Malware Defender

Discussion in 'other anti-malware software' started by Ibrad, Mar 15, 2010.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,467
    Location:
    Hawaii
    MD is excellent but other HIPS (OnlineArmor, D+, Spyshelter) offer better detection/protection versus the the full-spectrum of the keylogger genre.

    If anyone comes up with rules to strengthen MD's anti-keylogger abilities, please share them. A good test for MD's keylogger rules is at THIS link -- scroll to bottom of the page & grab the download directly under the label "Test security of your PC".
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Are you sure of that. MD doesn't respond as much because xiaolin programmed it not to react if the keylogger detection was in the active window, which really makes a lot of sense.

    Pete
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,467
    Location:
    Hawaii
    Hola Pete-sensei,
    Pretty sure. At least, that's the way it looked when I ran the series of tests from the Spyshelter site. MD was spot-on with some of them but somnolent with others.
     
  4. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Guys, just want to refresh my mind, does MD has conflicts with EAM? :rolleyes:

    I'm planning to install it, but want to make sure first :D
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,467
    Location:
    Hawaii
    I do not know the answer to your question. However, be aware that MD does NOT require a reboot during install. Therefore, you can test it yourself. To wit . . .

    + Install EAM "for real"

    + then go into virtual mode (e.g. Shadow Defender et al) & install MD.

    + If MD & EAM play nicely in virtual mode, they should do so "for real".
     
  6. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,051
    Location:
    United Surveillance States
    I had some issues that I posted about on Emsisoft's forum.
    The issues I observed did not lend much confidence in running these two apps together IMHO.
     
  7. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Damn, i really wanted a good HIPS.
    Now that makes me doubt if install it or not :rolleyes:

    Screw it i'll test it right NOW!!!
    Here we go v2.7.2
     
  8. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,051
    Location:
    United Surveillance States
    You can always choose a different AV. That's what I decided to do. I have had 0 issues using MD with NOD32 4, F-Secure 2010, avast! 5, Avira 10 Premium, and latest KAV2011. This tells me something is not right with Emsisoft, but who knows? ;)

    I'm on XP, so your experience on 7 may be different.
     
  9. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    How can i see if it's still having the same problems as you? :rolleyes:
    Want to make sure :p
     
  10. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,051
    Location:
    United Surveillance States
    The simplest way is to download the eicar test file and make sure EAM detects it.
     
  11. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    BTW, for what is this option in the configuration?

    It says something like "Inject mdhook.dll into other processes" :rolleyes:
     
  12. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,051
    Location:
    United Surveillance States
    There is no setting. Any AV should detect this file.

    You can disable mdhook.dll in MD's settings. I don't know if you'll still get the prompt from EAM, but if you do I would say to choose allow.
     
  13. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    I think wasn't clear hehehe :p

    I was talking about a setting in Malware Defender that said "Inject mdhook.dll into other processes", It is disabled by default by i wanted to know what it does if i enable it.

    About the EICAR test file, i'll try it now to see if EAM catches it :D, I know it's a test file that all AV's detect ;)
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,467
    Location:
    Hawaii
    All at the same time? (Just kidding - I know you're more akamai than that.)

    By the way, have you tested MD against Spyshelter's Antitest? I am a big MD fan EXCEPT it seems a bit weak on alerting to all types of keyloggers. Am I wrong?
     
  15. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,051
    Location:
    United Surveillance States
    Yes, unfortunately it is. :'(

    The last time I tested, it didn't detect clipboard or screen capture tests which were the most important to me. I may have to do some testing of an MD / SpyShelter combination. :)
     
  16. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,692
    Noob, from MD's help file......

     
  17. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    How good is Mamutu detecting keyloggers etc.?

    BTW, been using MD in learning mode for the last hour and it seems very stable.
    Just had a few issues in the beginning, it was throwing lots of BSOD's.

    Tested with the EICAR test file and it detected it every single time. :D

    Thanks man very helpful! :thumb:
     
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,467
    Location:
    Hawaii
    Mamutu is VERY weak at the keylogger genre, sad to say.
     
  19. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Damn, now considering Zemana as my last layer but not sure if it would conflict with the HIPS and BB o_O
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,467
    Location:
    Hawaii
    Except for Zemana & Spyshelter, the strongest app I have found for protecting against keyloggers is Online Armor (OA). It passes all the tests on Spyshelter's Antitest.exe, except for a couple of the several screenshot exploits.

    NOTE: OA is a combination HIPS plus Firewall.
     
    Last edited: Aug 2, 2010
  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Why don't you use your OS internals, see https://www.wilderssecurity.com/showthread.php?t=278014

    With A2 and this setup you have a strong , very strong security setup.
     
  22. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    +1 and Bookmarked

    Applied the UAC settings, DEP, SEHOP, and denied execution from downloading directories!

    This is worth GOLD! :D :thumb:
    I'm still thinking about Keyloggers hehehe :p
     
  23. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    One of our very experienced Wilers members, Sully creator of PrettyGoodSecurity, has told me he will create a second freeware (called SAFE) which provides all these protections (and hopefully a icacls based on the fly reduction of rights for executables) through scripts. So these tweaks are available for less tech savvy users.

    Hopefully Lucy, Tly and ZopZop will help with testing again.

    Regards Kees
     
  24. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,143
    i cant manage to get it down - any ideas? (chs either - 0 bytes)
    (other solutions pm pls)
     
  25. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    Saw some of your other posts on SpyShelter and decided to test it. I've been running it along with MD for about 48 hours now with no problems. I'm kind of surprised that for me they work well together considering the semi similarities of the two.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.