MD 2.1.0 final released!

Discussion in 'other anti-malware software' started by Cutting_Edgetech, Mar 17, 2009.

Thread Status:
Not open for further replies.
  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    MD 2.1.0 final released. Anyone tried it yet? Can't wait to see how it does in the Matousec firewall challenge!
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Very Good!

    And a huge credit to it's developer for singling out this project as a very comprehensive and formidable HIPS!

    It can't be no easy task as with other security products but the development seems to have really gone over very well in rapid stages too.

    Congrats! :cool:

    EASTER (a HIPS believer)
     
  3. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    I've tried it and there's still the same Major bug as in the latest beta:
    Rules have to be made in reverse order. The priority mechanism isn't correct and i don't understand why.
    Not yet very appealing... Ask a programmer to code in reverse and you'll hear the two words.
     
    Last edited: Mar 18, 2009
  4. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Yes, that had me confused when I was trying to add a couple network rules for svchost.exe earlier today. o_O
     
  5. wat0114

    wat0114 Guest

    Is it a bug or is it the way the programmer, xiaolin, designed it? In fairness to him I tend to feel it's the latter.
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    I'm having a different sort of problem but one exclusive to me. I can't bring myself to learn the absolutely tons of different sections much like i experienced when SSM went beserk with rules sections, multiple choice answers & settings and other myriads of configs that absolutely must be set manually.

    I applaud this HIPS and it's users like Kees and others who threw themselves into enough to learn it's ins and outs, but as for me i don;t have any motivation to learn another HIPS, especially of this maginitude whereby in EQS for example, rules are easily and quickly imported, exported, and the entire rulesets saved for later movement to another system. I don;t find that user-friendly feature in this MD but instead a massive learning procedure to take chances if you get it right or not.

    But i still applaud those who are tickled pink with it and have a firm handle on it's workings and all the best to you, but IMO, just like EQS & TF this is something which needs a rules Import/Export feature. Forgive me if i missed one it it.

    By the way, it couldn't pass AKLT at all on my machine whereas EQS blocks them all save the final test only. So while it may be a very good HIPS for those so inclined, i have no other motivation but to stay closely bound to EQS and it's user-friendly and easy interactions, as well as simple rules adding, saving, and creating.

    EASTER
     
  7. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    Well, i'd really like to make a ruleset for MD because i know it has HUGE potentials but how can you expect someone to make one when the priorities are really ****ed up and the registry write feature is in reality create, write and delete? For now, that's too freakin weird and unconventional!
     
    Last edited: Mar 19, 2009
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Well, as a Master HIPS proponant i will always be in favor of this type of specialized field, however i wish nothing but the best for all those who can get the most out of it to their satisfaction which seems a pretty good concensus of them to their credit.

    Further i offer no negative regards to the success of MD as a whole only that i simply can't help but to refuse to go thru another whole time consuming curve required to adjust this and that in a GUI thats frankly on a level beyond SSM's IMO.

    But many like it that way and theres probably good reason for that, however on my machine with every version i've tried i have run into delays and stalls unacceptable to me. Maybe my machines, i dunno, but ever since Vista this frustrating crap is permiated throughout XP users and theres no doubt thats the main issue which won't go away.

    And thats why i will never Vista my units ever for no reason whatsoever. Now Windows 7 might be the system worth waiting for given the blasting XP users have experienced thanks to Longhorn/Vista programs FORCEFULLY integrated to be compatible into formerly XP exclusive apps only.

    That said, keep the HIPS a rollin, because they are very worth their weight in gold and can do so much more in Pre Attack Preventions then was ever conceived in the past.

    EASTER
     
  9. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    If you take in consideration that all the newly created rules adopt the right behavior (from top to bottom) and that you have to take each one and reorder them manually (if outside of a group), it sounds more like a bug to me than something else.

    Anyway, making hundreds of elaborate rules in reverse may please the majority and bring them in an extatic state but that's a pure nonsense so i whish everybody good luck. I simply can't work this way.
     
    Last edited: Mar 19, 2009
  10. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    It's not a bug. It's by design. The latest created rule should have highest priority to avoid being affect by other rules.

    Thanks,
    Xiaolin
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    xiaolin

    Would you mind buying the rights to EQS and adding requests by us old diehards?

    You done a job with MD no doubt but how about taking on 2 HIPS? You already got MD in the flow of customers thrilled with your tireless efforts to improve it to their satisfaction.

    You likely could make EQS another big attraction given your knowledge of programming protections and refining areas critical to the success of a solid HIPS.

    Anyway, i wish you success in this MD run and look forward to your answer.

    EASTER ( A hips believer)
     
  12. DOSawaits

    DOSawaits Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    416
    Location:
    Belgium
    Hi,

    Am I missing something in the configuration, or doesn't MD detect if a process has changed/was updated ?

    I didn't see any "Recalculate checksum ?" as SSM showed when a changes process was started.
     
  13. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    Hi,

    MD does not check checksum of .exe files. MD have file protection feature and changing executable files will be detected with default rule set.

    Thanks,
    Xiaolin
     
  14. DOSawaits

    DOSawaits Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    416
    Location:
    Belgium
    Hi Xiaolin,

    Does that mean, when having updated a program, a complete new rule is created, and all adjusted options are lost ?

    Any possibility to implement some checksum ?

    Thanks for your great product.:)

    EDIT: Just for you info, I made the fine people at dslreports aware of this fantastic program.;)
     
    Last edited: Mar 23, 2009
  15. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    The rules will not be changed when having updated a program. But user will be alerted.

    It's not enough to verify the checksum of .exe files only, since all executable files (dll, sys, etc) can be infected. But it's complicated to verify all executable files and may reduce the system performance.

    Thank you. :)
     
Loading...
Thread Status:
Not open for further replies.