How good is MAMUTU?

Forgive the slight OT, but, when Mamutu's license period expires, does it still work? (of course it won't update to newer versions). I have a goatd version somewhere, have no clue if it expired.

You can try Micropoint beta (90 days trial and after that you can use new key for another 90 days and so on). Chinese. I had installed it recently, seemed to have too many menus for a behav blocker, but i may try it again and give it a better chance.

 

Agreed 100%,Mamutu acts precisely as a BB should making no assumptions and yes it's very good at spotting malicious behaviour.

 

th:thanks

 

This is what always puzzled me about Mamutu. The above comments, could very easily be said for classical HIPS too. For me, BBs SHOULD be making assumptions and not talk to me, unless something really important happens. Which is what TF does. Granted, TF doesn't have the deny option, if you 're not careful it can delete various things, BUT, between the 2, the real "BB", sounds more TF. It pops up at level 3, really rarely, while i can't say the same with Mamutu. In paranoid mode, Mamutu is worse than D+, to the point that i was asking myself "What's the point in not using D+?". Mamutu on default settings, was probably more chatty than TF in 5. And if i had to bet my money on effectiveness, i think i would bet on TF on 5 against Mamutu on default. (just my impression).

My ideal BB, would have: 1) TF's frequency of pop ups and user decision input, 2) Mamutu's deny option, pop up detail and resource usage.

But, IMHO, TF is way ahead in analyzing patterns silently than Mamutu. Specially in 3, TF will rarely bother you for legitimate applications and will still be very effective against real malware. BBs, in my book, shouldn't have a "learning pop up mode". That's what classical hips are about. They should be "intelligent".

 

By not making assumptions I was referring to the fact that legitimate software often shares certain traits with malware,Mamutu however doesn't just block this without warning,as Threatfire did.The very fact it's quiet shows it's intelligence,not bombarding the user with endless popups about perfectly safe software.However when faced with real malware it does it's job very well indeed.

If it's pop ups you want informing you of everything going on then a dumb HIPS is what you need.

 

Thanks, i now see what you mean.

 

Yes, & TF can readily quarantine a vital process due to its lack of "deny". IMO the refusal to add full-scope "deny option" is sheer mindless arrogance on the part of TF's developers.

Such as D+ ?

 

It was after Threatfire killed a session of Nlite and I spent half an hour of headscratching before finding the culprit that I decided against it.The individual behaviour controls in Mamutu are so well implemented in comparison.

And yes D+ in paranoid mode,with firewall notifications frequency on high will certainly fit the multiple pop-up criteria.

 

Mamutu only runs within the license period that you have stored on your user account.

 

You can only install those Giveaway of the day offers on the actual day they're posted unfortunately.

 

Thank you for the explanation.

Oh, as an information, many months ago i had installed Ashampoo free firewall and tried to install Mamutu, but activation would fail. This is a problem of Ashampoo, because it involves PrevX too. Practically it doesn't understand the connection request and you 're not presented with a pop up. Even disabling the firewall doesn't help. Practically if one has Ashampoo free installed, he can't activate. And unfortunately your German "cousins" in Ashampoo don't seem intended to update their firewall and fix this.

Yes, reason for which i usually don't even bother downloading them. There are some rare exceptions though, like Returnil and SSM. As for Mamutu, i had activated the day of the GAOTD, but rarely ran it, mainly because i was annoyed by the fact that you must log into the site each time and put mail and code... I change setup way too often to bare with online activations (with the exception of Twister that i had in my "backup FD Rescue image as only security setup from which i start adding new apps every time. Twister is a "stable" so i can live it). They become spyware-like for my taste.

 

Agree 100% with Bellgamin.

This reminds me of when Novatix grew either tired or reached a point that they didn't have the engineers to make this BB what it really could be.

EASTER

 

Based on what I read on this post I have dropped TF and am trying Mamutu. I never had a problem with TF but I want to have the opportunity to decide what to quarantine.

 

I like Mamutu. After installing it, I went to browse in Firefox. I have an old Microsoft Office keyboard that has a scroll wheel on the right side (which is why I won't give up this keyboard--it takes some of the effort off the right hand). When I tried to use the scrollwheel on the keybd to go down the Yahoo page, it didn't work and Mamutu popped up with a warning:

While executing the program Mamutu detected a possible malicious behavior. The program tries to simulate mouse moves and clicks or keyboard activity. Malware uses this technique to deactivate or remote control security software and other programs. If you have not intentionally started the program displayed above, then it is a good idea to block the program and possibly also place it in quarantine. If you know what the program is, and are sure that it is not damaging, then click on [Allow this behavior] or [Exclude from protection].

I OK'd the behavior and immediately was able to use the wheel. BTW, while the message was up, I tried to open several other windows (Outlook, Contol Panel, Notepad, etc.) and nothing opened. As soon as I OK'd the wheel, all the windows popped up--I guess Mamutu prevents activity until you act on the current warning. Seems like a good idea! I'm buying this program. I know this is a simple example of what it can do, but if a trojan had tried to give someone else control of the mouse or keyboard remotely, I believe Mamutu would have given a similar message and stopped the activity.

 

One example of many there,Mamutu does BB the way it should be done efficiently and transparently.

 

I wholeheartily agree they have done a most outstanding job of programming a Behavioral Blocker EXACTLY as it should perform and they really made it a very nice and user-friendly plus formidable BB.

But then A2Squared as i can't shake the old name (i like it), is has a very long track record in their Anti-Spyware Programs and they never gave up, but pressed ahead hard to bring about even another security apparatus that is equally reliable, chiefly, MAMUTU.

 

Has anybody done any tests of malware against Mamutu?? (even if it's just private tests from people's own malware samples?). I use Mamutu as well and it's a very nice piece of software and incredibly light on CPU time. The silence is sometimes a bit disconcerting though as I'm a bit more used to classical HIPS!.

 

I 've seen this one on youtube:

http://www.youtube.com/watch?v=PzrmuYBA_K4

I think there is another one too, but i can't find it right now.

 

The silence is due to the inherent intelligence behind Mamutu.Whereas many HIPS use a scatter gun approach,warning about friend or foe,Mamutu performs careful analysis and builds up a profile of any given process,only alerting the user once a sufficiently suspicious behaviour criteria has been reached.That's why there are very few false positives and any alert is at least worthy of passing interest.It contains an extensive list of malicious behaviours to check for so IMO it'll catch a lot of bad stuff out there.

When I ran a test a while ago it flagged up all the malware I tried it against,not in any way definitive but it was sufficient for me.As an addition to other security utils,given it's really light resource footprint using it was a no-brainer for me personally.