Sandboxing for 64bit is hard to find. Correct me If I am wrong, I believe it has something to do with Kernel hooks in 64bit OS.
See this post by Egemen:
I’m new on Sandboxing, But because “Sandbox” Isolates applications, etc, This could be the reason why Sandboxing is ■■■■■■■ 64bit, Especially with Windows Vista. Just Kernel Hooks and Microsoft finds it malicious, So hooking to that degree with Sandboxing in 64bit isn’t possible… Could be wrong.
Eh, I guess you have never heard about margarine, emulsifier is the keyword for oil and water… ;D
BTW that brings another question, CIS already now uses user mode hooks in D+ for 64bits OSes, so is it CIS now strong on 64bits OSes as on 32bits where it hooks kernel or ring0?
No, it’s not as strong. Matousec SSTS can send window messages, set global hooks and can keylog what you write → D+ is bypassed. I’ve mentioned that many many times but nothing happened, egemen didn’t tell if they will improve that
Outpost is much better there (but has other weak points).
I think it is matter of implementation only, if Matousec modify little his user mode unhooker it will bypass Outpost too, it is nature of user mode hooks it can be unhooked easy…
Did you tried that technique “send window messages” with another keylogger which do not unhook?
P.S. sorry I know very little about matter and my English is weak too, and I don’t have 64bits capable processor :-[
Would be sad if that was true
Is there no strong method to avoid ring 3 hooks getting unhooked?
Are the new APIs which came along with Vista SP1 a real alternative?
I meant the ddetest leaktest. It sends window messages to remote control other processes (with window).
It works on IE 6 and above and FF 2.0 and above. They claim it works on Win x64. I found it used a lot of ressources (on Win x86), I had to uninstall it and now am using Sandboxie.
Now that we have an answer thanks to evil_religion, I wonder how to ponder the situation planning ahead for the next PC purchase, given that on Win x64 we won’t get the same level of secuirty from CIS as on Win x86. Of course there are some mitigating factors (Kernel Patch Protection should make some infections less probable), but it is obviously not hackproof either.
ok, but why we don’t have statement from Comodo developers about D+ and 64bits implementation of D+, is it so hard to tell? or we should wait for Matoušec to start testing on 64bits platforms so Comodo devs. to tell us any peep about it?
I personally do not like silence in security of any kind, are all api’s defended well on 64bits like are defended on 32bits…please answer