Hips behavior blocking technology

Discussion in 'other anti-malware software' started by starfish_001, Dec 17, 2007.

Thread Status:
Not open for further replies.
  1. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    Expert based behavior blockers include:
    Cyberhawk/ThreatFire, Norton Antibot/Primary Response SafeConnect, Prevx and Safe n Sec.

    Until recently I have used Prevx (for a the last 12 or so months). Prevx has been pretty good .... but is quite heavy on the system. I like the community db white/black listing ..... but the standard hips component is ok rather than great.


    Threatfire on the otherhand is very light but my sense is that protection is not as full and the db operates in a different way..... rather than white/black listing. So I guess threatfire is better at real-time behavioral analysis.


    I have tried them both ... they are difficult to test because of the way they treat test tools.

    Which offers the best complement to KAV/ Outpost? What do you think of the way the community db?
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    I have not used PrevX2, so I can not really say which is best. CB was a little better than PrevX1 in a very old test (CB missed 1 sample, PrevX1 4).

    I have TF with sensitivity level on 4 running with no extra pop-ups. I think community DB enable suppliers to quickly react to zero day malware, so I always join.

    Regards Kees
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I can't use any of these behavior blockers. I think my frozen snapshot is responsible for this.
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,

    Those listed by OP are good apps IMHO. How to choose them is a catch22 situation. Since it is very difficult to measure the relative strength of each candidate, I thought the foremost criteria is the product compatibility; to test each one of them and to see which one your system is willing to take it in.

    I have tested them. And have since taken in Prevx2,PRSC.

    Recent version(few days ago) of TF has frozen system during boot up (surprising enough, they still can not reproduce the same);while SafeN sac causes BSOD( driver conflict).

    Generally speaking, an excellent app is not meant for everyone. You need to test it in a short-sleeve-style; taking reviewers' view only as a guide. after all, it is your system that has faced these apps days in and days out. When you want to cry over system failure, no one's shoulder will be kindly lent to you.

    Take care.
     
  5. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Why not use the PDM of KAV? Its a behavior blocker.

    If its too noisy for you, Id consider Threatfire.
     
  6. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi

    Another alternative : a classical HIPS with a communauty database for trusted/untrusted progs like Online Armor

    Regards,

    MaB
     
  7. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041

    Erik your frozen snapshot is getting very boring .... now
     
  8. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041

    Indeed catch 22 how to decide at the moment I have a new main build and a test snapshot. THe test archive has

    FD ISR
    REturnil Beta
    Outpost
    KAV - PD off
    Defensewall
    Prosecurity
    Prevx
    and Threatfire

    Rather surprising the performance is fine .... compatability at this point is not much of a problem. I just don't need them all
     
  9. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041

    I like a white/Black list, a sandbox , and some sort of behavior analysis.... PDM is a compromise

    PDM is not as good as Prosecurity or Threatfire in my opinion. Noise is not something that bothers me too much.


    I like prosecurity but .... alerts are no problem giving the answer right can be an issue ....my knowledge is not limitless..... Judgement is what I need some help with ....
     
  10. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    Thanks like many here I have beta tested OA at various points. I prefer playing with it to using it full time. Although given what I said above it should be ideal.

    However I prefer outpost as a firewall and PS as a hips, defensewall as the sandbox
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Adding my 3 cents worth to discussion will bring to attention EQSecure. It's the one i rely on daily and simply will not part from. It does more than enough to interrupt intrusions/scripts/files etc. and it's limitations are not a serious risk whatsoever so long as you employ some assistance from other security fallback protections.

    Thats my choice, and it's proven itself well enough to earn my complete confidence.
     
  12. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041

    Thanks .... I have never tried this. From the review below it offers nothing that PS can't do at least as well

    https://www.wilderssecurity.com/showthread.php?t=170691


    I'm more interested in the behavior/community based products for the purpose of this thread
     
Loading...
Thread Status:
Not open for further replies.