Real-time Guard for 64bit OS ~ Need Suggestions

Just recently bought a new laptop (ahoy! ). It came preloaded with Windows 8 Standard. I quite liked it so I decided to buy a Windows 8 Pro and went with 64bit since I have a 4GB RAM now.

Now I know 64bit OS users don't really have many toys to play with. I've observed a little and found out some choices which don't have so much problems on 64bit OS. The questions are:

1. How effective a real-time AV with a behavior blocker on Win 8 64bit?
2. How effective a classical HIPS with a personal firewall on Win 8 64bit?
3. Between these two (behavior blocker vs classical HIPS), which one that is more affected by PatchGuard?
4. Between these two, which one offers more protection for 64bit OS if they both are affected by PatchGuard?

Thank you for the answers.

SIDE NOTE: I'm currently trying one of them and it seems to be working just fine. But since I'm not a Windows system expert nor an AV expert I can't be 100% sure if it actually works flawlessly without any hidden errors.

 

1. Very effective depending on engine used.
2. Still very effective.
3. I think HIPS because it roots into the OS more.
4. HIPS is still stronger than BB with 64bit. However not a strong as 32bit.

 

So classical HIPS relies upon kernel hooks more than a BB (64bit limitation problem), but classical HIPS is more detailed so it (in theory) will give a better protection than a BB I assume.

 

Yes, HIPS covers more areas of protection than does BBs.

 

I'd highly recommend AppGuard. So much more user-friendly than a HIPS.

 

Spot on.

 

I agree. In addition, AppGuard is not adversely affected by Kernel Patch Protection (PatchGuard) on 64-bit systems: -

https://www.wilderssecurity.com/showpost.php?p=1683881&postcount=118

 

I think the best solution as the standalone app could be SpyShelter Premium since 8.5 version as regards to this info
https://www.wilderssecurity.com/showthread.php?p=2245240#post2245240

 

That post is from 2010, so we don't know how it fares with Win8's Patchguard.

 

Good point! I've asked Barb_C, so we'll wait and she what she says.

https://www.wilderssecurity.com/showpost.php?p=2257946&postcount=2793

 

I forgot this problem. Now I'm 32 bit, and I don't want to change it until I can, but I wonder for the future if there is a way to disable Patch Guard. Note: I don't care if Microsoft like or not it: I pay, I want: the customer is the king.

 

Customer is at the.mercy of Microsoft even if it's right or wrong (ie: Less n less privacy plus consistent holes revealed).

It's the customer's choice how much we'll resign ourself to accept from vendors. The field is wide open and the choice is ours. But our choices in O/S's are severely limited (apple, Ms, Linux)

 

Yes, I know. There was for example an old controversy once; Microsoft said that is not legal to change the Start bottom modifying his logo and the colors, but there were in the web many tricks to do it . Microsoft says that it doesn't sell the OS but only the license to use it, and nothing can be changed. I always didn't understand how it can be legal, but, if I could do reverse engineering on my pc, I do it. I can't. Sorry for the off topic... My answer was if exist tricks to disable PatchGuard.

 

http://www.codeproject.com/Articles/28318/Bypassing-PatchGuard-3
http://uninformed.org/?v=3&a=3

Not recommended for end-users. Even if you can do it, it's mostly pointless. If security software is your main concern, the vendors supporting 64-bit would have done the necessary to workaround the issue without making you disable KPP.

 

Yes, the Windows 8 PatchGuard is a little changed if I understand correctly. That's why I hesitated.

 

Thank you. it' for the future, not now. My concern is: I don't like that third part applications can't work at kernel level as in 32 bit. But I'm afraid that they had to adapt their products, and disable PG is not useful.

 

Linux is a kernel that's part of thousands of OS, and there are more than those three categories. The next biggest is BSD, but after that it gets real obscure w/o any noteworthy user base. So yes there are choices, but usually only for those with relatively generic hardware and willing to learn.

As for 64-bit, I'd say the benefits outweigh the risks. Since when do specific security programs define a sufficiently secure OS?

 

Yes, Appguard offers Rock Solid protection, and requires way less user interaction than HIPS or BB's. Appguard uses policy based restriction, and forces applications to operate in a safe manner. Appguard sort of sandboxes applications using policy based restrictions. They call their proprietary technology using "conclaves". I haven't read the literature about conclaves in a long time.

VoodooShield is another great application that offers amazing protection. VS is an AE (anti-executable) that uses whitelisting, and some other proprietary technology. VS also requires way less user interaction than HIPS or BB's. You can use VS with just about any security software. I use Appguard, and VoodooShield together. They work well together. VS was meant to replace UAC so it turns UAC off when it installs. VS offers far better protection than UAC, and does not annoy the user with prompts like UAC does.

It will be hard to find anything more secure than Appguard, or VoodooShield. You can use one of them or use both of them together. VoodooShield will give you a free license for a year right now if you would like to try VS out. If you need a free license then pm me, and I will make sure you get one.

 

i have appguard in lockdown mode,soes voodooshield interfere with it in lockdown mode?

 

Guys, don't worry about me. I've managed to tame Comodo's D+ on paranoid mode so I'm used to popups. Thanks for the inputs though.

If I understand it correctly both VoodooShield and AppGuard are anti-exe, though work differently it seems. But I wouldn't recommend to use more than one real-time security software under the same category.

 

AppGuard aims at containment by policy restriction, rather than anti-execution as such. It is therefore probably best not classified as an anti-exe, although it does have some anti-exe features as part of its policy enforcement for executables located in user space. With AppGuard, executables located in system space cannot be denied execution, only optionally restricted by explicitly adding them to the guarded applications list. With a true anti-exe, it should be possible to deny any executable from running, no matter where located.

 

Following on from the previous post, because AppGuard isn't in the anti-exe category, it isn't necessarily an overkill to combine it with an anti-exe, e.g. VoodooShield, NVT ERP, etc.

Using an anti-exe alongside AppGuard, it's possible to get tighter control of execution (especially system space) than is possible with AppGuard alone, whilst AppGuard will apply policy restriction to processes that the anti-exe allowed to run. For people who want the extra control, there is a synergy to be had from combining both approaches.

 

Yes, it blocks win32k.sys hooking:
http://answers.microsoft.com/en-us/...security/810ee971-6e38-4754-a5e5-0ed255177445

 

Answered here: https://www.wilderssecurity.com/showpost.php?p=2260291&postcount=2806

 

No, VoodooShield will not interfere with Appguard in lock down mode. I use them together like that all the time. VS by design will not interfere with other security applications. If it does then report it because it will most likely be a bug.