Silent death of a behaviour blockers!

there was a time, not long ago, when we saw some very nice behav blockers emerging,

Cyberhawk, threatfire
Mamutu
PRSC, AVG Ident protection
Behav blocker component of some anti malware products.

I once expected this breed of software to evolve more and more but sadly i don't see like this. they seem to become stagnant. What do you think about this? Thanks

 

With the exception of My Tutu (Mamutu), I see the same sad scenario.

It is especially dismal that Symantec evidently has left Threatfire to rot on the PCTool's tree of abandoned mediocrity. With the flexibility offered by TF's Advanced Rules option, it was really very powerful in the hands of users such as you & Kees.

My Tutu (Mamutu) seems to still be getting updated (I think). I had a Tutu license that expired recently & might buy one again if the promised special*** ever materializes.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

***I am getting gun-shy about buying any software at full retail. I bought Puran just days before it became a freebie. I bought a lifetime license for Malware Defender, & it too became a freebie. I bought a Shadow Defender license & its proponent seemingly has relocated to another galaxy. My other license deals included soon-expired apps such as ProSecurity & SSM. Not to mention apps such as OA & Avira that I bought just a week or so before they went on sale at pennies on the dollar.

My current motto -- "never never NEVER pay retail for software!"

 

I think it is because people who aren't really that interested in security just want something that is transparent and hassle free. The work done to vista/7 with UAC and finally getting the nerve to attempt a LUA environment is evidence of this.

Further, average joes searching for something easier than a tool that needs all the rules to work properly (not to mention maintain new rules for new situations) may have stumbled upon threads like Tlu's one regarding LUA and SuRun.

I believe you have the seperation of geek/enthusiast vs. non-interested average user. As more average users tire of firewalls and hips type applicances because either things don't work properly or they still get infected, the allure of UAC kicks in more and more. M$ touting more security helps. Chrome and other sandbox technologies help. People finally getting the drift they should not just click anything that moves helps. And the more of this that happens, the less need there is for a program like Threatfire with all of its rules that need to be set.

Will it shrink to only a handful of players? I think it will if more of the same UAC and sandboxing continues as it has up till now. I think it will be geeks play toys and marketed as such personally.

Sul.

 

That is what I have repeatedly stated in all my threads and posts with absolute conviction, but I do not remember any supporting responses.

Well, each to his own. If all you get for coughing up your hard earned bucks is just a marginal and doubtful extra benefit, where the main basic commodity is the same - Why pay for something you can get for free ?

A streetwise fact of life that I learnt when I was a very young tear-away.

John B

 

Hi guys,
Behavior blocking is not dieing, just being absorbed and adopted "under-the-hood". While I wouldn't presume to know the motivations of Symantec, they have a long history of buying technology and incorporating it into their product lines in one form or another and their acquisition of PCTools in my eyes is no different than their acquisitions of other companies in the past with required expertise, services, or technology; they have simply gotten better in recent years with their ability to integrate the technologies so the changes are less evident.

The day where a single type of approach to security having any real effectiveness (if it ever did) is over - mergers and acquisitions are simply the outward manifestation of this fact...

Mike

 

Yeah Threat Fire was my favorite behavior blocker, it would have been better if Symantec sold off Threat Fire instead of letting it die

 

It's just the evolution of a product. I think these products are developed to eventually be purchased by some larger company. That's what happened with Threatfire, formerly Cyberhawk. Maybe the evolution of the products are to go from being completely user input oriented all the way to the product making its own decisions?

 

Making its own decisions will still cause a lot of problems. Think of all the system tools out there that, even with the best programs, get treated like rootkits and other malware. They either get auto-blocked or we fall back to the same insecure scenarios of users facing a bunch of tech jargon infested pop-ups and just click away to get rid of the things. I don't see true behavior blockers ever becoming popular for those reasons. They indeed are geek toys, and 99% of the home computing population are not geeks in any sense of the word.

 

Very well put into the huge practical envelope of ordinary Global users and firmly sealed.

John B

 

I'm not disagreeing with you- but many behavior blockers are incorporated into mainstream security suites- albeit with far fewer alerts.

 

I can see Isolation and sandboxing programs taking over.

 

But will the average Joe take to those or even understand their use?

 

I agree. As BB is a kind of blacklisting, it is a natural fit with AV. As an example, Panda Cloud Antivirus now has both behavioural blocking and behavioural analysis in the Pro version. It seems to me increasingly likely that BB will be incorporated as an extension to existing AV programs, rather than being sold separately.

 

I think that is the beauty of sandboxing/isolation.. the user only need know how to get thier data from within the sandbox back to the real system. They don't really need to know how or why it works, only that it does. Its a lot easier to say "recover my files" than to make a dozen different rules or try to answer a prompt to create a new rule when you don't have any idea what it is telling your or what you are supposed to answer with.

Sul.

 

Amen.

 

i still prefer the pop up alert as i want to be inform on what is going on my system

 

I would too if I was wanting to know. Like I said, I think programs that require so much user interaction to set the right course (such as popups from hips/firewall/etc) are on the decline with the masses. You and I, at least when we want to know, appreciate the little info-mercial pop-ups that we are given. But I don't think the masses ever have like it and never will.

UAC, in its simplistic glory, is about all the masses want or can handle. They have two choises, yes or no. Perfect for them lol.

Sul.

 

yes and no pop up is indeed easy

 

Why would they want to know? Home systems were meant to email your family and friends, explore the world and talk to people you may never see in person, share pictures and videos, and, of course, get some work done. Users were never meant to break out in a sweat wondering if a HIPs alert was saying something was really going wrong or was just being its normal, chatty, ridiculous self (99% of the time that's the case, so it's no wonder people get used to clicking "allow"). Trust me, I nor most anyone else bought a computer just to start digging down into the OS so we could understand what the heck our security programs, which we also never planned to have to load up on, were talking about.

At least programs like Sandboxie, ShadowDefender and such let us retain a pretty much normal relationship with our systems.

 

dave is correct i had expirienced this with DefenseWall saving my bacon alot by default

 

Even Defensewall, back when I had a 32 bit system was too noisy for me, lol. That tells you how little I want to screw with security and just enjoy my computing life.

 

Dave DW is very silent man i see you dont like pop ups at all

 

Not a one, I even get mad when that nice sounding lady from Avast pops up to tell me my virus database has been updated. I forgive her though

 

when i used avast long time ago the voice was from a man now a lady

 

I remember him, I hated him even more, lol.