hi guys,

i want to include in my security a behavior based program like norton anti bot but i want a free program. what would you suggest. aside from threat fire because its not working well with my avg 8.0 professional.

many thanks

AFAIK, there is no other free solution. Just TF. Maybe I'm wrong.

EDIT: it looks like I was wrong:
http://wiki.castlecops.com/Lists_of_freeware_behavior_blockers
(but most of the apps showed are more HIPS than BB's)

{QUOTE-> ...but most of the apps showed are more HIPS than BB's <-QUOTE}True! The apps on the list linked by Hurst are definitely more akin to "classical HIPS" that to behavior blockers.

AFAIK, TF is the only "pure" & "smart" behavior blocker that is free.

NON-free behavior blocker ==> Primary Response SafeConnect (http://www.sanasecurity.com/products/sc/features.php) ($29.95).

{QUOTE-> True! The apps on the list linked by Hurst are definitely more akin to "classical HIPS" that to behavior blockers.

AFAIK, TF is the only "pure" & "smart" behavior blocker that is free.

NON-free behavior blocker ==> Primary Response SafeConnect (http://www.sanasecurity.com/products/sc/features.php) ($29.95). <-QUOTE}
The OP said he wanted a free program. But I'll agree with you, either Norton AntiBot or Primary Response SafeConnect.

Also NOT free there is Mamutu...

How about WinPatrol Freehttp://www.winpatrol.com

{QUOTE-> hi guys,

i want to include in my security a behavior based program like norton anti bot but i want a free program. what would you suggest. aside from threat fire because its not working well with my avg 8.0 professional.

many thanks <-QUOTE}

Hello hex_614,

Although, in beta, another one to consider is NovaShield.

http://www.novashield.com/


Peace & Gratitude,

CogitoErgoSum

You could try DSA and only using its outbound control (disable process control or set it to learn and auto accept for a long period). Although it is more or of a smart HIPS looking at usage patterns (like anomoly detection).

{QUOTE-> How about WinPatrol Freehttp://www.winpatrol.com <-QUOTE}

Winpatrol is a great security program, but I don't think it qualifies as a behavior blocker.

{QUOTE-> Hello hex_614,

Although, in beta, another one to consider is NovaShield.

http://www.novashield.com/


Peace & Gratitude,

CogitoErgoSum <-QUOTE}

It would be nice to know more about NovaShield. Have there been any reviews?

Could try A-squared Anti-Malware for free and legal here be quick

Choose beta in update and Mamutu/ engine will be loaded



http://www.wilderssecurity.com/showthread.php?t=215147&highlight=squared

{QUOTE-> Winpatrol is a great security program, but I don't think it qualifies as a behavior blocker. <-QUOTE}Yes Winpatrol is just an overall system monitor. It monitors critical places (startup, services, tasks etc) and alerts the user which has nth to do with behavior!

I find it very usefull, cause it is a nice easy approach to obtain my system!

{QUOTE-> Winpatrol is a great security program, but I don't think it qualifies as a behavior blocker. <-QUOTE}
I know its not a behavior of malicious warning like threatfire but Some consider it a light hips and it does monitor system changes that can warn a user of something unexpected by heuristic behavior So in a sense thats behavior and free as op is looking for.

Novashield looks interesting. Maybe I shall give it a trial later on. Hopefully, so will Kees, Easter, Pete, et alia.

However, Novashield's spiel (http://www.novashield.com/technology.aspx) sounds grossly overblown. Their statement: "reduces the window of exposure to zero infers 100% protection against zero-day threats. NOT bloody likely, wot!!! :dry: :dry: :thumbd:

{QUOTE-> Using its breakthrough technology of specification-based monitoring, the NovaShield approach reduces the window of exposure to zero thus providing true zero-day protection against new and emerging threats. <-QUOTE}

You have to register to get a trial copy. Moreover, on the registration/download page (http://www.novashield.com/product.aspx) there is a "free trial button" but it takes you right back to the registration/download page. Yikes, it's the incredible looping link gizmo -- very amateurish IMO. :isay:

Wow, tall order there and even with the collection that's available right now i consider their numbers very enemic.

I read many sour reports on TF on one side as where the other half seem to have outstanding results with it, so in my recommendations of these type apps i consider that one a bonified toss-up as it stands ATM.

I even went as far as digging up older versions of CYBERHAWK that really have impressed me in comparison to TF, it's lite, stable, but is somewhat limited in that it does at-once alert & terminate the source offending file (tested with dll injectors mostly with some other malware) with positive results. I don't need or expect an AV inside a Behavioral Blocker although a blacklist might be of some benefit, they are not foolproof and be evaded easily as an AV. That's where HIPS comes to the rescue.

I had my heart set on ProSecurity after numerous failures/issues only to finally hit paydirt with a really good Last :-\ version that's all but rode into the sunset now. I think Bellgamin can relate.

One thing i can suggest is EQSecure, and in head to head comparison despite published test results ProSec let me drop a malware into directory's whereas EQS stopped them and suspended them BEFORE they could enter. Now ProSec might have allowed the drop, but if it executed, ProSec knocked off it's socks.

Back to Behavioral Blockers, have you tried Mamutu yet? I see a limited field of these apps in circulation right now and users have given up for the most part and just gone with programs like DefenseWall/SandboxIE/Returnil etc. to shore up their security set up.

Went ahead and registered to get the NovaShield Trial just to find out it says can't install that I need XP Service Pack 2, but yet I have Service Pack 3 installed. Oh hey hex_614, try to get the free key for A-Squared like starfish_001 recommended, I think you have one more day to get it, pretty good deal.

dja2k

{QUOTE-> Went ahead and registered to get the NovaShield Trial just to find out it says can't install that I need XP Service Pack 2, but yet I have Service Pack 3 installed. Oh hey hex_614, try to get the free key for A-Squared like starfish_001 recommended, I think you have one more day to get it, pretty good deal.

dja2k <-QUOTE}

Well, if that doesn't beat all. First we have to suffer thru an extended delay due to Vista compatibility for these security folks and still they suffer from issues because of trying to meld 2 different operating systems to accept their programs together without losing precious time in the XP projects they were just beginning to get smoothd out, and now we have apps that require SP2 instead of SP3, which brings another problem along with it so far as compatibility is concerned.

It must be totally frustrating for security developers everywhere trying their best to keep up with these new invitations Microsoft keeps rolling out to users.

EASTER

GUYS THANKS A LOT FOR YOUR SUGGESTIONS, I BOUGHT NORTON ANTIBOT JUST RIGHT NOW. I THINK NO FREE PRODUCT CAN PROTECT ME LIKE NORTON ANTIBOT CAN. BY THE WAY THANKS TO ALL.

IM USING IT RIGHT NOW, DONT EXPERIENCE SLOWDOWN AND ITS JUST SIT DOWN IN THE TRAY. @_@

Hi,


what about Online Armor (paid) it offer behavior blockers too.
I have router with NAT but i really thinking about buying OA.
Before that i was testing Comodo Firewall Pro but this software used my CPU resources in ~100%.
I have run TF and testing DW 2.45 too.
I want run in future (if my test configuration pass all my requirements) together TF + DW + OA + Avira Premium in real time protection.
I wonder... is it not too much?


Regards,

{QUOTE-> Hi,


what about Online Armor (paid) it offer behavior blockers too.
I have router with NAT but i really thinking about buying OA.
Before that i was testing Comodo Firewall Pro but this software used my CPU resources in ~100%.
I have run TF and testing DW 2.45 too.
I want run in future (if my test configuration pass all my requirements) together TF + DW + OA + Avira Premium in real time protection.
I wonder... is it not too much?


Regards, <-QUOTE}


Creer

When you have configured your router FW properly, I would opt for either OA paid + Antivir Premium or DW paid with TF free or DW paid with Antivir Premium, that is sufficient. TF has some outbound protection, DW will have with release 2.50 and DW will also make sure most sure most leaktest will fail (due to HIPS, that is why OA and Comodo have HIPS features).

After every intrusion TF will check its Anti Virus data base, so it counts as an AV. I would not mind about the lower detection rate virus buster has (the blacklist data base TF uses) because TF will catch it anyway.

They are all great combo's.
Regards Kees

{QUOTE-> threat fire (..) not working well with my avg 8.0 professional. <-QUOTE}
Please tell us more! Which flavour of Windows are you using?

im a big fan of nortons antibot and also prevx, but prevx are taking the **** in releasing their version for vista, still currently beta.

DriveSentry have a free version, but personally... id just pay for it, as its a super low price....

{QUOTE-> When you have configured your router FW properly, I would opt for either OA paid + Antivir Premium or... <-QUOTE}Since the topic is "behavior based analysis product" please help me understand -- in what way is OnlineArmor a behavior blocker?

{QUOTE-> After every intrusion TF will check its Anti Virus data base, so it counts as an AV. <-QUOTE}You might should have mentioned the fact that PCTools AV is based on VirusBuster, which tests out as a low-ranked, second tier AV. It does not scan real-time, either. Therefore, I question the inference that TF's use of PCT AV is an adequate substitute for having a full-scope AV.

{QUOTE-> Creer

When you have configured your router FW properly, I would opt for either OA paid + Antivir Premium or DW paid with TF free or DW paid with Antivir Premium, that is sufficient. TF has some outbound protection, DW will have with release 2.50 and DW will also make sure most sure most leaktest will fail (due to HIPS, that is why OA and Comodo have HIPS features).

After every intrusion TF will check its Anti Virus data base, so it counts as an AV. I would not mind about the lower detection rate virus buster has (the blacklist data base TF uses) because TF will catch it anyway.

They are all great combo's.
Regards Kees <-QUOTE}

Hi Kees,


thanks for reply.
I don't want removed my AV Avira Premium so i will stay with this security.
I'm not sure if i understand... so if i'll decide to stay with OA (paid) then i can/should? removed DefenseWall HIPS - is DW offer the same security as OA (paid) plus SandboxIE?


{QUOTE-> Since the topic is "behavior based analysis product" please help me understand -- in what way is OnlineArmor a behavior blocker? <-QUOTE}
Online Armor has HIPS protection, smth like Comodo Firewall Pro.



Regards,

Comodo Firewall with Defense+

{QUOTE-> Online Armor has HIPS protection, smth like Comodo Firewall Pro. <-QUOTE}Comodo's firewall includes Defense+, a full-scope *classic HIPS*. OnlineArmor is also a classic HIPS. Neither Defense+ nor Online Armor is a "behavior blocker," per the rigorous definition of that term.

very very generally...

1- A classic HIPS is much more configurable than a behavior blocker. Thus, a classic HIPS requires the user to make MANY decisions on an action-by-action basis for EACH individual application. Because of its high level of configurability, a classic HIPS is a superb security tool for a user who has the diligence to configure it carefully and correctly.

2- A behavior blocker is much less configurable than a classic HIPS. Instead, a behavior blocker has the "AI (artificial intelligence)" to monitor, not only individual actions by any given application, but also to monitor a SERIES of actions by any given application. Through this & other methods, a behavior blocker can make some decisions on its own, & thus will not offer nearly so many pop-ups as a classic HIPS.

Which is better? If you have some security know-how, &/or you want to learn more about security, then classic HIPS is the answer. If you want a set-it-forget-it security, behavior blocker is probably closer to what you want.