MD 2.1.0 final released!

MD 2.1.0 final released. Anyone tried it yet? Can't wait to see how it does in the Matousec firewall challenge!

 

Very Good!

And a huge credit to it's developer for singling out this project as a very comprehensive and formidable HIPS!

It can't be no easy task as with other security products but the development seems to have really gone over very well in rapid stages too.

Congrats!

EASTER (a HIPS believer)

 

I've tried it and there's still the same Major bug as in the latest beta:
Rules have to be made in reverse order. The priority mechanism isn't correct and i don't understand why.
Not yet very appealing... Ask a programmer to code in reverse and you'll hear the two words.

 

Yes, that had me confused when I was trying to add a couple network rules for svchost.exe earlier today.

 

Is it a bug or is it the way the programmer, xiaolin, designed it? In fairness to him I tend to feel it's the latter.

 

I'm having a different sort of problem but one exclusive to me. I can't bring myself to learn the absolutely tons of different sections much like i experienced when SSM went beserk with rules sections, multiple choice answers & settings and other myriads of configs that absolutely must be set manually.

I applaud this HIPS and it's users like Kees and others who threw themselves into enough to learn it's ins and outs, but as for me i don;t have any motivation to learn another HIPS, especially of this maginitude whereby in EQS for example, rules are easily and quickly imported, exported, and the entire rulesets saved for later movement to another system. I don;t find that user-friendly feature in this MD but instead a massive learning procedure to take chances if you get it right or not.

But i still applaud those who are tickled pink with it and have a firm handle on it's workings and all the best to you, but IMO, just like EQS & TF this is something which needs a rules Import/Export feature. Forgive me if i missed one it it.

By the way, it couldn't pass AKLT at all on my machine whereas EQS blocks them all save the final test only. So while it may be a very good HIPS for those so inclined, i have no other motivation but to stay closely bound to EQS and it's user-friendly and easy interactions, as well as simple rules adding, saving, and creating.

EASTER

 

Well, i'd really like to make a ruleset for MD because i know it has HUGE potentials but how can you expect someone to make one when the priorities are really ****ed up and the registry write feature is in reality create, write and delete? For now, that's too freakin weird and unconventional!

 

Well, as a Master HIPS proponant i will always be in favor of this type of specialized field, however i wish nothing but the best for all those who can get the most out of it to their satisfaction which seems a pretty good concensus of them to their credit.

Further i offer no negative regards to the success of MD as a whole only that i simply can't help but to refuse to go thru another whole time consuming curve required to adjust this and that in a GUI thats frankly on a level beyond SSM's IMO.

But many like it that way and theres probably good reason for that, however on my machine with every version i've tried i have run into delays and stalls unacceptable to me. Maybe my machines, i dunno, but ever since Vista this frustrating crap is permiated throughout XP users and theres no doubt thats the main issue which won't go away.

And thats why i will never Vista my units ever for no reason whatsoever. Now Windows 7 might be the system worth waiting for given the blasting XP users have experienced thanks to Longhorn/Vista programs FORCEFULLY integrated to be compatible into formerly XP exclusive apps only.

That said, keep the HIPS a rollin, because they are very worth their weight in gold and can do so much more in Pre Attack Preventions then was ever conceived in the past.

EASTER

 

If you take in consideration that all the newly created rules adopt the right behavior (from top to bottom) and that you have to take each one and reorder them manually (if outside of a group), it sounds more like a bug to me than something else.

Anyway, making hundreds of elaborate rules in reverse may please the majority and bring them in an extatic state but that's a pure nonsense so i whish everybody good luck. I simply can't work this way.

 

It's not a bug. It's by design. The latest created rule should have highest priority to avoid being affect by other rules.

Thanks,
Xiaolin

 

xiaolin

Would you mind buying the rights to EQS and adding requests by us old diehards?

You done a job with MD no doubt but how about taking on 2 HIPS? You already got MD in the flow of customers thrilled with your tireless efforts to improve it to their satisfaction.

You likely could make EQS another big attraction given your knowledge of programming protections and refining areas critical to the success of a solid HIPS.

Anyway, i wish you success in this MD run and look forward to your answer.

EASTER ( A hips believer)

 

Hi,

Am I missing something in the configuration, or doesn't MD detect if a process has changed/was updated ?

I didn't see any "Recalculate checksum ?" as SSM showed when a changes process was started.

 

Hi,

MD does not check checksum of .exe files. MD have file protection feature and changing executable files will be detected with default rule set.

Thanks,
Xiaolin

 

Hi Xiaolin,

Does that mean, when having updated a program, a complete new rule is created, and all adjusted options are lost ?

Any possibility to implement some checksum ?

Thanks for your great product.

EDIT: Just for you info, I made the fine people at dslreports aware of this fantastic program.

 

The rules will not be changed when having updated a program. But user will be alerted.

It's not enough to verify the checksum of .exe files only, since all executable files (dll, sys, etc) can be infected. But it's complicated to verify all executable files and may reduce the system performance.

Thank you.