Downadup/ Conficker worm versus HIPS

Discussion in 'other anti-malware software' started by aigle, Jan 19, 2009.

Thread Status:
Not open for further replies.
  1. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Nope, it's made by professionals.
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,527
    Location:
    U.S.A. (South)
    Then they have run completely out of ideas or else are bored because it's too easy to kill before it even makes it out of the gate with the most basic of security programs (hopefully).

    EASTER
     
  3. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    EASTER i share your opinion,especialy if u take into consideration that any vista machine is immune to it(yeah,except if you are smart enough^^ to give admin rights to and unknown program from your thumb drive)...Yet it was designed by professionals as Ilya said.Not everyone out there has sufficient knowledge to use H.I.P.S (unless its something like dw who's newest version should never give any pop up now :) too bad my trial is long over ).Hell most users will think "Shakira" when they hear of such tool name
    : D
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,885
    Location:
    Canada
    chris are you going to buy it?:)
     
  5. demonon

    demonon Guest

    Luckily one thing is sure; Hips don't lie, and H.I.P.S neither.
     
  6. tlu

    tlu Guest

    A very questionable assertion. There have been many examples of malware able to defeat several HIPS. A better, more reliable and user-friendly alternative (once implemented) is LUA + SRP.

    The logic of this combo is as simple as it could be: No execution => no infection. Period.
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,885
    Location:
    Canada
    no execution equal no infection equal no problem:D
     
  8. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    Actualy i have issues with my prepaid card(last one expired) otherwise i already would have.
    Back on track,a hips could also be configured so that it would as SRP does(deny execution of any file except for the location that SRP allows too(program files e.t.c) and at the same time avoid the spoofing extension vulnerability of SRP (could use wildcard so that it blocks execution of any file type).
     
  9. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I expect they've adopted a driftnet approach to infection,cast it wide enough and you'll catch sufficient victims,rather than the more difficult task of bypassing those with good security.
     
  10. demonon

    demonon Guest

    Well I am not talking whether malware can bypass certain HIPS, they just don't lie. However, LUA + SRP and preferably SuRun or something that can temporary elevate your rights is a good choice to go with.
     
  11. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    I don't know if it is entirely true, but LUA+SRP works great:

    https://www.wilderssecurity.com/showthread.php?t=233899
     
  12. Iam_me

    Iam_me Registered Member

    Joined:
    Feb 6, 2009
    Posts:
    89
    Just since I see in every thread that D+ fails against CONFLICKER bc of this testing I has the feeling I should share how the testing REALLY was preformed with CIS..

    It was not some "default mode".


    REFERENCE: https://forums.comodo.com/leak_test...efence_plus-t33410.0.html;msg240110#msg240110

    In proactive (at that time when this test was preformed CIS would pop more than 10 times and also report malware behaviour.
    I guess it catches this even better now thanks to all improvements to D+..
    But In my mind it did really good.. :thumb: :thumb:
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,527
    Location:
    U.S.A. (South)
    I agree with you andyman35

    Not to say theres no way to bypass a HIPS guarded autorun & RunDll as i have set in my EQS rules which seem impossible to jump, i believe as you they have fashioned it to penetrate open shares (which mine is closed (disabled), and any attempt to drive-by entry is also met with stiff deflections, so it's likely meant for wide open systems easy to flow right into servers and such and wreak it;s havoc.

    EASTER
     
  14. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    The thing is the folks that visit the likes of Wilders and actually care about preventive security are the overwhelming minority of pc users.Huge numbers still run unpatched systems with little or no security.Twice this last week alone I've dealt with shop-bought systems with long expired trial versions of Norton 2003,IE6,Adobe 5 etc,still running XP SP1 ,OS updates switched off.Both full of malware I should point out.o_O
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,089
    Location:
    Saudi Arabia/ Pakistan
    I just wanted an alert of this type infact. Clever way of interception by OA. :thumb:
     

    Attached Files:

    • cc.jpg
      cc.jpg
      File size:
      99.5 KB
      Views:
      28
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Does it comfort that I agree with you ;)
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,089
    Location:
    Saudi Arabia/ Pakistan
    Hmmm. sure it does. :D

    BTW not a big deal, i must say at the end.
     
Thread Status:
Not open for further replies.