"Mamutu: The end of an era"

Well, it has always been.

 

To be honest, I was never really impressed with Mamutu. I´ve tested it way back, and I´ve also seen tests posted on YouTube, and it didn´t really offer strong protection like pure HIPS tend to do.

 

That's why you feel that way. Mamutu is not a HIPS but what's known as a Behavior Blocker. A pretty decent one if a user thrives on such a rare program like this designed for detailed analysis monitoring with auto-suspension and termination capability.

I supposed it might be likened to the Heuristic's most AV's employ now but to a lesser degree.

Depending on it's intended design, they are meant to compliment mainstream security solutions by addressing additional end points of potential system interruption such as where zero day newly introduced malware might make haven to skip past conventional security means.(

I find it ironic and highly suspicious that since x64 bit systems have been introduced, we have NO MORE purely classical HIPS programs or now Behavior Blocker programs in active development anymore like we did when 32bit XP was all the rage.

 

Most people dont like HIPS either.
Except me!

 

Actually Mamutu is pretty impressive. I have been testing out Emsisoft Antimalware 8.0 that now includes Mamutu.

I had an alert yesterday from the behavior blocker for Adwcleaner. I guess that app must be below EAM user community threshhold of 90%. In any case, it trapped Adwcleaner and initated a cloud scan on it. It also caught the hidden internet connection that is also part of Adwcleaner.

The difference between a HIPS and behavior blocking is a HIPS relies on preset rules to determine if an app is doing something it shouldn't be. Whereas a behavior blocker says this app is unknown to me and/or is doing something suspicious and I am going to flag it. Behavior blockers are more effective against exploits than HIPS.

 

Mamutu is part of EAM for years....

 

ppl tend to forget that

 

Behavior Blockers are so unnecessary.

 

It is true their golden era has passed but I wouldn't tell those words...

 

HIPS or behavior analysis – what is better?

 

Actually, there are a lot more HIPS and Behavior Blockers in development than back in the 32bit XP era. They are usually just developed as part of bigger products, simply because a pure HIPS or Behavior Blocker is unable to sustain a company or even a single person financially long-term.

 

From the above Emsisoft link, I believe this sums up the question nicely:

Advantages and disadvantages of a HIPS are clear – maximum control of your system for experienced users who know how to evaluate arising alerts. If you prefer concrete decisions and as few alerts as possible, though, you had better opt for behavior analysis.

 

In my view there's a reason for this now. And it's exclusively and solely due to it's once independent technology having been recognized as a potential marketing/revenue enhancement integrated into the larger financed commercial vendors. They taken it over and impliment it as you say into their own respective bigger products.

Of course a company or individual specializing in HIPS alone didn't stand a chance of progressing financially after the market bullies hopped on their bandwagon.

 

I am starting to think the best replacement " kind-of" for Mamutu is the free edition of NoVirusThanks EXE Radar even though it isn't being updated either but it still does it's job of alerting you when something is amidst and it will still actually run, I don't think Mamutu will after the key expires

 

Mamutu allows file execution...and continously monitors its behavior.
I do not remeber I have every seen a popup asking me if I want to allow running of a file/process.
This is OA's job as a HIPS.

 

I must say I tested it way back in 2009, perhaps it has been improved since then, but just look for the test on YouTube, it didn´t look too good.

And i´ve never been a fan of so called behavior blockers, I have to disagree about them being more effective than regular HIPS.

I was also not impressed with the much praised ThreatFire back in the days.

 

Yes exactly, nowadays almost all security suites come with HIPS on board, but it´s not really my cup of tea, I like to use standalone tools.

I must say that Kaspersky and Avast Internet Security do look kinda cool though, especially the SafeZone and Sandbox feature.

 

The main disadvantage of a HIPS is that they have to be installed on a "clean" malware free system. Most have some type of training period where your system is analyzed as to app execution and rules created. If malware is present, it will be allowed just the same as a clean app. PrivateFirewall, Defensewall, etc. fall into this category.

Comodo's Defense+ is a bit of an anomoly in that will default define what areas of the OS and registry to monitor activity for. It additionally allows the user the capability to fine tune those areas or add new areas to protect.

 

I never thought that it should be a deterent

 

It was inevitable that Emsisoft would follow Symantec and Checkpoint in abandoning a separate stand-alone Behavior Blocker. Nowadays all security products are integrated so all the components work with each other. There is no longer a need to buy separate security products to get comprehensive protection on your PC.

 

Good question. It doesn't make sense for the company to work on two security products when it can work on one and make it better. And this means a lower price and improved product for all the customers. An integrated security product is the way to go. In my opinion, I wonder why Emsisoft waited so long to make this move.

 

Yup! And who is going to pay Emsisoft to maintain a product when its competition already offers security suites with integrated BB modules? The company has to follow the competition or go out of business. This is a practical decision and delaying work on the main product line would neither serve Emsisoft's future nor benefit its customers.

 

So, the next step is to abandon OA and integrate it into Emsisoft Internet Security?

 

@NormanF

Except practical decision...do you really know about what people like nad what they need? And how do you would imagine such "super-hiper-security composition" whit all components?
I will try go further...thanks siketa...

we should make only one for all the best and proper ""super-hiper-security composition"

Please Norman...some your words sound like joke (?)