Alternative to SSM for Vista

Discussion in 'other anti-malware software' started by stride000, Nov 30, 2006.

Thread Status:
Not open for further replies.
  1. stride000

    stride000 Registered Member

    Joined:
    Oct 14, 2006
    Posts:
    23
    Well the title pretty much says it all.

    SSM's not working for me under Vista. I get the message that a driver is missing. So I want to have your opinion as to what a good alternative would be that would work with Vista.

    Thanks
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I´m sure that almost all hooking apps don´t work on Vista
    They need new versions with new technology
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I won't even think of using Vista until M$ fixes this kernel lock-out issue. I'm finally happy with XP, so I am no hurry at all to fix something that isn't broken.

    A Mickeysoft rep said that the main competitor to Vista will be XP. However, I can think of 2 other competitors. Maybe M$ intentionally neglected to mention those 2 other hit-men who are making a name for themselves in Cybercity -- namely, Big Mac & Linny.;)
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,043
    Likewise. I've had a play with Vista RC1, but restored XP with images. I am receiving a new box today, that I order now rather than wait 4 months and get stuck with Vista. At the SP1 stage maybe.
     
  6. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    I cant understand why people would want microsoft to unlock the kernel so that they can buy a program to protect it. The fact that the kernel is wide open in XP is the main reason we need all of the 3rd party security apps.

    When things in the world dont seem right, it always comes down to the fact that there is money involved. The security companys around the world have made a ****load amount of money due to MS insecurites. Hopefully that party is over. I for one, if given the option to unlock, would never unlock the kernel.. that is unless I am getting bored and want to purchase some 3rd party apps to protect it!

    So I cover by basis here ..Vista will have outbound protection so please no posts about how we need to unlock for 3rd party firewalls.
     
  7. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    294
    I tend to disagree because despite the fact that the kernel in Vista is locked down there are still needs for other security applications. A simple outbound firewall is not sufficient for the more security cautious folks.

     
  8. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    There are so many ways to circumvent a firewall that its not even funny. So you want to leave yourself open to rootkits, ect to have a "better" firewall? Anyways, we dont know how good the firewall in Vista is yet. If as good or better then leave the kernel alone!!!
     
  9. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    budfox touched some sensible points here.
    I don't know about the kernel, whether hackers can crack it or not if it isn't public (that's the key issue).
    And yes, of course 3rd party security vendors would try that, no need to suspect them, its business as usual. They sell a product that has to work. Period. No drama.

    And plz don't strike Microsoft everytime you can. Yes they're huge, but it's not that they didn't work for it...
    As for greed, now we're on another level, but greed is everywhere, and you don't see rich people like Bill Gates doing what he's doing to help others!
    Not forgeting that Microsoft opened a "Window" for me. I don't know about you WINDOWS users...
     
  10. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    ...which can all be blocked using appropriate third party security software with Win2K/XP.

    Vista's kernel protection is by no means a reliable protection against kernel-modifying malware - it can and has already been bypassed repeatedly. However if security vendors don't have a sanctioned method of implementing their protections, they then have to continually update to deal with Microsoft's counter-measures as well as new malware.

    Malware authors on the other hand don't have to worry about making their creations work on every system, just a significant number. They don't have to provide technical help to users, offer refunds or deal with bad PR. Therefore keeping abreast of Microsoft's changes is far easier for them - giving them a major edge over security software providers.
     
  11. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    First off Paraniod, a.k.a. agnitum, third party firewalls still leak. Here is a quote from a recent test of Outpost v4 from : http://www.matousec.com/projects/wi...lysis/Outpost-Firewall-PRO-4.0-(964.582.059)/

    "Security

    The security design of Outpost 4 is quite good but it still have major holes. Its vendor put stress on Anti-Leak protection that we do not test in this phase of our project. However, we have found many vulnerabilities that can be exploited by attackers to easily bypass this Anti-Leak protection as well as all other security mechanisms in Outpost. Not only the design but also its implementation is imperfect in Outpost. We have found components of Outpost that are more buggy than working. All these results in a very unstable application that is likely to have compatibility problems with common security software. Because of this, we can not recommend using Outpost. Vendors of widely used security products should have security level betatesters not only testers on the application level. It is clear that the development of Outpost missed this kind of testing. You can see public information about bugs we found in Outpost Firewall PRO in the following sections below. "


    If the kernel can be bypassed already, you dont you (Outpost Firewall) use the bypass to hook the kernel?

    Lastly how do you know that the latest gold version can be bypassed? I thought the only people running it where business users (as of today).. that is until its made avail to the public Jan 07.
     
    Last edited: Dec 1, 2006
  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    FYI, I don't work for Agnitum and only speak on my behalf, not theirs. However if you read their blog (link above) it should make the problem clear - if they bypass it, Microsoft will issue a patch to block their bypass requiring them to find another way. Each time they do this, they have to test it, check that it doesn't conflict with previous versions or other software, release it to beta and then to the public - in the meantime dealing with complaints from users finding that Windows Update has disabled their firewall.

    This is not new and has already happened with other software (see Windows Update disables Ghost Security).
    It has been bypassed on multiple occasions in the past. It may be that Microsoft have managed to find the holy grail of an invincible kernel this time round, but that should arrive shortly after their invincible browser, email client and media player.

    The restrictions really apply to the x64 version of Vista (and Windows XP) so security software may work better under the 32-bit version.
     
  13. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Discussed and dealt with here and here. Even in cases where the test runs (it won't even start on my system) it should be blockable by SSM, among others. Please, let's keep this thread on topic....
     
  14. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    :D :D :D
     
  15. TECHWG

    TECHWG Guest

    I have Vista RTM for evaluation installed dual boot with XP pro sp2. I believe you will find NO hips software that works with Vista until the developers get their hands on it officially or unofficially to redesign their driver. However with the bulk of Vista i think its going to be a big hit, although the networking gives me cause for concern since the TCP/IP stack was written completely from scratch. Only thing that would stop me using Vista is lack of firewalls for it. I own NOD32 and this is vista compat, but hips does not exist for V yet.
     
  16. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    what about Kaspersky's PDM? well its more behavior blocker, but its still something.
     
Thread Status:
Not open for further replies.