64 Bit HIPS ?

Discussion in 'other anti-malware software' started by shadowcastpm, Oct 2, 2007.

Thread Status:
Not open for further replies.
  1. shadowcastpm

    shadowcastpm Registered Member

    Joined:
    Oct 1, 2007
    Posts:
    14
    Hi, I am currently looking for a full blown HIPS that supports 64 bit, so far I have only come across Ghost Security, which I am not a fan off to be honest.

    After researching into HIPS applications I have found SSM, ProSecurity and Click'n'Safe, although none of the HIPS support 64 bit =(

    Any recomendations would be nice?

    Thanks.
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Prevx2 supports x64
     
  3. shadowcastpm

    shadowcastpm Registered Member

    Joined:
    Oct 1, 2007
    Posts:
    14
    Thanks for the info =) Much appreciated

    Although Prevx2 is a bulky application =(, plus it is not as powerfull as other HIPS mensioned above.
     
    Last edited: Oct 2, 2007
  4. ghiser1

    ghiser1 Developer

    Joined:
    Jul 8, 2004
    Posts:
    132
    Location:
    Gloucester, UK
    Putting Prevx 2.0 in expert mode will give you more HIPS functionality.
     
  5. shadowcastpm

    shadowcastpm Registered Member

    Joined:
    Oct 1, 2007
    Posts:
    14
    Thanks, i'll give it a try =)
     
  6. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?

    Attached Files:

    Last edited: Oct 2, 2007
  7. shadowcastpm

    shadowcastpm Registered Member

    Joined:
    Oct 1, 2007
    Posts:
    14
    thanks looks good..
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    HIPS can't hook the kernel in x64. Not Comodo. Not Prevx. Not nobody. They gotta use API. Ergo, blatz - I will use WinXP until whenever, & then... something (ANYthing) besides Vista.
     
  9. ghiser1

    ghiser1 Developer

    Joined:
    Jul 8, 2004
    Posts:
    132
    Location:
    Gloucester, UK
    There are other legitimate ways to "hook" the kernel. You don't have to patch the service descriptor table. APIs don't necessarily mean userland and they don't necessarily mean you lose protection.

    For example, Prevx 2.0 on 64-bit XP and 64-bit 2003 Server is fully functional.
    Not all of it is implemented in the same way as on the 32-bit kernels but it is fully functional; much of the implementation is common to both 32- and 64-bit.

    Prevx 2.0 on 64-bit Vista is 98% functional and the missing pieces we need for the other 2% are available in the upcoming Vista Service Pack 1.
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Prevx 2.0 by no means covers the full range of potentially-*dangerous*-behaviors as do (for instance) SSM and ProSec. Which is not to say that Prevx is necessarily less protective. Prevx's community-based concept is fundamentally different from those of SSM, PS, et alia.

    For those who have no objection to being tied to an online database, that's fine. It's just NOT my cup of tea. I much prefer stand-alone.

    In my view, Vista x64 has (at this stage) thrown the baby out with the bath water. That is, in protecting the kernel from bad guys, Vista has equally blocked true HIPS-type protective efforts of good guys.

    Vitali (SSM) & Jei (PS) both are still struggling to produce effective protection given the present status of Vista. I doubt that Prevx & Comodo have found some magical solution for providing full-blown "classical" HIPS-type of protection within the constraints of Vista's lock-out. Instead they have taken different and (in my opinion) lesser approaches.
     
  11. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    There is an AppDefend beta which hooks the kernel fine in XP64 and 2003 x64. You just need to have a MS update removed which they released sometime after I did it which undid the particular method I was using.

    It's possible. And when the next beta is out I will be working on what they modified so it will work even without removing their patch.
     
  12. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    @Jason -- best of British luck to ye. Please keep us posted. If you lasso this dogey, I instantly become a *high probability customer* :thumb:
     
  13. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    I agree.

    Comodo is very refreshing.

    Seems not so according to Jasons remark below.

    So what now?

    One says it is possible another says it isn´t possible.. could someone clarify this whole story?!

    Maybe we should open a new thread about the Vista kernel and what kind of possibilities we have.
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Just goes to show --

    There never was a horse that couldn't be rode.
    There never was a cowboy that couldn't be throwed.

    Jason found a "way in." No doubt the black hats will, too. Difference is, if the black hats get in, then their reward may run to 6 figures. Biiiig bucks! If Jason succeeds, then *maybe* some of us folks will spend 20 or 30 bucks for Jason's AppDefend.

    Such being the case, I wonder who will work harder & longer to get into Vista's knickers -- the HIPS guys or the black hats? :shifty:
     
Loading...
Thread Status:
Not open for further replies.