HIPS to replace Comodo Defense+

Discussion in 'other anti-malware software' started by Wildest, Jun 26, 2009.

Thread Status:
Not open for further replies.
  1. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Just not completely developed possibly, and grammar-flaws here and there, but the reasons I think it's not crapware is (1) that I still always use an AM solution as at least one of my main-defenses - in this case Norton AV 2010 - so if it's rogue, crapware, whatever, it would be easily detected by now. Secondly, it really monitored and reported things that were happening on my system, proving its capability. Think there was a third, but I can't remember it right now. :D Dunno how you can suggest something like that really. :rolleyes: :D
     
  2. Wildest

    Wildest Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    304
    Dunno what other first impression you would expect me to have.
    One recommendation from you vs a big black ominous WOT warning.
    :rolleyes:
     
  3. tlu

    tlu Guest

    o_O If you'd bothered configuring and using Windows in a safe way you wouldn't need a HIPS at all. But this would make this and many other similar threads threads here completely unnecessary - how boring :D:D
     
  4. Wildest

    Wildest Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    304
    This is like saying if I bothered to tune-up my car personally I wouldn't need a mechanic.

    Windows security was flawed from the jump.
    I prefer the HIPS vendors laboring over its idiosyncracies to getting my hands too dirty. ;)
     
  5. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    I go by my own conclusions in the end - I dunno about you. My process of testing involves taking information from many different sources, then thinking that information through - what's good, what's bad - then create my own conclusion.
     
    Last edited: Aug 1, 2009
  6. tlu

    tlu Guest

    http://www.mechbgon.com/srp/

    Easy and fool-proof - and has to be applied just ONCE and forever.

    Can also be applied to XP Home and Vista Home * as described in various threads here. Search also here for Pretty Good Privacy.
     
  7. demonon

    demonon Guest

    Don't you mean Pretty Good Security?
     
  8. tlu

    tlu Guest

    Yes, of course - just a typo :) PGP is something different ...

    Here's the thread. It helps to easily implement SRP in the Windows Home versions.

    EDIT: While looking over some of my old threads here I found this posting of mine. I think I couldn't have said better today what I wrote in that post then. :D
     
    Last edited by a moderator: Aug 1, 2009
  9. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    Smart UAC, brought to you from the same company that brought you TrueSword. :thumbd:
     
  10. Wildest

    Wildest Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    304
    O ho!
    I see this TrueSword also has a bad reputation rating from WOT.

    Thanks; too much other software is available, for me to overlook this potentially incorrect rating.
     
  11. ronm

    ronm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    14
    Sorry to be butting in here again. Forget everything that I have written about my procedure. I might have a problem because I removed cmdHlp.sys, I know of an Outpost problem that I will have if I don't remove it, and I'm not familiar enough with CIS to know if I created the problem or if it's a problem that already exists. What I have decided to do was to uninstall Outpost and try out CIS. I won't be staying with it because their logs are useless to me, but I'll use it for the 30 days so that I can become familiar with all of the problems that CIS might have, and when the trial period ends, I'll take up my experimentation from there.

    This could be fun building a case against Comodo. After using it for a minute, I already see that the rules they want me to create are a joke, but I have to accept them and manually go change them. I love the Summary page (system status - you do not need to perform any actions at this time). Actually, I have a lot of work to do to fix the mess that they created for me right from the start. And what is truly remarkable about this firewall is that it can actually go to websites without connecting to the internet. There's nothing in the logs.

    This whole firewall industry is in a sad state of affairs. Everyone is destroying their programs and their reputations by trying to do everything.

    The problem that I have with Outpost & Defense+ is nothing major, and I'll be back to that setup if I don't think of anything new.

    One last thing. I am using Defense+, so I have no idea where Sercurity+ came from. I'm sure you guys can understand that between trying to do the impossible and dealing with Outpost 6.7 problems, I'm starting to lose it now.
     
  12. Wildest

    Wildest Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    304
    Friend, what you need to do is get a firm grasp on certain things before you make bold statements in a forum that veteran security experts frequently visit.

    My regards.
     
  13. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    im not really sure what your trying to get at there but its not working, if youve got problems try the support, if you dont like a program dont use it. end of.
     
  14. done75

    done75 Registered Member

    Joined:
    Jan 13, 2008
    Posts:
    17
    Why change the best product? ;)
     
  15. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    because he doesnt like the questionable tactics he has found they use.
     
  16. Wildest

    Wildest Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    304
    Yes, and I am somewhat annoyed that after over a month, making over a hundred posts, the issue as outlined by the thread title is still unresolved for me; I am determined though.
     
  17. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    what did you find worked for the hips replacement? personally i think hips arent needed with something like geswall but some people like to feel the engine running and be asked about all of the stuff happening but thats up to you..
     
  18. ronm

    ronm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    14
    I want to say that I appreciate all of the comments that have been directed towards me. I understand what you are telling me and why, and I realize that I might have said things that are not totally true.

    I'm finding very interesting results in my Defense+ testing - interesting to me anyway but you probably don't want to hear it because you people are way beyond me with your HIPS program searching and I'm just looking for a starting point. One thing I'll say, which may sound a little weird, is that Defense+ can pass the CLT test because Defense+ is so unsafe to rely on as your only HIPS program, and for my purposes, I think Defense+ works better without the cmdHlp file and registry entry.

    I don't really understand what you people are looking for. Are you looking for a program that will pass all HIPS testing programs without any decision making from the user? With a little work, you may have already found the program that you are looking for.

    Since people here don't trust the CLT program, I was wondering how you will know when you have found the right program. I did a search for HIPS testing programs. The first one I find is System Shutdown Simulator. It fails the HIPS test. I see why (a run key in a not so obvious place). I create the rule to protect the key and the test passes. But why stop there. To anticipate future test failures, I would do a registry search to find all run key entries and protect them.

    That's it from me, and I hope that I've finally made some useful contribution to this discussion.
     
  19. ronm

    ronm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    14
    CIS has problems, even when I reinstall Windows XP and install only CIS. The previous version also has the same problems. To fix them:

    1) shut down CIS
    2) run regedit
    HKEY_LOCAL_MACHINE/SYSTEM/Software/Comodo/Firewall Pro/Configurations/0/HIPS/Settings
    Change PopupLayout to 1
    3) Start CIS
    4) Unchecking the Trust Applications signed by vendors button doesn't seem to work, so I deleted all trusted vendors
    5) On the Computer Security Policy page, change the "-" boxes to "+". Delete all rules that don't have + box in front of them.

    I'm in Safe mode. When changing modes upwards (Clean PC to Safe), the rules do not change and should be deleted. When I run Firefox, shut it down after the home page, and check my Firefox access rights, everything is "Ask" except for DNS. When I run the CLT test without "remembering my answer", there are 29 questions. When I remember the answers, there are 27 questions. Checking the access rights for clt, there are 3 blocked, everything else "ask". The answers for the other 24 questions are in different places, which "purging" does not clean.

    Wildest - I don't like virus & spyware programs interferring with Outpost, so I'm very comfortable deleting drivers and disabling features that I don't want. My procedure is good, and I think that this is exactly what you are looking for.
     
  20. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
  21. ronm

    ronm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    14
    First off, some corrections. Don't delete the system file rules. You'll have problems if you reboot your machine too quickly. The answers to the CLT are in the CLT rule, so this was a poor example of my purging claim. The most obvious place to look is in the answer to the first question when running a new program - explorer. I deleted all trusted vendors except for Comodo (dimmed). I haven't decided yet if I want to do this, and if so, should I delete or edit the vendor.nme file.

    Wildest - are you at all interested in this. I can understand why you might mistrust Comodo. When I first ran the CLT test and checked the access rules, everything was blocked, except the first rule. The test asked me 3-4 questions. I think the CLT is a good test to try and pass but it's Defense+ that I would not trust. It just dawned on me last night that the CAV files probably has something to do with this. Now that there are 29 questions to answer, blocking every question is probably not the correct way to run this test. This is still a learning process for me, and it will probably be a long time before I get all my facts straight and give you a procedure for doing this correctly. I'll eventually get Defense+ to do what I want it to do, and I probably will have to give you a regedit file to install.
     
  22. mhob

    mhob Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    26
    I need a Firewall that works on 64-bit, plays nice with Avast Antivirus, and Prevx, and not intrusive like Comodo with all it's D+ prompts. Too much to asko_O? Outpost is just downright unstable on any system I put it on. I tried the latest version for the past few weeks, and over time, it just made a mess. It hooked into the system bad!!!

    Here are the problems I had with Outpost:
    1. Some desktop icons, like "recycle bin" would lock-up when right-clicking on them. The right-click menu would stay on the screen until reboot machine. Same with taskbar icons, including shitty Outpost itself.

    2. Causes BSOD. Doesn't like systems using Intel on-board RAID.

    3. Incompatible with Avast. Even when it disables certain functions like spyware scanning, it still locks up system with BSOD. Starting a manual spyware scan with Outpost causes BSOD 50% of the time. This is reproducible.

    Agnitum has had years to fix this **** already. I've submitted numerous reports and logs to them and I'm just fed up. I just want a good firewall.
     
  23. ronm

    ronm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    14
    I'm not using a 64-bit system, so I probably can't help you much. I have no doubt that you have problems - program problems, not user error problems. All that I want from Outpost is the firewall, and almost everthing else is disabled. As I mentioned earlier, Version 1 was the best, and it's been all downhill from there. I use Protowall instead of Outpost's IP Blocklist. I use Admuncher instead of Improvenet list. I use Nod32 antivirus, but I removed it's networking drivers, so I see no reason why I can't have Outpost's web control feature, and I uncheck the nod32 warning when installing Outpost. The Http log is too valuable a feature to give up. I remove networking drivers from my spyware programs and only do manual scans, which never find anything because with the help of Outpost's logs, it's impossible for a company to reach me and install their spyware. I would try disabling Host Protection for your other problems mentioned, but if you do, then you're going to have to find another solution, like the one I'm talking about here. If Defense+ questions annoy you, you can change the mode and trust Comodo to make the right decisions for you. When I run Firefox, get asked one question about DNS, and the program decides to allow everything, I can't trust experts to make decisions for me. I don't trust Google and I would not surprised to see Google Chrome try to block our ad-blocking efforts.
     
  24. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hi Wildest and all,

    All Security Stronghold, I think that is a Rogue company and these softwares (I tested!) are crapware already.
    Your example of them: Smart UAC Replacement - I tried at the beginning of 2009. You have Blue Alert, and Red Alert, and kernel-mode driver. I think a confidence trick.

    The laughs ... me also.


    P.
     
  25. ronm

    ronm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    14
    When I disable the firewall, I get 2 CLT failures:
    21 - Infosend: DNS test
    25 - Impersonation: Coat
    If I can get these tests to pass (which I think I can), I can finally trust Defense+.
    Any suggestion, besides giving up?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.