Malware Defender- a wonderful HIPS indeed

Just tried it after a long long time( my first experience was when it was just launched). I am really really impressed.

It really forced me to make a thread. I am using CFP Defence Plus but MD seems to be ahead in coding, snapiness, features and user friendliness. Here are the things I like as compared to CFP.

1- System seems more fastrer and snappier in the sense that the pop up alerts appear immediately. In case of CFP their always is some lag betwwen my click on an executable and the execution pop up alert.

2- Very very detailed and useful log. This is most important feature of MD IMO. So many issues problems and events can be analyzed by this.

3- Very clear and user friendly interface.

4- Detailed pop up alerts

5- On the fly creation of specific and general rules via pop up alerts. Very very usefull feature that CFP lacks indeed. It,s must for any classical HIPS to reduce pop up alerts.

6- Very granular control

May be there are many more features that I am still missing. I used it just for a while today. I wish MD to live long, unlike other calssical HIPS.

Most imp feature for the wish list from my side will be a default Basic Mode that will scan C drive partition with auto-creation of rules like ProSecurity and OA and will give very few further alerts just like OA. This will be for ordinary users otherwise ordinary users can,t be attracted towards it due to the obvious reasons. Power users can switch to Advanced Mode that is its default mode at the moment.

What you people think about MD?

 

My only concern at the moment is: it is again an only one man program, though if Torchsoft sells it. If the developer goes away or stops is work, MD'll die. If it was fre, I'll use it, but I don't want to spend for it if I'm not sure about his future. Do you remember ProSecurity ?

 

and ProcessGuard alsoman i loved this one

 

You'll be back to classical HIPS before too long...you won't be able to handle the thought that something just might be happening on your PC without you knowing
Seriously though, MD is a superb HIPS and is actually very easy to use once you overcome the initial learning curve. I really do hope the development continues. It's in the same league as DW and SBIE in my opinion.
The 'issue' that it is a one-man operation is not the issue in my opinion. If the product offering, market and business model is right then the product can develop and prosper.

 

ans SSM

I still use SSM though, because, compare to MD, it offers a much easier way to switch into "Install Mode" with the simple click on the dropdown box. In MD, installing something means a complete and endless clickfest, no matter how many times you point a newly created .tmp file to be treated as an installation file.

 

yeap that one too

 

Yes it certainly is very snappy and quick at INTERCEPTING activities before they happen. I also find it to be much lighter than comodo D+ I personally found D+ to be to bloated.

well Tzuk the sandboxie vendor is also a one man army and yet he is still around. the most important thing is that the MD vendor stays around long enough to make MD run stable on windows 7. once windows 7 arrives and MD is running stable on windows 7 then we would have a very good HIPS for the entire life time of windows 7 so we wouldn't have to worry about getting another HIPS until we are forced off windows 7 which won't be for years away.

Originally our friend Alcyon who made the EQS rules was the one who recommended MD to me. he would also probably be using it to if he had got 32bit but I think Alcyon is running 64bit windows 7.

Tomorrow at peters request I am going to make a new thread of how to have apps in lock down mode while at the same time have other apps in learning mode.

 

at intercepting executables from running with MD it is INSTANT it would be just as fast as SRP.

regarding intercepting other activities from apps that are allowed to run the faster the better. if there is any delay with your HIPS product at intercepting it posses a security risk.

 

indeed MD is a good HIPS even it take more than usually time to learn all its abilities.
i think its fast but not as faster as SRP coz SRP is simple windows tweak !
so what can do faster than a simple // little tweak to windows?


@arran

if u take a look how to set SRP u will understand its only few mouse click not a software installed and coz of that it will be fastest ,and less pc consuming ever

cheers

 

This is pretty easy if you ask me, right click task icon and select learning:



As for MD being a one man developer, i'm not overly concerned. With the nature of a HIPS not needing signature updates, it really doesn't need constant new versions and updates. It received it's last update only 3 weeks ago, and it works with Win7 so considering i will be running XP for a long time it should last me many years to come as it stands today.

 

some of us like myself are on windows xp home so we can't use SRP. and we also still need a HIPS to control the behavior of apps that are allowed to run.

 

LOL it doesn't have to be an endless clickfest. you just don't know how to use it properly.

 

I'd rate MD as the best HIPS I've ever used. System Safety Monitor comes in a close second.

 

And what does "Learning Mode" stand for ?

Allow and set permission rules for every process that runs, and everything it does.

Result : You end up with more rules for temporary installation stuff than rules you actually want.

As I don't want to be an ass, I registered Registry Workshops years ago, and I understand that Xiaolin is someone I can trust. His website is there for years, and his programs are updated regularly, so I full confidence that MD will be more polished, hopefully with some clever features the abandoned SSM has.

Setting a HIPS in Learning Mode every time you install a program is definatelly not a sign that your know how to use it properly. How do you clean all that trash installation rules, if I may ask ?
If there was an "Installation Mode" that would set TEMPORARY rules for everything as long as the original process is running, and wipe all temp rules as soon as the process closes, we would have a very big step forward in usability.

 

I agree with that. I just disable my HIPS.

 

that is the easy way

 

the hard way is approve tons of pop ups during software install until u freaked out

 

I agree 100%. You get what you pay for and Malware Defender is definitely worth the price. Plus, I got a deal at checkout by buying MD with Registry Workshop, which is the best registry editor I've ever used.

I'm not concerned about MD being a 1 man show. Getting support from Xiaolin via this forum has been superb. I can't say that for very many of the larger security vendors. And I paid for the product that was offered at the time I purchased - not for the promise of future updates for all eternity.

And getting back to the question asked by the original poster, I love MD!

 

Best security app I've ever used.

Thanks xiaolin.

 

you don't need to compromise system security by disabling MD. one way is like peter said.

another way is to reset the apps rules by deleting it from MD's list then adding it back again and put the app in training mode and it will be given brand new rules. this is only normally for apps that get updates.

Usually with new programs there is a separate executable from the actual app, it is the Installer program, and it is the installer program which contains all the installation junk rules. so after the installer has finished installing the app you simply delete the installer program from MD's rules.

So there is no need to have an xtra feature in MD HIPS for TEMPORARY rules.

 

XP VM.

Installed MD and ran malware sample "foto.exe". MD stopped it cold straight up but I permitted all actions till the very last before the vm would crash where I hit "Deny and Kill the Process" but the vm still crashed.

There were over a dozen popups before the last.

 

The assertion seems to be that the interception only occurs at the time of the pop-up do you have any evidence for that ? There isn't necessarily any correlation between how fast the software intercepts a process and the appearance of a pop-up.

 

MD is very impressive. I would also like to see a scanner to update installed applications. It would be nice to see some of the users here who wrote rulesets for EQsecure get some good secure rulesets created. Arran has made MD easy to understand and secure. It only gets better from here. I bought a license for MD a while back didn't have a chance to use it properly. In Win 7 MD & DW is all I need.

I think an Installer application group should be created that locks down the installer from viruses but is still
able to install the ordinary applications. I'll give that a go myself.

 

MD provides superb protect even with minimum tweaking. Its default rules are excellent, right out of the box.

I have hopes for a long and bright future for Torchsoft, the proponent of MD. Torchsoft is not a 1-product outfit. I am hoping that, as time goes by, Xiaolin will develop more software products & hire more people.