Behavior based analysis product?

Discussion in 'other anti-malware software' started by hex_614, Jul 30, 2008.

Thread Status:
Not open for further replies.
  1. hex_614

    hex_614 Registered Member

    Joined:
    Jul 17, 2008
    Posts:
    155
    Location:
    Manila, Philippines
    hi guys,

    i want to include in my security a behavior based program like norton anti bot but i want a free program. what would you suggest. aside from threat fire because its not working well with my avg 8.0 professional.

    many thanks
     
  2. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    True! The apps on the list linked by Hurst are definitely more akin to "classical HIPS" that to behavior blockers.

    AFAIK, TF is the only "pure" & "smart" behavior blocker that is free.

    NON-free behavior blocker ==> Primary Response SafeConnect ($29.95).
     
  4. ambient_88

    ambient_88 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    854
    The OP said he wanted a free program. But I'll agree with you, either Norton AntiBot or Primary Response SafeConnect.
     
  5. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Also NOT free there is Mamutu...
     
  6. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
  7. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello hex_614,

    Although, in beta, another one to consider is NovaShield.

    http://www.novashield.com/


    Peace & Gratitude,

    CogitoErgoSum
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    You could try DSA and only using its outbound control (disable process control or set it to learn and auto accept for a long period). Although it is more or of a smart HIPS looking at usage patterns (like anomoly detection).
     
  9. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Winpatrol is a great security program, but I don't think it qualifies as a behavior blocker.
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    It would be nice to know more about NovaShield. Have there been any reviews?
     
  11. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
  12. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    Yes Winpatrol is just an overall system monitor. It monitors critical places (startup, services, tasks etc) and alerts the user which has nth to do with behavior!

    I find it very usefull, cause it is a nice easy approach to obtain my system!
     
  13. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I know its not a behavior of malicious warning like threatfire but Some consider it a light hips and it does monitor system changes that can warn a user of something unexpected by heuristic behavior So in a sense thats behavior and free as op is looking for.
     
    Last edited: Jul 30, 2008
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Novashield looks interesting. Maybe I shall give it a trial later on. Hopefully, so will Kees, Easter, Pete, et alia.

    However, Novashield's spiel sounds grossly overblown. Their statement: "reduces the window of exposure to zero infers 100% protection against zero-day threats. NOT bloody likely, wot!!! :cautious: :cautious: :thumbd:

    You have to register to get a trial copy. Moreover, on the registration/download page there is a "free trial button" but it takes you right back to the registration/download page. Yikes, it's the incredible looping link gizmo -- very amateurish IMO. :isay:
     
    Last edited: Jul 30, 2008
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Wow, tall order there and even with the collection that's available right now i consider their numbers very enemic.

    I read many sour reports on TF on one side as where the other half seem to have outstanding results with it, so in my recommendations of these type apps i consider that one a bonified toss-up as it stands ATM.

    I even went as far as digging up older versions of CYBERHAWK that really have impressed me in comparison to TF, it's lite, stable, but is somewhat limited in that it does at-once alert & terminate the source offending file (tested with dll injectors mostly with some other malware) with positive results. I don't need or expect an AV inside a Behavioral Blocker although a blacklist might be of some benefit, they are not foolproof and be evaded easily as an AV. That's where HIPS comes to the rescue.

    I had my heart set on ProSecurity after numerous failures/issues only to finally hit paydirt with a really good Last :doubt: version that's all but rode into the sunset now. I think Bellgamin can relate.

    One thing i can suggest is EQSecure, and in head to head comparison despite published test results ProSec let me drop a malware into directory's whereas EQS stopped them and suspended them BEFORE they could enter. Now ProSec might have allowed the drop, but if it executed, ProSec knocked off it's socks.

    Back to Behavioral Blockers, have you tried Mamutu yet? I see a limited field of these apps in circulation right now and users have given up for the most part and just gone with programs like DefenseWall/SandboxIE/Returnil etc. to shore up their security set up.
     
  16. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Went ahead and registered to get the NovaShield Trial just to find out it says can't install that I need XP Service Pack 2, but yet I have Service Pack 3 installed. Oh hey hex_614, try to get the free key for A-Squared like starfish_001 recommended, I think you have one more day to get it, pretty good deal.

    dja2k
     

    Attached Files:

  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Well, if that doesn't beat all. First we have to suffer thru an extended delay due to Vista compatibility for these security folks and still they suffer from issues because of trying to meld 2 different operating systems to accept their programs together without losing precious time in the XP projects they were just beginning to get smoothd out, and now we have apps that require SP2 instead of SP3, which brings another problem along with it so far as compatibility is concerned.

    It must be totally frustrating for security developers everywhere trying their best to keep up with these new invitations Microsoft keeps rolling out to users.

    EASTER
     
  18. hex_614

    hex_614 Registered Member

    Joined:
    Jul 17, 2008
    Posts:
    155
    Location:
    Manila, Philippines
    GUYS THANKS A LOT FOR YOUR SUGGESTIONS, I BOUGHT NORTON ANTIBOT JUST RIGHT NOW. I THINK NO FREE PRODUCT CAN PROTECT ME LIKE NORTON ANTIBOT CAN. BY THE WAY THANKS TO ALL.

    IM USING IT RIGHT NOW, DONT EXPERIENCE SLOWDOWN AND ITS JUST SIT DOWN IN THE TRAY. @_@
     
  19. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Hi,


    what about Online Armor (paid) it offer behavior blockers too.
    I have router with NAT but i really thinking about buying OA.
    Before that i was testing Comodo Firewall Pro but this software used my CPU resources in ~100%.
    I have run TF and testing DW 2.45 too.
    I want run in future (if my test configuration pass all my requirements) together TF + DW + OA + Avira Premium in real time protection.
    I wonder... is it not too much?


    Regards,
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857

    Creer

    When you have configured your router FW properly, I would opt for either OA paid + Antivir Premium or DW paid with TF free or DW paid with Antivir Premium, that is sufficient. TF has some outbound protection, DW will have with release 2.50 and DW will also make sure most sure most leaktest will fail (due to HIPS, that is why OA and Comodo have HIPS features).

    After every intrusion TF will check its Anti Virus data base, so it counts as an AV. I would not mind about the lower detection rate virus buster has (the blacklist data base TF uses) because TF will catch it anyway.

    They are all great combo's.
    Regards Kees
     
  21. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    Please tell us more! Which flavour of Windows are you using?
     
  22. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    im a big fan of nortons antibot and also prevx, but prevx are taking the **** in releasing their version for vista, still currently beta.

    DriveSentry have a free version, but personally... id just pay for it, as its a super low price....
     
  23. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Since the topic is "behavior based analysis product" please help me understand -- in what way is OnlineArmor a behavior blocker?

    You might should have mentioned the fact that PCTools AV is based on VirusBuster, which tests out as a low-ranked, second tier AV. It does not scan real-time, either. Therefore, I question the inference that TF's use of PCT AV is an adequate substitute for having a full-scope AV.
     
    Last edited: Jul 31, 2008
  24. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Hi Kees,


    thanks for reply.
    I don't want removed my AV Avira Premium so i will stay with this security.
    I'm not sure if i understand... so if i'll decide to stay with OA (paid) then i can/should? removed DefenseWall HIPS - is DW offer the same security as OA (paid) plus SandboxIE?


    Online Armor has HIPS protection, smth like Comodo Firewall Pro.



    Regards,
     
  25. Hiker

    Hiker Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    268
    Comodo Firewall with Defense+
     
Loading...
Thread Status:
Not open for further replies.