actually why windows has such strong hold in the market, although there are other OS providers, is because of all the applications built on windows. It is those applications that make windows interesting… afterall a consumer doesn’t care which OS as OS has no direct value to an end user. Its the applications that run on the OS is the key. So MS do try, from my experience, to accomodate software vendors and compatibility is important to them. The more apps on windows the better for them. But you are right also when you say vendors should write compatible software.
MS should have only a few goals, they should make a stable and hole free OS and make it easy to develop software for it while also making sure that the software does not compromise system stability and security.
Yes, Microsoft’s focus should be on security and stability. They do try to maintain compatibility with software but if a necessary patch to the OS breaks some other vendor’s application, then so be it.
actually the only way i know to get a sandbox into vista 64 is using VMware, that’s very big app to get a sandbox.
u need to install VMware that is very big, then install an OS (like xp 32bit) that takes lot of space but it works fine, except it takes sometimes to launch the virtual OS but i dont know other way to run something that will not corrupt vista 64 but only the virtual one, and u just need to take a snapshot before u launch any app to get back to clean virtual OS before u launched some bad application.
hope there will be a way to run a smaller sandbox on vista 64.
I checked ForceField, i see it’s virtual browsing only, would be nice if it was able to run files like sandboxie but working for vista 64.
it’s not free too : 29.95 US$
maybe i’m going to try it, does it work with any browser ?
Sandboxing for 64bit is hard to find. Correct me If I am wrong, I believe it has something to do with Kernel hooks in 64bit OS.
See this post by Egemen:
I’m new on Sandboxing, But because “Sandbox” Isolates applications, etc, This could be the reason why Sandboxing is ■■■■■■■ 64bit, Especially with Windows Vista. Just Kernel Hooks and Microsoft finds it malicious, So hooking to that degree with Sandboxing in 64bit isn’t possible… Could be wrong.
Eh, I guess you have never heard about margarine, emulsifier is the keyword for oil and water… ;D
BTW that brings another question, CIS already now uses user mode hooks in D+ for 64bits OSes, so is it CIS now strong on 64bits OSes as on 32bits where it hooks kernel or ring0?
No, it’s not as strong. Matousec SSTS can send window messages, set global hooks and can keylog what you write → D+ is bypassed. I’ve mentioned that many many times but nothing happened, egemen didn’t tell if they will improve that
Outpost is much better there (but has other weak points).
I think it is matter of implementation only, if Matousec modify little his user mode unhooker it will bypass Outpost too, it is nature of user mode hooks it can be unhooked easy…
Did you tried that technique “send window messages” with another keylogger which do not unhook?
P.S. sorry I know very little about matter and my English is weak too, and I don’t have 64bits capable processor :-[
Would be sad if that was true
Is there no strong method to avoid ring 3 hooks getting unhooked?
Are the new APIs which came along with Vista SP1 a real alternative?
I meant the ddetest leaktest. It sends window messages to remote control other processes (with window).
It works on IE 6 and above and FF 2.0 and above. They claim it works on Win x64. I found it used a lot of ressources (on Win x86), I had to uninstall it and now am using Sandboxie.
Now that we have an answer thanks to evil_religion, I wonder how to ponder the situation planning ahead for the next PC purchase, given that on Win x64 we won’t get the same level of secuirty from CIS as on Win x86. Of course there are some mitigating factors (Kernel Patch Protection should make some infections less probable), but it is obviously not hackproof either.
ok, but why we don’t have statement from Comodo developers about D+ and 64bits implementation of D+, is it so hard to tell? or we should wait for Matoušec to start testing on 64bits platforms so Comodo devs. to tell us any peep about it?
I personally do not like silence in security of any kind, are all api’s defended well on 64bits like are defended on 32bits…please answer
