IS with HIPS?

HIPS is not designed to be a "CURE" It's designed to prevent. So there for "Terminating processors" is not necessary if you stop the program from running in the first place.

The updated version of CPF3 is just a bugfix, It never claimed to have new technology. You might be referring to the AV.

Also Sabre, If you claim that D+ is missing something contact me via PM, If it by-passes I will send it to the developers.

Thanks,
Kyle.

 

And by doing that you get back all the good ol' noise D+ used to give.

It's very simple. D+ has zero rollback abilities, so it needs to stop EVERYTHING a virus can do if it wants to be effective. In other words, you need to create rules to watch for all those actions, which leads to noise, noise, noise. Useless.

D+ is one of those things that sound good on paper, and allow the developers to shift the blame from themselves to the users whenever their product fails to perform, but doesn't really do much good at all in real-world situations.

If I sound so disgruntled about Comodo it's partially because I was hoping they'd produce a viable alternative to avast! as a good free antivirus program. The hype left me quite curious as to how version 3 would perform. But in the end all Comodo did was maintain its usual underachieving standards with a pathetically substandard AV, and the same old useless D+ from the firewall.

 

Read/write protection offers the possibility to stop malware (e.g., worms) BEFORE/as it gets installed/downloaded. Also, OA AV+ lacks KAV's heuristics. Checking at execute is port of last resort because some malware can be very difficult to eliminate once it gets in (e.g. Virtumonde) -- requiring cleaning via assassin, safe mode, special cleaners etc. Better to cut it off at the pass, wot?

Some folks have decided to go bare-back (no AV at all). If that's the basis for your OT questions, please do a Wilders search on "naked" to find such threads as...

This
OR
That
OR
The other

...and (my favorite chick) Minnie Moore (i.e. many more).

For those on the fence about going naked, OA AV+ is an okay compromise. Instead of a stallion AV, OA gives you a gelding, but it's still a good ride.

IMO going naked (or using OA AV+ vice a full-scope AV) MIGHT be okay for those who consistently connect out via a virtualizer of some sort (such as Sandboxie, Defense Wall, GES Wall, etc) &/or who use boot-to-restore (such as Returnil, Deepfreeze, Shadow Defender, etc). An exceptionally lucid discussion of this sort of nudity is at THIS thread, involving some of the real savvy experts who hang out at Wilders.

Comodo has heard you! Check the threads at...

Hither
and
Thither

...it's a beta, but stick around!

 

1; CAV3 is in beta. Every anti virus starts off at 0% detection rate, Do you honestly think they can get 99% over night?

2; Defense+ is only one piece of the puzzle. That's why they are developing things like Disk shield, another program similar to Sandboxing, CAVS3, Website Scanning.. The list goes on, just check the boards.

3; You say that D+ does not work well in real life situations, Can you please provide me the info VIA pm of this Exploit or bypass. Sorry.. It's just that some people say D+ doesn't defend against "real life" yet they never have anything to back this up..


As I have said before, D+ is prevention, the AV is the detection, the "roll back" is the Cure.

 

Was CAV3 released yesterday? No. If it was, then you might be justified in feeling that I'm criticizing it unfairly for not growing up overnight, but it wasn't. It's been around for years, trying to explain away its ugly reputation with non-stop promises that "things will be better next version" – which has yet to happen.

It may be a beta, but to make it to the beta stage means that the developers feel that the core functions of the program are ready, and any bugs remaining should mostly be trivial. Which means unless there's some major bug preventing the program from functioning as the developers imagined it would, the beta has similar, if not identical, detection rates with the to-be-released final version

This thread is about the AV, not Comodo's other products. If we want to go there, there are other better alternatives to those half-baked products as well.

I think you're misunderstanding me. Just because D+ can pop up a dialog box at anything and everything doesn't mean it's useful in real-world situations. In fact, it's useless because of this behavior. Ever heard of the story of the boy who kept crying wolf?

Any HIPS-type program that intends to work for the general populace at large must integrate some sort of intelligent analysis module. Comodo needs to learn from how Kaspersky, PC Tools, Symantec etc. design their HIPS components, instead of being the last company left on Earth to insist that all users become computer experts is the way to go.

 

Hello, Let's try not to turn this into an argument.
I have to correct you here, CAVS3 has only been in beta for less than a week.

Kaspersky hips etc are to an extent intelligent and will make life alot easier, But the thing is that if it doesn't match the "Patterns" to what Kaspersky recognizes as "Bad" then it will be allowed to run. The way Defense+ works is by a whitelist, and everything unknown will get alerted to. In the future as this whitelist grows, there will of course be less pop-ups.

You keep referring to Defense+ as useless in the real world. Provide me with something to back this up please.

Edit:: You seem to be very nasty towards comodo.. Don't spit in the water, You may have to drink it later

 

Yes, but how long has CAV2 been around?

CAV3 was touted as a major improvement from CAV2 and the answer to all its problems. But you seem to imply that Comodo is starting back from square one and have learned nothing from CAV2's failures, and are hence repeating those same failures all over again. I certainly hope this is not what's happening here.

Also, I'm not arguing; I'm just saying that something that triggers on every action cannot be called a virus defense system at all. This useless concept is nothing but Matousec-style thinking, and I don't see why you'd need any proof to realize it as it should be blatantly obvious.

Or rather, do you have any settings that can make D+ as secure AND silent as, say, Kaspersky or PC Tools? Because you see, Kaspersky's intelligence doesn't just make life easier. It's not as trivial as that. It makes the product good for practical usage. It makes using the product NOT an exercise in futility and lets the user not have to cope with a barrage of popups, so much that you wouldn't know when there's a popup for real malware.

 

I keep telling you that D+ is prevention, Kaspersky is using detection. There is a difference.

CAVS2 never made it out of BETA. Melih was not happy at all with CAVS2 and created CAVS3 From the ground up. and yes there has been MAJOR improvements. the HIPS,FireWall,AV - Only use under 3mb of memory combined.

Send me a link VIA Pm to malware that by-passes D+.

D+ is actually very quite once you configure it.. If you did some reading you would understand that it can be very easy. Just click "Remember action" And that alert for that program will never alert you again, When installing a trusted application run in "Installation mode" you won't get 1 pop up. When using a trusted app such as a game you are 100% sure is safe, Run in training mode and switch back to safe mode once you have done this.

You will never get an alert again once it's in the computer security policy.


Let's please stick to the HIPS component as this is what the topic starter wanted.

 

You see, I don't care what it is. I don't really give a damn about the fancy-schmancy technical definitions that separate this from that. Leave that for the geeks and the engineers. I only care if it works, and if it works well. Maybe D+'s job is to throw up a whole bunch of irrelevant popups, I wouldn't know. Nor do I care. I want something that stops viruses with a minimum of fuss, that's it.

And when I say I want something that stops viruses, I want something that does exactly that, not something that leaves it to me to decide whether something is a virus. I honestly don't see the point in having something like that. If I install an antivirus, I expect it to stop viruses, not do nothing and leave all the work for me!

At the end of the day, the job of determining which program is safe and which isn't falls right back on me, even though I'm supposed to have an antivirus installed. In other words, you're trying to teach me how to do the antivirus program's job for it, and still not realizing that is exactly what's wrong with the program!

And the thing is, Comodo doesn't realize this either. It's still marketing this "feature" as some sort of revolutionary concept and ultimate weapon in the fight against malware. If only they invested the same amount of resources in R&D as they do on the marketing hype, perhaps I'd be a happy Comodo user today instead of being disappointed that avast! remains the sole viable free antivirus product on the market...

 

The reason that this is starting to become more needed in today's age is because that the list of malware is building and building, Malware files will end up out numbering the good files. Also to keep this huge database on your computer.. and it would have to slow the system down to an extent

Many companies are taking the same approach to whitelisting, I can list a few - Trend Micro, Kaspersky, Norton. And marketing? It's a free product. Lol

The reason why HIPS is good is because it prevents 0 day malware that aren't in your anti viruses detection list yet.


EDIT:: This is a HIPS thread. If you want to talk about Av's there are other threads for that.

 

Cool. Thanks!

 

No, it is an "IS with HIPS" thread. "IS" denotes "Internet Security" -- as in suite. That encompasses antivirus programs as well as HIPS.

I realize you are an advocate for Comodo, so I understand why you would prefer to direct the discussions away from antivirus components of suites, inasmuch as the AV component of Comodo's suite has a long ways to go before it moves out of second tier. I feel sure it will "get there" but it isn't there yet.

As to IS suites that NOW are effective in ALL components, I suggest OP trial Kaspersky IS, & Online Armor, & BitDefender (per Niels comment).

 

Trying KIS...
Online Armor is kind of expensive, although I know you get from what you pay.
OP Suite? What kind of AV engine does it have?

 

Yeah I understamd, Though I'm pretty sure the topic starter wanted to know about IS that had hips in them and how they work \ how effective they are, I didn't see that he was reffering to AV's though.

Yea I do like the mind set and the goals comodo has. I totally agree with you that the CAVS3 component of CIS lacks detection alot. It can not compete with most av's on the "Av-Comparatives" right now.

 

Outpost uses a modified version of VirusBuster engine. Not the best in-terms of detection. But still not bad.
They use their own in-house AS engine.

 

OA AV+ uses the Kaspersky engine & signatures. It scans only on excute, however.