Behavior blockers

Discussion in 'other anti-malware software' started by nikanthpromod, Dec 8, 2009.

Thread Status:
Not open for further replies.
  1. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    what are the behavior blockers available now. Dont make this thread A vs B fight.Just say the name . thanks:)
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
  3. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    i know that 4 programs. Any other suggestions??
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    to be honest it is very hard to find this type of saoftware in these days;)
    maybe other posters will help find more options:thumb:
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    some usufull info;)

    Behavior Blocking

    Unlike heuristics or fingerprint-based scanners, behavior blocking software integrates with the operating system of a host computer and monitors program behavior in real-time for malicious actions. The behavior blocking software then blocks potentially malicious actions before they have a chance to affect the system. Monitored behaviors can include:

    Attempts to open, view, delete, and/or modify files;
    Attempts to format disk drives and other unrecoverable disk operations;
    Modifications to the logic of executable files, scripts of macros;
    Modification of critical system settings, such as start-up settings;
    Scripting of e-mail and instant messaging clients to send executable content; and,
    Initiation of network communications.
    If the behavior blocker detects that a program is initiating would-be malicious behaviors as it runs, it can block these behaviors in real-time and/or terminate the offending software. This gives it a fundamental advantage over such established anti-virus detection techniques such as fingerprinting or heuristics. While there are literally trillions of different ways to obfuscate and rearrange the instructions of a virus or worm, many of which will evade detection by a fingerprint scanner or heuristic, eventually malicious code must make a well-defined request to the operating system. Given that the behavior blocker can intercept all such requests, it can identify and block malicious actions regardless of how obfuscated the program logic appears to be.

    The ability to watch software as it runs in real-time clearly confers a huge benefit to the behavior blocker; however, it also has drawbacks. Since the malicious code must actually run on the target machine before all its behaviors can be identified, it can cause a great deal of harm to the system before it has been detected and blocked by the behavior blocking system. For instance, a new virus might shuffle a number of seemingly unimportant files around the hard drive before infecting a single file and being blocked. Even though the actual infection was blocked, the user may be unable to locate their files, causing a loss to productivity or possibly worse. This is why it is always preferable to detect and prevent infections using the tried-and-true scanning schemes when possible (and why fingerprinting will never go away).
     
  6. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Spybot Search & Destroy (got the info from here)
     
  7. progress

    progress Guest

    The teatimer of Spybot is a tiny behaviour blocker :D
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    winpatrol does what tea timer does too:)
     
  9. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    PRSC is a behavior blocker. Further deponent sayeth naught. :ninja:
     
  10. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    Thanks for that info:thumb:
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    I do not want to steal this thread, but TreathFire can get a really nice extra feature when devs put it on the priority list.

    ****

    TF has a sensitivity level: I have asked for a custom rule to set the sensity level, examples

    When any Email or Webbrowser executes set the sensitivity level to 4


    Or


    When any process tries to access (execute) a file which originates from the internet (can be seen, like windows knows it know), set sensitivity level to 5

    Or


    When a specific proces (list your P2P programs here) executes a file which originates from the internet, set sensitivity level to 5


    ****


    DJames and the chief dev thought it an interesting idea, to use allready available mechanismes to tune TF's sensitivity level to origin (specifically threatgates origin) and lower CPU consumption (normal sensitivity level could be set to level 2).


    Would be nice when a few Wilders Members would endorse this request by adding clipping the text between *** in a the TF feature request thread, see http://www.pctools.com/forum/showthread.php?t=48576&page=16

    Please endorse, because it really would make TF more agile and responsive

    Thanks Kees
     
  12. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    I think real time defender is Behavior blocker HIPS:rolleyes:
     
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    @Nikanth your welcome:)
     
Thread Status:
Not open for further replies.