Malware Defender

Discussion in 'other anti-malware software' started by Ibrad, Mar 15, 2010.

Thread Status:
Not open for further replies.
  1. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    agree,agree,agree
     
  2. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    Apps whitelisted by security suites are basically given carte blanche. Thus, whitelisted apps are prime targets for hi-jacking or counterfeiting by malware.

    In learning mode, a classic HIPS will "whitelist" just exactly those processes allowed by the user, to do just exactly those actions (neither more nor less) allowed by the user. Thus a classic HIPS is most useful for a high-risk user who understands a bit about computer security.

    Having said that, a good alternative to a HIPS (even for a high-risk user) is a combo of: (1) imager + (2) well-configured Tiny Watcher.
     
  3. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Reading a few posts back made me wonder if MD works in x64 systems?

    I've only used it on x86 systems :rolleyes:
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    Not recommended for 64-bit. It's okay for the following . . .
    Windows 2000 (Service Pack 4)
    Windows XP (32-bit)
    Windows 2003 (32-bit)
    Windows Vista (32-bit)
    Windows 2008 (32-bit)
    Windows 7 (32-bit)
     
  5. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,154
    Like Hell. MD is a CLASSICAL UNIQUE PURE HIPS. The last thing we need is MD integrated with AV Bloatware for internet Noobies. Lets leave MD the way it is
     
  6. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    MalwareDefender should really develop into x64 if it wants to survive into the future, as Microsoft's currently selling ratio between x64 and 32-bit licenses is 5:1. There's a lot of money to earn if the developer chooses head into the x64-direction.
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    Due to 64-bit's PatchGuard, I do not expect MD to ever have a true x64 version. If MD ever DOES go that way, its protective power will be greatly reduced from 32-bit levels. Read about 64-bit on Sandboxie's forum.

    Because of PatchGuard, the era of full-fledged classical HIPS seems to be at an end. Those HIPS which do work under 64-bit (such as D+) are gelded versions. However, if hackers one day succeed in busting through PatchGuard, then we might see a resurrection of ring-zero-hooking security apps such as MD.
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    just wait it will happen:) hackers are very ahead of even microsoft so it will happen some day:)
     
  9. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
  10. Julian

    Julian Registered Member

    Joined:
    Sep 14, 2008
    Posts:
    103
    Online Armor has implemented an anti-unhooker solution. For example the Matousec SSTS leaktests can't unhook the usermode hooks anymore.
    IMHO: Until there's no PoC or malware which bypasses this it's secure.
    Hope other vendors will do this as well.

    In practice HIPSes on x32 aren't always more secure on x32 than on x64.
    Example: TDSS bypasses Outpost on x32 but not on x64.
     
  11. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Yes. I believe a HIPS for x64 could nearly as powerful as one on x86 since the playground for malware on x64 is so much elevated compared to x86. :)
     
  12. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Folks,

    One off-topic post removed. Let's keep the discussion on the technical and off the political....

    Thanks in advance.

    Blue
     
  13. claudiu

    claudiu Guest

    Hi,

    What is the difference between Normal Mode + Locked User Interface and Silent mode + Locked User Interface?

    Thanks,
    Claudiu
     
  14. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    There is no difference.

    From the help file:
    "Silent mode

    When using silent mode, Malware Defender will not ask the user, it will silently deny rules which have an ASK option.

    Malware Defender will enter silent mode when the user interface is locked."


    Cheers
     
  15. yudigadget

    yudigadget Registered Member

    Joined:
    Dec 30, 2008
    Posts:
    42
    i hate using MD actually, i prefer use EQSecure, but EQSecure not free anymore for Windows 7 :'(
    I try learn MD about 2-3 days, but can not make it works to what i need. I need to implement this MD to all of employee's computers (about 40 PCs), i don't want to annoy them with MD popup (turn it off).
    I just need simple blocker for the most virus potential (or block user from installing game, etc) from other resources, because it will make computer getting slow. So, i just want to block like *.exe, *.dll, *.com, *.vmx, *.vbs, *.msi, etc from other than system drive or download from internet.

    Basicly is:
    Allow All from C:\ drive (which is system drive)
    Block ?:\*.exe
    Block ?:\*.dll
    Block ?:\*.com
    Block ?:\*.vmx
    Block ?:\*.vbs
    etc...

    Can MD do that? and turn off all annoy PopUps.

    FYI, i already run EQSecure v3.41 on 20 PCs (Windows XP) and run very good; i never have complaint again with computer slow, virus, etc. Of course i use AntiVirus software, but AntiVirus software can not block installing game software, etc.
     
    Last edited: Nov 7, 2010
  16. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    MD is unstable for Windows 7.

    For Win7 the better HIPS choices are Comodo (D+) and Online Armor.
     
  17. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Really? LOL (You mean it throws tons of errors etc.?)
    HAHAHAHA, i've been using MD for a few months on W7 x86 and NEVER EVER had any single error xD (Except it had a conflict with EAM at the beginning) :D
     
  18. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Nonsense! I've been using it for nearly a year on Win7 and it's never been unstable. Maybe it's unstable on your PC's particular configuration, but not mine.

    You can pretty much configure MD how you want, e.g. allow anything from C:\ProgramFiles and C:\Windows, block everything elsewhere (i.e. from user space). Blocking specific files downloaded from the internet is going to be harder. You may have to configure your browser to automatically download those files to a specific directory and then deny launch from that directory.
     
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    You are correct. I mis-spoke. (blushing)

    MD is only unstable with 64-bit Windows - WIN7 & all other 64-bit versions.
     
  20. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,970
    same as Noob - rockstable (except with EAM^^)
    (ok - a beta version in between crashes but that was confirmed)
     
  21. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Er... no, you can't even install it, MD driver fails to load with x64 OS.

    Cheers
     
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    very true
     
  23. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    No Problem man, i was just wondering why it was unstable on your setup xP :thumb:
     
  24. datarishik

    datarishik Registered Member

    Joined:
    May 11, 2010
    Posts:
    182
    When is the next final version of MD due for release? Just curious!
     
  25. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Well, there's no beta out yet, so your guess is as good as mine. Could be tomorrow, could be next year, could be never. If/when it comes it's likely to be a bug fix release only...and that will depend on how serious the bugs are. MD has been stable for a long time now so there's no urgency for new releases.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.