http://www.torchsoft.com/en/md_information.html
Le programme en version "Trial" est défini comme pleinement fonctionnel et la version payante apporte :
"Free updates in the lifetime of the product." (mises à jour gratuite)
"Free technical support by e-mail. " (support technique par courrier)
Une seule personne développe ce programme, et il assure un très bon suivi (commentaires d'utilisateurs)
http://www.tradevibes.com/company/profile/torchsoft
Pour l'instant il n'y a pas de version en Fr, mais peut etre que cela sera possible aux vues des autres programmes du site.
Le programme est défini comme :
"Malware Defender est un HIPS (Host Intrusion Prevention System) avec une faible utilisation des ressources et de temps de latence. Il est efficace pour protéger votre ordinateur contre toutes les formes de logiciels malveillants (virus, vers, chevaux de Troie, adware, spyware, keyloggers, rootkits, etc.)
Malware Defender est également un détecteur avancé de rootkit. Il offre de nombreux outils utiles qui peuvent être utilisés pour détecter et éliminer les logiciels malveillants déjà installés.
Que vous soyez un expert ou pas, Malware Defender est votre choix pour protéger votre système."
Tests d'un utilisateur (Pass = Ok) :
KillDisk-- pass
XP Killer -- Pass
System Shutdown Simulator- Pass
APT-- many terminations methods fail
SSDT unhooker Bifrost trojan -- Pass
File infectors -- Pass(? not so sure as I found some files infected, may be I allowed some actions)
Autorun trojans -- pass
AKLT- all keylogging Passed, screenshots failed
MUK keylogger- Pass
Phide.exe rootkit physical memory acess- pass
ADS file creation -- Pass
Static ARK functions:
Phide.exe hidden process detection- Pass
ADS files detection( Unreal) -- Pass
Delete Volume reg test- fail
LES FONCTIONS ET OUTILS :
Realtime protection system
* Monitors process, file and registry activity for suspicious behavior.
* Detects all forms of malware, whether known or unknown.
* Supports learning mode and silent mode.
* High performance and low resource usage.
Process manager screen shot
http://www.torchsoft.com/images/md_screenshot4.jpg
* Detects hidden processes and threads.
* Detects unsigned processes and modules.
* Kills processes and threads using advanced method.
* Suspends/resumes processes and threads.
* Unloads modules of processes.
* Closes handles of processes.
Kernel module manager screen shot
http://www.torchsoft.com/images/md_screenshot5.jpg
* Detects hidden kernel modules and kernel threads.
* Detects unsigned kernel modules.
* Kills, suspends and resumes kernel threads.
* Kills kernel DPC (Deferred Procedure Call) timers.
Hooks detector screen shot
http://www.torchsoft.com/images/md_screenshot6.jpg
* Detects and removes system service table hooks (SSDT hooks).
* Detects and removes Win32k service table hooks (shadow SSDT hooks).
* Detects and removes interrupt descriptor table hooks (IDT hooks).
* Detects and removes SYSENTER handler hook.
* Detects and removes kernel object hooks.
* Detects and removes kernel notify routines.
* Detects and removes kernel mode code hooks.
* Detects and removes user mode code hooks.
* Detects and removes global message hooks.
* Detects attached devices.
* Detects hooked driver dispatch routines (IRP hooks).
Autostart application manager screen shot
http://www.torchsoft.com/images/md_screenshot7.jpg
* Scans all known autostart locations.
* Detects hidden autostart entries.
* Detects newly added autostart entries.
* Undoes and redoes deletion of autostart entries.
File explorer screen shot
http://www.torchsoft.com/images/md_screenshot8.jpg
* Detects hidden files and folders.
* Shows and deletes NTFS Alternate Data Streams (ADS).
* Deletes in-use files.
Registry editor screen shot
http://www.torchsoft.com/images/md_screenshot9.jpg
* Full functional registry editor.
* Detects hidden registry entries.
Pages Ecrans :
http://www.torchsoft.com/en/md_screenshot.html
Une nouvelle beta est apparue hier :
A new beta has been released 1.1.0 beta 3
What's new:
Added support for adding child application rules, driver rules, hookmodulerules, file rules and registry rules to member of application group.
Added an option to allow running user specified applications if noexplicit"deny" rule is found.
Added a new choice of rule object to the Alert dialog.
Added support for sorting autostart applications.
Added a menu item to remove stale rules.
Added a Confirmations page to the Options dialog.
Added an option to disable showing the balloon tooltip when started.
Added support for remembering the sort settings for processes and kernelmodules.
Resolved the problem of being blocked on startup in Vista.
Fixed a bug in about dialog. The web link did not work.
Fixed a bug when executing applications without .exe extension. The program will ask user even a permit rule is created.
Fixed a bug when writing files in desktop folder. The program can not detect the action.