Discussion in 'other anti-malware software' started by PSDeveloper, Oct 28, 2006.
yes, now every thing back in normal .PC now in learning mode
This would be a good addition, and really is needed, (with an option to create rules from running process info?)
This would then require a way to protect certain windows applications from being terminated incorrectly. An over-ride to protect selected programs/processes regardless of user input, as suggested before.
At the moment,.. but dont get me started.
I do not have permission to broadcast details, but lets just say in the next few builds of PS we will be seeing very cool features that add to its value greatly in my opinion. Keep watching this thread, and the versions if you download it. When they are added to function you will be the first to know ! i have been racking my brains really hard for functions that will kick ass, and i know i have 1 up my sleeve the dev will work on he said ASAP.
Stay tuned, same place, same channel . . .
That sounds like a good approach.
The only other thing that springs to mind is whether it is possible to run a pre scan before installing. Probably a bit much at this stage but maybe in future versions.
Oh why not - show me the button and I will press it <g>
i think he can press his own buttons lol
A pre scan of what,.. running processes, start menu items, ?. You are thinking of OA or an AV or some other sort of anti-malware.
Would you expect/request this to be included in PG or SSM?
I think there is some confusion as to what a HIPS is in that individual, i forgot the name . . but i would 2nd that . . what kind of scan do you mean ?
Surely you can look at running processes. A lot will be known as legitimate, some maybe known as illegal or suspicious. You could look at the hooks installed. I think Icesword can do this though some do get by it.
All I am thinking of is some way for these programs to be installed safely for the non or lesser expert, and I accept that it is never going to be 100%. If it cannot be then ok.
It is for the program authors to give themselves a market advantage.
oh dear this will not work . . .this goes against everything HIPS stands for. No databases no updates of signatures. This is generic protection. + if you scan for paths and file names that will be futile because things can be chaned, different names / paths etc. This is no good, only an antivirus would do this, or a firewall to find networkable apps. not a HIPS.
Oh advantage is all about who dun it first . . so to speak, or who said im giong to do this first. we got some good ideas that are being worked on right now. new and or improved functions i have input about 2 ideas to the developer that hes developing on a ASAP time scale. so rest assured we will be doing everything to make ProSecurity one of the top HIPS out if not the best HIPS out. and dont forget the most important thing of all. Its not about who wins the race, its about who cares about protection adn offeres genuine protection. Medels dont make security . . Skill makes security on the developers part. We all put our 2 pence worth in and he will take the cream of the top and add it to PS to give outstanding protection. just watch the developement, i think you will be pleasently suprised in the next month or sooner . .
Does it really matter that you are going outside the definition of a HIPS program. Surely the target is to provide a program to help the user have a safe m/c. Stop thinking about semi experts and above. Look at Mr. Ordinary. He sees/hears about this program PS and installs it, but his m/c is already compromised. Going through the learning mode accepts all running processes. Later he finds out that his information has been leaking out. His uniformed opinion is that PS is a waste of time and tells his mates etc.
I see already that Neoava is running a pre scan - so not such a dumb idea.
ok let me expand on this.
a HIPS is a solid state program that does its job, an antivirus requires many people doing research and getting submissions of malware. In order to scan for malware you would have to create basically a whole new program for this, and a developement team to keep up on new things, then old instalations would not contain this new list. What you are suggesting is for a different kind of product. Do you expect a firewall to contain an antivirus, a HIPS, and antispam ? wow i really dont ever plan on having all my eggs in one basket . .
a HIPS is HIPS and it does what it does, if you want to check for malware then use an "Antimalware product" like antivirus or pest patrol or something. PS, SSM, PG,AH will never have this function unless they have lots and lots and lots of spare cash lying round and want to make signature based antimalware.
Any other opinions on this ?
You are totally missing the point I am trying to make and I really cannot be bothered to go on with this.
you made the point about scanning, and this is not a function of HIPS protection
Thanks for your comment. You are quite correct. When I went to Norton Help I found an automated trouble shooting proghram which found that a critical registry entry for Norton Live up date was missing and it even assisted me in installing same. All is now back to normal.
? what is this?
He must have, somehow, posted in the wrong forum.
lol i guess !
i searched for his name in this page and i dotn see it, but maybe i missed something, but in that case the boat left and i was not on the boat . . .
I'm not quite ready to measure effectiveness of a classical HIPS security program by a *Neoava yardstick.* Neoava is a very raw beta as yet, & totally without a track record in heavy usage or the commercial market.
A behavior blocker HIPS looks primarily at _behavior_. For its behavior to be observed, a process must be in (or initiating) an active state. Scans of non-running (inactive) processes must necessarily be done by use of signatures. An AV scans inactive processes by using signatures. So also do such programs as Prevx & OA -- their signatures are different from those of an AV, perhaps, but they are a form of signatures nonetheless.
ProSecurity is not signature-based. That's why it interests me (I have plenty good sig-based security programs already.) I hope it stays that way.
i think its safe to say it will stay this way. I have close contact with the developer, and we got some really good stuff coming up, some will be in the next release, some will take some time, but its going to be a hell of a journey . . Stay tuned !
i was on the other forum side about prosecurity,i want to know if my friend is corect when he tels me that prosecurity is best to use than all other most program for computer security with hips? what do you know about this thank you here
i am not quite sure i understand by other side, but let me just say that if you are looking for a HIPS program, that in my opinion you should at least take a look at PS, because all you have to do is install it, then reboot and then load all your programs up one at a time, do everything you wouldnormally do on the pc, and if you are a beginner you should do this for a few days to make sure you covered everything. Then once you are happy, you should load up the configuration screen of the PS program, then untick "Learn mode" and then you are set
from now you can pay attention to the popups you get and it will give you a chance to stop bad thigs, but you have to really gain more knowledge in order to tell between system and normal process's and malware sorts. THis will be upto you mainly, but if you are looking for a HIPS then as i say, i suggst this
I have been using PS for the 2 days and am very impressed.
I seems to pass all the tests I can through at it. I have not finished testing yet.
It does seem to use 100% CPU useage when exporting rules.
That is really my own complaint, other then that it is top notch HIPS software.