Sign in to follow this  
cloutz

OA 64 bit more vulnerable than 32bit?

Recommended Posts

Hi!

I saw that other hips (even CIS) still have security problems on x64 platform.

In fact x64 version is more vulnerable than x32, they cannot guarantee full protection against some attacks like dll-injection, keylogging, DDE, windows messages..

Same things for SpyShelter for example.

And what about OA??

What are the protection module differences from x32 and x64 version?

Regards

Share this post


Link to post
Share on other sites

Hi Cloutz,

Yes, the difference is caused by patchguard v3 on x64 systems that forbid security vendors (and of courses hackers) to uses the sames techniques comparate with 32bits OS.

But i have read that OA x64 offers near the same level of protection as x86, and i don't known if it is stronger comparate with CIS (maybe yes? beacause they have worked a lot of time on x64 version).

Regards

Share this post


Link to post
Share on other sites

Hi Cloutz,

Yes, the difference is caused by patchguard v3 on x64 systems that forbid security vendors (and of courses hackers) to uses the sames techniques comparate with 32bits OS.

But i have read that OA x64 offers near the same level of protection as x86, and i don't known if it is stronger comparate with CIS (maybe yes? beacause they have worked a lot of time on x64 version).

Regards

Hi, thanks for the reply.

I was a Comodo fan , but actually i don't like how they're developing D+ on x64 platform.

I criticize CIS x64 protection because i tried it, and anyway you can find lots of segnalations on CIS forum, for example here LINK

So I asked for the difference in OA between x32-x64, and what is still missing.

Despite OA supports x64 since only 2 version, i found a great protection on x64 imho :thumbs:

Share this post


Link to post
Share on other sites

I saw that other hips (even CIS) still have security problems on x64 platform.

In fact x64 version is more vulnerable than x32, they cannot guarantee full protection against some attacks like dll-injection, keylogging, DDE, windows messages..

This is true for every HIPS out there due to limitations Microsoft put in place on 64bit Windows operating systems. We did our best to secure our system as good as it is possible now and we are quite confident that it is as secure as it can get on x64 systems.

And what about OA??

What are the protection module differences from x32 and x64 version?

In Online Armor 5.0 the x64 version doesn't watch certain GDI functions. So in theory it is possible that applications can manipulate windows of other applications. This does not include actually remote controlling them because we made sure we have that covered. But it is possible to create screenshots for example. Nothing we would consider a high priority or threat though. With Online Armor 6.0 we will offer full x64 support since we will have a slight paradigm shift there. We expect that when Online Armor 6.0 is released x64 systems will have surpassed x86 systems in terms of distribution. So instead of building a x86 HIPS that supports 64bit system we will have transitioned to build a x64 HIPS that supports x86.

Share this post


Link to post
Share on other sites

[..]

In Online Armor 5.0 the x64 version doesn't watch certain GDI functions. So in theory it is possible that applications can manipulate windows of other applications. This does not include actually remote controlling them because we made sure we have that covered. But it is possible to create screenshots for example. Nothing we would consider a high priority or threat though.

With Online Armor 6.0 we will offer full x64 support since we will have a slight paradigm shift there. We expect that when Online Armor 6.0 is released x64 systems will have surpassed x86 systems in terms of distribution. So instead of building a x86 HIPS that supports 64bit system we will have transitioned to build a x64 HIPS that supports x86.

Okay, that's my thought, so i agree with your point of view.

I was only scared about actually non-covered modules/protections (dll injection, COM interfaces, unhooking ?)

Regards

Share this post


Link to post
Share on other sites
I was only scared about actually non-covered modules/protections (dll injection, COM interfaces, unhooking ?)

We have DLL injections, COM usage, unhooking and all other techniques used by malware in the wild covered :).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.