Malware Defender

View previous topic View next topic Go down

Malware Defender

Post by noorismail on 25/10/2010, 12:50

Well I played around with the free SpyShelter for a few days,and now
I am giving Malware Defender a turn.

I want to say that I really do not thank I need a Classic HIPS with my set up,
at the same time I would like to expand my skill set enough to use one.
I pretty well masted the old ProcessGuard free but always gave up on
online Armour,D+,SpywareTerminator and the others.


Thank God,I do not have very many programs instaled,and after a few hours
in training mode,wher I opened most og them,I switched to normal mode,
and there are very few pop-ups.
The ones that do occur are fairly easy to answer. (I guess.)

The GUI is COMPREHENSIVE.
Somewhere in there I am sure there is a way to get it to do my taxes.

For awhile I am going to run out of ShadowMode,with Malware Defender and Sandboxie,
so I do not create rules that are lost on the next reboot.

Any one with Malware Defender experience?
Any tips?


noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Malware Defender

Post by ssj100 on 25/10/2010, 13:28

I've tested Malware Defender many times, but never took much time to go through its extensive configuration options. The best person to ask is "arran", who happens to be a member of this forum. Unfortunately, I don't think he visits much - it might be worth sending him a PM or trying to contact him on other forums.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Malware Defender

Post by Stephen2 on 25/10/2010, 13:31

I love very powerful classical HIPS. I used to own ProSecurity license and look on Malware Defender as almost identical.

I still use it in my WinXP VM (dodgy software tester) because it tells me exactly what the questionable EXE is doing at all times.

Not sure what tips I can give - I used to just let it do "learning mode" over a couple of reboots, then make it pop everything up.

Never trusted learning mode too much as it would set "less secure" rules - like allowing "CMD.EXE" to launch without investigating command lines which as we all know are the crux of using CMD.EXE maliciously.

As I said, not sure what tips I can give but if something isn't making sense, ask and I'll see if I can answer - I have a good understanding of classical HIPS.

Stephen2
Member
Member

Posts : 34
Join date : 2010-10-18
Location : Melbourne, Australia

View user profile

Back to top Go down

Re: Malware Defender

Post by ssj100 on 25/10/2010, 13:36

Yes, I often use Malware Defender to test "dodgy software" or actual malware in (sandboxed) VM's too. As you say, it pretty much tells you exactly what's going on.

"arran" had some sort of clever method he described on Wilders where you could minimise the pop-ups while maintaining decent security - it might be worth searching for it. "demoneye" tested it out and thought it was quite clever too, but he eventually gave up because there was far too much computer "house work" involved in general!

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Malware Defender

Post by noorismail on 25/10/2010, 13:48

Thanks all for the replies.

So,far,so good.
Out of learning mode,and pop-ups are manageable.

"extensive configuration options" is the truth!!

I am sure I overlooked it,but is there a place from within the GUI to check for updates?

Thanks

noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Malware Defender

Post by Stephen2 on 25/10/2010, 15:58

RE: auto check for updates - Don't think so, also, I believe the latest (2.7.2.0001?) is potentially the last update.

Can't remember where I read that so take that with a grain of salt...


Stephen2
Member
Member

Posts : 34
Join date : 2010-10-18
Location : Melbourne, Australia

View user profile

Back to top Go down

Re: Malware Defender

Post by noorismail on 25/10/2010, 16:35

Thanks.
That is the version I have.
I looked at the Wilders thread,and I cant see anything
latter than that either.

http://www.wilderssecurity.com/showthread.php?t=267680&page=27

(starting with post #660 really is some speculation about the future.)

Shame really,if its no longer going to be developed.

But if there are no big bugs to fix,I guess a HIPS can be
very effective without updates for a long time.

noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Malware Defender

Post by noorismail on 26/10/2010, 05:08

I must say this is going very well,and most of the difficulty
of running my semi-trained MalwareDefender while in ShadowMode,
has been solved thanks to a problem I had.

I was stymied to find a way to create a rule that would allow me to
commit changes to the real disk while in ShadowMode.

I hit on the solution of simply creating appropriate rules while in
ShadowMode,exporting the rules file,saving it to the real disk.

Then,when I leave ShadowMode it is a simple matter to import the rules.

Using this method,I am able to handle all of the small esoterica,that crops
up after rules are set for the most common applications/event.

The problem is of course the problem inherent to saving
things from any virtual session.
You keep the good and the bad.

I do worry about one more kernel hooking application on my machine,but as a earlier poster said in another thread,messing with MalwareDefender is slightly addictive.

noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Malware Defender

Post by noorismail on 28/10/2010, 22:52

I have since found out that excluding the entire MalwareDefender folder from ShadowDefender ,allows rule-sets to be saved through reboot.

(That just seemed too simple to possible work,hence my former practice of exporting and saving rule-sets for latter importation.)

Getting less chatty each day=More time spent on the alerts that do pop up.

noor

_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: Malware Defender

Post by AaLF on 24/10/2011, 07:13

Salam noor.

Are you still using Malware Defender or have you moved on? It certainly has a busy console has it not?

I'm interested in comments comparing MD and another one I'm interested in, AppGuard. Anyone experienced both?
avatar
AaLF
New Member
New Member

Posts : 8
Join date : 2011-10-23

View user profile

Back to top Go down

Re: Malware Defender

Post by ssj100 on 24/10/2011, 07:38

I'm afraid noor has been missing for some time, so it's unlikely you'll get a reply from him.

I would only recommend Malware Defender to relatively advanced users. Of all the Classical HIPS in history (and presently), Malware Defender is (one of) the most configurable and complex.

Put it this way, I personally found configuring/using Sandboxie a walk in the park compared to configuring/using Malware Defender.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Malware Defender

Post by Guest on 24/10/2011, 20:46

SSJ100,

Hey old sandboxie plugger, the guy did not ask about SBIE Sleep Besides that a walk in the park can be scarry at night when there is no light affraid

Malware Defender (MD) is a classical HIPS, it was top notch at the time. AppGuard (AG) imposes a LUA-like border to the applications it guards. In simple terms guarded aps can not write to C:\Windows, C:\Programs and HKEY_LOCAL_MACHINE of the registry (sort of UAC protection without the pop-up). On top of that you can prevent to execute programs from the user folders (e.g. My documents or My Pictures) and prevent memory manipulation.

So AppGuard is a very limited compared to Malware Defender, but the smart thing it stops intrusions in the first steps (in stead of looking at all steps like MD does). So in head to head synthetic/labaratory test MD is stronger than AG. In daily practise AG will be as effective as MD.

Regards Kees

Guest
Guest


Back to top Go down

Re: Malware Defender

Post by ssj100 on 24/10/2011, 23:31

Kees1958 wrote:the guy did not ask about SBIE
I made that statement because he asked me about Sandboxie over on the Sandboxie forums - he was finding Sandboxie difficult to configure, so I actually suggested trying other programs because of this. Malware Defender can be a very difficult program for the average user to use. The computer can be locked down really well if configured properly though. However, keep in mind that it only has a 32-bit version and it is no longer being developed.

Anyway, nice to see you pop your head in Kees haha.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Malware Defender

Post by Guest on 25/10/2011, 00:29

OK, but you know me, I promised to count the SBIE advertisements / testimonials by you :-)

Did you try the Win8 dev ISO?

Guest
Guest


Back to top Go down

Re: Malware Defender

Post by AaLF on 25/10/2011, 01:01

Hello Kees1958.

SSJ100 is aware that I am now an owner of SBiE but I feel a bit naked with just SBiE and have the urge to compliment it with something else. Especially as I use XP without LUA. Malware Defender actually is losing its sparkle with me. The console reminds me of some sort of jetplane simulator. Too busy.
avatar
AaLF
New Member
New Member

Posts : 8
Join date : 2011-10-23

View user profile

Back to top Go down

Re: Malware Defender

Post by ssj100 on 25/10/2011, 09:37

Kees1958 wrote:OK, but you know me, I promised to count the SBIE advertisements / testimonials by you :-)

Did you try the Win8 dev ISO?
Well mate, the number of "SBIE advertisements / testimonials" by me is no where near as many as the number of "SAFE admin" advertisements / testimonials by you haha.

No, haven't tried the Win8 dev ISO and don't plan to. Don't have time for that sort of thing nowadays!
AaLF wrote:Malware Defender actually is losing its sparkle with me. The console reminds me of some sort of jetplane simulator. Too busy.
Not surprised that you don't fancy it much. To make it less noisy in the long term and therefore reduce time answering pop-ups, you pretty much have to spend the equivalent time configuring it properly!

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Malware Defender

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum