Malware Defender- a wonderful HIPS indeed

Discussion in 'other anti-malware software' started by aigle, Sep 6, 2009.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Just tried it after a long long time( my first experience was when it was just launched). I am really really impressed. :thumb:

    It really forced me to make a thread. I am using CFP Defence Plus but MD seems to be ahead in coding, snapiness, features and user friendliness. Here are the things I like as compared to CFP.

    1- System seems more fastrer and snappier in the sense that the pop up alerts appear immediately. In case of CFP their always is some lag betwwen my click on an executable and the execution pop up alert.

    2- Very very detailed and useful log. This is most important feature of MD IMO. So many issues problems and events can be analyzed by this.

    3- Very clear and user friendly interface.

    4- Detailed pop up alerts

    5- On the fly creation of specific and general rules via pop up alerts. Very very usefull feature that CFP lacks indeed. It,s must for any classical HIPS to reduce pop up alerts.

    6- Very granular control

    May be there are many more features that I am still missing. I used it just for a while today. I wish MD to live long, unlike other calssical HIPS.

    Most imp feature for the wish list from my side will be a default Basic Mode that will scan C drive partition with auto-creation of rules like ProSecurity and OA and will give very few further alerts just like OA. This will be for ordinary users otherwise ordinary users can,t be attracted towards it due to the obvious reasons. Power users can switch to Advanced Mode that is its default mode at the moment.

    What you people think about MD? :)
     
  2. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe

    My only concern at the moment is: it is again an only one man program, though if Torchsoft sells it. If the developer goes away or stops is work, MD'll die. If it was fre, I'll use it, but I don't want to spend for it if I'm not sure about his future. Do you remember ProSecurity ?
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    and ProcessGuard also:)man i loved this one
     
  4. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    You'll be back to classical HIPS before too long...you won't be able to handle the thought that something just might be happening on your PC without you knowing :) :)
    Seriously though, MD is a superb HIPS and is actually very easy to use once you overcome the initial learning curve. I really do hope the development continues. It's in the same league as DW and SBIE in my opinion.
    The 'issue' that it is a one-man operation is not the issue in my opinion. If the product offering, market and business model is right then the product can develop and prosper.
     
  5. DOSawaits

    DOSawaits Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    415
    Location:
    Belgium
    ans SSM:)

    I still use SSM though, because, compare to MD, it offers a much easier way to switch into "Install Mode" with the simple click on the dropdown box. In MD, installing something means a complete and endless clickfest, no matter how many times you point a newly created .tmp file to be treated as an installation file.
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    yeap that one too:)
     
  7. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Yes it certainly is very snappy and quick at INTERCEPTING activities before they happen. I also find it to be much lighter than comodo D+ I personally found D+ to be to bloated.


    well Tzuk the sandboxie vendor is also a one man army and yet he is still around. the most important thing is that the MD vendor stays around long enough to make MD run stable on windows 7. once windows 7 arrives and MD is running stable on windows 7 then we would have a very good HIPS for the entire life time of windows 7 so we wouldn't have to worry about getting another HIPS until we are forced off windows 7 which won't be for years away.

    Originally our friend Alcyon who made the EQS rules was the one who recommended MD to me. he would also probably be using it to if he had got 32bit but I think Alcyon is running 64bit windows 7.

    Tomorrow at peters request I am going to make a new thread of how to have apps in lock down mode while at the same time have other apps in learning mode.
     
  8. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    at intercepting executables from running with MD it is INSTANT it would be just as fast as SRP.

    regarding intercepting other activities from apps that are allowed to run the faster the better. if there is any delay with your HIPS product at intercepting it posses a security risk.
     
  9. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    indeed MD is a good HIPS even it take more than usually time to learn all its abilities.
    i think its fast but not as faster as SRP coz SRP is simple windows tweak !
    so what can do faster than a simple // little tweak to windows?


    @arran

    if u take a look how to set SRP u will understand its only few mouse click not a software installed and coz of that it will be fastest ,and less pc consuming ever :D

    cheers
     
  10. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    This is pretty easy if you ask me, right click task icon and select learning:

    mdlearn.png

    As for MD being a one man developer, i'm not overly concerned. With the nature of a HIPS not needing signature updates, it really doesn't need constant new versions and updates. It received it's last update only 3 weeks ago, and it works with Win7 so considering i will be running XP for a long time it should last me many years to come as it stands today.
     
  11. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    some of us like myself are on windows xp home so we can't use SRP. and we also still need a HIPS to control the behavior of apps that are allowed to run.
     
  12. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    LOL it doesn't have to be an endless clickfest. you just don't know how to use it properly.
     
  13. wat0114

    wat0114 Guest

    I'd rate MD as the best HIPS I've ever used. System Safety Monitor comes in a close second.
     
  14. DOSawaits

    DOSawaits Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    415
    Location:
    Belgium
    And what does "Learning Mode" stand for ?

    Allow and set permission rules for every process that runs, and everything it does.

    Result : You end up with more rules for temporary installation stuff than rules you actually want.

    As I don't want to be an ass, I registered Registry Workshops years ago, and I understand that Xiaolin is someone I can trust. His website is there for years, and his programs are updated regularly, so I full confidence that MD will be more polished, hopefully with some clever features the abandoned SSM has.

    Setting a HIPS in Learning Mode every time you install a program is definatelly not a sign that your know how to use it properly. How do you clean all that trash installation rules, if I may ask ?
    If there was an "Installation Mode" that would set TEMPORARY rules for everything as long as the original process is running, and wipe all temp rules as soon as the process closes, we would have a very big step forward in usability.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I agree with that. I just disable my HIPS.
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    that is the easy way;)
     
  17. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    the hard way is approve tons of pop ups during software install until u freaked out :eek: o_O :eek: o_O :eek:
     
    Last edited: Sep 6, 2009
  18. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    I agree 100%. You get what you pay for and Malware Defender is definitely worth the price. Plus, I got a deal at checkout by buying MD with Registry Workshop, which is the best registry editor I've ever used.

    I'm not concerned about MD being a 1 man show. Getting support from Xiaolin via this forum has been superb. I can't say that for very many of the larger security vendors. And I paid for the product that was offered at the time I purchased - not for the promise of future updates for all eternity.

    And getting back to the question asked by the original poster, I love MD! :D
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039

    Cleaning trash rules is easy. Open the GUI, and click on Rule>Remove Stale Rules and click Okay. All those temporary rules from the install are gone. There is even an ignore list in case you don't want a particular rule deleted.

    Pete
     
  20. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    Best security app I've ever used.

    Thanks xiaolin.
     
  21. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    you don't need to compromise system security by disabling MD. one way is like peter said.

    another way is to reset the apps rules by deleting it from MD's list then adding it back again and put the app in training mode and it will be given brand new rules. this is only normally for apps that get updates.

    Usually with new programs there is a separate executable from the actual app, it is the Installer program, and it is the installer program which contains all the installation junk rules. so after the installer has finished installing the app you simply delete the installer program from MD's rules.

    So there is no need to have an xtra feature in MD HIPS for TEMPORARY rules.
     
  22. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    XP VM.

    Installed MD and ran malware sample "foto.exe". MD stopped it cold straight up but I permitted all actions till the very last before the vm would crash where I hit "Deny and Kill the Process" but the vm still crashed.

    There were over a dozen popups before the last.

    MD.JPG
     
  23. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    The assertion seems to be that the interception only occurs at the time of the pop-up do you have any evidence for that ? There isn't necessarily any correlation between how fast the software intercepts a process and the appearance of a pop-up.
     
  24. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    MD is very impressive. I would also like to see a scanner to update installed applications. It would be nice to see some of the users here who wrote rulesets for EQsecure get some good secure rulesets created. Arran has made MD easy to understand and secure. It only gets better from here. I bought a license for MD a while back didn't have a chance to use it properly. In Win 7 MD & DW is all I need.

    I think an Installer application group should be created that locks down the installer from viruses but is still
    able to install the ordinary applications. I'll give that a go myself.
     
    Last edited: Sep 7, 2009
  25. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    MD provides superb protect even with minimum tweaking. Its default rules are excellent, right out of the box.

    I have hopes for a long and bright future for Torchsoft, the proponent of MD. Torchsoft is not a 1-product outfit. I am hoping that, as time goes by, Xiaolin will develop more software products & hire more people.
     
Loading...
Thread Status:
Not open for further replies.