has cis problems under windows vista/7 64bit??

[Guest]

[res1stanCe]

hello

http://www.sandboxie.com/index.php?WindowsVista64

i have read this and i wonder ,has cis the same problems under 64bit systems?

has cis really full control over the kernel in 64bit windows?

[OmeletGuy]

hello

http://www.sandboxie.com/index.php?WindowsVista64

i have read this and i wonder ,has cis the same problems under 64bit systems?

has cis really full control over the kernel in 64bit windows?

CIS does not hook the kernel in Vista 64bit, its a security program by MS that prevents hooking of the kernel by anyone.

[res1stanCe]

thx ,but then is cis less secure on 64bit windows

security software is useless on 64bit windows ,many malware can deactivate user-mode (ring3) drivers...

microsoft is thinking at all? i think not... microsoft blocked the only way to make windows secure with other programs

[res1stanCe]

push

[OmeletGuy]

I would say CIS protects you without a problem.

And scince when does MS think about security. 

They added patch Gaurd to prevent malware from hooking the kernel..

[res1stanCe]

 

yes but patchguard is an inadequate protection... is too weak

and prevents other programs in their work ,nice microsoft

[wj32]

Stop talking nonsense.

1. From the link, it appears that the Sandboxie author(s) do not want to get a driver signing certificate. COMODO already has one (obviously).
2. PatchGuard doesn't prevent security software from working. Sandboxie hooks system calls by modifying the SSDT, and this is protected against by PatchGuard. The MS endorsed way to hook is to use the system supplied callbacks - minifilters, registry callbacks, process/thread callbacks. This way CIS can protect itself without having to do anything special.

Now obviously, CIS might not actually use the callbacks - I don't know - but it seems like the most likely thing to do, because otherwise CIS would be vulnerable to all kinds of attacks.

[res1stanCe]

hm.. interesting

i understand. i was not aware until now

thank you for explain this  

[Rambaldi]

Stop talking nonsense.

1. From the link, it appears that the Sandboxie author(s) do not want to get a driver signing certificate. COMODO already has one (obviously).
2. PatchGuard doesn't prevent security software from working. Sandboxie hooks system calls by modifying the SSDT, and this is protected against by PatchGuard. The MS endorsed way to hook is to use the system supplied callbacks - minifilters, registry callbacks, process/thread callbacks. This way CIS can protect itself without having to do anything special.

Now obviously, CIS might not actually use the callbacks - I don't know - but it seems like the most likely thing to do, because otherwise CIS would be vulnerable to all kinds of attacks.

That's good to know, however is there any test on Win 64bit? AFAIK matousec makes test on 32bit systems, so I think that the OP raised a legitimate question here.

[3xist]

CIS, On Vista SP1 64x and later, Hooks in the kernel as much as possible - Comodo were also in the technical discussions with Microsoft and other Vendors of Patch Guard on Vista 64bit. However, CIS still protects 64bit enough. Comodo would NOT leave you vulnerable knowingly. As for Sandboxing, Yes, CIS 4 is coming and the Sandboxing in that will work on 64bit. For software like Sandboxie to work on 64bit,  it seems to me the developer (Tzuk) would have to re-write Sandboxie from scratch.

Cheers,
Josh

[Rambaldi]

CIS, On Vista SP1 64x and later, Hooks in the kernel as much as possible - Comodo were also in the technical discussions with Microsoft and other Vendors of Patch Guard on Vista 64bit. However, CIS still protects 64bit enough. Comodo would NOT leave you vulnerable knowingly. As for Sandboxing, Yes, CIS 4 is coming and the Sandboxing in that will work on 64bit. For software like Sandboxie to work on 64bit,  it seems to me the developer (Tzuk) would have to re-write Sandboxie from scratch.

Cheers,
Josh

OK thanks very much for the information.

[res1stanCe]

sounds good

[evil_religion]

But it's wrong. Comodo partially uses unsecured ring 3 hooks which can be avoided by Matousec SSTS.
Global hooks (injecting code into all processes), keyloggers and if I recall correctly also window messages don't get intercepted in kernel mode by Comodo.

Outpost FW passes some more tests of SSTS on x64 than Comodo, maybe they use secured user mode hooks. Comodo should do the same. I don't think that it won't be useful if Agnitum goes this way.

[res1stanCe]

agnitum say to me outpost fw has ring0 control over the windows 64bit kernel

[evil_religion]

I would like to know if there are further improvements planned for the x64 version (at egemen )
Also the self defense could be a bit better.

[Tags:]