Windows Update disables Ghost Security

Discussion in 'Ghost Security Suite (GSS)' started by heatsaver, Jun 17, 2006.

Thread Status:
Not open for further replies.
  1. heatsaver

    heatsaver Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    4
    I am running Windows XP x64 Edition. I am using Ghost Secuirty Suite appdefend_betasetup64.

    Ghost Security Suite quit working after I downloaded windows security updates.

    After much frustration and trial and error I figured out that Update for Windows XP x64 Edition (KB914784) published on 6/13/2006 prevents the unified driver from loading. I installed and uninstalled this windows update to verify that it is what is causing the problem. Appdefend and regdefend work flawlessly as long as this update is not installed.

    According to Microsoft "Install this update to improve Kernel Patch Protection. Kernel patch protection in versions of Windows for x64-based systems protects code and critical structures in the Windows kernel from modification by unknown code or data".

    Apparently it prevents appdefend and regdefend from writing to the kernel (not sure if I have the correct terminology).

    Will there be a appdefend_betasetup64 update to correct this problem?

    More info is availble here:
    http://go.microsoft.com/fwlink/?LinkId=67071
     
  2. __nathan

    __nathan Registered Member

    Joined:
    May 4, 2005
    Posts:
    4
  3. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    yep .. MSoft do not want application to play with the kernel.
    However does not quite provide substitute for what Jason is doing ... the result is that race against service pack :(

    After reading post like these and seeying _nathan only post regarding this very paticular issue of patchguard i wonder if he is well placed to regarding this thecnology
     
  4. berng

    berng Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    246
    Location:
    NJ, USA
    This certainly is a show stopper on Win x64. Using this product is not practical when it can be disabled any time by a security update.

    Jason may have to rethink about fiddling with the kernel.

    Any progress or ideas on this Jason?
     
  5. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Any product that makes changes to Windows' core functions can be disabled by MS updates and this has happened previously with plenty of other software also (XP SP2's Data Execution Protection being one good example). However with x64 (XP and Vista) MS seems to be locking down the kernel, even for user-desired changes (see Anandtech's comments on driver signing).

    A more realistic approach would be to treat MS patches with caution and not to install them automatically but to wait for user feedback first, especially when using "kernel customising" software like AppDefend. In the meantime, those affected should contact Microsoft first - they are the ones setting the rules here so they need to be made aware of the issues if they try to lock out all third-party changes.
     
  6. Disciple

    Disciple Registered Member

    Joined:
    Nov 14, 2002
    Posts:
    292
    Location:
    Ellijay, Georgia - USA
    Wise words concerning applying MS updates and patches. However MS has never been one to listen, take all of the controversy about how IE handles some of the standard compliant HTML tags and functions. Or rather how it does not handle them. I am following a thread elsewhere about the re-write of a web site, and what a pain it is to have a design that display as desired in FF, Opera, and other browsers only to have it render wrong in IE.
     
  7. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Yes my idea is not to use it (an update) unless it adds some value to your system. AppDefend disables PatchGuard because it is quite useless and uses system resources _trying_ to pretend it is doing something useful. Microsoft will never be able to stop myself, or a hacker, from disabling it without hardware support, which doesn't exist in Windows XP64. Of course AppDefend itself severely limits malware from doing what AppDefend does itself, so having AppDefend on there is more secure than without it to protect against this very thing.

    Since I am knee deep in the current alpha at the moment I can't spend the time to disable the current implementation so I advise not installing the update because it adds nothing of value. AppDefend for Windows XP64 will most likely always be in a BETA status due to me not wanting to have to deal with people who are not enthusiasts understanding the concepts behind it. If you don't want to patch your kernel, don't use AppDefend. You won't find any other software which can do what it does on x64 WITHOUT patching, and that is what you will have to live with. :)
     
  8. berng

    berng Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    246
    Location:
    NJ, USA
    What you said does make a lot of sense especially since we can assume with 99.999% certainty that hackers will get around patch guard. Endless cycles of hacking and security fixes.

    I'll take your solutions over Microsoft anytime. Comparing the elegence of your product vs Microsoft is comparing day and night. I'm stuck with Microsoft products but everything from them is so cumbersome (product activation, too many bug fixes, constant security updates using IE ...).
     
Thread Status:
Not open for further replies.