- May 11, 2014
- 1,639
How does AppGuard protect the 64 bit OS, and does it too have limitations??
How does AppGuard protect the 64 bit OS, and does it too have limitations??
How does AppGuard protect the 64 bit OS, and does it too have limitations??
How does AppGuard protect the 64 bit OS, and does it too have limitations??
No limitations between 32 and 64 bit.
Maybe because it works differently that any other security software.How does AppGuard manage to stop limitations on 64bit systems and Kaspersky cannot? I've followed all of hjlbx advice on here and Wilders to make AppGuard more secure.
How does AppGuard manage to stop limitations on 64bit systems and Kaspersky cannot? I've followed all of hjlbx advice on here and Wilders to make AppGuard more secure.
I am not an AppGuard user myself (it's kind of expensive), but I have heard that when you install a new program, you need to disable AppGuard. So that is the downside: it won't give you step by step control during installation of an app you don't totally trust. Other solutions will tell you what is happening every step of the way, so you can block when things look suspicious.
the total lockdown people like to use AppGuard + another solution such as ReHIPS or NVT ERP
thanks @hjlbx, that sets the record straight.Installation of a malicious program is essentially the same as the installation of a malicious program. Even if a user does monitor every step of the installation process, it is highly unlikely that anyone will recognize a single malicious behavior - and the system will be infected. Furthermore, even if a user practices a whole bunch with malware using a HIPS, that user will still probably will not identify "malicious" behavior as alerts appear.
Disabling Appguard is not the issue. Not fully inspecting a file before installing\executing it on the system is the issue. In the first place, if you have any doubts whatsoever about a file, then you shouldn't execute it on your system without pre-execution inspection and using a means to revert your system to a pre-infection state.
Technically, the correct solution is not to execute the unknown\untrusted file at all; if you execute an unknown\untrusted file, then it can potentially defeat your entire security config right out of the gate. That's the premise of locked down security. The locked down security model patches the security holes permitted by more traditional security softs.
Disabling Appguard is not the issue. Not fully inspecting a file before installing\executing it on the system is the issue. In the first place, if you have any doubts whatsoever about a file, then you shouldn't execute it on your system without pre-execution inspection and using a means to revert your system to a pre-infection state.
I can't argue the point, but I do think it's good to keep an eye open during installation, because it is becoming increasingly common these days for known and trusted sites to get hacked, and provide malicious downloads going by the old and familiar names. Even careful people can get fooled by that kind of thing.if you have any doubts whatsoever about a file, then you shouldn't execute it on your system without pre-execution inspection and using a means to revert your system to a pre-infection state.
I can't argue the point, but I do think it's good to keep an eye open during installation, because it is becoming increasingly common these days for known and trusted sites to get hacked, and provide malicious downloads going by the old and familiar names. Even careful people can get fooled by that kind of thing.
yep, if you can't get your system back to the way it was, you are simply burning your bridges.Even a Cuckoo sandbox isn't 100 % reliable. For example, there are none that I know of that will catch malicious self-extracting archives (SFX).
That's why it is important to be able to rollback the system to a pre-infection state or contain the malware in a deletable sandbox:
- Rollback RX Pro
- Rollback RX Home
- Drive Vaccine RX
- Reboot Restore RX
- Shadow Defender
- ToolWiz Time Freeze
- Sandboxie
- COMODO Internet Security
- COMODO Cloud Antivirus
- ReHIPS (not rollback, but isolated user profile)
- Macrium Reflect with Delta Rapid Restore
- Other system restore softs
Even a Cuckoo sandbox isn't 100 % reliable. For example, there are none that I know of that will catch malicious self-extracting archives (SFX).
That's why it is important to be able to rollback the system to a pre-infection state or contain the malware in a deletable sandbox:
- Rollback RX Pro
- Rollback RX Home
- Drive Vaccine RX
- Reboot Restore RX
- Shadow Defender
- ToolWiz Time Freeze
- Sandboxie
- COMODO Internet Security
- COMODO Cloud Antivirus
- ReHIPS (not rollback, but isolated user profile)
- Macrium Reflect with Delta Rapid Restore
- Other system restore softs
Big yup to all the above, the only addition needed imo, would be outbound firewall monitoring to deny "phoning home" or data theft.
Regards Eck
If you lock down your system, then an outbound firewall isn't absolutely needed. On top of that, a home bound system doesn't need an outbound firewall whereas a laptop that is often used in public wifi hotspots does need one.
The usefulness of an outbound firewall is a debatable topic.
An outbound firewall is, at best, a just-in-case measure that has limited protection under certain circumstances. Malware can easily bypass a firewall. For example, by employing a simple hollow process or by abusing a trusted Windows process - not to mention the use of more advanced firewall bypass techniques that a firewall will not\cannot detect.
If you do use an outbound firewall and get an alert, your system is already compromised and, technically, it is too little, too late.
However, I do agree that an outbound firewall notification might be the only alert you get that indicates there might be a potential problem. So in that specific case I think an outbound firewall has value.
When I do use an outbound firewall, I select TinyWall - which is freeware and blocks all outbound network activity that does not have an existing out rule. TinyWall is a default-deny outbound firewall. It has no alert capability (it does not generate alerts). It's downside is that without any alerts, the user has no idea something has been blocked (safe, unsafe, or unknown) - other than the fact that the soft might not work. Because of this fact, TinyWall is better suited to IT security enthusiasts. A better solution for a beginner\novice would be along the lines of Emsisoft Internet Security or similar.
While outbound control might not be considered an essential it`s still a very useful tool imo, in a sandboxing situation where technically the system has been compromised(but not really as it`s sandboxed)to stop any leak dead in it`s tracks.
Never tried Tinywall probably because of the nonalerts but am very happy with Comodo`s outbound screening not to mention the excellent autosandboxing.
Yes as long as you`ve got the main bases covered then all the other add-ons are debateble.I just happen to like knowing whats connecting out anyway even under "normal" circumstances
Regards Eck