Anti-Malware.ru have tested the HIPS modules of a few popular AVs and Firewalls against "Ring 0" Malware.

Link to the test (Google translation)
http://translate.google.com/translate?u=http%3A%2F%2Fwww.anti-malware.ru%2Fhips_test_ring0&sl=ru&tl=en&hl=en&ie=UTF-8

Agnitum Outpost Security Suite 6.5.3 (2518.381.0686)
Comodo Internet Security 3.8.65951.477
Jetico Personal Firewall 2.0.2.8.2327
Kaspersky Internet Security 8.0.0.506
Online Armor Personal Firewall Premium 3.0.0.190
PC Tools Firewall Plus 5.0.0.38

208600

BTW this test is about three weeks old, but I couldn't find anything about it here.

Cheers

Excellent performance by comodo and OA, if they had tried the latest beta of comodo, i dont think there would have been many alerts. Kaspersky, also did very well, quite strange, i thought their HIPS was weak.

-{ Quote: "Excellent performance by comodo and OA, if they had tried the latest beta of comodo, i dont think there would have been many alerts. Kaspersky, also did very well, quite strange, i thought their HIPS was weak." }-

It doesn't look like they used the latest versions of the various firewalls, so am curious where they got the versions they used...

Regards -
-Bob

Results seem reasonable though I did not expect CFP to be the top while OA was expected.

thats interesting. Take a look at this,
Comparison of the effectiveness of antivirus protection from the newest malicious programs
http://66.249.89.132/translate_c?hl=en&ie=UTF-8&sl=ru&tl=en&u=http://www.anti-malware.ru/node/885&usg=ALkJrhjP6gFAJXXVXOVbG8H-IH0nIbKqOg

defense wall comes top, Wish they would test sandboxie and geswall.

Is OA's HIPS really that good? Comodo's performance was expected, not many things can breach it, but is OA HIPS just like D+?

-{ Quote: "thats interesting. Take a look at this,
Comparison of the effectiveness of antivirus protection from the newest malicious programs
http://66.249.89.132/translate_c?hl=en&ie=UTF-8&sl=ru&tl=en&u=http://www.anti-malware.ru/node/885&usg=ALkJrhjP6gFAJXXVXOVbG8H-IH0nIbKqOg

defense wall comes top, Wish they would test sandboxie and geswall." }-

How can Gdata perform below Bitdefender, when it uses its engine?

Yes I do believe OA's HIPS is that good, it does seem to pass quite a few tests.

-{ Quote: "thats interesting. Take a look at this,
Comparison of the effectiveness of antivirus protection from the newest malicious programs
http://66.249.89.132/translate_c?hl=en&ie=UTF-8&sl=ru&tl=en&u=http://www.anti-malware.ru/node/885&usg=ALkJrhjP6gFAJXXVXOVbG8H-IH0nIbKqOg

defense wall comes top, Wish they would test sandboxie and geswall." }-
Already posted here:
http://www.wilderssecurity.com/showthread.php?t=230113
Why hijack this thread?

-{ Quote: "Is OA's HIPS really that good? Comodo's performance was expected, not many things can breach it, but is OA HIPS just like D+?" }-

OA was a HIPS before we added the firewall. Our firewall is only a year or so old.

-{ Quote: "Is OA's HIPS really that good? Comodo's performance was expected, not many things can breach it, but is OA HIPS just like D+?" }-
Sure. It has less granular control but still has strong protection.

-{ Quote: "Sure. It has less granular control but still has strong protection." }-

Have you played with it in Advanced Mode aigle?

-{ Quote: "Have you played with it in Advanced Mode aigle?" }-
Hmmm.... really I am not sure as i have not installed it for quite long. I will load it again just to see. Advanced mode is there in free version as well I think?

BTW I mean to say that OA lacks full file protection and registry protection like other HIPS ( CFP, MD, etc). Am I wrong?

Practically speaking I don,t think that it,s a big weakness. Infact basic mode is more than enough n easyt to use with less pop ups. It,s just a matter choic, more pop ups v less pop ups.

-{ Quote: "To be honest, testing DefenseWall with mostly other black-listing components is not a fair test at all. I guess it does make the point that DefenseWall is a HIPS product rather than a black-listing product. My bet is that a classical HIPS would do just as well if the user knew what to block. Also it goes to say that Sandboxie would do at least just as well." }-
Tottally agree.

I am referring to advanced mode of HIPS, not the FW.

There is a comment at the Anti-Malware.ru site, which says that they had to exclude F-Secure and Norton from this test because their built-in HIPS does not work separately from the anti-virus module.

That seems to be comprehensible for F-Secure and Deepguard.

But why NIS?
You can exclude a file or folder from Autoprotect, but Sonar and Advanced Events Monitoring is still active. ???

Cheers

-{ Quote: "How can Gdata perform below Bitdefender, when it uses its engine?" }-
That's a very interesting question,I thought it used the most up to date engines,but that would tend to say different.

-{ Quote: "Hmmm.... really I am not sure as i have not installed it for quite long. I will load it again just to see. Advanced mode is there in free version as well I think?

BTW I mean to say that OA lacks full file protection and registry protection like other HIPS ( CFP, MD, etc). Am I wrong?

Practically speaking I don,t think that it,s a big weakness. Infact basic mode is more than enough n easyt to use with less pop ups. It,s just a matter choic, more pop ups v less pop ups." }-

Yes, we dont have these things directly surfaced for users to tweak and adjust, though of course we do have some specific monitoring of registry inside the app.

-{ Quote: "Hmmm.... really I am not sure as i have not installed it for quite long. I will load it again just to see. Advanced mode is there in free version as well I think?" }-

No, not in free

-{ Quote: "
BTW I mean to say that OA lacks full file protection and registry protection like other HIPS ( CFP, MD, etc). Am I wrong?
" }-

Depends how you define FULL,

Full as in a pop-up will be thrown when a process wants to overwrites a driver, full as in a pop-up will be shown when an autostart entry of the registry is changed, then YES.

Full as in user cofigurable regsitry keys, files/folder protection than NO

Regards Kees

Would have been nice if they had tested ZoneAlarm too. Just to see if the grand old man of personal firewalls is still able to keep up with the new kids on the block.

-{ Quote: "Would have been nice if they had tested ZoneAlarm too." }-
The guy who carried out this test works for Check Point, so he decided to exclude ZA from the test.

Cheers

-{ Quote: "The guy who carried out this test works for Check Point, so he decided to exclude ZA from the test.

Cheers" }-
I hope he did that to prevent a clash of interests. So if the tester works for Check Point, then he would have atleast pointed the results in the right direction. Thats reassuring.

-{ Quote: "Yes, we dont have these things directly surfaced for users to tweak and adjust, though of course we do have some specific monitoring of registry inside the app." }-

It would be interesting to show what computer areas OA (free or paid) proposes to control ...


for example what I don't like:
- impossibility to set registry keys to monitor
- impossibility to set general areas to monitor (enable/disable the control against some attack: direct access disk attack, install Hook ecc)
- popups are confusing and long too imho, when you finished to read all the description, tha appl is already crashed :-\
- firewall filtering is not granular, maybe in the paid version the situation is different (the same is for the hips module, you can only answer Allow/Block/Run Safer/Remember my answer, with no possibility to use predefined policies for known applications, that would allow to use each application rights, that otherwise are not simple to reach/modify...

This IMO...


but maybe these considerations are in conflict with Your line of thought:)

Regards

Interesting. :)
Way to go OA and Comodo. 8)