Spyware Terminator's RealTime Guards

Been using BOClean Anti-malware along with Comodo Pro 3.0 with Defense+ enabled and AVG Pro AV for 5 days now and have been satisfied with this set up. However, with the new version of Spyware Terminator soon to be released, I was wondering what some users think about the current versions Real Time capabilities with only it's Guards enabled and not it's HIPS. I was thinking of replacing BOClean with it depending on the answers I get. Thanks.

 

5 days without a change?, what is the matter with you, not feeling well?

 

LOL. It's been hard, and guess what? I put ThreatFire back on in place of Comodo and decided to keep BOClean. I like ST, but will wait and see how the new version is when it is released. I will say I think my PC and browser is a little faster with CPF 3.0 than TF. I just wonder which ones protective capabilities truly are better? I know you have used both and wouldn't hearing your opinion on the two Kees1958. Thanks.

 

A properly configured classic HIPS (Comodo 3) will give you near 100 % protection. OTOH, a behav. blocker (Threatfire) gives a high degree of protection while being quiet.

 

Agree with Lucas1985,

I think Comodo protection is somewhat un-transparant. So use it out of the box with D+ set to basic in clean PC mode. Otherwise it is a good but pop-up dragon for gamers and people like you who try out a lot of siftware. I like a classical hips to be transparent, because the user is the weak link. You have to understand how it works to make the correct decision, that is why I liked SSM over ProSecurity (although PS user interface is more beautiful) , like EQS/NeaovaGuard over SSM (by the way I prefere them all over D+).

On the other hand TF is a behavioral blcker which by design applies its own intelligence, which is un-transparant. You only have to trust the Behavioral Blocker will pop-up at real suspicious behavior. When faced with a pop-up you have the same dilemma as with a classical HIPS, what to decide? In that way I like the latest implementation of Mamuto, in which you can set acceptance and denial levels based on the community decisions.

You are problably as confused after this answer as before, but I'll hope at a higher energy level.

Regards Kees

 

A Hips can not give you 100% Protection, because the User decision is only good as his technical backround and nobody is perfect.

 

Theres legitimate argument that can be supported or disputed in favor of each opinion, but one thing is for sure, HIPS is definitely & drastically INCREASED protection for those who have taken that route and the time to familiarize themselves with their own system with them.

Compared to AV's, and even a lot of AS's combined, when is the last time you read in a HijackThis Forum where a HIPS user came in complaining about not being able to get rid of some malware and screaming HeLp like those forums are full of everyday?

Of course, HIPS is specifically designed for those users who are more than prepared to take the time to both study and test this type defense and realize the benefits from them, many of those are just plain sick of still getting hit even though they paid for annual AV licenses and other so-called AntiSpyware apps, only to find themselves right back in a pickle again.

IMO, HIPS is a fantastic concept which is been sorely needed for a very long time, problem is most common users still don't want to be bothered or else can't devote the time to them for better rules setting, and so they remain playing russian roulette everytime they go wondering around the net with just the few basic AV + AS and what have you.

More informed users not just rely on HIPS but a well-rounded protection/recovery strategy which also includes regular backups, sandboxes, virual apps, ISR's, etc.

But your point is well taken, with HIPS, it does fall back to User Decision no matter, it just that HIPS affords that user important TIME by aborting or suspending some activity and (hopefully) at least a file name and data/path to encourage them to do a SEARCH "first", before allowing/denying the process to pass along as it intended.