Real Time Defender, first impressions

I've been using SSM (paid), for many years, and just finished a 30 day trial of Malware Defender. After having read comments on this forum from people I've come to respect, I installed RTD ver 1, and took a test drive. All I can say (thus far) is Wow. For one who knows whats under the hood and how it SHOULD behave, RTD, is a control freaks dream come true. It's also likely that, like SSM, a HIPS newbie could run RTD, on a clean system, in Learning Mode, for a week, to get up and running safely. I especially like the fact that RTD, uses "plain English" in it's configuration windows. I ran it in Learning Mode, for two days, then turned learning mode off. Pop-ups are Not frequent and are in plain unambiguous English, that even a Luddite (like myself) can understand. A fine piece of work. Hope they keep updating it.

Impression:

Malware Defender, is a better choice for the non-geek, non-engineer type who just wants good protection without having to go back to college for a computer science course.

RTD, offers much finer granular control but takes a modest commitment to a learning curve, to maximize it's potential.

SSM: If you're a serious geek or engineer, SSM is excellent. However the config options are a bit "techy", and the help file does not waste any words in explaining them (IMHO).

--Enthios

 

Another consideration -- The individual who developed the RTD version (known originally as ProSecurity) that Enthios likes so much is long gone. He now works (we are told) for Comodo.

Reportedly, RTD has a new owner/developer. RTD has a website that has been either (1) "under construction" OR (2) totally broken -- for months & months & months.

Promises of a "new version" have remained unfulfilled since last February. RTD's developer is totally out of communication with "Western peoples". Some posters claim that RTD is being worked on, but until I see ACTUAL evidence thereof, I remain very skeptical.

 

Me, too!!!

 

is that rtd is for free? coz i cant locate any way to register it

sec ...does some one notice RTD look the same or remind of MD?

 

I agree with thread opener, I am amazed with RTD, so much that I dropped software firewall. I am behind routers with hardware firewall in both my PCs and I think that RTD is all I want for control applications that access network.

At the time I think I will drop for good security suites, the setup I am trying now is RTD with ESET NOD32 AntiVirus, with only "Real Time File Protection" enabled.

I believe that this setting is minimal in resources and very effective.

Also wonder why few members here are using RTD , it is the definition of HIPS for me

@demon: MD is a bit more polished but RTD has more features, including network access, keyboard shortcuts, its very easy to use after some familiarization, very light AND FREE.
I think MD reminds RTD and not the other way, as RTD comes long time before MD in the form of ProSecurity (paid product, never owned a license, always trial)

 

I agree with enthios and mike21 entirely. I used ProSecurity since its 2nd version and never repented doing it.
I consider its ease of use in comparison to SSM-for instance-overwhelming!
At the moment I only read all posts about RTD without installing it because
the notebook running ProSecurity 1.43 is practically dead and in my other pc I am running the combination of Comodo D+,GeSWall and Boclean (with equally satisfactory results), but I plan to buy a new desktop soon and install RTD over there. (If somebody can pm me the dl site and everything is still ok software-wise).

 

Bingo Bellgamin! You just nailed it. Comodo's USA offices are in Jersey City, New Jersey. RTD's new non-functional website RTDefender.com is hosted on a server in Clifton, New Jersey. Clifton, is just a good spit in a high wind from Jersey City. Gosh, you don't suppose, . . . . .
Do ya? I think I do.

 

I'm definately a HIPS newbie. I tried RTD in a very similar fashion and had no problems. If your looking for something secure and reasonably straightforward then give it a try.

However, a note of caution to any like me. I ended up uninstalling because if I ever needed assistance (very likely!) I could see no real support network or developer commitment. So while that's the case I'm going to stick with OA for my HIPS needs . It does the job if your willing to do a bit of work to understand the pop-ups and has a reasonable size company behind it with active user forums.

If RTD gets the type of following it probably deserves I'd consider going back.

 

just wounder which one is better RTD or MD if u ONLY compare same function avilable in both... , coz RTD i dont realy try ....

 

It's an interesting question as to which is better. Here are a few indicators (by no means conclusive)...

1- When RTD was Prosecurity, it was tested several times by Matousec* (EXAMPLE) and achieved very high marks every time. It also was tested for unhookers (with a "perfect score"). To my knowledge MD has not been tested by any online testing organization.

2- RTD includes ALL the usual coverages of a classic HIPS, including network monitorship -- which MD lacks** (but has *promised* to add in next 2 months or so).

3- At present, RTD's proponent is a rumor, nothing more. MD's proponent has posted here (see his first post HERE and in subsequent posts in that same thread). Ergo, draw your own conclusions as to which of these 2 HIPS would provide tech support when/if needed.

4- MD has a very good Help file. RTD's current free version has none.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

That's all I know for basing a choice between these 2 right now.

*NOTE 1: I am NOT particularly a fan of Matousec's tests.

**Note 2: Speaking of lacks -- SSM lacks file protection, as does Online Armor. In both cases it is reportedly "being worked on."

 

10x alot bellgamin for the info , i just notice RTD is in the firewall test in other name lol , and its a hips not a firewall 100%....its also alots of things...

i duno , i check MD alot and RTD an i find RTD better and more user friendly.

anyway i cant make a folder protection using RTD ....i make a new rule and set all option down to "block" include sub folders , but i can del files from thats dir (eg c:\123)

what i am doing wrong in here?

cheers

 

I'm not running RTD, so I cannot check your issue. I'm running MD right now, and hoping that John Cage will drop by with an update on RTD's status.

 

does 1.43 is the last prosecuirty/RTD ver? and what the diff between the free ver (1.0) and the paid ver (1.43) ?
i install both and they look the same

cheers

 

Yes, 1.43 was last version of PS.

When PS was still alive, I ran it practically from the day it began, all the way up through version 1.43. Later on, I ran RTD 1.0 for a few weeks.

As far as I can tell, the differences between PS 1.43 & RTD 1.0 are solely cosmetic -- just to show RTD's name instead of PS's name.

 

and RTD ver 1.0 is totaly free thats very important also

 

Hi, open RTD, at local host choose FILE>ADD A GROUP>name the new group>click OK. Now expand FILE and choose the file group you have just created>ADD A RULE>BROWSE>SELECT FOLDER/FILE>SETTINGS (located @ lower pane) and then choose CREATE FOLDER (Yes, No, Ask) or DELETE FILE (yes, no, ask) etc.

You probably missed the first step, hope you make it now.

 

i did the first step...the problem i broswe to afolder i want to protect "created>ADD A RULE>BROWSE>SELECT FOLDER/FILE>SETTINGS " and set ok ...i dont see any option to create a folder using RTD.

and after i see my protect folder it RTD ... andd all are ask user... i can still del files from my "protected" folder

this step i cant locate ">SETTINGS (located @ lower pane) and then choose CREATE FOLDER "
what u mean by "(located @ lower pane)" ?

after some hours

thats what i did , and its still del files or create folder even i set BLOCK ... it doesnt work ignore my made ruke totaly

cheers

 

Edit: I just saw you made it after couple of hrs but I dont know what goes wrong

Have a look at the snap to see where are the settings:

 

i did just like it before even post ... but u can always del files in the "protected" dir....so what is wrong?? mike21 does del from your protected folder been popup any RTD "what to do" window?

cheers

 

If I set it to block it blocks it, if I set to ask user a window pops up and asks if I want to allow or block the deletion of the folder/file. If I block it the deletion of the file, Windows inform me that the file cannot be deleted as per snap.

For me RTD is very reliable and gives me full control of my PC. As an example with other hips like MD or EQS, if my default browser is open (firefox) and another application is trying to use it, its allowed to use it and launch a tab with specific address; they stop the use of the default browser only when it is not launched - but not RTD, which asks every time even if the browser is launched I am still asked if I want to allow it.

 

you could achieve this also with processguard by only allowing the programs you want to run,the rest is block.i even block windows updates
i get same pop ups for example if i want to open my control panel it is block
that way no one could delete anything from add and remove program.also pasword protected.

 

I hope it's OK to reply on such an old topic but if not I guess I'll get banned with my first reply. I think your problem comes from Explorer.exe rule which probably was created during learning mode or a premature allow/trust situation. If Explorer.exe has been set to trust/trust/trust then adding folder/file protection will not work by adding a new group+rule in the section that you have been told. If Explorer.exe is ruled as previously mentioned(trust) then you will need to add the folder/file rules(including those System Folder rules of C:\ & C:\WINDOWS) at the Explorer.exe "Application" heading/group. Quickest way would be to type explorer.exe into the little searchbar and click the search icon. In the search result above, click it. On the right hand side, bottom groupbox, select the File/Folder tab. Just below the row of tabs and to the left is an "Add" button. Select it and as an example browse to C:\My Stuff\downloads(or whatever) and select it.
It will then be added to the table. Place a checkmark in the box and adjust your rules for it which are on the right hand side.

 

I've installed RTD and I'm very impressed with it but having seen the advisory about changing the file path I have just this one question please if someone can help me out.

If I am not importing any rules and just using the default installation do I still need to change the System Folder file paths from %SystemRoot% to C:\WINDOWS, or can I leave them as they are?

Many thanks.

 

I've found it to work both ways and I didn't import any rules but, for me it has to do with the rule set for explorer. I have reg edits in place that allows for right clicking My Computer icon on the desktop with menu items to select with the options to take me to certain folders as in "Go To Downloads" and it opens up my download folder. When that happens RTD alarms with Explorer.exe trying to launch Explorer.exe. Naturally I want to trust that and do. The problem for me when doing that is that file protection for folders, even the System folder is lost. But I've noticed that Explorer.exe has been added as an Application rule under the File heading. I then click that Explorer.exe Application rule under the File heading and on the right side bottom pane, I add the groups of File/Folder protection and there protected again. I'm almost positive that before the above happens that %SystemRoot% path did work. I really like this RTD, very stable for me but have noticed that one wrong trust will wash out alot of protection that's in place. deadmeat, I would suggest trying it to see if it works for you or not. If it doesn't, then modify by letting RTD select the folders for you but be careful and pay attention to the file rule as in *.exe, when browsing to the folder in RTD and selecting it, RTD adds the path but will drop the .exe leaving you with *. You'll have to add the .exe part back manually or at least that's what happened for me.