Malware Defender 2.4.4 beta

Re: Malware Defender 2.4.4 final is released

xiaolin,

First, thanks for your great work and v2.4.4 final is working great here. By the way, you said earlier, in an other tread, that you "cannot find a solution yet" about replacing windows registry by Registry Workshop. If it is always the case, and simply for your info, maybe would you be interested to check how the author of "Total Uninstall" achieved this beautifully a while ago (there is also this other tread in their own forum that elaborated a bit on their solution, see the first 2 posts there). If need be, you could also discuss with TU's author Gavrila Martau (supportATmartauDOTcom). I hope this could be of some use for you. MD & RW are so much indispensable apps for me that I would be delight if they were walking hand in hand together!

Ciao.

 

Upgraded to current version without problems.

BTW I found out that if I block network events with MD, then this blocked events appear in the Windows Firewall log like any other DROP event.

Cheers

 

problem / bug / design flaw:

If, in response to popups, you create permanent rules for a given application while the "Edit Application Rule" for that application is open... when you later click [OK] to close the "Edit Application Rule", the application overwrites the popup-initiated rules.

This "collision" scenario has often caused frustration for me. "Dammit! I'm positive I already (recently) created a rule for suchandsuch! Where is the existing rule? Why am I still getting a popup for suchandsuch?"

The problem occurs in "Normal Mode". I haven't checked, but I suspect the same collision scenario would occur during "learning" or "silent" mode as well.

 

feature request: customizable options for popup template

Requesting an additional
tray icon -> context menu -> "Options..."
dialog containing checkboxes for the following options:

[ ] display the "comment" text of the relevant rule in each popup
Ideally, a HIPS app would be "smart" enough to suggest the degree of severity, or potential risk, associated with a given popup event, or target component. Some HIPS attempt to convey degree of severity by colorizing popups (red, orange, yellow)... but I think displaying the 'comment' field could (eventually) be more informative. Future versions of MD could contain default rules which are "more fully commented" and, in the interim, user-supplied self reminders in the comment field could provide welcome visual cues.

[ ] remember popup last-used screen location & dimensions
As is, MD doesn't "remember" window metrics across sessions.

[ ] include "launch browser window to research the target object" link(s) in each popup
-=-
Competing security apps feature a contextual "more info" link within popups. The link raises a window to display either context-sensitive db helptext stored locally (in a db installed with the app)... or launches a browser window to display a relevant web page on the vendor's site.
-=-
For MD, I'm suggesting (requesting) a user-configurable commandline %1 option.
The default value would launch an MSIE (or Firefox) window to Google search, with %1 in the querystring
-=-
For popups involving protected regkeys, %1 would be the full target path.
For popups involving files or named COM interfaces, MD would create %1 by trimming the path string.
-=-
Link would be represented as an icon; "launch browser window to research the target object" as tooltip text


[ ] Application Rule popups: "Create application rule for this application" PREselected (checkmarked) by default
Perhaps include a "NOT RECOMMENDED" disclaimer for this option...
...and I applaud the current UNselected default, but having this option enabled during certain sessions would certainly eliminate a huge amount of repetitive / tedious clicking. Thankfully, within a session, MD already seems to "remember" last choice & preselects the temporary/permanent radio button.

 

feature request: AUDIO CUE

Settings for each rule currently accommodate Permit/Deny/Ask ...and Log.
As is, I find myself leaving many permanent rules set to "Ask" because the "Log" option alone doesn't provide real-time notification.

I'm requesting an an additional option to "play a sound" (sound an alarm, provide an audible cue) when a rule is triggered.

Really, what I would like is the option to specify a "custom command line" per rule... but I won't ask for the whole cookie jar

MD installation would include a siren.wav file (or beep.wav).
-=-
If the sound option is enabled for a given rule, MD "plays" ~\MalwareDefender\siren.wav
-=-
If user prefers a short beep vs a long siren (or whatever), he overwrites the supplied sound file

 

This is a known issue. Sorry for the inconvenience.

 

The rule comment is displayed in the tooltip of triggered rule.

MD should remember the position and size of the alert window. Could you verify this issue again? Which version of Windows are you using?

I will think about. For now you can jump to the object in other MD tab and then use the search functions related to the object.

 

The latest version is running great here. Thanks Xiaolin!

 

Sorry, I was unclear.
The existing tooltip is helpful, but the additional functionality would be
(if the tray icon -> context menu -> "Options..." checkbox is ticked)
to display comment field as an additional EDITABLE input field, inline within the popup.
-=-
If "create a rule" checkbox is selected, text typed into comment field during popup is written to the rule.

As is, while working with (for instance) an app which is supposedly a "portable app", I might type "why?" as a comment when responding to a popup if the app initiated a regkey write operation... and go back later to investigate (searching rules for "why" to find loose ends), rather than stoppping in my tracks to immediately research why.
-=-
Another example: dealing with a strange/new popup for an existing app, I might want to mark the comment "why?" or I may want to enter a notation indicating the popup appeared when I clicked suchandsuch ~~ a detail I'm unlikely to remember later. By the way, USING "JUMP TO RULE" ON SUCH OCCASIONS (AND NEGLECTING TO CLOSE THE "EDIT APPLICATION RULE" WINDOW AFTER TYPING THE COMMENT) IS HOW I DISCOVERED THE FREQUENT "COLLISION" EVENTS WERE OCCURRING.

 

Are an identical set of default registry rules created for every MalwareDefender installation, or are they tailored to suit the O/S of the installation environment?

WinXP SP3

 

Re: Malware Defender 2.4.4 final is released

Yes i stumbled across that a few months back and applied it to TU and it works a treat.. So i even went through my registry trying to replace all calls to regedit with it to force other programs to do the same but no such luck.

Xiaolins Reg Workshop is the best registry editor that ever existed, forcing everything to use it would be icing on the cake.

 

I'm curious to know why you prefer it over the Resplendence app
http://resplendence.com/registrar_features
but we're posting to a MalwareDefender thread...

...so I'm reminded to mention that I have found MD's "registry search" feature to be RIDICULOUSLY slow (35-40 seconds).

The Torchsoft site boasts "scans in about ten seconds" for RegistryWorkshop, which is comparable to the search speed I'm accustomed to when using 4Dev RegistryCrawler. In comparison, MD's "registry search" performance has been a real disappointment for me.

 

Across reboots, popup position is remembered but height/width reverts to default.

 

"File" tab
Search doesn't seem to be working reliably.
As a test, I tried this:
----------------------------------
"search files" is checkmarked
all other checkboxes are UNticked

"search in" = C:\

"all or part of a filename" = autoexec
----------------------------------
Press the Find button & the search dialog window displays
"searching for files..."
and you see names of subdirectory paths displayed as the search scours the entire drive.

This seems to indicate two faults with the search function:
Fails to first search the contents of immediate directory
and
Ignores (unchecked "Folders" box) directive







Overall, the MD "Files" tab adds little value. It is a nuisance, a hinderance.
It would be preferable for the "Jump to Rule" command to launch a native windows explorer instance, passing the path string in the commandline. Conversely, from within the native Explorer, a "MD: Edit File Rule" context menu shell extension would raise the MD "Edit File Rule" dialog.

 

I will have to respectfully disagree with you on this one. One thing the file tab is especially useful for is deleting locked files.

Honestly with the amount of criticism that you have for Malware Defender, I'm surprised you are still using it.

 

I disagree. It is a useful addition and allows you to continue working within MD without swapping to different outside applications. If you don't like it, then don't use it. Nobody is forcing you to.

 

Agree.

Doubly Agree!

 

Sigh. Right on schedule, here comes the fanboi parade.

I am quite possibly one of MD's biggest fans.
Feedback posts here saying "Way to go!" and "Working fine here 110!1" accomplish little in nudging the development forward. As a tester, I believe my criticism has been both constructive and warranted.

At this juncture I'm compelled to mention that when I initially installed MD, I had high expectations regarding "Detects and removes". Upon discovering, rather quickly, that any REMOVAL depends on user intervention... I discounted the elevenfold bulleted "Detects and removes" anti-hook marketing claims as representing awkward bumps in language translation, and pressed on.

Across various discussions, I've read that MD is not a full "firewall" solution, nor does it represent a robust "leak prevention" solution (does not monitor outbound for all protocols, and "does not have the feature to protect against clipboard monitoring yet").

I'm unsure the dev is aware of the features, GUIs, and functionality of competing products. Although I want to like MD well enough to purchase it... for now MD, priced at $40 as of its 2 point 4.x release, fails to provide an outstanding "solution".

This is fine. Toward considering a change, or feature addition, the dev needs to hear feedback from multiple users.

This is not fine. Chiming in to state a truism and provoke a fellow user amounts to cyberbullying.
Far too much of this sort of crap goes on here in the Wilders forums.
Thank you, please drive thru

 

Yes it is fine.

compared to other forums I have seen on the internet there is actually very little cyberbullying on Wilders, Personally I think the mods and admins here are a good group of mature guys. You have to allow for some freedom of speech on forums, So if you criticize a good security product such as Malware Defender then you can expect others to attack and Bash you. and it is justified.

Malware Defender is one of a very few classical HIPS on the internet. For classical HIPS other than maybe EQS you really can't get any better than Malware Defender. So stop your moaning and whining .

And inka I get the impression that you not know how to use it properly, MD is more for technical users, if you can't learn how to use it then maybe you should use something else instead?

 

And xiaolin thanks for the update version.

 

inka if you find MalWare Defender to hard to use then i advise you to give DefenSeWall Hips a try,it is very easy to use out of the box ready for you
http://www.softsphere.com/

 

Regarding the firewall subject. Malware Defender wasn't created and made to be a outbound firewall with robust outbound protection, it was made to be a classical HIPS. MD's firewall is just an add on bonus. And seen how MD prevents your pc from getting infected then why would you need robust outbound protection? if there is no such malware on your pc trying to make any out going connections why would you need robust outbound protection?

 

in fact this is very real if no malware is introduce or infect your system then there will not be any malware trying to connect to the net agree with you

 

Perhaps because I'm a gray hat (tinfoil hat) privacy fanatic... and hopefully not because I'm a micromanaging control freak, heh heh.

Now, moving forward (pretty please) tonight I'm comparing the degree of granularity offered by Comodo Defense+ which, on a per-app basis, enables user to specifically block discreet COM components (e.g "Microsoft.CLRAdmin.CCommandHistory", a class withnin a .Net Assembly) rather than applying a broader block against an app reading the entire file (mscormmc.dll)
-=-
MD similarly enables per-app blocking of a given component, identified by CLSID
( e.g {E07A1EB4-B9EA-3D7D-AC50-2BA0548188AC} )
but (feature request) I find myself wishing that, within the MD "Browse for COM Interfaces" window, I could either search or the list would at least scroll to "M" (when Description column is controlling the sort order) if I type "M"... so that I could review what other classes are contained in the component, toward assessing the risk vs merit in blocking the component.
-=-
While here, in the "Browse for COM Interfaces" window, I have found (and am dutifully reporting) a bug:
Click any item in the list (to set focus the item). When you click a column header (changing sort order), focus shifts away from the selected item.

 

ping. pong.

Torchsoft has no support forum and the dev is single-handedly churning out builds in 6 languages. Rather than supplying feedback via email, I have accepted the dev's public invitation to test & post feedback here at Wilders.

Okay, duly noted -- I'll try to maintain a more constructive tone in future posts.