The damage of fanboys advises

I think nobody can say "use this or use that" , just by looking at the pop ups of one example. It's like scanning one 1 malware package and then reccommend which AV is better.

Myself, i prefer Comodo because, 1) It's free and IMHO covers more things than OA Free, 2) Has ran stable, conflict-free with my security setups and p2p (i can't say the same about OA), 3) Runs much lighter than OA as far as CPU usage is concerned (this last factor alone, is enough for me, since i am paranoid about CPU time).

This, although i didn't like Melih's stance on an early clash with Mike Nash and i also didn't like some pompous statements by Melih.

So, which pop ups are better in the conficker worm, surely won't make me judge which is best for me. OA is also very good and has its own strenghts (the firewall part is very newbie friendly, run safer, shows country IPs, etc), and thus someone should try both and see what's important to HIM. A pop up towards a specific worm, doesn't really mean anything for judging the entire product.

 

Josh,

Josh, as explained in the Comodo forum

The green is the reason for the heads up or 1-0 as I mentioned.

The red has to be regarded in the context of Aigle's reply in red below

When it is true that an allow on the first pop-up causes CFP to NOT stop the malware, despite answering all other pop-ups with deny, I think Aigle has a point

@ Josh: When you react please tell me whether that is true yes or no

Thanks

 

+1 I only gave one example because Kees1958 gave only one example to use OA over Comodo... "Pop ups" If Kees1958 gives more example I am more then happy to respond. The point with the D+ Alert I gave is that the majoirty of unknown malware that AV won't catch... D+ will (Give Red Alert, say its malware) and OA won't do that - And as I said, it's only ONE example.

Cheers,
Josh

 

Already Answered by Egemen and myself in the appropriate threads. You need to review the entire thread here that I responded to and my responses. You are only observing as I said previously, You obviously are not using CIS now and don't understand mate. Are we still sticking with Conflicter worm example? You didn't answer my previous questions Kees1958 and I am waiting for an answer...

Cheers,
Josh

 

Ah, OA does not have OK, but at the end you must click OK on Comodo question.

 

This thread is going to die again.

Bottom Line: People should use what they wish!!!

Cheers,
Josh

 

Personally, in the case of the conficker worm, ideally, the best would be to combine the "malicious red alert" with a detailed explanation as shown in OA pop ups. I also don't use USB sticks (i have one and it's still in its sealed package) , so i don't know if it's "natural" when you insert a USB stick to see in Comodo "rundll32.exe accesing svchost.exe". Because for example, in a DVD autorun, i don't get any pop up. So, if i do insert a clean USB pen drive and get the "rundll32.exe accesing svchost.exe", this could fool a user that doesnt' pay attention to the "red alert". If a clean USB pen drive doesn't provoke the same pop up though, then a user who is accustomed to using pen drives, should think "why on earth do i get a pop up this time?" and note the colour.

In any case, this is hair splitting over a single case.

Back on topic, I should also note, that most probably, there is a certain degree of fanboyism inside every poster in here. Each one suggests first the programs he uses or likes more or wants to suppport. This is in human nature. You see that Sanboxie users reccomment it first. I am a Twister/SB fanboy. Others keep their fav products' threads active and bring news, which is an indirect way of pubblicity. You see those that run "adversary" product abstain from reccommending the "opponent" product or bash it at the first occasion and so on. You see one person persistently getting interested in suggesting product A and B, while not C and D, which are of the same nature.

At the end, it becomes futile to battle fanboyism, and that's why i also think that this thread won't have much effect. I think people that come here, should count on their own judgement, search and take any answer that they take here critically. In my case, before buying something, i usually (not always though) google a lot. I have arrived to reading 100 forum pages before making hardware purchases for example. This is the only way to battle fanboyism. Digging on your own. And also , as i said, it does get tiring explain A to Z each time. For example, i have written million of times that Twister has many FP. Then a new user comes, in the same thread and asks "what's the strenghts and weaknesses of Twister"? Should i answer him again?... While obviously he doesn't bother looking the first page of the thread, where there's probably a good idea of what's Twister?

For the people that expect everything on a silver plate, i say "Fanboys, let them have what they deserve!".

 

Folks,

Let's step back from the specific technical case of Comodo vs OA that has already been discussed in other threads mentioned. We really don't need a replay of that discussion.

As someone who doesn't have an explicit stake on either side of this discussion, in isolation I'd say either alert is fine if they are actually read and the user is accustomed to the program.

The gross number of alerts that a program tends to generate would be an added contextual factor in that alert or pop-up fatigue is a very real phenomena. If every potential operation generates the need for explicit approval, that noise will drown out the few cases that are real. This will happen regardless of the alert color or other cues that may be used. Furthermore, the more text that a user has to wade through, the less likely they will. The punch line really has to be there in a single line and not lost in description approaching a novella in detail.

The selection of the default action by the program will also be critical. It's not obvious from the screenshots in this thread whether the OA default is allow or block, while it appears here that the Comodo default action is allow in this case. Since I use neither product, I really don't know if that's always the case or simply what appeared in this instance.

In any event, let's try to keep the discussion generally focused, try not to rehash past threads, and stay away from personalizing the focus on fellow members.

Blue

 

+1 to both Blue & Fuzzfax. No Software is perfect, And anyone should have what they want and desire. This is why I find this thread irrelevant. Let people learn and live.

I'll keep out of this thread now.

Cheers,
Josh

 

The default in Comodo is "allow". Then, depending on your last action, it can be "always" or not (just once). Meaning, it remembers you last choice. This is handy for userfriendliness, since usually you allow things and it's very hand in case of repeated "allow once" you want.

IMHO, classical HIPS, apart a certain knowledge , require another virtue from the user: Patience. There's no hurry to answer to a pop up. Maybe you should make a sticky about classical HIPS for all newcomers that ask "Is OA/Comodo HIPS strong/secure enough?". A sticky saying "Classical HIPS is the best defense -objectively- out there. But in order to take advantage of it, you should 1) Understand what you are doing, 2) Take your time to read the pop ups.

Because , it's related back to the original issue of advice. It's getting tiring to explain always the same things. It's like going to a formula1 forum and ask "Hello, i purchased a Ferrari. Is it fast enough?". The members there will say "Sure, you can beat 99% of the cars out there". And this *is* the truth! But, if the driver isn't up to the Ferrari, he may get killed! This isn't the members of the Ferrari forum being fanboys. It's common sense. If you 're used driving an auto-clutch city car (antivirus) and suddenly you buy a manual gear Ferrari (classical HIPS) and want to run like mad at speeds never driven before, it's up to you to understand that you 're not up to it... Go take more driving lessons or something.

 

I asked for the same thing over on the Comodo forums some time ago.It'd be a very useful feature,no response as yet though

 

Originally Posted by Aigle
Ten plus pop ups are useless as the main pop ups is rundll32.exe accesing svchost.exe in memory. Why one will block this? It look a legit action. One uou allowed it after execution, u can,t stop the malware even if u choose block all other pop up alerts.

IMO I'd say that to an average user with no clue what rundll32.exe or svchost.exe are that would look neither legitimate or malicious taken in isolation.To an expert although that signifies a sometimes legit action,in the context that you've just plugged in a thumb drive,there's no legit reason for it to be running at that time,therefore making it worthy of investigation.

 

I had this brilliant post typed out but its all gone now thanks to pebkac, but suffice to say that I think the problem is that sometimes informed posters dont understand how uninformed, uninformed users are. Hence they omit things that are obvious to them but not to a novice.

Programmers also have a similar problem in that sometimes they dont do a good job in explaining how their apps should be best utillised by the uninformed. They dont understand the amount of handholding thats required.

 

PEBKAC = Problem Exists Between Keyboard and Chair

Had to look that one up.

 

Saw another "Feeding Frenzy for Fanboys" opportunity this morning at PC Magazine. Review of Suites at http://www.pcmag.com/article2/0,2817,2333444,00.asp rates firewalls, AV, AS, AM and other stuff for 11 different products with sometimes interesting results. But the tastes of the masses may not be the same as the tastes of the Fanboys or their future projections for their favorite products. Especially if it's Not Invented Here. And of course, the specialized products left off can say whatever they want. Throw in a few accusations of incompetence, bribery and treachery to stir the pot. Best advice is still to try products and see if they are suitable for the way you use your system. Beware of Faith Based Security!

 

In the past few months I keep coming back to CIS. I really like Online Armor free but it has always been a problem in the sense that it sometimes does not work very well with my computer. Yes CIS actually tries to tell you that you have a potential problem & OA is less specific but you do get the popup saying something is running & are you sure you want to do this. I really don't think that anyone should rely on HIPS to stop what a good AV or anti-spyware program has failed to identify. The problem is HIPS may in fact identify you have a problem but most people will click approve & keep going. HIPS is just a final notice & not really security in itself. I really hope that Wilders forums never becomes a place where only a few "experts" can give advice to other users who may or may not do what is suggested. So SBIE is bypassed for whatever reason. The user is ultimately in charge & should assume some responsibility for their own actions. If I get infected by malware I blame myself & not the security I was using. I think we need to install security programs & learn by ourselves how to make them work properly. I would be interested in finding out if someone just installs an off the shelf security system & compares it to one of these Home brewed systems that are cooked up here if there is really very much difference in the end. Hips may work for a few of the people here but it is really useless in the hands of non security types who care more about using the computer than worrying about security. Why don't you try & put Comodo or OA on a Wife, Girl Friends, or Son, or Daughter's computer & see if you don't get all kinds of grief when those popups start to happen. When you are called in to fix a compromised computer just fix it & move on, putting on HIPs or sandboxes won't help, users, will either turn off these products or ignore the alerts completely.

 

No a former critic as in the past. You ask so many questions (which one do you want me to answer).

I am not telling CFP is a bad product, nor am I telling that OA is the perfect product. Let me explain again what I have brought forward:

Software not really is a product. It has all the characteristics of a service, meaning the one consuming it (using it) is partly responsible for the result.

So advising software independantly of the situation/context/knowledge of the person who is going to use it, isn't good practise.

 

There is no winning the argument of which software is best. I like technical debates, but I don't see the point here.

Comodo - can be safe, but many users myself included dislike it's interface.

Online Armor - can be safe, but many users myself included dislike it's interface.

How can fact or fanboy advice change that? It can't. Only by researching and understanding can one have security, with or without any particular program to help. With no knowledge, you rely on the prompts. With no knowledge, regardless of how many or what they look like, how can the prompt be answered correctly? It is a matter of chance then.

Sul.

 

Yep let's end this thread