Discussion in 'other anti-malware software' started by Ibrad, Mar 15, 2010.
Apps whitelisted by security suites are basically given carte blanche. Thus, whitelisted apps are prime targets for hi-jacking or counterfeiting by malware.
In learning mode, a classic HIPS will "whitelist" just exactly those processes allowed by the user, to do just exactly those actions (neither more nor less) allowed by the user. Thus a classic HIPS is most useful for a high-risk user who understands a bit about computer security.
Having said that, a good alternative to a HIPS (even for a high-risk user) is a combo of: (1) imager + (2) well-configured Tiny Watcher.
Reading a few posts back made me wonder if MD works in x64 systems?
I've only used it on x86 systems
Not recommended for 64-bit. It's okay for the following . . .
Windows 2000 (Service Pack 4)
Windows XP (32-bit)
Windows 2003 (32-bit)
Windows Vista (32-bit)
Windows 2008 (32-bit)
Windows 7 (32-bit)
Like Hell. MD is a CLASSICAL UNIQUE PURE HIPS. The last thing we need is MD integrated with AV Bloatware for internet Noobies. Lets leave MD the way it is
MalwareDefender should really develop into x64 if it wants to survive into the future, as Microsoft's currently selling ratio between x64 and 32-bit licenses is 5:1. There's a lot of money to earn if the developer chooses head into the x64-direction.
Due to 64-bit's PatchGuard, I do not expect MD to ever have a true x64 version. If MD ever DOES go that way, its protective power will be greatly reduced from 32-bit levels. Read about 64-bit on Sandboxie's forum.
Because of PatchGuard, the era of full-fledged classical HIPS seems to be at an end. Those HIPS which do work under 64-bit (such as D+) are gelded versions. However, if hackers one day succeed in busting through PatchGuard, then we might see a resurrection of ring-zero-hooking security apps such as MD.
just wait it will happen hackers are very ahead of even microsoft so it will happen some day
Online Armor has implemented an anti-unhooker solution. For example the Matousec SSTS leaktests can't unhook the usermode hooks anymore.
IMHO: Until there's no PoC or malware which bypasses this it's secure.
Hope other vendors will do this as well.
In practice HIPSes on x32 aren't always more secure on x32 than on x64.
Example: TDSS bypasses Outpost on x32 but not on x64.
Yes. I believe a HIPS for x64 could nearly as powerful as one on x86 since the playground for malware on x64 is so much elevated compared to x86.
One off-topic post removed. Let's keep the discussion on the technical and off the political....
Thanks in advance.
What is the difference between Normal Mode + Locked User Interface and Silent mode + Locked User Interface?
There is no difference.
From the help file:
When using silent mode, Malware Defender will not ask the user, it will silently deny rules which have an ASK option.
Malware Defender will enter silent mode when the user interface is locked."
i hate using MD actually, i prefer use EQSecure, but EQSecure not free anymore for Windows 7
I try learn MD about 2-3 days, but can not make it works to what i need. I need to implement this MD to all of employee's computers (about 40 PCs), i don't want to annoy them with MD popup (turn it off).
I just need simple blocker for the most virus potential (or block user from installing game, etc) from other resources, because it will make computer getting slow. So, i just want to block like *.exe, *.dll, *.com, *.vmx, *.vbs, *.msi, etc from other than system drive or download from internet.
Allow All from C:\ drive (which is system drive)
Can MD do that? and turn off all annoy PopUps.
FYI, i already run EQSecure v3.41 on 20 PCs (Windows XP) and run very good; i never have complaint again with computer slow, virus, etc. Of course i use AntiVirus software, but AntiVirus software can not block installing game software, etc.
MD is unstable for Windows 7.
For Win7 the better HIPS choices are Comodo (D+) and Online Armor.
Really? LOL (You mean it throws tons of errors etc.?)
HAHAHAHA, i've been using MD for a few months on W7 x86 and NEVER EVER had any single error xD (Except it had a conflict with EAM at the beginning)
Nonsense! I've been using it for nearly a year on Win7 and it's never been unstable. Maybe it's unstable on your PC's particular configuration, but not mine.
You can pretty much configure MD how you want, e.g. allow anything from C:\ProgramFiles and C:\Windows, block everything elsewhere (i.e. from user space). Blocking specific files downloaded from the internet is going to be harder. You may have to configure your browser to automatically download those files to a specific directory and then deny launch from that directory.
You are correct. I mis-spoke. (blushing)
MD is only unstable with 64-bit Windows - WIN7 & all other 64-bit versions.
same as Noob - rockstable (except with EAM^^)
(ok - a beta version in between crashes but that was confirmed)
Er... no, you can't even install it, MD driver fails to load with x64 OS.
No Problem man, i was just wondering why it was unstable on your setup xP
When is the next final version of MD due for release? Just curious!
Well, there's no beta out yet, so your guess is as good as mine. Could be tomorrow, could be next year, could be never. If/when it comes it's likely to be a bug fix release only...and that will depend on how serious the bugs are. MD has been stable for a long time now so there's no urgency for new releases.
Separate names with a comma.