Real-time Guard for 64bit OS ~ Need Suggestions

Discussion in 'other anti-malware software' started by guest, Jul 23, 2013.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    Just recently bought a new laptop (ahoy! :D ). It came preloaded with Windows 8 Standard. I quite liked it so I decided to buy a Windows 8 Pro and went with 64bit since I have a 4GB RAM now.

    Now I know 64bit OS users don't really have many toys to play with. I've observed a little and found out some choices which don't have so much problems on 64bit OS. The questions are:

    1. How effective a real-time AV with a behavior blocker on Win 8 64bit?
    2. How effective a classical HIPS with a personal firewall on Win 8 64bit?
    3. Between these two (behavior blocker vs classical HIPS), which one that is more affected by PatchGuard?
    4. Between these two, which one offers more protection for 64bit OS if they both are affected by PatchGuard?

    Thank you for the answers.

    SIDE NOTE: I'm currently trying one of them and it seems to be working just fine. But since I'm not a Windows system expert nor an AV expert I can't be 100% sure if it actually works flawlessly without any hidden errors.
     
  2. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    1. Very effective depending on engine used.
    2. Still very effective.
    3. I think HIPS because it roots into the OS more.
    4. HIPS is still stronger than BB with 64bit. However not a strong as 32bit.
     
  3. guest

    guest Guest

    So classical HIPS relies upon kernel hooks more than a BB (64bit limitation problem), but classical HIPS is more detailed so it (in theory) will give a better protection than a BB I assume.
     
  4. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Yes, HIPS covers more areas of protection than does BBs.
     
  5. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    I'd highly recommend AppGuard. So much more user-friendly than a HIPS.
     
  6. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Spot on. :)
     
  7. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
  8. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
  10. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
  11. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    :( I forgot this problem. Now I'm 32 bit, and I don't want to change it until I can, but I wonder for the future if there is a way to disable Patch Guard. Note: I don't care if Microsoft like or not it: I pay, I want: the customer is the king. :D
     
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Customer is at the.mercy of Microsoft even if it's right or wrong (ie: Less n less privacy plus consistent holes revealed).

    It's the customer's choice how much we'll resign ourself to accept from vendors. The field is wide open and the choice is ours. But our choices in O/S's are severely limited (apple, Ms, Linux)
     
  13. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Yes, I know. There was for example an old controversy once; Microsoft said that is not legal to change the Start bottom modifying his logo and the colors, but there were in the web many tricks to do it :D . Microsoft says that it doesn't sell the OS but only the license to use it, and nothing can be changed. I always didn't understand how it can be legal, but, if I could do reverse engineering on my pc, I do it. I can't. Sorry for the off topic... My answer was if exist tricks to disable PatchGuard.
     
  14. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    http://www.codeproject.com/Articles/28318/Bypassing-PatchGuard-3
    http://uninformed.org/?v=3&a=3

    Not recommended for end-users. Even if you can do it, it's mostly pointless. If security software is your main concern, the vendors supporting 64-bit would have done the necessary to workaround the issue without making you disable KPP.
     
  15. guest

    guest Guest

    Yes, the Windows 8 PatchGuard is a little changed if I understand correctly. That's why I hesitated.
     
  16. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Thank you. it' for the future, not now. My concern is: I don't like that third part applications can't work at kernel level as in 32 bit. But I'm afraid that they had to adapt their products, and disable PG is not useful.
     
  17. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Linux is a kernel that's part of thousands of OS, and there are more than those three categories. The next biggest is BSD, but after that it gets real obscure w/o any noteworthy user base. So yes there are choices, but usually only for those with relatively generic hardware and willing to learn.

    As for 64-bit, I'd say the benefits outweigh the risks. Since when do specific security programs define a sufficiently secure OS?
     
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
    Yes, Appguard offers Rock Solid protection, and requires way less user interaction than HIPS or BB's. Appguard uses policy based restriction, and forces applications to operate in a safe manner. Appguard sort of sandboxes applications using policy based restrictions. They call their proprietary technology using "conclaves". I haven't read the literature about conclaves in a long time.

    VoodooShield is another great application that offers amazing protection. VS is an AE (anti-executable) that uses whitelisting, and some other proprietary technology. VS also requires way less user interaction than HIPS or BB's. You can use VS with just about any security software. I use Appguard, and VoodooShield together. They work well together. VS was meant to replace UAC so it turns UAC off when it installs. VS offers far better protection than UAC, and does not annoy the user with prompts like UAC does.

    It will be hard to find anything more secure than Appguard, or VoodooShield. You can use one of them or use both of them together. VoodooShield will give you a free license for a year right now if you would like to try VS out. If you need a free license then pm me, and I will make sure you get one.
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i have appguard in lockdown mode,soes voodooshield interfere with it in lockdown mode?
     
  20. guest

    guest Guest

    Guys, don't worry about me. :D I've managed to tame Comodo's D+ on paranoid mode so I'm used to popups. Thanks for the inputs though.

    If I understand it correctly both VoodooShield and AppGuard are anti-exe, though work differently it seems. But I wouldn't recommend to use more than one real-time security software under the same category.
     
  21. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    AppGuard aims at containment by policy restriction, rather than anti-execution as such. It is therefore probably best not classified as an anti-exe, although it does have some anti-exe features as part of its policy enforcement for executables located in user space. With AppGuard, executables located in system space cannot be denied execution, only optionally restricted by explicitly adding them to the guarded applications list. With a true anti-exe, it should be possible to deny any executable from running, no matter where located.
     
  22. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Following on from the previous post, because AppGuard isn't in the anti-exe category, it isn't necessarily an overkill to combine it with an anti-exe, e.g. VoodooShield, NVT ERP, etc.

    Using an anti-exe alongside AppGuard, it's possible to get tighter control of execution (especially system space) than is possible with AppGuard alone, whilst AppGuard will apply policy restriction to processes that the anti-exe allowed to run. For people who want the extra control, there is a synergy to be had from combining both approaches.
     
  23. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
  24. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
  25. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
    No, VoodooShield will not interfere with Appguard in lock down mode. I use them together like that all the time. VS by design will not interfere with other security applications. If it does then report it because it will most likely be a bug.
     
Loading...
Thread Status:
Not open for further replies.