I was just thinking that it would be nice to have a complete list of behaviour blockers out there - antimalware's whose primary source of detection is through behavioural analysis :

Prevx 3
Threatfire
Safe-n-Sec (I think it still exists)
Vipre (I think this is mostly a behavioural analysis program?)


What was the French AV that was basically a behaviour blocker?

Any others you know of?

Mamutu:)

DefenceWall
Malware Defender
PE Guard
Spyware Terminator

-{ Quote: "...behaviour blockers out there - antimalware's whose primary source of detection is through behavioural analysis" }-
All HIPS use some degree of behavioral analysis. Classic HIPS cover a very broad spectrum of behaviors. They offer a very high number of configuration options, & can be very complex to configure optimally. Classic HIPS generally function by alerting the user to each & every suspicious behavior, then leaving it up to the user to allow or deny that behavior.

Behavior Blockers (BB) usually cover a narrower spectrum of behaviors & are less configurable than Classic HIPS. Therefore, configuring a BB is much easier to "get right" than is the case with Classic HIPS.

When a BB encounters suspicious behavior, it may in SOME cases ask the user for a decision but, more often, the BB will make the "decision" on its own and quarantine the offending process without first consulting the user. A BB exercises a bit of decision-making ability to do this -- much more than a classic HIPS does. Therefore, compared with a Classic HIPS, a BB is generally easier to understand (and thus use appropriately), and it doesn't generate as many pop-ups.

-{ Quote: "I was just thinking that it would be nice to have a complete list of behaviour blockers out there - antimalware's whose primary source of detection is through behavioural analysis :

Prevx 3
Threatfire
Safe-n-Sec (I think it still exists)
Vipre (I think this is mostly a behavioural analysis program?)

...Any others you know of?" }-
Saf'n'Secure is a classical HIPS -- much broader spectrum coverage than a BB.

Threatfire & Mamutu are the only "pure" BBs that I know of at the moment.

Prevx is not a "pure BB" because it has several other capabilities over & above its BB capability.

Kaspersky (KIS) has a BB component, as do Avira and Twister.

-{ Quote: "What was the French AV that was basically a behavior blocker?" }- Perhaps you have reference to Viguard? Try HERE (http://assiste.com.free.fr/p/logitheque/viguard.html) if you read French. You can actually still download Viguard from HERE (http://www.brothersoft.com/viguard-62190.html) (maybe). They called Viguard "Intrusion Protection" in those days of yore.

Hi Bellgamin
-{ Quote: "I was just thinking that it would be nice to have a complete list of behaviour blockers out there - antimalware's whose primary source of detection is through behavioural analysis :" }-

Behaviour Blockers are a little vague in definition - so I clarified what I was after. From the definition I wrote, Prevx fit's in just fine.

SG09, Defensewall is problematic - it's mainly a sandbox with blocking capabilities, but has some issues - sandboxes interfere with software requiring drivers, and defensewall doesn't tell you if software is good or bad. Of course it's fine if you wish to put up with those restrictions, but it's not the sort of software I mean :)

I realise that AV's are moving more and more to incorporating behavioural analysis engines (rather than just code analysis) and personally I think AV's need to be completely rewritten to do behavioural analysis first, and code analysis/signature detection second. But I'm also interested in pure behavioural analysis engines.

Thanks for the responses. Others responses are welcome too.

pure BB：threatfire, AVG identity prevtion.,mamutu.

-{ Quote: "
...........has a BB component, as do Avira.......
" }-


The non working component proActive module;)

-{ Quote: "The non working component proActive module;)" }-
Yes a BB in name only right now :P

Norton's biggest asset these days is SONAR.

And Panda has some of their BB in the cloud via the TruPrevent Technologies.
But I also think Panda has some local BB inside the client software as well.

-{ Quote: "Defensewall is problematic - it's mainly a sandbox with blocking capabilities" }-DW is a Policy-Based HIPS. It treats threatgates as untrusted. It sets policies so as to isolate untrusted apps from doing damage to trusted areas. The isolation of untrusted is somewhat analogous to a sandbox but that is not the defining aspect of DW.

P.S. EVERYONE needs HIPS. Otherwise, your pants will fall down.

-{ Quote: "DW is a Policy-Based HIPS. It treats threatgates as untrusted. It sets policies so as to isolate untrusted apps from doing damage to trusted areas. The isolation of untrusted is somewhat analogous to a sandbox but that is not the defining aspect of DW.

P.S. EVERYONE needs HIPS. Otherwise, your pants will fall down." }-

i just find software that go by a policy and classical HIPS to be too much of a nuisance to be worth the reward (or lack there of). im perfectly capable of keeping my system safe even as a relatively risky surfer through my own measures without having to constantly trust something or answer 3 billion popups, even as good as a whitelist gets, thers always gunna be new software, or in my case its especially problematic when im installing new drivers (such as my graphics drivers) when im getting bombarded with popups.

its honestly for ME, not worth it to run either a classical HIPS or policy based one, a sandbox like sandboxie is fine cuz i can run it for the programs i want, when i want as is a behavior blocker that limits its alerts to a reasonable amount and provides plenty enough for what i require.

of course, different people have different needs and somebody with diff habits may require other products, but i just dont feel those types of products are useful, im using my computer for things other than constantly allowing new things. and then when u need to troubleshoot why a program isnt working its almost always because of one of those types of programs blocking it then working around it creates even more hassel.

Hello Bellgamin,

does Tinywatcher run on 7 64bit?

brgds
mack

-{ Quote: "i just find software that go by a policy and classical HIPS to be too much of a nuisance to be worth the reward" }-Defense Wall is 99.999% install-it-&-forget-it. You need not do anything to DW's default settings & you still will have PDG protection.

Pop-ups are rare. VERY rare.
~~~~~~~~~~~~~~~~~~~~~~

-{ Quote: "does Tinywatcher run on 7 64bit?" }-
Hola Mack,
I runneth not Win7 with 64-bit or any-other-bit.

2-bits 4-bits 6-bits a dollar
All XP fans stand up & holler!!!
;D 8) :thumb:

Ergo I cannot answer your question. Why not give it a try? (You do use imaging software, right?)

-{ Quote: "Defense Wall is 99.999% install-it-&-forget-it. You need not do anything to DW's default settings & you still will have PDG protection.

Pop-ups are rare. VERY rare.
" }-

i know that defensewall has few popups, its the automatic untrusted status that it gives anything that isnt whitelisted that creates the pain for me, its one extra step in anything im trying to do that i really dont need.

-{ Quote: "

Hola Mack,
I runneth not Win7 with 64-bit or any-other-bit.

2-bits 4-bits 6-bits a dollar
All XP fans stand up & holler!!!
;D 8) :thumb:

Ergo I cannot answer your question. Why not give it a try? (You do use imaging software, right?)" }-

I see Bellgamin,

might try it then. On the imaging I assume you refer to Tinyw only being able to indicate changes but not prevent, as indicated on Tinyw website..

I don't but take backups. And re-install in worst case (90mins approx, including install of most programs and). Haven't investigated imaging software...

brgds
mack

-{ Quote: "On the imaging I assume you refer to Tinyw only being able to indicate changes but not prevent, as indicated on Tinyw website." }-
You are correct.

Additionally, it is usually prudent to make an image BEFORE trialing software (the best uninstaller is a restored pre-install image).

-{ Quote: "does Tinywatcher run on 7 64bit?
" }-

http://www.wilderssecurity.com/showpost.php?p=1673948&postcount=83
http://www.wilderssecurity.com/showpost.php?p=1673983&postcount=85

AVG Identity Protection

-{ Quote: "I was just thinking that it would be nice to have a complete list of behaviour blockers out there - antimalware's whose primary source of detection is through behavioural analysis :" }-

-{ Quote: "SG09, Defensewall is problematic - it's mainly a sandbox with blocking capabilities, but has some issues - sandboxes interfere with software requiring drivers, and defensewall doesn't tell you if software is good or bad. Of course it's fine if you wish to put up with those restrictions, but it's not the sort of software I mean " }-

-{ Quote: "
-{ Quote: "Defensewall is problematic - it's mainly a sandbox with blocking capabilities" }-
DW is a Policy-Based HIPS. It treats threatgates as untrusted. It sets policies so as to isolate untrusted apps from doing damage to trusted areas. The isolation of untrusted is somewhat analogous to a sandbox but that is not the defining aspect of DW." }-

Bellgamin, these are quotes from Defensewall's website

"DefenseWall wins when your anti-virus fails. Isolate good from evil!

DefenseWall Personal Firewall - the world's first sandboxing-style personal firewall solution

DefenseWall HIPS (Host-based Intrusion Prevention System) is based on a sandboxing approach that uses rights restrictions and partial virtualization

Also, if you had taken my post in context, you would see that your reply misses the mark of the intention of post you replied to. The type of software I was interested in was antimalware's whose primary source of detection is through behavioural analysis : , hence Defensewall is problematic to this definition

-{ Quote: "Also, if you had taken my post in context, you would see that your reply misses the mark of the intention of post you replied to." }-
Okay Vik, you are right. I misconstrued your purpose.

Also, I was talking about DW's HIPS component, not its FW. I always made it a point to remove DW's FW whenever I tested the recent betas, so I have zero experience with the FW.

panda cloud has behavior analysis TruPrevent

Yeah, but I find Panda Cloud a bit bloated. The GUI is non-responsive and slow.

-{ Quote: "i know that defensewall has few popups, its the automatic untrusted status that it gives anything that isnt whitelisted that creates the pain for me, its one extra step in anything im trying to do that i really dont need." }-

I can image when right click run as admin is to much for you (=> turn off UAC), same applies for DefenseWall, right click run as trusted (is problably also to much trouble also, allthough DW does not asks for consent when you have no password protected DW setup ;D )

-{ Quote: "I can image when right click run as admin is to much for you (=> turn off UAC), same applies for DefenseWall, right click run as trusted (is problably also to much trouble also, allthough DW does not asks for consent when you have no password protected DW setup ;D )" }-

yep ;D its all the little inconveniences that bother me more than the big ones, i hate small repetitive tasks that i wuld need to do often. thats why my UAC is and always has been Off L=;D