AppGuard 4.x 32/64 Bit - Releases

Discussion in 'other anti-malware software' started by Jryder54, Oct 29, 2013.

Thread Status:
Not open for further replies.
  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,605
    Location:
    USA
    I upgraded to 4.1.45.1 so far so good. I'm using Windows 7X64 Ultimate.
     
  2. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,975
    Location:
    Boston, MA
    Ditto. Just upgraded today. No issues noticed yet. Running Win 8.1 64bit.
     
  3. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    Does it mean Appguard is less secure than other software products? No, no way. But that BoerenkoolMetWorst's post about AppGuard truly worried me:
    He specifically said:
    !There is software that I need on my computer but don't like or don't trust fully that I cannot run as Guarded. For example: DRM from games, Logitech Setpoint(I need it for full functionality of my mouse, but it's very invasive software; hooking and injecting around.) etc. So I guess it's more about control than real extra security."

    In this context I've got the feeling that BoerenkoolMetWorst is trying to say that in order to have greater control AppGuard sofware developers had to lower security level, and that AppGuard, because of these facts that BoerenkoolMetWorst mentioned, is less secure than it was before-I don't know if this is true or false, but this is exactly what impression this sentence has (at least in my mind).

    I hope Windows_Security, BoerenkoolMetWorst and Barb_C can answer this, but informations that I have collected from Malwar: He specifically said that previous win32k.sys vulnerability/exploit (which is now patched) for example SBIE4 could not protect against no matter how tight SBIE4 configured is because win32k.sys exploit does not need to start/run to access the kernel, don't ask me how and why, but that's what Malwar told me, I hope the mentioned experts could shed some light on this.
    I want to know what is the truth and what is the myth, big thanks in advance to all.
     
  4. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,458
    Location:
    Outer space
    It depends on what you define as security. If you have AG's protection enabled and all exploitable applications are configured as Guarded and you experience an attack/exploit etc, everything is still the same.
    This is about protecting Guarded applications from other applications you have already trusted. Unless you forgot to add an application, that is perhaps vulnerable to exploiting, to Guarded apps then their will be no extra security from outside attacks. And if you did forget to add the application and it gets exploited, it may not be able to access the memory of Guarded applications, but it can still infect your system anyway.

    I tried to explain what I mean above. The bold sentence you've quoted here is not about the AppGuard developers but why I want the Bi-directional MemoryGuard option from v3.5 back. Because it offers more control and you could also say it offers more security, but that is debatable as I have explained above.


    Here are 2 quotes from Barb_C on the new MemoryGuard:
     
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,458
    Location:
    Outer space
    I'm not sure if this is completely true, so others can feel free to correct me:
    The win32k.sys is a kernel exploit. ("The kernel is a program that constitutes the central core of a computer operating system. It has complete control over everything that occurs in the system.")
    The win32k.sys exploit exploited a vulnerability in the TrueType font and some guy at Microsoft apparently thought it was a good idea to do the TrueType stuff in the kernel.
    Normally, if your browser or plugins get exploited, the exploit usually drops a malicious payload on the disk and executes it, so it needs start/run permissions.(There are also memory-only exploits that stay in the memory of the exploited application so they are harder to detect, but they are also harder to pull of and don't survive reboot, so they are less common.)
    In the case of the TrueType exploit, the font is used by the browser so if the exploit is successful, it can move from the browser directly to the kernel without hitting the disk and needing start/run permissions. Once the attacker controls the kernel, he/she controls everything so can easily bypass security software.

    I don't know if other kernel exploits also have a direct exploit path like this once, but since the common consensus on this forum is that security sofware cannot protect from them, makes me believe other kernel exploits don't have to hit the disk as well.
     
  6. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    You said:
    In the case of the TrueType exploit, the font is used by the browser so if the exploit is successful, it can move from the browser directly to the kernel without hitting the disk and needing start/run permissions. Once the attacker controls the kernel, he/she controls everything so can easily bypass security software.

    Than how can AppGuard protect against these kinds of kernel level exploits (except with patch)?
    I heard that Google Chrome actually protected against this win32k.sys vulnerability before it was patched, and yet SBIE could not-how come?
    So basically this win32k.sys TrueType exploit is actually browser exploit?
    I guess it all depends on the browser security?

    But don't SBIE and AppGuard protect exactly directly browser against browser exploits and all other forms of exploits?
    Than how can AppGuard and SBIE be bypassed if they fully protect browsers against browser exploits (and all other forms of exploits)?
    I'm a bit confused, to say the least...
     
    Last edited: Aug 12, 2014
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I think you guys need to do some reading as what I am reading from you both is a lack of understanding re Appguard.

    I keep seeing it said Guarded apps is about protecting them from exploit

    see here:

    From the Appguard help file:

    And from the PEGR guilde(which is excellent)

     
  8. newone

    newone Registered Member

    Joined:
    Oct 14, 2006
    Posts:
    71
    Location:
    UK
    installed 4.1.45.1 went well, working well, thankfully, thank you.:thumb::thumb:
     
  9. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    OK, but I still wonder...
    I also wonder if read-only access to system space will do any damage, why guarded applications (in user space), browsers and etc. are not prohibited/blocked not just to write to access to system space, but also why they are not blocked in reading files and applications in system space space?
    Is there any damage for read-only access to System-Space?
    Big thanks in advance.
     
  10. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    If guarded applications were prohibited from having read access to system space, they wouldn't be able to read or load any program or system components they might need access to in order to be able to run.
     
  11. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,109
    Location:
    South Texas, USA
    Update to 4.1.45.1 went fine here on Windows 8.1 x64.

    dja2k
     
  12. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    @Barb_C I never did find a reliable way to reproduce the trusted digital signature bug, but ever since the update I haven't (yet) seen it once so it appears kudo's may be in order to the intern (and a pay raise, eh?) and you dev's! (whatever they are paying you certainly can't be enough considering the time and effort you put into this community.) I also applaud your team's openness on the matter instead of silently resolving it before it found it's way to the public eye and covering it up as if it never happened. Looking forward to the next beta phase =)
     
  13. Quassar

    Quassar Registered Member

    Joined:
    Oct 19, 2011
    Posts:
    149
    Can i please direct link to lates beta appguard ?
     
  14. imeasy

    imeasy Registered Member

    Joined:
    Jun 5, 2013
    Posts:
    6
    Latest beta is here
     
  15. Barb_C

    Barb_C Developer

    Joined:
    Jan 7, 2011
    Posts:
    1,234
    Location:
    Virginia
    4.1 is now officially released (version 4.1.45.1)!!!!!

    The link is: https://blueridgenetworks.s3.amazonaws.com/AppGuardSetup.exe

    If you have 4.0, you won't see an announcement till tomorrow, but you can download this and upgrade. No need to uninstall and re-install. Just upgrade! Your 4.0 license will still be good.

    Our main web site won't be updated till tonight and we'll test the "Announcing version 4.1.xx" logic in 4.0 tomorrow as well.
     
    Last edited: Aug 13, 2014
  16. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Congratulations! :thumb:
     
  17. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,605
    Location:
    USA
    Congratulations!
     
  18. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    Thanks, another great release, AppGuard forever.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Way to go Blue Ridge, and a special thanks to Barb.

    Pete
     
  20. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,823
    Congratulations Blue Ridge team for all your hard work

    Great program :thumb:

    Thanks :)
     
  21. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,536
    Great Job!!!

    Who needs an AV? :D
     
  22. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,823
    Because I am running ERP & AG, I have decided that there is no need for a powerful AV anymore, so I am just using Windows Defender (Basic protection) in 8.1.

    No need when you got these two programs installed.
     
  23. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    Congratulations to Barb and the rest of the team at BRN on the new release. Running nicely here.

    I too have ditched real-time AV in favour of a combination of AppGuard and Shadow Defender.
     
  24. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    828
    Location:
    Canada
    Running well for me too, I wonder, all of a sudden today EIS started acting up, tried several re-installs, still wouldn't work. I wonder, related to Appguard or coincidence, I am thinking coincidence.
     
  25. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    @Barb_C
    Sorry to repeat this ;)
    Will Wilders get some 'deals' now the new release is live ;)
    Ready to pounce on 2 x PC licenses.
    Thanks in advance :thumb:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.