Malware Defender - New HIPS from China

Xiaolin say an update is coming by end of October, & he's busily working on it. I am hopeful that he comes through.

I have sent him several emails -- asking about progress on MD's network capability, requesting a discount (my middle name is "scrooge"), asking questions about configuration, etc. He has always replied within a matter of a few hours. His command of the English language is excellent.

MD is very powerful. It plays nicely with all my other applications, including Sandboxie. Very stable. MD is a 1-off purchase, but I still think the "List Price" is a bit high. MD is much much easier to learn than Defense+, but not quite as easy as ProSecurity/RTF is (or was).

 

Just as fyi, there is a $10 discount on MD if you buy or already own a Registry Workshop license, and vice-versa. RW is exceptionally well crafted if/when someone needs this kind of tool. And yes, in my past experience, the author seems very heedful of users inquiries.

 

The new version will be delayed for several days. I will release a beta version next week.

 

Looking forward to it

Thanks xiaolin

 

thank you

 

Malware Defender also runs without issue on my XP Pro machine and it's quickly grown on me. This is fantastic news and heres why, RTD is excellent but from what i read is like finding a needle in a haystack for users to download. If you're one of the lucky ones who use it though you really have another great HIPS at guard for you. I tend to add a Behavioral Blocker like MAMUTU or TF4 to compliment any HIPS, including EQS.

Like i said, as others, i'm anxiously waiting to see what the newest version has to offer in the way of more improvements.

EASTER

 

yeap,i was thinking of eqsecure or malware defender with threatfire

 

Properly configured, MD needs no help.

I look forward to the beta.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

By the way, can anyone give me a phonetic spelling of the proper way to pronounce "Xiaolin"?

 

Heed Bellgamin's advice untill Threatfire is corrected because i just done a preliminary with TF's custom rules and it suffers from a severe limitation. Check my posts and screenshot!


https://www.wilderssecurity.com/showpost.php?p=1341536&postcount=12

https://www.wilderssecurity.com/showpost.php?p=1341531&postcount=84

 

i will check it out tomorrow morning is late now i want to have some sleep easter thanks for this info

 

I know it's late here too. 3:30AM, but i always get highly pumped up when the world is asleep and when i do my best work. LoL

I have to register to PCTools Forums and bring this to their attention because as of this latest issue i've uninstalled Threatfire 4 and won't return to it again untill this is addressed, complete with a DENY option. Otherwise, MAMUTU is remains High King of Behavioral Blockers!

ThreatFire™ has been successfully uninstalled.

 

May I ask what you mean with properly configured? Are there any rules which can be implemented or something like that? You first need to put MD to learning mode. And then use all the programs you normally use, reboot a few times, so that the rules are creating for them, and then put it on normal mode right? Atleast that is the scenario I can think of...

Shaolin.

 

Malware Defender is a HIPS in every sense of the word and a welcome good one. I juat wish more developers would take up this torch and together with the other developers a very healthy competition could ensue which would bring forward even newer improvements that lead to even better solid preventions.

And folks, pls drop the noise complaint on the pop ups. Would you rather guess at AV's pop ups or know the facts on what the HIPS pop ups pass along to you as to the what, where, and potential of what they are pre-programmed to offer in the way of useful information. You learned to press a keyboard and from your own respective alphabets, you eventually learned where the right letters were to form a logical sentence. HIPS is really no different. They offer a total interruption on some interaction being signalled to your computer, and it's but a small matter to reasearch thru Goggle or another resource to make a determination, and rule. After that rule is entered it becomes automatic for your machine to honor that command without passing any further interruption on you to make choices.

Malware Defender is a breath of fresh air and we might just be shocked when it's newest version is finally released to find it's even better.

 

In general I have no problems with classical HIPS. I would actually like to learn the ins and outs of such a classical HIPS. For me the problem lays in creating rules. If we for example take your beloved EQSecure(no sarcasm etc. intented) with all its rules, I totally get lost. If I look at Alcyon's rules I can not help but to think/feel that creating those types of rules would be a huge obstical for me. But even creating the normal rules within the program itself looks like a maze to me.

I had the same with MalwareDefender. I understand the basic concept of it. But to create rules and make it even more 'tight' seems really hard to me. I did read the help file, not thouroughly though, skimmed it, but still...

 

His last name is "晓霖" (Xiao3 lin2).

Go to the following link (first is for the word "Xiao3" & second one is "Lin2") .

Click on "Pinyin", you can learn to pronounce (listening to the .asf audio file).

http://www.mandarintools.com/cgi-bin/wordlook.pl?word=晓&searchtype=chinese&where=whole&audio=on

http://www.mandarintools.com/cgi-bin/wordlook.pl?word=霖&searchtype=chinese&where=whole&audio=on

 

The pronunciation for the first word is not correct.

Only 50% correct.

 

Screenshot from Malware Defender 1.2.0 Beta 2

 

Additional information under Logs

 

Malware Defender 1.2.0 beta3

http://www.torchsoft.com/download/md_setup_1.2.0_b3.exe

The rule architecture is improved in v1.2. It is highly recommended to rebuild all the rules. You can delete
rules.* in the installation folder before upgrading. Sorry for the inconvenience.

what's new in v1.2?
- Improved the rule architecture.
- Improved log functionality.
- Added support for verifying file signature of auotstart applications in background.
- Added support for exiting MD without disabling protection.
- Added support for using hot keys to execute some commands.
- Added support for searching rules.
- Added support for displaying permission settings of application rule in the tooltip.
- Added support for displaying stale rules before deleting.
- Added a menu item to remove temporary rules manually.
- Added support for using relative path in file rules, child application rules, target application rules, driver rules, hook modules rules, and allowed applications. A relative path is beginning with ".\" (current directory) or "..\" (parent directory), and there can be more than one "..\".
- Fixed a bug that may cause BSOD.
- Minor improvements and fixes.

what's new in the rule architecture?
- Added "Ignore" and "Deny and kill the process" permissions.
- Added target application rules to make rules more flexible.
- The child application rules have higher priority than the "Create new processes" permission.
- The driver rules have higher priority than the "Loading kernel drivers" permission.
- The hook module rules have higher priority than the "Install message/event hooks" permission.
- The target application rules have higher priority than the "Access memory of other processes", "Control other processes and threads", or "Send and receive messages" permission.
- If an action of creating process is detected, Malware Defender will search application rules for child process also. If the execute permission of child process is not "Permit", and the rule priority is higher than the matched rule of parent process, then the execute permission of child process will be used.

For more information, please read the help.

 

How long is this beta open & free pls?

A very formidable HIPS is this one. Dos it expiry after some weeks or time table?

Thanks and keep up the excellent work

EASTER

 

Re: Malware Defender 1.2.0 beta3

xiaolins's post #213 in this same thread, at THIS link, said that registered users would receive email notices of new versions.

I am a paid user -- i.e., a registered user -- of MD. However, I received NO email notice of v1.2 which, I presume, is a public beta rather than a closed beta. Instead, I had to read about this beta here at Wilders, a public forum.

I am surprised & disappointed that developer did not send any notice to his registered users, even though he said he would do so. Hopefully it was just an oversight.

 

you are getting redirected to another page

 

Re: Malware Defender 1.2.0 beta3

Sorry for the confusion. I will only send email notice for official release.

The beta version will be posted at a chinese forum first, and then will be posted here if no big problem.

if you need the notice of all the beta versions, I will send email to you.

 

The beta version will expire after 30 days too.

Thanks.