paraniod, a.k.a. agnitum, third party firewalls still leak. Here is a quote from a recent test of Outpost v4 from : http://www.matousec.com/projects/wi...lysis/Outpost-Firewall-PRO-4.0-(964.582.059)/

"Security

The security design of Outpost 4 is quite good but it still have major holes. Its vendor put stress on Anti-Leak protection that we do not test in this phase of our project. However, we have found many vulnerabilities that can be exploited by attackers to easily bypass this Anti-Leak protection as well as all other security mechanisms in Outpost. Not only the design but also its implementation is imperfect in Outpost. We have found components of Outpost that are more buggy than working. All these results in a very unstable application that is likely to have compatibility problems with common security software. Because of this, we can not recommend using Outpost. Vendors of widely used security products should have security level betatesters not only testers on the application level. It is clear that the development of Outpost missed this kind of testing. You can see public information about bugs we found in Outpost Firewall PRO in the following sections below. "


If the kernel can be bypassed already, you dont you (Outpost Firewall) use the bypass to hook the kernel?

Lastly how do you know that the latest gold version can be bypassed? I thought the only people running it where business users (as of today).. that is until its made avail to the public Jan 07.

 

FYI, I don't work for Agnitum and only speak on my behalf, not theirs. However if you read their blog (link above) it should make the problem clear - if they bypass it, Microsoft will issue a patch to block their bypass requiring them to find another way. Each time they do this, they have to test it, check that it doesn't conflict with previous versions or other software, release it to beta and then to the public - in the meantime dealing with complaints from users finding that Windows Update has disabled their firewall.

This is not new and has already happened with other software (see Windows Update disables Ghost Security).

It has been bypassed on multiple occasions in the past. It may be that Microsoft have managed to find the holy grail of an invincible kernel this time round, but that should arrive shortly after their invincible browser, email client and media player.

The restrictions really apply to the x64 version of Vista (and Windows XP) so security software may work better under the 32-bit version.

 

Discussed and dealt with here and here. Even in cases where the test runs (it won't even start on my system) it should be blockable by SSM, among others. Please, let's keep this thread on topic....

 

I have Vista RTM for evaluation installed dual boot with XP pro sp2. I believe you will find NO hips software that works with Vista until the developers get their hands on it officially or unofficially to redesign their driver. However with the bulk of Vista i think its going to be a big hit, although the networking gives me cause for concern since the TCP/IP stack was written completely from scratch. Only thing that would stop me using Vista is lack of firewalls for it. I own NOD32 and this is vista compat, but hips does not exist for V yet.

 

what about Kaspersky's PDM? well its more behavior blocker, but its still something.