Difference in Protection?

Discussion in 'other anti-malware software' started by Someone, Jun 15, 2008.

Thread Status:
Not open for further replies.
  1. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    I was wondering is there a significant difference in protection between HIPS in signature scanners (like CounterSpy's realtime, Spyware Terminator's real-time), simple HIPS like WinPatrol and full behavioural blockers like ThreatFire, Mamuto?

    Thanks
     
  2. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Essentially there are two kinds of software. Classical behavior blockers that try to cover every base. They throw up lots of pop ups and really depend on the user's knowledge in determining if a behavior blocker is malicious. Example of this kind of software include D+ in the Comodo firewall, SSM.

    The second kind is the 'smart' behavior blocker that monitor certain behaviors and have an algorithm to determine if something is malicious and will only flag behaviors that it determines to be malicious. Examples include Threatfire, Mamutu.

    The 'HIPS' in signature scanners will be unique to the product. Counterspy's monitors a set of suspicious activities. If any of these occur, it will flag it. I'm not sure about Spyware Terminator.
     
    Last edited: Jun 15, 2008
  3. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    Thanks for the quick reply.

    I think Spyware Terminator's real-time is similar to WinPatrol.

    What I meant was, is there a significant difference in the protection of something like Winpatrol and ThreatFire?
     
  4. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    There haven't been any tests (or not that I know of so correct me if I'm wrong) comparing these two products. I can only talk about the design philosophy of the products and make a comparison on that.

    To me, Winpatrol seems more like a diagnostic tool in the vein of autoruns etc with some additional behavior blocking features that look for changes at specific places. This is closer to classical behavior blocker.

    TF is a smart behavior blocker. It was designed to recognize and block malware as a resident layer.

    So it from a design perspective and in terms of resident malware blocker, it seems that TF would be more 'protective'. However the products have different purposes and this direct comparison isn't quite fair.
     
  5. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    I mean I think Spyware Terminator has protection for things like startup, IE addons, services, etc.

    But the smart behavioural blockers don't really say what they block specifically.

    So is there any big difference in protectiono_O?
     
  6. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    The ST HIPS is similar to the Winpatrol one.
     
Loading...
Thread Status:
Not open for further replies.