Comodo HIPS impressions

Discussion in 'other anti-malware software' started by aigle, Sep 23, 2007.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Tried Comodo HIPS( installer version3.0.7.208 ) on XP SP2 shortly and I though of sharing my impressions.

    Main GUI seems washed out but GUI of popups is nice. Seemed to cause a bit slow down though not too much on my system but learning mode is definitely slow. It,s very chatty with lot of popups if u want to make ur own rules. Memory usage minimal though. Seems it has no MD5( or some other hash) checksum ATM( but I am not sure).

    A very nice feature is pre-defined or custom-made policies that can work as a policy based Sandbox. However the policies are bugg at the moment, they don,t work as expected and when I tried too restrictive policies, they almost hang the system due to almost 100% CPU usage. It still needs work but sure it will be a real nice feature.

    In additiuon to Execution Defence and Registry Defence, it has a strong File protection feature as well that works well.

    I tried some crude tests and the results are as follows.

    1- APT and SPT all passed( excpet two of them)
    2- AKLT- first two methos of logging failed
    3- Prueba malware- passed nicely.
    4- Home keylogger passed
    5- It detects attempts to read screen directly( I am not aware of any other HIPS having this functionality but I might be wrong).
    6- Detects keyboard access and hard disk access( seems like same functions in SSM though I cannot be sure)
    7- A very special termination method by VideoLinkParser, detected and blocked successfully- Pass.
    8- Termination by Spy.exe detected successfully- Pass
    9- I tried one SSDT unhooker rootkit that was blocked successfully. Pass
    10- Start up registry protection- Pass
    11- Start up folder protection - Pass
    12- KillDisk virus- not tried( may be someone can try in VM).

    These results seem impressive to me as it,s a rather initial beta version. BTW it seemed to have strange behaviour. On popup if I deny an executable( even without remember this option), I will be unable to launch this executable again until I rebooted my system. I killed its service but still sam- may be driver based protection?? not sure at all. I found few more glitiches as well. Also it gives too frquent memory modification popups as compared to other HIPS. These bugs/ features( ??) were big turn off to use this beta ATM.

    Not tried latest version yet.
    browser loopback.jpg browsers DNS.jpg
    comodo poilicies (1).jpg brontok2.jpg
    homekeylogger.jpg
     
    Last edited: Sep 23, 2007
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Some more pics.
    hook into IE.jpg
    legit global hook.jpg
    prueba (2).jpg
    spy.exe.jpg
    SSDT unhooker.jpg
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Last screenshots.
     

    Attached Files:

  4. Thanasis159

    Thanasis159 Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    86
    I like the new GUI! I will definetely give it a shot when the final release is out!
     
  5. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    Thanks a lot aigle for these very interesting shots.
    I can foresee a day when possibly there will arise the need to make a choice between ProSecurity Free and the Comodo HIPS.
    I think ProSecurity Pro will still be better for some time,at least.
    I am impressed by the nice GUI and scope of explanations,however,i'll definetely try it out when it is a bit more mature.
     
  6. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    DefenseWall HIPS.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Never knew that!
    Thanks
     
  8. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    i don't know about anyone else but i'm really impressed with the results of these tests! aigle i do have one question though, how was comodo HIPS on resources (like memory and processor usage)?
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Aigle,

    Thanks for the test drive. How would you compare Comodo HIPS to other HIPS you have used like SSM free, NeoavaGuard Beta and EQSecure 3.4?

    Regards Kees

    PS
    Have not tested new security aps for quite a while now. Could Wilders faciltate a Security Addicts Anomious on their forum? ;)
     
  10. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,911
    Aren't they supposed to integrate this into the firewall?
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It is. I just wrote comodo HIPS. It,s CFP, I checked only its HIPS function caled Defence plus in it.
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi zopzop! Memory usage very little, less than version 2.
    CPU spikes are there especially when u restrict some functions. I mentioned it that when I used a very restrive custom made policy for my browsers, CPU usage became 100% on browser launch and I could not use this policy. Seems beta bugs.
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    IT,s impressive but still needs time to improve. It might have an edge in the long run as it might get more users and also has more resources on its back.
     
  14. Nubiatech

    Nubiatech Registered Member

    Joined:
    Aug 19, 2007
    Posts:
    50
    Location:
    IL, USA
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks. Looks interesting. Will see it alter.
     
  16. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    The behavior is still quite buggy i agree. Sometimes you block something, but it doesn't apply (or work at all), or you need to apply twice editing a fw rule to work, etc.

    Really beta, but it's promising. I'd say it's finished by the end of year/ next year only.
     
  17. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,911
    Oh, thanks. That is good news!
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I played a bit with it, and it does seem to be very powerful, it´s able to recognize and stop a lot of possible malicious behavior, but the problem is that´s it´s not really fine tuned by the developers, in paranoid mode it will drive you crazy with all kinds of useless alerts. It also freezed a couple of times and it seemed to forget rules.

    And the GUI is not handy at all, this doesn´t make it easy to configure things quickly. So all in all it´s a disappointment to me, it´s powerful but fails on other important areas, I just wish someone could combine all the good things from various HIPS into one app. My other favorite HIPS (SSM and Neoava Guard) are also not exactly perfect. :rolleyes:
     
    Last edited: Oct 7, 2007
Loading...
Thread Status:
Not open for further replies.