SafeOnline and 64bit operating systems

Discussion in 'Prevx Releases' started by Tod, Mar 20, 2010.

Thread Status:
Not open for further replies.
  1. Tod

    Tod Registered Member

    Joined:
    Jul 13, 2006
    Posts:
    17
    From the SafeOnline vs. leaktests thread

    "SafeOnline will provide full protection on 32bit operating systems. On 64bit operating systems, SafeOnline relies on the layered protection of Prevx 3.0 for blocking known screen grabbers and clipboard stealers. This is because of fundamental architectural differences in 64bit operating systems preventing modifications to the "shadow service descriptor table" because of PatchGuard. We are planning a workaround for this, but it will still have some reliance on the antimalware components."

    Does this mean that SafeOnline currently adds little (except cost) on 64bit operating systems? What will still not work after the workaround? Does this mean one would be safer using a 32bit operating system?
     
  2. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    .
    It's not possible to patch the x64 kernel directly as can be done in x86. I don't take this to mean SafeOnline adds no value to the x64 OS. How well the "workaround" will work only time will tell. All the security vendors are up against this issue. On the other hand, it's debatable that x64 is more secure then x86 because of Patchguard. This can be argued, but I don't believe there's enough data yet to really know. It won't be long though because most machines today come preloaded with x64.
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It still adds a massive amount of security onto 64bit OSs. The only areas which cannot be fully secured are screen contents and clipboard contents as Victek123 pointed out, because of the architecture of the OS preventing kernel patching. However, SafeOnline is able to provide the rest of the functionality without requiring kernel patching - all other system areas are fully locked down, including keyloggers, stored credentials, browser process memory, cookies, active window data, injected libraries, and a whole host of other areas.
     
Thread Status:
Not open for further replies.