Difference in Protection?

Hi

I was wondering is there a significant difference in protection between HIPS in signature scanners (like CounterSpy's realtime, Spyware Terminator's real-time), simple HIPS like WinPatrol and full behavioural blockers like ThreatFire, Mamuto?

Thanks

 

Essentially there are two kinds of software. Classical behavior blockers that try to cover every base. They throw up lots of pop ups and really depend on the user's knowledge in determining if a behavior blocker is malicious. Example of this kind of software include D+ in the Comodo firewall, SSM.

The second kind is the 'smart' behavior blocker that monitor certain behaviors and have an algorithm to determine if something is malicious and will only flag behaviors that it determines to be malicious. Examples include Threatfire, Mamutu.

The 'HIPS' in signature scanners will be unique to the product. Counterspy's monitors a set of suspicious activities. If any of these occur, it will flag it. I'm not sure about Spyware Terminator.

 

Hi

Thanks for the quick reply.

I think Spyware Terminator's real-time is similar to WinPatrol.

What I meant was, is there a significant difference in the protection of something like Winpatrol and ThreatFire?

 

There haven't been any tests (or not that I know of so correct me if I'm wrong) comparing these two products. I can only talk about the design philosophy of the products and make a comparison on that.

To me, Winpatrol seems more like a diagnostic tool in the vein of autoruns etc with some additional behavior blocking features that look for changes at specific places. This is closer to classical behavior blocker.

TF is a smart behavior blocker. It was designed to recognize and block malware as a resident layer.

So it from a design perspective and in terms of resident malware blocker, it seems that TF would be more 'protective'. However the products have different purposes and this direct comparison isn't quite fair.

 

Hi

I mean I think Spyware Terminator has protection for things like startup, IE addons, services, etc.

But the smart behavioural blockers don't really say what they block specifically.

So is there any big difference in protection?

 

The ST HIPS is similar to the Winpatrol one.