|
Problem with Winpooch on XP SP3 |
Post Reply 
|
Page 12> |
| Author |
 Share Topic Printable Version Delicious Digg Facebook Furl Google MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search  Topic Options
|
organmorgan 
Newbie 
Joined: 14 February 2010 Online Status: Offline Posts: 1 |
 Post Options
 Quote Reply
 Topic: Problem with Winpooch on XP SP3Posted: 14 February 2010 at 7:27pm |
|
Hello
yes i miss win pooch too. I have found that both mine and a friends pc still work with win pooch even though the have up dated to serv pk 3. However when i try to install it on a new lap which has serpk3 it wont install. Now i wonder if i have installed earlier ver of win pooch and am trying to install current ver ? cheers john
|
|
 |
|
|
jcharth
Newbie
Joined: 17 August 2009 Online Status: Offline Posts: 1 |
Post Options
Quote Reply
Posted: 17 August 2009 at 5:08pm |
|
No panic all please. Looks like 5.10 works sp3.
|
|
|
|
|
mutronics
Groupie 
Joined: 28 February 2007 Location: France Online Status: Offline Posts: 98 |
Post Options
Quote Reply
Posted: 01 October 2008 at 3:37pm |
Please think twice about this. Winpooch never directly protected you against programs that mess the kernel. Instead, it just used to let you control which programs can call home or not. If you have XP and not Vista, a bad program can call home now because there's no Winpooch to alert about it... Edited by mutronics - 01 October 2008 at 3:39pm |
|
|
|
|
jawz101
Senior Member 
Joined: 24 August 2005 Location: United States Online Status: Offline Posts: 470 |
Post Options
Quote Reply
Posted: 07 June 2008 at 11:25am |
|
you might want to take a look at kaspersky antivirus. i was using the demo for a few weeks at work & it seems to have similar nag screens and alerts prompting you to let iexplore.exe and whatnot make external connections. I'm sure a 3rd party firewall with all of its settings set to high would do the same thing.
Vista's User Account Control serves a similar purpose.
I just don't know how many free 3rd party products there are out there where they provide that functionality. Only 3rd party av & firewall protections give that kind of monitoring I've seen.
Maybe a free firewall like tiny personal firewall??
or some of the other freeware firewalls on pricelessware.org
... I do think a free 3rd party firewall with the security settings set high is going to give you those access prompts that you want.
as far as investing in an av solution I'd steer away from McAfee & Norton. Kaspersky continually has the best detection rates & others like bitdefender or nod32.
For free bitdefender, avast, avg or panda are well recommended for on-access scanning. Edited by jawz101 - 07 June 2008 at 11:35am |
|
|
MCDST, MCP, MS MSIS, CTANS Graduate Certificate Information Assurance, Infragard
|
|
|
|
|
jpg78
Newbie
Joined: 27 May 2008 Online Status: Offline Posts: 3 |
Post Options
Quote Reply
Posted: 06 June 2008 at 9:49am |
|
Okay, but please, answer to my question (if you know)...
I prefer to use an "old" (only few months) windows XP kernel with a good/lite Winpooch which can survey quite everything I want; more than the recent and so up to date and so secure new kernel which can protect more itself but still not really my machine. Yes, XP3 built a wall but they can leave the straight way and walk around... > So, instead of (for me)... > - keeping SP3 without Winpooch > - uninstalling SP3 to return to SP2 (Winpooch compatible) > Is it possible to keep "quite totally" XP/SP3, > and replacing some kernel modules (exe/dll/?) to use Winpooch ? > I'm looking/working at this solution, I have some ideas but I'm not sure they run. I can explain why I like Winpooch : I've made a lot of tests (its my job too) to obtain good configuration. The best fact : it has protected me from an attack by a "unknown" virus (unknown by my McAfee AV but known by others); it can alert me (ask or block) when "something" is trying to install a driver, writing in windows, trying to connect, etc... And all this for free, with no database and just 1 or 2 Mo installed, little RAM and CPU... Do you know something else just equal (better ?) working on SP3, I'm ready to study it (respecting my criteria_s)... |
|
|
|
|
jawz101
Senior Member
Joined: 24 August 2005 Location: United States Online Status: Offline Posts: 470 |
Post Options
Quote Reply
Posted: 29 May 2008 at 12:49pm |
|
winpooch = hooks into kernel mode drivers to monitor for suspicious activity vista & xpsp3 = protects kernel mode activity, makes winpooch & other kernel security utilities obsolete, symantec profits down last year.Do you realize that it's protecting the problems that winpooch only monitors? It's like you had a lookout and now you can fire him because you built a wall.
The only other things about SP3 is that it's a rollup of everything since sp2 that have already been pushed via automatic updates over the years & a few other things you won't notice unless you are a server admin in a 2008 domain environment & have a mixed batch of vista & xp boxes on your network:
Edited by jawz101 - 29 May 2008 at 12:49pm |
|
|
MCDST, MCP, MS MSIS, CTANS Graduate Certificate Information Assurance, Infragard
|
|
|
|
|
jpg78
Newbie
Joined: 27 May 2008 Online Status: Offline Posts: 3 |
Post Options
Quote Reply
Posted: 29 May 2008 at 10:59am |
|
Is it possible to "disable" what is "annoying" Winpooch ?
What's the update pack (number) to uninstall ? I search a "lite" solution (maybe there isn't) to continue using WinPooch in having XP/SP3 minus ? or corrected by ? Is it a dream ? Bl..dy Microsoft who hasn't say these problems occur to my WinPooch in installing SP3 !!! Other (hidden) things to discover ??? |
|
|
|
|
GrofLuigi
Senior Member
Joined: 18 January 2006 Online Status: Offline Posts: 185 |
Post Options
Quote Reply
Posted: 28 May 2008 at 8:45pm |
|
Does anyone know if there are additional 'protections' in XP SP3 compared to SP2, and what are they?
Good thing I haven't upgraded yet. I'm mostly worried about good old Kerio Personal Firewall 2.1.5. GL |
|
|
|
|
jawz101
Senior Member
Joined: 24 August 2005 Location: United States Online Status: Offline Posts: 470 |
Post Options
Quote Reply
Posted: 27 May 2008 at 7:16pm |
|
http://www.symantec.com/norton/themes/vista/faq.jsp
Symantec is really trying hard to find ways to justify their product.
Their sales pitch right now isn't that strong as shown in the link above.
If you are concerned with security a basic & reputable antivirus program with on-access protection should keep you protected. Edited by jawz101 - 27 May 2008 at 7:17pm |
|
|
MCDST, MCP, MS MSIS, CTANS Graduate Certificate Information Assurance, Infragard
|
|
|
|
|
jawz101
Senior Member
Joined: 24 August 2005 Location: United States Online Status: Offline Posts: 470 |
Post Options
Quote Reply
Posted: 27 May 2008 at 7:00pm |
|
you're probably out of luck From WinPooch documentation:
Start from version 0.6 branch, Winpooch uses "kernel-mode API hooking" technique to watches Windows kernel activities so as to detect dangerous operations. The kernel part of Winpooch is implemented as a Windows Device Driver.
XPsp3 & Vista (64 bit has this turned on by default) implement a lot more kernel protection than before. Symantec hates it and constantly tries to complain & show how much they know by writing white papers and such on why kernel mode protection is ruining the security industry's business:
The PatchGuard functionality restricts any software that may be attempting to make extensions to the Vista kernel (even those attempting to do so for legitimate reasons). This includes techniques that are commonplace today such as system service dispatch table (SSDT) hooking and interrupt dispatch table (IDT) hooking to name a few...
While this is a noble effort, these new security technologies have a serious side effect. This side effect is that nobody, with the exception of Microsoft, can make changes to certain components of the Windows kernel. The PatchGuard functionality restricts any software that may be attempting to make extensions to the Vista kernel (even those attempting to do so for legitimate reasons). This includes techniques that are commonplace today such as system service dispatch table (SSDT) hooking and interrupt dispatch table (IDT) hooking to name a few. Another disturbing side effect of this technology is that while legitimate security vendors can no longer make extensions to the Vista kernel (any attempt to circumvent these security features may only work temporarily), researchers and attackers can, and have, already found ways to disable and work around PatchGuard. These new technologies, along with Microsoft’s unwillingness to make compromises in this area have serious implications for the security industry as a whole. If Microsoft wants to make Vista more secure, it should provide equal access to the platform that its own developers have to ensure that security vendors can continue to innovate on the platform, and to ensure that consumers and OEMs can continue to choose the best security solutions for the platform. This has always been the case with prior operating systems. If security vendors don’t have access to the platform kernel, it cuts down on our ability to innovate and create compatible solutions. As a result, customers around the world will lose their ability to choose what security solutions they would like to run on their operating systems, and be forced to use only those solutions offered or allowed by Microsoft. A lack of choice for customers prevents them from having the widest variety of options for security solutions to quickly address a constantly evolving landscape of security threats. In the end, a less secure Internet will result and both consumers and enterprises will find themselves more vulnerable to cyber attack. I could be way off base but I'm fairly certain the xpsp3 & vista security enhancements around the kernel are why the kernel-mode api hooking that winpooch implements isn't going to work for you.
I'm sure Symantec will continue to try to find a way around the kernel protection & eventually publish a 'proof of concept' attack (if they already haven't) so they can justify their products again.
WinPooch is a nice, free alternative for earlier OS's but the idea behind Vista's new security (I'm guessing) is that UAC, Windows Defender & the Windows Firewall will tell you when something bad is happening & most other advanced security solutions are unneccessary as you have to prove that your software is legit for it to install at that level. I'm sure symantec could get approval but I don't know if Microsoft cares to let them in as they are promoting the confidence in their own security enhancements.
You might be able to run
Bcdedit.exe /set nointegritychecks ON
from the command prompt to try to get it to install but I don't know if I'd want to. Feels like it would be a step back in security to get WinPooch compatible with an OS that is set up to protect. Edited by jawz101 - 27 May 2008 at 7:11pm |
|
|
MCDST, MCP, MS MSIS, CTANS Graduate Certificate Information Assurance, Infragard
|
|
|
|
|
Post Reply
|
Page 12> |
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
