Discussion in 'other anti-malware software' started by luanme, May 3, 2011.
i find comodo has more pop ups actually
the OP is trying to find comodo alternative
Online armor does generate many pop up, but after version 5, the alerts is reduced to minimal.
Yes, I do understand what you are saying and I'm not misquoting you. I also understand perfectly how different types of security software work functionally and the differences between them: I've tried most of them at one time or another.
When you refer to HIPS on its own without qualification, you appear to mean what is sometimes called classical HIPS - which already suggests that there can be other kinds of HIPS - but by using the term HIPS in connection with policy restriction software by calling it "Policy based Hips" (your words) you are implicitly accepting that this category of software can arguably also be referred to as HIPS, otherwise the term HIPS shouldn't be used at all in this context.
Whether the term HIPS should be restricted to classical HIPS only is another matter. Personally, I have some sympathy with that view but as there isn't universal agreement on the use of the term, I don't automatically assume that when people say HIPS without qualification, they necessarily mean classical HIPS only, although of course like you they may do.
A similar ambiguity exists with the term 'sandbox' where some people will talk about policy sandboxes, whereas other people insist that the term 'sandbox' be restricted to software that, in addition to containment, also isolates from the real system by means of virtualisation or redirection. Again there is no universal agreement as to the use of the term.
In the absence of universal agreement about the meaning of terms such as HIPS and Sandbox, from a practical rather than a theoretical perspective, I don't think it really matters whether policy restriction software such as AppGuard and DefenseWall is described as a type of HIPS, sandbox, or neither of those things, so longer as the characteristics of the application under discussion, and how it differs from other approaches, are properly understood.
My sole intention in posting was simply to try to be helpful and suggest a potentially useful and effective behaviour-based standalone alternative to Comodo Defense+ that is not resource intensive and will run on a 64-bit system. I am not interested in engaging in semantics for its own sake and I don't consider it OT to have suggested AppGuard in the context of the current thread so perhaps we can leave it there.
Comodo passes it easily. I find it hard to believe that Outpost wouldn't pass it as well.
Read this thread or just search google for Comodo and Microsoft Patchguard.
And no, Outpost doesn't pass it. Read the Outpost Beta forums, there is a thread about OLE protection.
Comodo or OA are my choice
for me is OA
Patchguard won't prevent a HIPS from blocking OLE injections. It's pretty lame if Outpost can't block it but Comodo and Online Armor do so easily.
According to this:
The problem is that you don't have the security set to Advanced.
I'm using Outpost 7.1 free.
I just did the test with the settings to Advanced and it failed.
You have to set it to Maximum to pass the test.
That's strange Outpost failed.. Think il have to give it a test too. Still my money is on Outpost FW Pro It's pretty straight forward and simple.
Well. It failed with the Pro version as well.
See the snapshot. The bottom three are with the free version, the top one with the paid one. All in Advanced Mode.
There is already a thread here on wilders where this is discussed and where someone posted an official answer from Agnitum support which says that actually PCFlank OLE cannot be recognized on x64 because of patchguard.
When I asked support if it would change in 7.5 they told me that maybe in future versions but not in 7.5;
Other HIPS just recognize it because they use another kind of technique.
They use some kind of user level injection because kernel patching is not possible due to MS policy.
So using this technique Is maybe dangerous too because malware can deactivate you security software. On the other hand doing nothing against it isn't a good choice either.
Emsi per example says in some post that malware could make screenshots and send them unrecognized on x64, but it isn't possible for malware to log keystrokes. So in my opinion this is sth I prefer to risk instead of having a software that pretends to protect and doesn't.
Better than not implementing any protection at all.
I have tried OA but the HIPS function seems to hate my computer, preventing many 32-bit programs from functioning properly.
I think it dislikes the combination of Windows 7 64-bit Ultimate and AMD Phenom II X6 1090T (AMD64).
I'm sticking with Comodo Firewall for now.
Hm yes, thats odd Agnitum didnt fix this ''hole''. I run the leaktest with maximum settings, no pop-ups or enything... just passed right thru.. should i switch Outpost HIps to something else..
Running Outpost firewall beta and just tried the test. Avira blocked the download.
Look, Outpost isn't a bad program but it lacks x64 protection how I like it. If you want to have a very good FW with HIPS than keep it, the chance that u get infected because of this is very small.
But if you want to have full control and prefer a good HIPS over the FW part, take OA.
Go to the EMSI forums and join the beta team, if you like. The devs are nice and everyone is trying to help you.
Agnitum has a forum where there are no devs, no official supporters and where you only have a mod with a very old looking avatar who is nice and who may help you but he always says that he isn't official support.
I prefer the first way, I like to get in contact with ppl who are behind the product, and to get help, I hate sending an email to some support adress and to wait 2-4 days to get an answer.
You gonna try the test with 7.5?
Yes, i agree. Outpost aint bad, just x64 protection is.. bit. FW blocks crap quite efficiently, has saved me many times. Well, already paid for this so think il use it
I know OA has better HIPS, and id probably use it but my comp dosent like it. Hangs on startup even with just OA firewall enabled (tested with clean, freshly installed windows). Net crawls to a halt ^^. Evryones machine is different, OA aint for this one.
OA has active staff on forum, thats a very big plus. It's shame Outpost dosent have.. Thanks for info!
Comodo forums is one of the most active forums of a security product that I have ever seen.
The CEO, and the developers are quite active and you can have direct contact with them. Also the comunity is there for help.
If your problem with Comod Fw and D+ is that it's to heavy probably you are not going to find any other HIPS or Firewall able to make any difference, I don't know about OA but for sure Outpost requires more resorces than Comodo.
Like all the other firewalls.
There is a free version of outpost
You're right. Outpost forums are not active enough, nor do they have enough mods, nor do they have devs.
It's a major flaw for this kind of product.
no comunication equals this
You're not supposed to run 2 firewalls together. Obviously there will be conflicts.
Ow, my bad. Meant i only had 1 firewall running. Not 2. English isnt my strong area