Behavior Blockers

Discussion in 'other anti-malware software' started by LoneWolf, Sep 25, 2007.

Thread Status:
Not open for further replies.
  1. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Ok there's..........
    Norton AntiBot
    Primary Response Safe Connect
    Threat Fire
    and I believe Drive Sentry is one.....

    Are there other decent behavior blockers around? (not HIPS)
    Got the HIPS area covered,kinda liking GeSWall (Policy based HIPS)
    or is GeSWall covering this already?
     
  2. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Prevx is one of them and not all of them are purely behaviour blockers. CH,Sana,etc also depend on signatures. I consider them all hips anti malware wich mix several kinds of technology.
     
  3. Sportscubs1272

    Sportscubs1272 Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    340
    I would say there's a lot of choices between HIPS these days. Does Threatfire and Prevx offer the same protection between each other? I know they both gather feedback from their users and all.

    I rarely had a response from TF and if so it was usually a false positive. Prevx is like the complete opposite.
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    As I understand it...
    Behavior blocker is a subset of HIPS is a subset of anti-malware. Ergo, every behavior blocker is a HIPS, but not every HIPS is a behavior blocker.

    Try THIS link -- a bit old, but still a fairly good list.
     
  5. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Old list? What exactly is old about it?
     
  6. zhanwest

    zhanwest Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    42
    Drive Sentry...
    Mmm, It does not have strong self-protection.
    modest resource usage and a little fishy...
     
  7. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    DriveSentry is just HIPS with only the data protection. It does come with wizards to help you get started, but it can't really distinguish between valid and malicious activity, nor does it try - I wouldn't really call it a behavior blocker.

    Add Micropoint to the list. It's an intelligent behavior blocker from China that admittedly doesn't get much exposure here, but the product is solid. They've recently released an English beta, btw.
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Solcroft,

    Have you tried it? I was pretty impressed by PowerShadow and EQSecure, so am curious about Micropoint.
    Regards Kees
     
  9. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I do try it sporadically every now and then, but I do keep a constant eye on its performance (people post daily reports of its and other AVs' effectiveness against malware), and it's rather impressive, to say the least.

    I'll try to write a basic introduction on it sometime, time permitting. :ninja:
     
  10. sach1000rt

    sach1000rt Registered Member

    Joined:
    May 29, 2007
    Posts:
    171
    Location:
    india
    I tried micropoint, and it works very well.
    only thing am not sure about it now is which category it fits in, in antivirus or behaviour blocker?
    Bcause i have an archive which have 5 malwares and when i try to extract that archive it shows the warning message that malwares have been found(its warning window is somwhat similar to bitdefender 200:cool: and asks me to delete them.
    i think AVs does this job when u have realtime protection on. behaviour blockers just blocks the malware when they try to execute.
    so which category does micropoint fits in?
    Anyway its a good program.
     
  11. norman6810

    norman6810 Registered Member

    Joined:
    Jun 1, 2007
    Posts:
    67
    Location:
    PRChina
    I am one of the longterm users of MP.
    During my test,I found that MP is a AV software, not a HIPS. MP can deal with viruses,trojans and malwares.MP has its own virus library and normal program library,so it can use the data to kill the virus.
    Meanwhile,HIPS can only block the API behaviors.
    In some degree, MP has the same idea with kapasky’ proactive defense.
    They are both based on the idea of HIPS,but they also have the feature of AV.So MP has less false alarminng messages and the missed alarming message.
    So MP’s whole name is Micropoint Proactive Defense Software.
     
  12. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    i believe a squared anti malware and threatfire are considered behavioral hips, but are they really the same as far as their behavior analysis? if not could these two be used together?
     
  13. norman6810

    norman6810 Registered Member

    Joined:
    Jun 1, 2007
    Posts:
    67
    Location:
    PRChina
    Although I have never used the two so called "behavioral hips", I have tested many other AVs.And I found that the AVs often conflict each other when they exist at the same time.The AVs often have their own ways of working.
     
  14. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: As far as Behavior Blockers are concerned, I am currently using two of them together and no problems. They are PrimaryResponse SafeConnect and ThreatFire free. Folks, You may want to look at PRSC very seriously, an app sadly missed by majority of security gurus until Norton licenses its clone and makes a big splash.
     
  15. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Wordward,

    A2's IDS with Intelligent False Positive Reduction OFF and Paranoid mode ON provides more or less the same protection as ThreatFire free, onlu its messages are more clearer. Be sure to also select the riskware check ar the on execution malware check (for key loggers).

    They can run together but it does not provide much additional protection. When you run XP, you can better download teh free WinPooch and use the filter posted here https://www.wilderssecurity.com/showpost.php?p=1091240&postcount=35 Open the filter with notepad and safe as ansi file with .WPF suffix. Then go to winpooch's configuration and import this file.
     
  16. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    thank you. I have false reduction off. does paranoid mode use much more resources? what can I expect to see different with it on?
     
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I think Emsisofts Mamutu would qualify and is working very well for me.
     
  18. norman6810

    norman6810 Registered Member

    Joined:
    Jun 1, 2007
    Posts:
    67
    Location:
    PRChina
    Hey,I tell sth about Micropoint:
    Many people regarded MP as the hips.BUT
    Microprint proactive defense software is totally different with the hips. Micropoint will judge the application which is virus or not by a series of the API actions, and the library of the virus logical actions. The Artificial intelligence analyze will judge the virus accurately, and avoid the useless information which more suit to use by the common user. As the application add one registry item (one API action), the hips will alerts the user this is the suspicious action, and inquiry the user whether execute this. Especially when the normal application has been bind with the virus , The user will make the wrong choice.
     
  19. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    Last edited: Nov 23, 2007
  20. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Depends on your definition of Host-Based Intrusion Prevention System. If the emphasis on Host-based, even a black listing AV can be considered HIPS.

    Sounds like MP is a behavior blocker or a 'smart' HIPS.
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    If i had my choice, and i won't, i would preferred Novatix kept developing CYBERHAWK. At one time it was a masterful behavioral blocker and a one-of-a-kind.

    I just don't see ThreatFire is the same light unfortunately, so hopefully more developers will produce a new version of Behavioral Blockers along those same lines with an equally smaller installer not to exceed 6 or 7 MB. Anything larger then that i seen cause nothing but issues for both users and developers.

    EASTER
     
  22. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    MICROPOINT : HD : 57 Mo :argh: . Heavy artillery ... too much of a good thing ...
     
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Ok i'll bite.

    An excellent as can be behavioral blocker plus EQS final when it lands plus AE along with Returnil and Tiny Watcher, and i would be satisfied of that Lite layered approach.

    I still want every line in the SSDT Table/Win32 covered and smothered with self-protection as well. LoL

    No way that i can see to defeat a file infector unless some clever soul surfaces with a way to patch every file to block the PE's header or whatever change, but it's still offers exciting interest. Cypting by the way is not for me.
     
Thread Status:
Not open for further replies.