Hips or Behaviour blockers?

which one will be a better choice to block malware a chatty hips or high level Behabiour blocker?if i decided to use an antivirus again which one will you choose and why?thanks in advance for the advise

 

Re: Hips or Behabiour blockers?

id say a HIP's but havnt really used a BB.

 

Re: Hips or Behabiour blockers?

i see do you think that a BB with high level of security will give as much pop ups as a hips?

 

Re: Hips or Behabiour blockers?

hmm i wouldnt think tho im not really sure tho. i dont like TF interface never really used it.

 

Re: Hips or Behabiour blockers?

did you ever compare mamutu in paranoid mode and a hips program?

 

Re: Hips or Behabiour blockers?

I did with one of the first releases. Some Proof Of Concepts cheat because they sign the executable or associate the PoC with their trusted vendor state. Often this will surpress a pop-up in normal mode, while most (classical) HIPS will throw a pop-up.

In early Mamutu there was some noticeable difference between Intelligent False Positive reduction and Paranoid. I have the impression that the increased maturity of false poistive filters these settings have less differences nowadays.

Regards Kees

 

Re: Hips or Behabiour blockers?

thanks kees for explanation

 

Re: Hips or Behabiour blockers?

i have mamutu and in paranoid mode it feels like a real hips program even when attempted to run malware the pop up information is more clear and informative than the one from a hips program and this is my own opinion

 

Re: Hips or Behabiour blockers?

id go with a BB

 

Re: Hips or Behabiour blockers?

firzen can you please give a litle sermon please

 

Re: Hips or Behabiour blockers?

I vote for a classical HIPS.

Man > machine

I want to know exactly what's going on, what's installing what, what's modifying what. If it's a program i trust and i can't be bothered with popups, i put it on learning mode to avoid all popups, if it's a new program, I keep the paranoid settings. I prefer to wait 15sec more than a user without a HIPS while knowing what a new program is modifying/doing, be it a malware or not.

 

Re: Hips or Behabiour blockers?

It depends on which HIPS or Behavior Blocker you're looking at.

Most behavior blockers work more like a light HIPS, though it is possible to increase the number of alerts, pretty much making them work like a HIPS. I won't be referring any, since this thread does not talk about it.

But, there's at least one, which I consider to be a pure behavior blocker, which will check what the processes are doing against a database of known behaviors.

If a piece of malware exists and does xyz steps to achive its goals, but such behavior has not been noticed before, the user won't be alerted. After all, that's what a behavior is, a pattern.

If a piece of malware exists and does abc steps to achieve its goals, and if such abc steps have already been noticed on other pieces of malware, then it will block or alert the user according to preferences.

This is the sort of behavior blocker I prefer.

 

Re: Hips or Behabiour blockers?

jmonge.
You using a good BB right now. I'd stick with mamutu. Of couse you can really be redundant and add OA with Emsisoft AM.

 

Re: Hips or Behabiour blockers?

ooh. this one is threatfire :>

 

Re: Hips or Behabiour blockers?

Actually, no. Nice try, though.

For what I can remember of that specifically tool, upon installation it would be set in level 3, which is the default level. Not to many alerts. It would act like a light HIPS. But, if set to superior levels, then it would act nearly has a HIPS.

But, there's been a long time since I've last checked it out. Maybe 2 years, so I wouldn't know how it works now. If it works as you say, by detecting known bad behaviors and alert the user for malware, then it was a great improvement for those who would have no idea how to answer to all alerts.

 

Re: Hips or Behabiour blockers?

Both. After learning mode, use a non chatty hips (I use OP FW pro) and a high level behaviour blocker, I have (Nod32 4.2.40 64 bit version.)

A new HIPS may be chatty at first but should learn as you reply to it's prompts.

 

Re: Hips or Behabiour blockers?

Both are same.Only difference is A host intrusion prevention system monitors each activity a program attempts and prompts the user for action.But Behavior blockers monitor the whole program behavior. When a collection of behaviors tips the scale, the behavior blocker will alert the user or take action.

For example Mamutu is a good BB with HIPS .

 

Re: Hips or Behabiour blockers?

Comodo BOCLEAN?

 

Re: Hips or Behabiour blockers?

So HIPS is a user driven setting and BB a community driven setting?
i remember a slider in mamutu with gives the option in % when bad/good.
with malware defender i can allow/deny certain actions.
some HIPS like online armor have both - decision by OASIS2 or user driven.
i would say it depends on users experience: less -> BB, more -> hips.

 

Re: Hips or Behabiour blockers?

wooo all this coments are very nice coments thanks now what do you guys think which one will fit better a hips+antivirus or BB+antivirus?

 

Re: Hips or Behabiour blockers?

A HIPS is always better than BB if its in the hands of a knowledgeable person.
so basically HIPS are not for me.

 

Re: Hips or Behabiour blockers?

but a BB in high security level will respond similar to hips programs so is a BB blocker smarter?

 

Re: Hips or Behabiour blockers?

Mamutu is kinda pop up-less after you set it (I mean after you have ran all your applications, it's almost unnoticeable)

 

Re: Hips or Behabiour blockers?

yes i noticed that NooB no pop ups now at all,only when installing stuff or bad behabiour

 

noob a link for you man
-http://www.youtube.com/watch?v=4RtqOBm6PA4&feature=related-