Appdefend

From CastleCopsWiki

Product: AppDefend

Company: Ghost Security

Website: http://www.ghostsecurity.com/index.php?page=appdefend

Support forum: http://www.wilderssecurity.com/forumdisplay.php?f=78

First released: 2005

Feature list: Main features include execution control, process modification and termination control, service/driver installation control. Full Feature list compared to other products

Various reviews and tests:

Contents 1 Quick review 2 Strengths 3 Weaknesses 4 Conclusion

[edit] Quick review

The author of AppDefend , Jason was a former developer of DiamondCS's ProcessGuard and he later started Ghost Security. His first product was RegDefend, a powerful customizable registry control security program. It was looked upon by many as the perfect companion for ProcessGuard because the later lacked registry protection. Jason however followed up with AppDefend, which was a direct competitor of ProcessGuard sharing almost 90% of the same features.

Together RegDefend and AppDefend form the Ghost Security Suite.

[edit] Strengths

As you would expect, given its origins, AppDefend is very similar to ProcessGuard in terms of features. There are differences though.

• Appdefend protects all processes by default, instead of adding indidivual ones to protect as in ProcessGuard, you can turn off features seperately for all processes, e.g like turning off network control by setting it to default Allow (Allow without query). The other options are Block (Block without query), Ask user/allow (Query user but if no response within set time will allow), Ask user/block (Query user but if no response within set time will block) and default (Query user)
• Each seperate process will have its own rules that can over-ride the general rule above.
• Limited child-parent control. You can set which processes are allowed to create other processes (same options- allow,block, Ask user/allow, Ask user/block, default) You are not allowed however to set specific permissions. E.g Explorer.exe can start firefox.exe only.
• Takes into account command line parimeters when creating rules
• AppDefend alerts on every protection item. No more messed up installations because PG blocked something rather than asking
• SHA256 instead of MD5
• There is limited network control on which processes are allowed to create network connections (no control over destination ports, protocol or IP)
• No password protection (see later)
• No handling of Windows Messages
• No learning mode

[edit] Weaknesses

• Keylogger/hook protection seems to be currently weaker than PG? As stated by Jason "Keylogging isn't implemented yet, apart from in the GUI and RULES. I am still working on that particular protection along with the others I have mentioned." http://www.wilderssecurity.com/showthread.php?p=611004
• Process termination protection is weaker than ProcessGuard does not currently cover endtask or Window messages. http://www.wilderssecurity.com/showthread.php?p=611004
• There is no way to lock or password protection AppDefend, hence it can be easily shut down using simulated mouse clicks. [1]
• Requires Regdefend for registry protection

[edit] Conclusion

AppDefend can be said to be basically a ProcessGuard Plus. You get roughly the same features, a slightly better interface and some features that are slightly better.