Windows Update disables Ghost Security

I am running Windows XP x64 Edition. I am using Ghost Secuirty Suite appdefend_betasetup64.

Ghost Security Suite quit working after I downloaded windows security updates.

After much frustration and trial and error I figured out that Update for Windows XP x64 Edition (KB914784) published on 6/13/2006 prevents the unified driver from loading. I installed and uninstalled this windows update to verify that it is what is causing the problem. Appdefend and regdefend work flawlessly as long as this update is not installed.

According to Microsoft "Install this update to improve Kernel Patch Protection. Kernel patch protection in versions of Windows for x64-based systems protects code and critical structures in the Windows kernel from modification by unknown code or data".

Apparently it prevents appdefend and regdefend from writing to the kernel (not sure if I have the correct terminology).

Will there be a appdefend_betasetup64 update to correct this problem?

More info is availble here:
http://go.microsoft.com/fwlink/?LinkId=67071

 

This problem was bound to happen at some point. I did warn GS in this thread https://www.wilderssecurity.com/showthread.php?t=107864 about six months ago but my advice was mostly shunned :/

 

yep .. MSoft do not want application to play with the kernel.
However does not quite provide substitute for what Jason is doing ... the result is that race against service pack

After reading post like these and seeying _nathan only post regarding this very paticular issue of patchguard i wonder if he is well placed to regarding this thecnology

 

This certainly is a show stopper on Win x64. Using this product is not practical when it can be disabled any time by a security update.

Jason may have to rethink about fiddling with the kernel.

Any progress or ideas on this Jason?

 

Any product that makes changes to Windows' core functions can be disabled by MS updates and this has happened previously with plenty of other software also (XP SP2's Data Execution Protection being one good example). However with x64 (XP and Vista) MS seems to be locking down the kernel, even for user-desired changes (see Anandtech's comments on driver signing).

A more realistic approach would be to treat MS patches with caution and not to install them automatically but to wait for user feedback first, especially when using "kernel customising" software like AppDefend. In the meantime, those affected should contact Microsoft first - they are the ones setting the rules here so they need to be made aware of the issues if they try to lock out all third-party changes.

 

Wise words concerning applying MS updates and patches. However MS has never been one to listen, take all of the controversy about how IE handles some of the standard compliant HTML tags and functions. Or rather how it does not handle them. I am following a thread elsewhere about the re-write of a web site, and what a pain it is to have a design that display as desired in FF, Opera, and other browsers only to have it render wrong in IE.

 

Yes my idea is not to use it (an update) unless it adds some value to your system. AppDefend disables PatchGuard because it is quite useless and uses system resources _trying_ to pretend it is doing something useful. Microsoft will never be able to stop myself, or a hacker, from disabling it without hardware support, which doesn't exist in Windows XP64. Of course AppDefend itself severely limits malware from doing what AppDefend does itself, so having AppDefend on there is more secure than without it to protect against this very thing.

Since I am knee deep in the current alpha at the moment I can't spend the time to disable the current implementation so I advise not installing the update because it adds nothing of value. AppDefend for Windows XP64 will most likely always be in a BETA status due to me not wanting to have to deal with people who are not enthusiasts understanding the concepts behind it. If you don't want to patch your kernel, don't use AppDefend. You won't find any other software which can do what it does on x64 WITHOUT patching, and that is what you will have to live with.

 

What you said does make a lot of sense especially since we can assume with 99.999% certainty that hackers will get around patch guard. Endless cycles of hacking and security fixes.

I'll take your solutions over Microsoft anytime. Comparing the elegence of your product vs Microsoft is comparing day and night. I'm stuck with Microsoft products but everything from them is so cumbersome (product activation, too many bug fixes, constant security updates using IE ...).