64-bit systems and anti-malware software

Discussion in 'other anti-malware software' started by ssj100, Aug 6, 2009.

Thread Status:
Not open for further replies.
  1. ssj100

    ssj100 Guest

    So what will you guys do when you eventually move to a 64-bit system? I personally don't anticipate a move to a 64-bit system for another 5-10 years.

    I think 4Gb of RAM will be more than enough for my needs for at least the next 5 years. I am currently running on 2Gb of RAM, and I can do everything I need to with lightning speed. In fact, my computer/system is approaching 3 years old now, and it's still lightning fast and responsive with every program I personally use.

    I don't anticipate to purchase a new system for at least another 2-3 years. When I do, I will most likely move to a 32-bit Windows 7 platform with 4Gb RAM and whatever new generation processor is available from Intel.

    However, I can see that I will probably eventually move to a 64-bit system (unless I completely lose interest in computers, which might happen...10 years is a long time!). And so the question is what security software would I use then on Windows? It seems that my most favourite security application Sandboxie will never support 64-bit, period.

    I know that a lot of you guys out there favour DefenseWall and Malware Defender greatly too, but neither will support 64-bit either. So what will you do?

    I am aware that this is all quite hypothetical (especially from my view-point, since I don't intend to use a 64-bit system for at least another 5-10 years...I mean, the world might come to an end by then haha), but I am just interested to see some opinions here. Would any of you be willing to ditch DefenseWall in order to use a system that utilises more RAM? Would any of you be willing to ditch Malware Defender for the same reason?

    Or are there any other perspectives out there? Will we perhaps see Windows 64-bit systems become more compatitble with security software like Sandboxie, DefenseWall and Malware Defender in the future?
     
  2. arjunned

    arjunned Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    191
    I had Vista x64. But i missed Sanboxie so much, that i evently changed back to x86. I will probably get W7 x64 when its out. I dont know why sandboxie wont support x64 since in the future (dont know how many years down the line), most systems, i'm guessing, would be x64. But that doesnt mean i'm gonna stop using sandboxie.

    But then again, its good to know that app's like GeSWall will have a x64 version sometime later. Returnil has a x64 beta (v3).

    For now i guess CIS would be the best bet.
     
    Last edited: Aug 6, 2009
  3. arjunned

    arjunned Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    191
    CIS x64 is IMO very stable and very secure.

    I dont know if GeSWall x64 would as its x86. I'm guessing it might be a while untill they get it as secure.
     
  4. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Excellent thread ssj. Im intrigued to see peoples response since Im looking into moving into 64 bit computing when 7 comes out. Also I suspect 64 bit will become the standard within the next 2-3 years. I think you will end up switching sooner than you expect.

    Personally Im probably going to end up using LUA + SRP as my primary protection. Ive heard that many 3rd party vendors are issuing weakened products for x64, as opposed to finding a way to provide the same quality of protection without having access to the kernel. As such I wont be trusting 3rd party apps, unless some workaround is found or MS does away with Kernel Patch Protection.

    I expect that apps like DW and Sbie will make the transition to x64 once there is a sufficient number of users on those platforms, making it worthwhile for their developers to put in the necessary effort to make their apps 64bit compatible. Something which I think will happen in the next 2-3 years as I alluded to earlier.

    The question off course is whether their developers will be able to provide the same level of protection with Kernel Patching in place. According to wiki some security providers dont patch the Kernel for example Eset and some other AV/AM providers. So we know it can be done, but the question is can it be done for sandboxing, policy management, etc software which may need that kind of access, unlike AV/AMs. I suspect that even if they find a way to make their products work and work well, the level of protection offered just wont be the same.

    For those wondering what Kernel patch protection is check out wikipedia. It will give you an idea of why some products arent looking at x64 versions yet.
     
  5. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Yup ive heard something similar along those lines too. The thing is once there are a sufficient number of x64 users, developers WILL find a way to use that extra available RAM, making the move to x64 even more inexorable.

    Out of curiosity does x64 offer any other advantages other than being able to utilise more RAM?
     
  6. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    I think once there are enough x64 users they will back down. Even if that means producing a weaker product.
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    My son is now running Vista64 bits on his gaming rig, he will move to Windows 7 64 bits within a year or so.

    Setup now looks
    - UAC + Norton UAC tool
    - Windows FW 2 way
    - MSE
    - Old PGS version of Sully to ensure Software Restriction Policy (SUL :thumb: when do you release the RC without month liimatation :D )

    Setup will be
    - UAC, neglecting user initaited elevations
    - Windows FW 2-way
    - MSE
    - GesWall 64 bits

    I know he visists the riskier area's of teh Internet, but 64 bits ops are just great (okay now there is lacking third party security, but market share of the OS is so low that it has MAC/Unix like risk exposure).

    Regards Kees
     
  8. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    Out of curiosity, if you are thinking of going 64 in 5-10 years time (eons in computer technology) , why do you worry so much about Sandboxie?

    I have an image with Vista 64, and when I use it I have DeepFreeze with Anti-executable V3, an amazingly light but robust combination. The reason I haven't yet decided whether to stay with 32 or 64 is some of the drivers which activate some keys on my laptop don't work with 64 (nothing important really, but why miss out on some nice options?).

    Vista 64 is slightly faster than 32, and uses a little bit more memory. Opening up as many programs as possible it wouldn't use more than 1.6-7 GB of memory on my machine. Now if you are using 3-4 memory hungry programs simultaneously it will keep the same speed of operation as if you had only one program opened. This is definitely an advantage for designers and architects or scientists who use computers to produce models that can really push the machine specifications to its limits.

    PatchGuard is a great feature of x64. A lot of malware is inactive for the same reasons many anti malware applications don't work with it.
     
  9. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Hi Kees,

    The question is, will GesWall 64 offer the same level of protection as GesWall 32 if it cant patch the kernel? And if GesWall can do it, why cant DW or sbie?
     
  10. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    But the problem is malware can still find a way around it while legitimate apps aren't allowed to do so, right?
     
  11. Rules

    Rules Registered Member

    Joined:
    Mar 3, 2009
    Posts:
    536
    Location:
    Europa
    I'm using vista x64 for couple of year with OFP, Avira an Prevx edge, imo it's run very fast for me.

    So for the anti-malware software Prevx edge run fine and offer strong protection, MBAM too.


    Actually They have lot lot lot:p Trojan variant on the web and pro-active protection is most Welcome:)


    Sorry for bad english writing

    Rules.
     
  12. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Yup same here, which is why I have put my plans on hold and am considering other options which can work with x64.

    Thanks for the article you posted. Gives me a better idea of what tzuk (and the others) is/are up against.

    I doubt he would ever produce a sbie that was "full of vulnerability". But what happens as more and more people move over to x64. If MS produce a stable, competent OS with x64 ability as they seem to be doing with 7, I could easily see that happening within the next 2-3 years. I can easily see x64 becoming standard in 2-3 years time. Mac has already made the jump with Snow Leopard.

    What happens to Ilya, Xiaolin and Tzuk then? Either they find a way to make their products work with x64, or they create new products that can work within the limitations of the system or they leave the malware business altogether, perhaps leaving around stable releases of their products for those few stragglers still living in a 32 bit world.

    Assuming MS keeps patchguard, I think there is a chance they will find a way to make their products work with x64. Right now there is no real incentive for them to tear everything up and go looking for a way around this, as the market share isnt really there. But once its there, and it is financially viable to do so, I think they will start looking and if they look hard enough I think they might find a way around most problems with patchguard. I cant say that they will be able to produce something as strong as their 32 bit products, but I think they might be able to produce something close.

    Another question is how well does patchguard help thwart malware, and how easily malware can help bypass it. If lots of x64 machines are getting hosed, because malware writers are able to easily bypass it, and 3rd party security vendors arent able to provide proper protection and MS itself is unable to provide any proper protection, then I can see public pressure being heaped on MS to get rid of it. And in that case all our favourite security apps will be ported to x64.

    Im not a computer expert of any kind, so I could be totally wrong about all of this :D , but these are just my musings on the subject and some possibilities.
     
  13. demonon

    demonon Guest

    From you post ,ssj100, it almost seems to me you care more about your security setup then you do for your PC productivity.
    I personally have already switched to x64 on almost all my systems.
    And I have not looked back, but then again I also do not really care about sandboxie or malware defender.
    The only thing that I really need is an imaging software, and considering thatreturnil 2010 might support x64 I am totally happy.
     
  14. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    :thumb:
     
  15. s23

    s23 Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    263
    the new version of Prevx will have browser protection (through policies?)and some more things and will be compatible with x64 not is? someone from prevx can speak about?
     
  16. arjunned

    arjunned Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    191
    For me rite now, x64 isnt a necessity. I will shift to x64 once W7 is, by next year. Also becoz i find my Design applications (CAD, Max) are a bit more responsive in their x64 variables. (I'm an Architecture student and i'm going back to coll after a year). As for anti-malware, I'd stick with Outpost Pro and probable returnil when its outta beta.
     
  17. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    GW used windows internal mechanismes, that is why it so fast and does not have total untrusted file control like DefenseWall.

    At a driver level you can intercept access to files an registry, also in x64 so that is no problem. Vista allows no access to critical resources of objects with a lower rights, inter process security is also quite good at x64. Possibly they also do something with ownership at file and registry level. Vista knows virtualisation allready now (will be there until Windows 9) of regsitry and files. Only poblem objects running virtualised get virtual admin rights. No idea on how they will be able to use existing (LUA) mechanismes while circumvencing the limitations of other options (like virtualisation).


    I know Sully is progressing in making PGS a real power house with Software Restriction Policies, Using ownership of registry and file through a fake user (Surun acts in a simular way) and possibly x32 virtualisation in Vista/Win7. PGS will run on x64 also. In a way it is amazing what Sully might achieve with smart usage of Windows internals. When he can, why not the experts of GentleSecurity?


    They (GW) used to know windows internal mechanismes real well so they must have found ways to do it. I suppose it will be a combo of soft sandboxing (like HauteSecure wanted to achieve) with smart usage of x64 internals.

    Cheers
     
    Last edited: Aug 6, 2009
  18. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
    He already did.

    http://mrwoojoo.com/PGS/PGS_index.htm
     
  19. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Last edited: Aug 6, 2009
  20. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Kees:

    Thanks for the response. Do you think Ilya and Tzuk will be able to change the way DW and sbie work to utilise windows internal mechanisms and produce 64 bit versions of their products which are as powerful as 32bit?
     
  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    They will worry about (like Xioalin of MD), when 64 bits acquire a reasonable market share. Right now they have not developed Mac or Linux either, which have comparable share on the desk/lap-top market right now.

    Easiest way of migration would be
    a) a product with a different name to prevent their rock solid product brands, with limited features so they roam down to less PC savvy users.
    b) develop a new product based with same strentgh, but different protection mechanisme, maybe they could join forces
     
  22. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    :thumb:
     
  23. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Unfortunately, it's not that simple. At least, DefenseWal never relied on internal protection mechanisms of Windows because just one privilege escalation exploit can ruin both the defenses.
     
  24. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I feel that when Geswall is 64 bit ready, that it and something like Prevx will be a very secure setup.
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    dont forget to ask tzuk same question:argh: :D :argh:
    got it?
     
Loading...
Thread Status:
Not open for further replies.