iDefender (new HIPS for Windows)

You could post your questions directly to developer on GitHub so also other iDefender's users or potential buyers could benefit from the infos posted there, both for open or closed ones (Currently out of 40 closed issues, 36 are in Chinese and 4 in English, i posted issues #43 and #44 but they were actually questions )
As I wrote in a previous post, the developer is very quick on responding. Here it is the GitHub issue page https://github.com/wecooperate/iDefender/issues

 

From my understanding from the UI, the AV seems only on-demand and not in real time as it does not substitute the needs of an AV

Unknown app should have been prompted by the HIPS either way

So maybe it’s just rule tuning somehow

 

Probably the test was made with a version prior to 5.1.1.0 which added support for AV real-time protection.

 

Version 5.1.1.0 also added a one-month free trial of the Pro version so Shadowra could benefit of it to test iDefender Pro too. If he didn't I think he make the test when 5.1.1.0 wasn't available yet. Unfortunately the video doesn't show which version number he used for the test.

 

About my question #44 about iDefender Pro and online games https://github.com/wecooperate/iDefender/issues/44 I thought about it a lot and I must say that I'm reluctanct to install iDefender Pro (I'm not interested in iDefender Free) because even if in its normal state with default rules / plugins is a software perfectly legit, I wouldn't want that Blizzard could include it anyway in anti-cheat blacklisted apps for its capability, if its stock rules are edited in a specific way or if other rules (i.e. cheating plugins) are imported from 3rd party sources, to bypass online games anti-cheat protections.
As far as I know Blizzard anti-cheat blacklist isn't public so I know I would still have doubts if it's worth installing it, with the risk of a permanent ban from World of Warcraft.

 

From their website:

iDefender - The Infinite Potential Host Intrusion Prevention System (HIPS) & Real-time Endpoint Detection and Response for Home
Prevent Ransomware
Detect and block ransomware in real time to protect critical files from malicious encryption

Noting this, I thought that a very simple test would be fun. However after running 4 different ransomware samples against iDefender, 3 of them (Xdata. Revenge, Ishtar) were able to encrypt files rather easily.

A sub-optimal result.

 

Interesting. Thanks for that.

 

Same results over here as well including Hades Locker, Rahni (XData), Lightning Crypt, Pet Wrap (MBR), Jolly Roger, Roza Locker UGH What iDefender DID DO for me was encourage me to reopen my long closed prison of malwares. And there's tons i still have left untested, with ONLY the hash file number as name, and BIN as extensions. Hah i thought i was done awhile messing with those. ALL are thoroughly TIGHTLY SECURED on a special Windows 8/1 rig JUST AS STORAGE.

Many would likely blast right through any Windows 11 version including & regardless of AV or layering third party shields without iDefender.
WiseVector StartX was the absolute best (FOR ME) at EFFECTIVELY thwarting ransom cryptors, And before that Heilig RansomOff of which i was an official NDA Beta Tester with for a time. Now RansomOff is all but fully purged from Google Searches pretty much.

Speaking of FUN you should run Acid Blast.exe on iDefender. A harmless PRANK executable but iDefender never lifted a finger of an alert yet acid blast does the ransomware screen block dance RAPIDLY forcing you to find Task Manager to Terminate. I still HATE that joke program

 

All that said, I am still a huge old school fan of Pure full feature rulesets HIPS as a secondary defense recognition/detection monitor.
iDefense partially (Nearly/Fully) fits my criteria with that expectation. However for me it is way too much crippled in the free version to encourage my interest for Pro. And 30 day Free Trial smells like a fast draw. Trying to think positively here.

 

I must say that I didn't fully understand this issue. But as mentioned before, the fact that iDefender is able to bypass Windows PatchGuard (and hook the SSDT) is more troubling to me.

Again, I'm not saying they are not trustworthy, but IMO security tools should not try to bypass OS security features. This might cause security and stability issues, especially combined with other security tools. BTW, with this tool you can see if the SSDT has been hooked, rootkits used to do this in a malicious way.

https://www.softpedia.com/get/System/System-Info/SSDT-View.shtml

 

Thanks for testing and too bad! So this means that the file defence feature doesn't work as planned. And I assume it doesn't have a feature to (manually) protect certain folders like Downloads and Documents?

Cruelsister, can you perhaps also test infostealers? Because iDefender claims that it can block access to browser data, I assume both in memory and disk. And do you guys also have malware that performs code injection/process hollowing?

Yes, will see what I can do.

 

To play at World of Warcraft you have to install Battle.net client and login to your Blizzard's account with e-mail address and password. Blizzard's games integrate a anti-cheat protection software called Warden. From War of Warcraft Wiki https://worldofwarcraft.fandom.com/et/wiki/Warden_(software) :

Warden (also known as Warden Client) is an anti-cheating tool integrated in Blizzard Entertainment games such as Diablo II (since patch 1.11), StarCraft (patch 1.15), Warcraft III and most notably World of Warcraft. While the game is running, Warden uses API function calls to collect data on open programs on the user's computer and sends it back to Blizzard servers as hash values to be compared to those of known cheating programs. Privacy advocates consider the program to be spyware. Blizzard has said that Warden does not gather any personally identifiable information about players other than the account being used. It also states that the data collected is only used for finding evidence of malicious programs and cheating.

With its stock rules / plugins iDefender isn't a cheating software but it can become so if its rules are edited in a specific way for cheating purpose or if rules specifically created for cheating are imported from sources external to the developer. iDefender's developer wrote "Many people use it for illegal purposes related to cheating plugins. Dozens of people ask about it every day, so we have now banned all game-related questions, almost all of which are aimed at bypassing the game's anti-cheat mechanisms" and also "It is strictly prohibited to be used for any form of cheating". Obviously I don't want to cheat in playing at World of Warcraft but my fear is that Blizzard could still include it in the list of cheating apps even if it is not used for this purpose. As I already wrote above and as far as I know, Blizzard's blacklist is not public so it isn't possible to know what Blizzard considers as cheating apps. Even more so if someone were to use iDefender to cheat in World of Warcraft, I definitely think Blizzard would add it to the blacklist.
If the anti-cheat system Warden finds a blacklisted app in player's system the penalty in general is a ban from the game. The ban could be for a period of time but, in the worst case scenario, it could lead to a permanent ban with the forced closure of Blizzard's account.
As for playing World of Warcraft I've already spent time and a considerable sum of money for subscription and in-game purchases, I certainly can't afford such a risk, so I prefer to avoid installing iDefender.

Lastly, from World of Warcraft Wiki https://worldofwarcraft.fandom.com/et/wiki/Cheating

In MMOs (Massively multiplayer online games: any online video game in which a player interacts with a large number of other players), cheating is often defined as doing some thing immoral or unethical with or in the game.

In World of Warcraft
Most people have different thresholds of what they consider cheating. The license agreement for most MMORPGs covers some types of cheating as a legal issue that has various related penalties.

Definitions
Most players consider buying items or large amounts of in-game money through means outside the game a form of cheating (this is also specifically and expressly forbidden in the World of Warcraft terms of service). Most also agree that using some sort of automated macro program to repeat some mundane but profitable task as a form of cheating.
Other types of cheating:

• Using an exploit.
• Using undocumented cheat codes for an advantage without an opponent's knowledge.
• Altering game code to give an advantage.

Why avoid it
The question that often gets asked: "What's wrong with cheating?" ...usually followed by: "It's only a game."
Some possible answers:

• It can adversely affect other people's enjoyment of the game - for example, it unbalances the playing field which is especially heinous in the PvP environment.
• It makes other players less friendly or helpful, because they start to think they might be helping someone who doesn't deserve it.
• It gets you kicked out of the game.