List of Behaviour Blockers

Discussion in 'other anti-malware software' started by Vikorr, May 24, 2010.

Thread Status:
Not open for further replies.
  1. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    I was just thinking that it would be nice to have a complete list of behaviour blockers out there - antimalware's whose primary source of detection is through behavioural analysis :

    Prevx 3
    Threatfire
    Safe-n-Sec (I think it still exists)
    Vipre (I think this is mostly a behavioural analysis program?)


    What was the French AV that was basically a behaviour blocker?

    Any others you know of?
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Mamutu:)
     
  3. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    DefenceWall
    Malware Defender
    PE Guard
    Spyware Terminator
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    All HIPS use some degree of behavioral analysis. Classic HIPS cover a very broad spectrum of behaviors. They offer a very high number of configuration options, & can be very complex to configure optimally. Classic HIPS generally function by alerting the user to each & every suspicious behavior, then leaving it up to the user to allow or deny that behavior.

    Behavior Blockers (BB) usually cover a narrower spectrum of behaviors & are less configurable than Classic HIPS. Therefore, configuring a BB is much easier to "get right" than is the case with Classic HIPS.

    When a BB encounters suspicious behavior, it may in SOME cases ask the user for a decision but, more often, the BB will make the "decision" on its own and quarantine the offending process without first consulting the user. A BB exercises a bit of decision-making ability to do this -- much more than a classic HIPS does. Therefore, compared with a Classic HIPS, a BB is generally easier to understand (and thus use appropriately), and it doesn't generate as many pop-ups.

    Saf'n'Secure is a classical HIPS -- much broader spectrum coverage than a BB.

    Threatfire & Mamutu are the only "pure" BBs that I know of at the moment.

    Prevx is not a "pure BB" because it has several other capabilities over & above its BB capability.

    Kaspersky (KIS) has a BB component, as do Avira and Twister.

    Perhaps you have reference to Viguard? Try HERE if you read French. You can actually still download Viguard from HERE (maybe). They called Viguard "Intrusion Protection" in those days of yore.
     
  5. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Hi Bellgamin
    Behaviour Blockers are a little vague in definition - so I clarified what I was after. From the definition I wrote, Prevx fit's in just fine.

    SG09, Defensewall is problematic - it's mainly a sandbox with blocking capabilities, but has some issues - sandboxes interfere with software requiring drivers, and defensewall doesn't tell you if software is good or bad. Of course it's fine if you wish to put up with those restrictions, but it's not the sort of software I mean :)

    I realise that AV's are moving more and more to incorporating behavioural analysis engines (rather than just code analysis) and personally I think AV's need to be completely rewritten to do behavioural analysis first, and code analysis/signature detection second. But I'm also interested in pure behavioural analysis engines.

    Thanks for the responses. Others responses are welcome too.
     
    Last edited: May 24, 2010
  6. baerzake

    baerzake Registered Member

    Joined:
    Aug 18, 2007
    Posts:
    44
    pure BB:threatfire, AVG identity prevtion.,mamutu.
     
  7. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai

    The non working component proActive module;)
     
  8. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Yes a BB in name only right now :p
     
  9. ALiasEX

    ALiasEX Registered Member

    Joined:
    Mar 30, 2010
    Posts:
    240
    Norton's biggest asset these days is SONAR.
     
  10. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    And Panda has some of their BB in the cloud via the TruPrevent Technologies.
    But I also think Panda has some local BB inside the client software as well.
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    DW is a Policy-Based HIPS. It treats threatgates as untrusted. It sets policies so as to isolate untrusted apps from doing damage to trusted areas. The isolation of untrusted is somewhat analogous to a sandbox but that is not the defining aspect of DW.

    P.S. EVERYONE needs HIPS. Otherwise, your pants will fall down.
     
  12. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    i just find software that go by a policy and classical HIPS to be too much of a nuisance to be worth the reward (or lack there of). im perfectly capable of keeping my system safe even as a relatively risky surfer through my own measures without having to constantly trust something or answer 3 billion popups, even as good as a whitelist gets, thers always gunna be new software, or in my case its especially problematic when im installing new drivers (such as my graphics drivers) when im getting bombarded with popups.

    its honestly for ME, not worth it to run either a classical HIPS or policy based one, a sandbox like sandboxie is fine cuz i can run it for the programs i want, when i want as is a behavior blocker that limits its alerts to a reasonable amount and provides plenty enough for what i require.

    of course, different people have different needs and somebody with diff habits may require other products, but i just dont feel those types of products are useful, im using my computer for things other than constantly allowing new things. and then when u need to troubleshoot why a program isnt working its almost always because of one of those types of programs blocking it then working around it creates even more hassel.
     
  13. anothermack

    anothermack Registered Member

    Joined:
    Jul 28, 2009
    Posts:
    9
    Hello Bellgamin,

    does Tinywatcher run on 7 64bit?

    brgds
    mack
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Defense Wall is 99.999% install-it-&-forget-it. You need not do anything to DW's default settings & you still will have PDG protection.

    Pop-ups are rare. VERY rare.
    ~~~~~~~~~~~~~~~~~~~~~~

    Hola Mack,
    I runneth not Win7 with 64-bit or any-other-bit.

    2-bits 4-bits 6-bits a dollar
    All XP fans stand up & holler!!!
    :D :cool: :thumb:

    Ergo I cannot answer your question. Why not give it a try? (You do use imaging software, right?)
     
  15. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    i know that defensewall has few popups, its the automatic untrusted status that it gives anything that isnt whitelisted that creates the pain for me, its one extra step in anything im trying to do that i really dont need.
     
  16. anothermack

    anothermack Registered Member

    Joined:
    Jul 28, 2009
    Posts:
    9
    I see Bellgamin,

    might try it then. On the imaging I assume you refer to Tinyw only being able to indicate changes but not prevent, as indicated on Tinyw website..

    I don't but take backups. And re-install in worst case (90mins approx, including install of most programs and). Haven't investigated imaging software...

    brgds
    mack
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    You are correct.

    Additionally, it is usually prudent to make an image BEFORE trialing software (the best uninstaller is a restored pre-install image).
     
  18. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  19. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    AVG Identity Protection
     
  20. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Bellgamin, these are quotes from Defensewall's website

    "DefenseWall wins when your anti-virus fails. Isolate good from evil!

    DefenseWall Personal Firewall - the world's first sandboxing-style personal firewall solution

    DefenseWall HIPS (Host-based Intrusion Prevention System) is based on a sandboxing approach that uses rights restrictions and partial virtualization


    Also, if you had taken my post in context, you would see that your reply misses the mark of the intention of post you replied to. The type of software I was interested in was antimalware's whose primary source of detection is through behavioural analysis : , hence Defensewall is problematic to this definition
     
    Last edited: May 31, 2010
  21. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Okay Vik, you are right. I misconstrued your purpose.

    Also, I was talking about DW's HIPS component, not its FW. I always made it a point to remove DW's FW whenever I tested the recent betas, so I have zero experience with the FW.
     
  22. simisg

    simisg Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    410
    Location:
    Greece
    panda cloud has behavior analysis TruPrevent
     
  23. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Yeah, but I find Panda Cloud a bit bloated. The GUI is non-responsive and slow.
     
  24. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I can image when right click run as admin is to much for you (=> turn off UAC), same applies for DefenseWall, right click run as trusted (is problably also to much trouble also, allthough DW does not asks for consent when you have no password protected DW setup :D )
     
  25. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    yep :D its all the little inconveniences that bother me more than the big ones, i hate small repetitive tasks that i wuld need to do often. thats why my UAC is and always has been Off L=:D
     
Thread Status:
Not open for further replies.