Hips or Behaviour blockers?

Discussion in 'other anti-malware software' started by jmonge, May 11, 2010.

Thread Status:
Not open for further replies.
  1. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    which one will be a better choice to block malware a chatty hips or high level Behabiour blocker?if i decided to use an antivirus again which one will you choose and why?thanks in advance for the advise:thumb:
     
  2. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    Re: Hips or Behabiour blockers?

    id say a HIP's but havnt really used a BB.
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Re: Hips or Behabiour blockers?

    i see do you think that a BB with high level of security will give as much pop ups as a hips?
     
  4. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    Re: Hips or Behabiour blockers?


    hmm i wouldnt think tho im not really sure tho. i dont like TF interface never really used it.
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Re: Hips or Behabiour blockers?

    did you ever compare mamutu in paranoid mode and a hips program?
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: Hips or Behabiour blockers?

    I did with one of the first releases. Some Proof Of Concepts cheat because they sign the executable or associate the PoC with their trusted vendor state. Often this will surpress a pop-up in normal mode, while most (classical) HIPS will throw a pop-up.

    In early Mamutu there was some noticeable difference between Intelligent False Positive reduction and Paranoid. I have the impression that the increased maturity of false poistive filters these settings have less differences nowadays.

    Regards Kees
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Re: Hips or Behabiour blockers?

    thanks kees for explanation:)
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Re: Hips or Behabiour blockers?

    i have mamutu and in paranoid mode it feels like a real hips program even when attempted to run malware the pop up information is more clear and informative than the one from a hips program and this is my own opinion:)
     
  9. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    Re: Hips or Behabiour blockers?

    id go with a BB
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Re: Hips or Behabiour blockers?

    firzen can you please give a litle sermon please:D
     
  11. Gen

    Gen Registered Member

    Joined:
    Jan 9, 2007
    Posts:
    73
    Re: Hips or Behabiour blockers?

    I vote for a classical HIPS.

    Man > machine

    I want to know exactly what's going on, what's installing what, what's modifying what. If it's a program i trust and i can't be bothered with popups, i put it on learning mode to avoid all popups, if it's a new program, I keep the paranoid settings. I prefer to wait 15sec more than a user without a HIPS while knowing what a new program is modifying/doing, be it a malware or not.
     
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Re: Hips or Behabiour blockers?

    It depends on which HIPS or Behavior Blocker you're looking at.

    Most behavior blockers work more like a light HIPS, though it is possible to increase the number of alerts, pretty much making them work like a HIPS. I won't be referring any, since this thread does not talk about it.

    But, there's at least one, which I consider to be a pure behavior blocker, which will check what the processes are doing against a database of known behaviors.

    If a piece of malware exists and does xyz steps to achive its goals, but such behavior has not been noticed before, the user won't be alerted. After all, that's what a behavior is, a pattern.

    If a piece of malware exists and does abc steps to achieve its goals, and if such abc steps have already been noticed on other pieces of malware, then it will block or alert the user according to preferences.

    This is the sort of behavior blocker I prefer.
     
  13. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Re: Hips or Behabiour blockers?

    jmonge.
    You using a good BB right now. I'd stick with mamutu. Of couse you can really be redundant and add OA with Emsisoft AM.
     
  14. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Re: Hips or Behabiour blockers?

    ooh. this one is threatfire :>
     
  15. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Re: Hips or Behabiour blockers?

    Actually, no. Nice try, though. :D

    For what I can remember of that specifically tool, upon installation it would be set in level 3, which is the default level. Not to many alerts. It would act like a light HIPS. But, if set to superior levels, then it would act nearly has a HIPS.

    But, there's been a long time since I've last checked it out. Maybe 2 years, so I wouldn't know how it works now. If it works as you say, by detecting known bad behaviors and alert the user for malware, then it was a great improvement for those who would have no idea how to answer to all alerts.
     
  16. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: Hips or Behabiour blockers?

    Both. After learning mode, use a non chatty hips (I use OP FW pro) and a high level behaviour blocker, I have (Nod32 4.2.40 64 bit version.)

    A new HIPS may be chatty at first but should learn as you reply to it's prompts.
     
  17. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    Re: Hips or Behabiour blockers?

    Both are same.Only difference is A host intrusion prevention system monitors each activity a program attempts and prompts the user for action.But Behavior blockers monitor the whole program behavior. When a collection of behaviors tips the scale, the behavior blocker will alert the user or take action.

    For example Mamutu is a good BB with HIPS;) .
     
  18. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Re: Hips or Behabiour blockers?

    Comodo BOCLEAN?
     
  19. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    Re: Hips or Behabiour blockers?

    So HIPS is a user driven setting and BB a community driven setting?
    i remember a slider in mamutu with gives the option in % when bad/good.
    with malware defender i can allow/deny certain actions.
    some HIPS like online armor have both - decision by OASIS2 or user driven.
    i would say it depends on users experience: less -> BB, more -> hips.
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Re: Hips or Behabiour blockers?

    wooo all this coments are very nice coments:D thanks:) now what do you guys think which one will fit better a hips+antivirus or BB+antivirus?:)
     
  21. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Re: Hips or Behabiour blockers?

    A HIPS is always better than BB if its in the hands of a knowledgeable person.
    so basically HIPS are not for me. :)
     
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Re: Hips or Behabiour blockers?

    but a BB in high security level will respond similar to hips programs:D so is a BB blocker smarter?
     
  23. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Re: Hips or Behabiour blockers?

    Mamutu is kinda pop up-less after you set it (I mean after you have ran all your applications, it's almost unnoticeable)
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Re: Hips or Behabiour blockers?

    yes i noticed that NooB no pop ups now at all,only when installing stuff:D or bad behabiour:)
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    noob a link for you man:)
    -http://www.youtube.com/watch?v=4RtqOBm6PA4&feature=related-
     
    Last edited by a moderator: May 11, 2010
Loading...
Thread Status:
Not open for further replies.