Are answering prompts in hips really that obvious?

LUSHER's whole point, I think, is trying to subtly imply that he knows you better than you do, and he's telling you that you DON'T know how to use a HIPS.

 

Oh my, has the Messiah arrived already?

Meanwhile, back at the topic (somewhat) -- I have no doubt that the wave of the future for HIPS-type apps will be further down the road of: (a) greater use of *white information pools* & (b) use of increasingly powerful artificial intelligence (behavior analysis et alia). Prevx & Threatfire are the forerunners - IMO.

Until AI takes over, it's EZ (and educational) to use the likes of SSM, ProSec, & EQSec. Proust!

 

Prevx has many of the "Ideas" in place but I think it will also include some type of controlled virtual environment a la sandboxie & darn better AI!

 

From what I understand, and I could be wrong. Is that Prevx holds unknown process in a "Virtual Sandbox" until its OK'd by the community now and if not OK'd its sent off to Jail. The Prevx guys are pretty secretive, and for good reason, about all the tricks it has up its sleeve. I am thinking about the time it gets to version 3.0 that it will be the "Easy Button" of computer security.

 

Notepad is a grrreat "Easy Button." Not so effective at security, however.

What is needed is "Easy AND Effective Button" -- I agree that Prevx is well along that path, but Threatfire might be even further along (with respect to AI, at least).

 

That one is simple! How could you say that is hard? If a user doesn't know what mshtml.dll is then they shouldn't use an HIPS. That popup is extremely messy though as it has all sorts of extraneous material in it. Give me ProcessGuard any day....god...I dread when I have to stop using it and get one of the others.

 

SSM pioneered? That is s**t! DiamondCS pioneered with ProcessGuard which is still the BEST of the HIPS. Most of them are terrible especially the ones that want you join some stupid community checking thingy...I hate stuff like that! It is very privacy invading and of little use to anyone except a newbie who shouldn't using HIPS anyway. The greatest use of HIPS is to control your applications. I hate software firewalls. I use PG partly to control applications especially IE. It cannot start unless I allow it each time.

 

Missing the point totally as usual.

So basically your rule is "anything the hips alerts on can be dangerous"....? Why then does the hips borther to differentiate? Which is more dangerous? a hook or a bho? can't both spy on you? Would it really make any difference if the HIPS instead replaced each prompt with "the hips detected something that may be dangerous..." , seems to me it wouldn't make any difference to you right? Do you really need to be told it does hooks creates a bho, low level disk access or whatever?

It's not technical knowledge here i'm addressing rasheed.....

 

Well i think that is kinder style than yours solcroft...

 

To get back on topic...

I think the prompts built into these applications are either catering to the lowest dominator or the highest... Perhaps an "In Between" category of semi literate prompts might work.

To be fair due to the complexity of events taking place and the dynamic nature of software it is practically impossible to document each and every functions within a program for each executables or calls. The developers themselves sometimes have no idea what the heck is going on as they use off the shelf compilers and are as such dependent on it's automated rendered executable creations (Often undocumented and usually not certified) . Un handled exceptions often have to be documented by the programmers themselves after a long and nasty debugging session for example...

The problem lies in how clear the information available is on every executable published... I think this is where the greatest work still remains (Some type of executable registrar that all developers of security tools can feed from when building their process documentation database) These are the weak elements in all such products...

No one can expect the consumers to know everything... But the consumers should expect the developers to provide adequate explanation for each and every prompts...

I cant believe it when I read peeps in here slamming the users themselves... makes no sense... The developer is responsible to document and explain or walk through every aspect of the product they release for public consumptions not the other way around! regardless of the complexity it engenders... Or of the skill level of the average joe who is using the products...

 

I downloaded an old version of Process Guard Ver 3.150 and don't worry it was from Download.com and of course it was the crippled trial version but thats cool cause I just wanted to take a look at it. I installed on my VM and took it for a spin to some dark spots to try it out. I found it's pop ups pretty easy to understand and I am no techie by a long shot. No baddies got installed, of course my Returnil cleaned anything when I rebooted but I ran a bunch of scanners before I rebooted and all was clean. Kind of wish I hadda been around when it was still around I probably would have bought the full version.

 

Huh?

Was not mention DiamondCS's PG as forerunner for full HIPS apps?

Don't take it so hard, the field is lite enough as it is and who knows how long any the top runners will stay in it untill they decided to transfer their source FOR SALE to the big AV's.

After all is said and done, it still boils down to CURRENCY for nearly anything marketable.

HIPS does a LOT MORE than only "control your applications", it also CONTROLS "malware attacks", which is the whole point of them in the first place and why they become so useful as well as replaced AV's entirely for those who know what their doing.

 

I know that and for a long time I ran no AV. But what I like best about HIPS is that I don't need a software firewall (I hate those) in order to control applications. That is all I meant.

 

I love the way HIPS are evolving in a good directions compared to AV's which are still primarily list based filters trying to automate everything. Personally HIPS give me that feeling of being in control.

Outside of HIPS I have to go to a half dozen sites looking to each frigging executables, doing Google searches all for the privilege of knowing what the hell is running inside the task manager. Then to manually write a script to block or permit the darn things. HIPS provide interactive controls over these yes but mostly they try and provide relevant data about them which certainly gives geeks like me the kicks I need to carry me through a work day without having to investigate everything manually... These types of technologies took waaaay to long to come to market...

 

Did you read the penultimate sentence in my post?

 

I'll admit...I had to Google mshtml.dll but at least I know what it is now. In fact I still have to Google quite a few things that pop up with a HIPs but the way I look at it is a learning experience.

 

There is nothing wrong with that In fact, that is part of the HIPS learning process. I still look up dlls and other unrecognizable processes from time to time.

 

LMAO

Yes I admit, I am missing the point, but I wonder if you have made one in the first place. Can someone perhaps explain what LUSHER is after? I think we can all agree that HIPS is not the wholy grail, a HIPS can´t tell you if some app is malicious or not, you have to have some knowledge to be able to make a good decision. It seems like LUSHER is trying to convince people that they don´t actually have this knowledge, LOL.

Yes all the stuff that (most) HIPS are monitoring can be used by malware, but some things are of course more dangerous than others. But to be honest I don´t really pay attention to whether my HIPS classifies alerts as "high risk" or "low risk".

Yes it does make a difference, especially for someone who wants complete control, and wants to make decisions themselves, why do you think I don´t like tools like ThreatFire and Mamutu? The alerts often give way too general info, while I want to know exactly what´s going on.