HIPS Test by Anti-Malware.ru

Discussion in 'other anti-malware software' started by subset, May 3, 2009.

Thread Status:
Not open for further replies.
  1. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Anti-Malware.ru have tested the HIPS modules of a few popular AVs and Firewalls against "Ring 0" Malware.

    Link to the test (Google translation)
    http://translate.google.com/transla...ru/hips_test_ring0&sl=ru&tl=en&hl=en&ie=UTF-8

    Agnitum Outpost Security Suite 6.5.3 (2518.381.0686)
    Comodo Internet Security 3.8.65951.477
    Jetico Personal Firewall 2.0.2.8.2327
    Kaspersky Internet Security 8.0.0.506
    Online Armor Personal Firewall Premium 3.0.0.190
    PC Tools Firewall Plus 5.0.0.38

    HIPSAMTest.png

    BTW this test is about three weeks old, but I couldn't find anything about it here.

    Cheers
     
  2. Cloud_Shadow

    Cloud_Shadow Registered Member

    Joined:
    Mar 29, 2009
    Posts:
    46
    Excellent performance by comodo and OA, if they had tried the latest beta of comodo, i dont think there would have been many alerts. Kaspersky, also did very well, quite strange, i thought their HIPS was weak.
     
  3. vizhip

    vizhip Registered Member

    Joined:
    May 2, 2009
    Posts:
    83
    It doesn't look like they used the latest versions of the various firewalls, so am curious where they got the versions they used...

    Regards -
    -Bob
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Results seem reasonable though I did not expect CFP to be the top while OA was expected.
     
  5. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139

    Attached Files:

    • dd.JPG
      dd.JPG
      File size:
      39.7 KB
      Views:
      1,653
  6. Cloud_Shadow

    Cloud_Shadow Registered Member

    Joined:
    Mar 29, 2009
    Posts:
    46
    Is OA's HIPS really that good? Comodo's performance was expected, not many things can breach it, but is OA HIPS just like D+?
     
  7. Cloud_Shadow

    Cloud_Shadow Registered Member

    Joined:
    Mar 29, 2009
    Posts:
    46
  8. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Yes I do believe OA's HIPS is that good, it does seem to pass quite a few tests.
     
  9. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,741
    Location:
    New York City
  10. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    OA was a HIPS before we added the firewall. Our firewall is only a year or so old.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Sure. It has less granular control but still has strong protection.
     
  12. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Have you played with it in Advanced Mode aigle?
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hmmm.... really I am not sure as i have not installed it for quite long. I will load it again just to see. Advanced mode is there in free version as well I think?

    BTW I mean to say that OA lacks full file protection and registry protection like other HIPS ( CFP, MD, etc). Am I wrong?

    Practically speaking I don,t think that it,s a big weakness. Infact basic mode is more than enough n easyt to use with less pop ups. It,s just a matter choic, more pop ups v less pop ups.
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Tottally agree.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I am referring to advanced mode of HIPS, not the FW.
     
  16. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    There is a comment at the Anti-Malware.ru site, which says that they had to exclude F-Secure and Norton from this test because their built-in HIPS does not work separately from the anti-virus module.

    That seems to be comprehensible for F-Secure and Deepguard.

    But why NIS?
    You can exclude a file or folder from Autoprotect, but Sonar and Advanced Events Monitoring is still active. o_O

    Cheers
     
  17. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    That's a very interesting question,I thought it used the most up to date engines,but that would tend to say different.
     
  18. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Yes, we dont have these things directly surfaced for users to tweak and adjust, though of course we do have some specific monitoring of registry inside the app.
     
  19. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    No, not in free

    Depends how you define FULL,

    Full as in a pop-up will be thrown when a process wants to overwrites a driver, full as in a pop-up will be shown when an autostart entry of the registry is changed, then YES.

    Full as in user cofigurable regsitry keys, files/folder protection than NO

    Regards Kees
     
  20. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Would have been nice if they had tested ZoneAlarm too. Just to see if the grand old man of personal firewalls is still able to keep up with the new kids on the block.
     
  21. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    The guy who carried out this test works for Check Point, so he decided to exclude ZA from the test.

    Cheers
     
  22. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    I hope he did that to prevent a clash of interests. So if the tester works for Check Point, then he would have atleast pointed the results in the right direction. Thats reassuring.
     
  23. _kronos_

    _kronos_ Registered Member

    Joined:
    Dec 8, 2008
    Posts:
    126
    It would be interesting to show what computer areas OA (free or paid) proposes to control ...


    for example what I don't like:
    - impossibility to set registry keys to monitor
    - impossibility to set general areas to monitor (enable/disable the control against some attack: direct access disk attack, install Hook ecc)
    - popups are confusing and long too imho, when you finished to read all the description, tha appl is already crashed :doubt:
    - firewall filtering is not granular, maybe in the paid version the situation is different (the same is for the hips module, you can only answer Allow/Block/Run Safer/Remember my answer, with no possibility to use predefined policies for known applications, that would allow to use each application rights, that otherwise are not simple to reach/modify...

    This IMO...


    but maybe these considerations are in conflict with Your line of thought:)

    Regards
     
    Last edited by a moderator: May 5, 2009
  24. Gaeko

    Gaeko Guest

    Interesting. :)
    Way to go OA and Comodo. :cool:
     
Loading...
Thread Status:
Not open for further replies.