HIPS, leak-tests and the "paranoids"

I found this thread quite interesting specially this words:

http://forum.online-solutions.ru/viewtopic.php?t=524

Sometimes we are worried about to be protected for everything, to have a combination of software able to block all the leaktests... but seems that the famous testing tools that Zemana, Spyshelter... offers are just a way to make some publicity.

Please dont feel any offense for "paranoid" I couldnt find another word, maybe something like "people worried more than normal for security" (like me xD ) but it was too long.

 

Actually it is true but who cares, we are here because we love feeling secure!!

 

I've scaled back recently on my mindset regarding being protected from every test out there. Admittedly, I'm sure my opinion will change again in the future back to a more "paranoid" oriented one. This just seems to be cyclical due to new information I learn or just plain boredom with my current setup. The post you quoted even wavers on taking a firm stance against any extra protections by stating "Probably, we will change our opinion for future versions." In the long run, I think Noob summed things up rather nicely!

 

The topic of this thread is "paranoids" -- the definition of which seems to be "anyone who puts any reliance whatsoever on test reports."

The substance of the thread quoted by OP (from a statement by a vituperative, paid representative of a software company) seems to be: Since we can't raise the bridge, let us strive to lower the water.

Or perhaps: Any POC (Proof of Concept) that doesn't fit our particular mindset/solution is a dumb POC.
~~~~~~~~~~~~~~~~~~~~~~~~

For most any given type of security application (firewall, antivirus, HIPS, sandbox, or whatever) there are numerous choices, all claiming to be the best.

If one takes the approach that any of them is just as good as any other, then I suppose one should simply base a purchase decision on such things as price, product packaging, and so forth.

If all security apps are equal, and if one supposes that free is good enough, why pay anything?

On the other hand, some might decide that the most expensive/trendy security app is what he should buy.

But along comes a silly fellow (like me) who wonders if all security apps are, in fact, equal. So that silly fellow (obviously paranoid) looks around to see if there are any actual comparative tests. Lo & behold, there are some.

But he also finds that every blessed one of those tests is continuously under attack. AV- Comparatives. Virus Bulletin. AV-Test.com. PCWorld. Zemana. All those testers are deemed incompetent. Biased. Bought-off. Fiends from the very Abusso.

Silly fellows (like me) who consider those test data are an inch or 2 better than "eeny-meeny-miney-mo" for product selection, are deemed paranoids. Trolls. Joe Sixpacks.

Is there an elitist group here at Wilders? I think so. And what are their trademarks? I see several. For example, approving of most every new piece of security software. Kissing the hindsides of every software proponent who posts here. Belittling anyone who thinks or comments differently from the elitist coterie who are supporting the proponents & their new shiny security apps. Deriding any and all tests & POCs; openly insulting the intelligence and motives of anyone who gives those tests & POCs even the slightest attention or credence.

Those who read the proponent's advertising copy and ask, "Where's the beef?" are called "trolls" and "paranoids".

When a PAID software representative derides the data produced by POCs, and does so by simply alluding to "other tests" (but never actually produces them or links to them), only a troll would ask for something a bit more tangible.

If a paid proponent says "We are the best because our marketing copy says so" then those who say otherwise, and ask for objective data, are trolls.

But come back months or even weeks later -- after the newness has worn off of the security app "flavor of the month" and there's a new toy, and the elitists are at it again. Anyone who happens to ask why the emperor is not wearing any clothes is again termed paranoid and trollish.

Well, I am HAPPY to be called paranoid if that term means I do not fall for the marketing tactics of every new security app that comes along. I read Consumer Reports before buying a car. And -- when selecting software -- I find value in AV-Comparatives and Virus Bulletin and AV-test.com and, yes, even the benighted reviews by such as PCWorld. And I also take note of the applications that willingly submit themselves to any & all tests, such as Online Armor & KAV & Avast. And I also take note of those who REFUSE to be tested, &/or who attack any & all unfavorable tests, &/or who have their little coterie of elitists who keep up the propaganda that all tests are bull hockey, and all the testers are incompetents who "don't understand", and all who give the tests any credence are paranoids & trolls.

Now the elitists will no doubt use their standard diatribe that those who find test/POC data useful are using those data blindly. We are duped. We exercise no independent judgement. Or better yet, lump all those insults together with the single word PARANOID.

I have been a denizen of Wilders since even before 2002 (when they did a remodeling of the website). But this is no longer the forum that it was. I am frankly fed up with threads like this one, and the coterie of elitists who initiate them, and who term everyone who disagrees with them as paranoids or worse.

Maybe I will feel differently next week. Or someday. Or whenever ... In the meantime, all you paranoids & trolls try & stay out of the elitist's line of fire and never - but NEVER - speak ill of the flavor of the week.

 

@ bellgamin

Don't hold back, just say what you feel

Appreciate your honesty and speaking up I hold similar views

 

So much truth in that post, Bellgamin. Add me in the group that feels like you do. Sometimes it's hard to get any tangible information with all the bickering and "I know better than you", "Mine is better than yours" crap that gets spewed. I agree with you in regards to criticizing a new, popular app around here, or, god forbid you have the nerve to say something against one or more of the "holy apps". I'm sure you can figure out some examples of that. I've come to where I'm less interested in making my security air-tight, and just finding out what solutions are easy, free, and allow me to get on with what I want to do. I stopped worrying about POCs and other oh so scary "the end is nigh" scenarios. When they become a problem, I deal with it, until then, I don't want to be bothered caring about it.

And hell yes PCWorld, AV-Comparatives and the like are good sources, probably better than here because I can find out what I need to know without wading through a bunch of fights.

 

bellgamin, your posts have me consulting a dictionary more than anyone else's here (vituperrious in this thread). I'm sorry to know that you're still bothered by the OSSS thread, but rest assured you have many a dear reader in this forum whose lives and brains are enriched on a regular basis by your posts.

 

Hey, I held my tongue and refrained from posting to the recent OSSS thread, but now I'm compelled to admonish "what goes around comes around". I clearly recall the sting from having been beaten down by numerous "MalwareDefender fanboi dudez", including Ballgamer and the Derelict of New Yourke (names changed to protect the militants, haha) a few posts back.

I understood Mihail's position ("Don't worry about screencap operations -- we got it covered, elsewhere") but I wish for the app to alert (in accordance with my instructions/ruleset) each time a syscall to XYZ is made... yet I respect that the bulk of OSSS users will not.

OSSS, MalwareDefender, and Comodo D+ are the about the only apps I've been interested in discussing... but unfortunately "discussion" has proven to be largely pointless and, too often, counterproductive. guest, "paranoia" isn't the primary motivator for my interest in these particular products. These products go beyond "selling the user a sense of security"; their featuresets provide great "under the hood" insight. For me, that's what makes them outstanding, and interesting.

 

Two sides fully found each other:

• One - is a users who want to use/buy a "green checkmark product" (the product that have more, more and more green checkmarks; does not matter what checkmark, where, for what:
  [x] Ecology clean product!
  [x] No any animal were died while we producing it!).
• Other - marketers of a vendors who sells anything that just can be sold.
  (- Bob, please check, is today enough green checkmarks to have a sales on the same level? I think we need to add some to grow up our sales for 50%. I seen guys on forums asking some.
  - OK, Daniel, we'll code some do-nothing tests to get some checkmarks for test as compare with other products).

It's too sad that users can now rely on such "tests" only.

It is not important how protection is implemented, how it can be bypassed by ITW malware, is the protection fundamental or just a "we have a green checkmark X from A, and test Z from V", what is a real complexity level of system protection.

I hope that some test lab (not commercial one) will make a tests, like Anti-Malware.RU doings: getting some strong real ITW malware and checking a protection in real environment. Not a synthetic tests like "I created a text file, malware can do this too!!! Test failed!".

P.S. Also, do not forget. The greater the application will hook some functions (including unnecessary), the stronger the "slowdown" of the operating system. So getting ticks in some meaningless test, you both will get additional "slowdown" in the operating system. Where they should not.

 

My opinion on HIPS has remained unchanged regardless of POC's,leaktests,et al.
They are basically as good (or bad) at blocking threats as the person using them.

Tests are always made using the default configuration,a term that means cut down on the annoying prompts at the expense of some protection.Most HIPS allow for granular rule creation in order to block nearly anything nasty,so for me the depth of rules creation is the deciding factor rather than some generic results.

 

i believe a champ program is that one tested by us with real nasty malware and not by pocs just type words in the keyboard and visit the darkside i call it the jungle that is the best way to prove what works and what doesnt work

 

Yes I agree I always visit a host of porn sites to test out any particular HIPS (all in the name of research of course).

 

cool andy

 

Why does everyone automatically assume porn=malware infestations? That's discrimination I say! Lol. Actually, a MUCH better alternative is to hit up even a well known torrent website and pick a hacked Windows software program or two and see what happens. Yeah yeah "but I'm not a pirate", step off the high horse a moment and get in the trenches where the malware is more than just some stupid rogue AV drive by or wimpy spyware

 

Porn sites are as dangereous as having sex with your wife, imaging she is halle berry

uTorrent cracks are as dangereous as having unprotected sex with a 20 dollar crack hooker who pretends she has the body of halle berry (but you can't tell because it is to dark)

 

I admit to being a fan of Malware Defender, but I don't think this makes me unique here; we all have our favorite apps. More importantly, I'm not sure what I did to "beat you down", but I apologize for whatever it was.

EDIT: I found the thread you're referring to. I simply disagreed with one of your assessments of the product and was surprised that you were still using it. Again, I apologize that this came across as more than a simple disagreement.

 

Can't say I disagree. I always turn off keyboard and screen monitoring in Comodo D+. As long as I can protect against destructive malware and network access, I feel protected.

 

Sounds like your talking with a little experiance there kees.

 

No, just a favourite comparison. The actual risk of installing a utorrent crack with admin rights is far greater than running Javascript/flash in your browser with user mode rights. Only the social risk of browsing porn sites is somehow considered greater than stealing a lisence while nobody can see it.

regards