Discussion in 'other anti-malware software' started by chachazz, Mar 1, 2014.
Regarding Kaspersky's application control's limits on x64 Windows:
if you wait for MS , you can wait long...Patchguard is a way for MS to keep competitors at bay.
In ethical point of view , i can understand that you want your product to be "perfect" giving the same level of protection on any architecture; but in a Business point of view, you slowly suicide yourself.
i wish you can use the same kind of workaround that Comodo, Emsi, Sandboxie and others used. I think you have enough skills to do it.
i prefer a bit "less" protection than nothing ; anyway the user is the main vector for malwares; even if DW is perfect some users will still be infected.
MAN , with out no offending , where are living in ? all new PCs for the last2 years (not mention today) come with more than 4 giga ram which lead to X64 OS in order to use all the ram....
all major pcs come with win 8/7 X64 OS NOT win 8/7 x32
My old Samsung laptop, which I have bought around 4 years ago came with 4GB of RAM.
Nowadays it is really hard to find a new machine with less than 6GB so x32 need to die - that's obvious.
Of course some people still own very old machines with Windows XP, but let's be honest - for how long? Sooner or later hardware will die too and then those people are gonna be forced to switch to x64 architecture and I don't think that they are going to put away 70% of their machines RAM just to run ancient software
Upgraded to the latest beta on my desktop. Installed Windows x86 so that Family can use Ddesktop and not worry about any infections.
Good work as always Illya.
You are perhaps one of the best hopes for people who want to continue using Windows XP!
so if all this is true for 64 bit machines, in reality you are better off usig MSE or WD in conjunction with EMET.
DW is a wonderful product but very much of its time for me. The whole methodology is based around very granular control of untrusted processes. That is not achievable with current x64 restrictions placed on developers by Microsoft. Accept it and move on. They won't change it for the big boys, Ilya's got no chance.
Worryingly this thread seems to suggest x64 bit systems simply must be less secure because traditional HIPS software can't protect all the areas it could on x32. Does the fact that HIPS can't do what they used to necassarily make it less secure? Is real world malware using the techniques exposed by Matousec which, lets not beat about the bush, has driven HIPS development for some?
It maybe just means you need to do things differently. AppGuard for example is excellent on x64 machines because it does not try to control suspicious behaviour, it just puts up walls to block off the areas where a malicious payload can do damage. In conjunction with denying launch and controlling attempts by guarded apps to manipulate the memory of other processes it works really well.
I'm not sure security limitations - and there are some security gains as well e.g. mitigations like ASLR are much better than on x32 systems -are not made up for with better performance. Especially now with more native x64 apps being able to unlock the potential of the x64 infrastructure.
After all what do you use your PC for? Is it simply to throw threats at to see how well it copes? I hope not because if so your missing out on a lot. You get performance benefits from native x64 applications, better memory management and so much more.
You need to balance for your needs I suppose but x32 will die out, maybe slowly at first, but it will come a time that modern applications need the performance gains associated with better CPU and memory management abilities of the x64 architecture to keep pace with the ever expanding demands of users.
Back to DW. Ilya could give us a x64 version with the relevant disclaimer. I don't think we'll get it because he doesn't need to. Either because he's happy with simply supporting what will inevitably be a dwindling user base, because he has other projects that will pay the bills or he's willing to see what he's built slowly die to ensure it remains true to his principles. Whatever, good luck to him. As I say wonderful product.
I'm afraid it's the most probable scenario.
its Suïcide when Antivirus vendors not making the move to x64
people are buying more and more highends PC's with more than 4gig ram, so they are ignoring people with more than 4gig ram.. pretty sad tbh
Maybe he should consider joining with someone...we know money is the problem.
And with Tzuk available on the job market... Illya has the framework set in place, Ronen managed to forge ahead with Sandboxie despite PatchGuard. A security measures match made in heaven. Sigh... wishing out loud.
Addendum: to the previous, you have to know that if these two geniuses sat down at the same table and hammered out a Defensewall for 2014 and beyond the end result would be positively glorious. Oh, well..
Surprise, I have sent a message to Ronen via Wilders PM- no answer still. Looks like, he has a deep rest he really deserved!
You guys could make the ultimate protection suite for all users.
I'll bet these guys could do practically anything they set their minds to. @ Ilya, you are THE MAN! I've thought about this scenario with you and Ronen since the Sandboxie departure news a while back. Together, it's a no-brainer you guys could totally break some malware balls. I wish you the very best. If you can get Ronen on board, like Nike says, JUST DO IT!!!
Now that would be a very interesting mix
Btw Ilya, I just checked and Process Explorer shows that v3.23 beta doesn't have ASLR enabled for processes and dll's.
I don,t think Ronen will be active here on wilders.
But is it still true that PatchGuard makes certain things impossible for security tools? I don't really think so.
I'm now on Win 8 and advanced tools like Sandboxie and SpyShelter seem to work just fine.
Working and protecting are not the same thing....
Thanks, forgot to add that for executable modules. Will fix for release version.
Maybe, but I don't think it's a good idea to send an e-mail to sandboxie.com which belongs to Invincea.
Have a look here pls.
Hmmm..maybe a PM to him on the sandboxie forum would work and result in a faster reply.
Or if anyone that know him reads this can tell him to contact Ilya.
I would suspect if he got a good price for Sandboxie, there was an agreement preventing him from doing this.
Separate names with a comma.