Downadup/ Conficker worm versus HIPS

Nope, it's made by professionals.

 

Then they have run completely out of ideas or else are bored because it's too easy to kill before it even makes it out of the gate with the most basic of security programs (hopefully).

EASTER

 

EASTER i share your opinion,especialy if u take into consideration that any vista machine is immune to it(yeah,except if you are smart enough^^ to give admin rights to and unknown program from your thumb drive)...Yet it was designed by professionals as Ilya said.Not everyone out there has sufficient knowledge to use H.I.P.S (unless its something like dw who's newest version should never give any pop up now too bad my trial is long over ).Hell most users will think "Shakira" when they hear of such tool name
: D

 

chris are you going to buy it?

 

Luckily one thing is sure; Hips don't lie, and H.I.P.S neither.

 

A very questionable assertion. There have been many examples of malware able to defeat several HIPS. A better, more reliable and user-friendly alternative (once implemented) is LUA + SRP.

The logic of this combo is as simple as it could be: No execution => no infection. Period.

 

no execution equal no infection equal no problem

 

Actualy i have issues with my prepaid card(last one expired) otherwise i already would have.
Back on track,a hips could also be configured so that it would as SRP does(deny execution of any file except for the location that SRP allows too(program files e.t.c) and at the same time avoid the spoofing extension vulnerability of SRP (could use wildcard so that it blocks execution of any file type).

 

I expect they've adopted a driftnet approach to infection,cast it wide enough and you'll catch sufficient victims,rather than the more difficult task of bypassing those with good security.

 

Well I am not talking whether malware can bypass certain HIPS, they just don't lie. However, LUA + SRP and preferably SuRun or something that can temporary elevate your rights is a good choice to go with.

 

I don't know if it is entirely true, but LUA+SRP works great:

https://www.wilderssecurity.com/showthread.php?t=233899

 

Just since I see in every thread that D+ fails against CONFLICKER bc of this testing I has the feeling I should share how the testing REALLY was preformed with CIS..

It was not some "default mode".

REFERENCE: https://forums.comodo.com/leak_test...efence_plus-t33410.0.html;msg240110#msg240110

In proactive (at that time when this test was preformed CIS would pop more than 10 times and also report malware behaviour.
I guess it catches this even better now thanks to all improvements to D+..
But In my mind it did really good..

 

I agree with you andyman35

Not to say theres no way to bypass a HIPS guarded autorun & RunDll as i have set in my EQS rules which seem impossible to jump, i believe as you they have fashioned it to penetrate open shares (which mine is closed (disabled), and any attempt to drive-by entry is also met with stiff deflections, so it's likely meant for wide open systems easy to flow right into servers and such and wreak it;s havoc.

EASTER

 

The thing is the folks that visit the likes of Wilders and actually care about preventive security are the overwhelming minority of pc users.Huge numbers still run unpatched systems with little or no security.Twice this last week alone I've dealt with shop-bought systems with long expired trial versions of Norton 2003,IE6,Adobe 5 etc,still running XP SP1 ,OS updates switched off.Both full of malware I should point out.

 

I just wanted an alert of this type infact. Clever way of interception by OA.

 

Does it comfort that I agree with you

 

Hmmm. sure it does.

BTW not a big deal, i must say at the end.