Emsisoft Anti-Malware

This has been a full circle, already said more than 3 times

1. CLT is not a proper testing tools for BB
2. Emsisoft BB tested by MRG, show a great result while fighting real malware

I know you can write a whole book to deny this, but at the end those two facts won't change.

 

CLT is a proper testing tool for BB because it mimics system infection in absolutely the same way malware does. What makes CLT to be even more relevant for BB is it is a single executable that performs a lot of potentially dangerous actions in line.

It may be BB is not a proper tool to protect system from infection?

Fact is -- it fails to prevent system infection because it either doesn't monitor enough or waits for too long to react. The both reasons mean fail.

And I really can write a book (thanks for a good idea!)

But there are also other people (some of them are respected experts) who has quite different view on what is BB. For example Randy Abrams, Director of Technical Education in ESET LLC does not see any difference between HIPS and BB, he sees difference between BB and signature-based scanner.

http://blog.eset.com/2006/09/11/what-is-a-behavior-blocker

Guess, who is more convincing when it comes to the terminology?

Even different developers of BB have not a common view on what BB is, BTW.

So in the end it is better to regard BB to be a flavor of HIPS. And that is to say any modern HIPS is not just "a dumb tool", but clever behavior monitoring system. And I'd recommend you to read about what is HIPS.

===
Short for host-based intrusion prevention system, HIPS is an IPS or intrusion prevention system designed for security over host-based systems where intrusions and infections are dealt with at the individual workstation level to provide a more effective level of security.
===

There is nothing about being dumb or about a lot of popups in this definition, the only objective is to prevent intrusion, which is absolutely what BB tries to do.

 

Do you mean the opponents are objective?

BTW, the main objective of any independent testing (unlike a vendor driven one) is to reveal _weak_ sides of the product. So any testing should be welcome if the results can be reproduced. Reproducible results make them to be _objective_.

 

EAM is the best on-demand scanner imo, for FPs, just submit them to Emsisoft so they could reduce them in the future.

 

Te be honest I interpret words like behavior blocker etc. different.

First, you have the host-based intrusion prevention system (monitor network and system activities for possibly malicious actions and requiring user intervention on these actions.)

Then, you have technologies like Mamutu (and Threatfire) which I consider as being HIPS with behavioural signatures (or patterns). I consider them as signature/pattern-based HIPS since they require user intervention when certain patterns happen.

Finally, you have the so called behavior blockers, but I personally consider behavior blocking as a system hardening technology. A good example of this is the behavior blocking included in Panda Cloud (also the conventional Panda's TruPrevent), since Panda just blocks certain behavior patterns without requiring user intervention (they just pop-up with "Malicious acitivity blocked" or something like that). For, example some days ago I reported a false positive by Panda Cloud which blocked the uninstallation of a beta build of the Opera browser. Uninstallation included behavioral patterns which were blocked because they modify browser plugins and BHO's.

 

You've hit a great problem of the HIPS world - terminology. Anybody interpret anything in very many ways (as he wishes, as a rule)

It's a time for something like RFC for HIPS ?

 

i love hips programs

 

HIPS = BB, "Classical" HIPS, "Policy" based HIPS etc.
Remember that HIPS is Host Intrusion Prevention System. HIPS can be anything that is preventive instead of reactive

 

heard that this lighter than feather that is.. Is it true J..are u using this antimalware thing?

 

once i did and i love the detention rate

 

oh thats great.. but is it also true that it is lighter than feather?

 

not here lol

 

Those are fighting words my friend lol

 

hmmm? fighting words? I am not sure I understand you there my friend

 

LOL K. The joke is over my friend