Norton Antibot

To be truthful, I never heard of PRSC until CogitoErgoSum began mentioning it on these NAB threads. Since I have began using Symantec products earlier this year (a year ago I was bashing Norton, lol) with NIS I decided to supplement it with NAB. I didn't know about the NAB/PRSC connection until last week.

 

Guys (and solcroft also in case you got the wrong impression) I wasn't saying Antibot was useless at all. Merely making the point that any product with the Norton/Symantec name on it would sell regardless of it's merits, just due to the name alone. I personally like it...

 

Hi guys,

Some PC magazine gave PRSC the highest score in a behaviroal blocker test, with the comment that it took away some windows files. It also had a better cleaning rate than CyberHawk in that test.

Funny how this information influences you. I already had CyberHawk free, so I decided to buy the Pro version. On our old gamer PC we had GesWall and CyberHawk Pro. On my wife's machine I installed DefenseWall plus A2 with IDS.
I really liked PRSC/Norton Antibot, but the thing about removing windows files kept nagging, so I decided for A2's IDS. A2's IDS is really the quitest of them all (not meaning it does do anything, but you have to test it with Intelligent False Positive off.

I know one thing fro sure, I am not going to pay for antother year of A2 when I can get ThreatFire free. Besides A2 I need WinPooch to cover some XP autostart registry protection, with ThreatFire I can add these rules. A2's IDS protection is set up with a user running in UAC under Vista, so it lets some back doors pass (setting autostarts).

Regards

 

Real funny, still 388 on my Vista 64.

 

Wow,

AntiBot is Vista64 bit compatible!

 

The majority of users that dont visit this site and only know about symentec at least in my area. I bet they make plenty of sales with nab and TF only is free cause its beta, not a fair comparison m8.

 

PCMAGs revieuw is outdated and those fps were fixed pronto by sana, symantec at that time had not even released nab yet if im not ,istaking, anyway nab didnt have anythingh to do with that.

However from past experiences a2 was unresponsive at all fps i send in and im sure im not the only one.

 

On our heavy gamer I will try PRSC for vista64. My experience with A2 is good. I never encountered a false positive with Intelligent FP reduction on.

I feel a bit stupid having three behavior blockers on three different machines (A2 IDS, ThreatFire free, trailing PRSC), three sandoxes (DefenseWall, GeSWall Pro and beta of HauteSecure on vista64).

I like the protection scope of ThreatFire best and A2's IDS for absolute easy of use (no questions ever from user, due to the clear messages). Good thing of PRSC that it makes the decisions for you (ultimate form of ease of use, but with the highest risk in case of FP).

Regards

 

After tring both, for some reason I like PRSC better then AB.
Anyone who is interested in an app such as these two should try both. (15 day trial)
Both ran fine,dunno maybe it is the "Symantic" (Norton) name.

 

I tried something interesting here just now. I had Sygate, AntiVir and Norton Antibot installed and working together great. So I thought I'd remove Sygate and install Kerio 2.1.5 for a while. Strangely enough, Antibot said nothing about it. Shouldn't Antibot at least popup and complain that Kerio is installing a driver or something? Or perhaps Kerio doesn't? Antibot was totally silent while one firewall was removed completely and another one was installed. I thought that seemed a little weird...

 

I don't see what's so weird about it.

Keep in mind that programs like AntiBot were designed only to flag malware. Being smart enough to distinguish between malware and normal programs was part of the original design blueprints. If you prefer programs that throw pop ups regardless of whether it's benign or malicious activity, you should consider a standard, "dumb" HIPS instead.

 

Hello Kerodo,

Keep in mind that both Norton AntiBot and Primary Response SafeConnect are considered behavioral anti-malware applications and not HIPS. They will "not", as a rule, block or notify of new driver and service installations and block/prevent the execution of new programs. The heart-and-soul of both NAB/PRSC's detection abilities is their Active Malware Defense Technology(Active MDT). Please see the following link below for more information regarding Active MDT.

http://www.sanasecurity.com/why_sana/technology/activeMDT.php

Hope this helps.


Peace & Love,

CogitoErgoSum

 

Cognito, anyway, this software is a tipical blacklisting ("expert") HIPS wherever if they block malware out or not.

 

Ilya,

From the link describtion CogitoErgoSum posted it looks just like the Malware IDS of A2 (except for system activity), why do you qualify this as a blacklist (HIPS) like application.

Thanks

 

Alright thanks (to everyone).. perhaps my expectations were incorrect then. I figured that if I installed a driver and a service, AntiBot would say something. Obviously not, so it's either very intelligent or extremely forgiving... I will have to assume that it's intelligent.. And no, I hate the standard "dumb" HIPS that bothers you all day with popups, that's the main reason why I do prefer something like AntiBot or ThreatFire...

 

Because it identify malware by behavioral signatures (templates). There are four main types of HIPS: classical (based on anomaly detection), blacklisting (based on behavioral signatures), whitelisting (based on "known good" lists) and sandboxes (isolation of the threat-gates apps from the rest of the system). Thus, the software discussing is a blacklisting HIPS system.

 

Thx,

So how do you classify A2's IDS then. It first checks anomolies (identical to for instance EQSecure and NeoavaGuard Beta), then it checks the behavior pattern.

Regards K

 

As far as I've seen, AntiBot seems to use a threat ranking level for every action a process performs. Processes will only get flagged if their total threat level goes past a certain threshold. In my experience AntiBot is a more lenient program than ThreatFire and Micropoint, but due to the nature of how these programs operate, it's really hard to say if it's a good or bad thing.

 

It is a mixed technology.

 

I read all posts here and have question: if for me there isn't difference between prices what would you advise me ThreatFire free or Norton AntiBot?
I understand that the best way is to try both in trial period but I am interesting several questions:
1. Which one is lighter on system recources? (boot time, recource usage).
2. Which one is more effective catching malwares? (just your opinion).
3. Is there any tests where these two productes are compared?

 

Solcroft,

You often surprise me (being the demonstrated knowledge or the expliciteness of your statements ). Where did you find this info? When I am understanding this correct this would be more or less the same mechanisme NeoavaGuard uses, only in a more intelligent way. NG just ads up the points and decides to respond when a certain threatlevel is reached. From your description and the number of behavior patterns monitored in the PRSC Control Center, I deduct that PRSC uses a more granular (may be sequence specific) valuation of these anomolies. Please eleborate.

Regards Kees

 

Experience on how it behaves when executing malware. It also uses criteria that scale back the threat ranking of a process (i.e. process is signed as trusted, is properly installed, etc etc). Not much experience with NG, will not comment.

 

Can someone answer my questions please ?

 

Hi, there:

As far as ThreatFire and AntiBot are concerned, I would keep both them, One is freeware, the other paid-ware. I am using TF and PRSC, and no conflicts. But I must caution you that PRSC is the SOURCE of AB, and both have very different d/l-purchase method, you need to explore them before committing to AB. According some reviews, the paid version Of TF is just wasting your moooney; you could use PCTools antivirus free to fill that gap. Just my thoughts. Take care.

 

Thanks, but before tryng I am interesting which one is using less memory