Silent death of a behaviour blockers!

Discussion in 'other anti-malware software' started by aigle, Jul 28, 2010.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    there was a time, not long ago, when we saw some very nice behav blockers emerging,

    Cyberhawk, threatfire
    Mamutu
    PRSC, AVG Ident protection
    Behav blocker component of some anti malware products.

    I once expected this breed of software to evolve more and more but sadly i don't see like this. they seem to become stagnant. What do you think about this? Thanks
     
  2. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,647
    Location:
    Hawaii
    With the exception of My Tutu (Mamutu), I see the same sad scenario.

    It is especially dismal that Symantec evidently has left Threatfire to rot on the PCTool's tree of abandoned mediocrity. With the flexibility offered by TF's Advanced Rules option, it was really very powerful in the hands of users such as you & Kees.

    My Tutu (Mamutu) seems to still be getting updated (I think). I had a Tutu license that expired recently & might buy one again if the promised special*** ever materializes.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ***I am getting gun-shy about buying any software at full retail. I bought Puran just days before it became a freebie. I bought a lifetime license for Malware Defender, & it too became a freebie. I bought a Shadow Defender license & its proponent seemingly has relocated to another galaxy. My other license deals included soon-expired apps such as ProSecurity & SSM. Not to mention apps such as OA & Avira that I bought just a week or so before they went on sale at pennies on the dollar. :(

    My current motto -- "never never NEVER pay retail for software!" :mad:
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I think it is because people who aren't really that interested in security just want something that is transparent and hassle free. The work done to vista/7 with UAC and finally getting the nerve to attempt a LUA environment is evidence of this.

    Further, average joes searching for something easier than a tool that needs all the rules to work properly (not to mention maintain new rules for new situations) may have stumbled upon threads like Tlu's one regarding LUA and SuRun.

    I believe you have the seperation of geek/enthusiast vs. non-interested average user. As more average users tire of firewalls and hips type applicances because either things don't work properly or they still get infected, the allure of UAC kicks in more and more. M$ touting more security helps. Chrome and other sandbox technologies help. People finally getting the drift they should not just click anything that moves helps. And the more of this that happens, the less need there is for a program like Threatfire with all of its rules that need to be set.

    Will it shrink to only a handful of players? I think it will if more of the same UAC and sandboxing continues as it has up till now. I think it will be geeks play toys and marketed as such personally.

    Sul.
     
  4. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    That is what I have repeatedly stated in all my threads and posts with absolute conviction, but I do not remember any supporting responses.

    Well, each to his own. If all you get for coughing up your hard earned bucks is just a marginal and doubtful extra benefit, where the main basic commodity is the same - Why pay for something you can get for free ?

    A streetwise fact of life that I learnt when I was a very young tear-away.

    John B
     
  5. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi guys,
    Behavior blocking is not dieing, just being absorbed and adopted "under-the-hood". While I wouldn't presume to know the motivations of Symantec, they have a long history of buying technology and incorporating it into their product lines in one form or another and their acquisition of PCTools in my eyes is no different than their acquisitions of other companies in the past with required expertise, services, or technology; they have simply gotten better in recent years with their ability to integrate the technologies so the changes are less evident.

    The day where a single type of approach to security having any real effectiveness (if it ever did) is over - mergers and acquisitions are simply the outward manifestation of this fact...

    Mike
     
  6. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    Yeah Threat Fire was my favorite behavior blocker, it would have been better if Symantec sold off Threat Fire instead of letting it die :(
     
  7. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    It's just the evolution of a product. I think these products are developed to eventually be purchased by some larger company. That's what happened with Threatfire, formerly Cyberhawk. Maybe the evolution of the products are to go from being completely user input oriented all the way to the product making its own decisions?
     
  8. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Making its own decisions will still cause a lot of problems. Think of all the system tools out there that, even with the best programs, get treated like rootkits and other malware. They either get auto-blocked or we fall back to the same insecure scenarios of users facing a bunch of tech jargon infested pop-ups and just click away to get rid of the things. I don't see true behavior blockers ever becoming popular for those reasons. They indeed are geek toys, and 99% of the home computing population are not geeks in any sense of the word.
     
  9. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Very well put into the huge practical envelope of ordinary Global users and firmly sealed.

    John B
     
  10. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I'm not disagreeing with you- but many behavior blockers are incorporated into mainstream security suites- albeit with far fewer alerts.
     
  11. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,121
    Location:
    Pennsylvania.
    I can see Isolation and sandboxing programs taking over.
     
  12. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    But will the average Joe take to those or even understand their use?
     
  13. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I agree. As BB is a kind of blacklisting, it is a natural fit with AV. As an example, Panda Cloud Antivirus now has both behavioural blocking and behavioural analysis in the Pro version. It seems to me increasingly likely that BB will be incorporated as an extension to existing AV programs, rather than being sold separately.
     
  14. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I think that is the beauty of sandboxing/isolation.. the user only need know how to get thier data from within the sandbox back to the real system. They don't really need to know how or why it works, only that it does. Its a lot easier to say "recover my files" than to make a dozen different rules or try to answer a prompt to create a new rule when you don't have any idea what it is telling your or what you are supposed to answer with.

    Sul.
     
  15. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Amen.
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i still prefer the pop up alert as i want to be inform on what is going on my system:D
     
  17. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I would too if I was wanting to know. Like I said, I think programs that require so much user interaction to set the right course (such as popups from hips/firewall/etc) are on the decline with the masses. You and I, at least when we want to know, appreciate the little info-mercial pop-ups that we are given. But I don't think the masses ever have like it and never will.

    UAC, in its simplistic glory, is about all the masses want or can handle. They have two choises, yes or no. Perfect for them lol.

    Sul.
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    yes and no pop up is indeed easy:D
     
  19. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Why would they want to know? Home systems were meant to email your family and friends, explore the world and talk to people you may never see in person, share pictures and videos, and, of course, get some work done. Users were never meant to break out in a sweat wondering if a HIPs alert was saying something was really going wrong or was just being its normal, chatty, ridiculous self (99% of the time that's the case, so it's no wonder people get used to clicking "allow"). Trust me, I nor most anyone else bought a computer just to start digging down into the OS so we could understand what the heck our security programs, which we also never planned to have to load up on, were talking about.

    At least programs like Sandboxie, ShadowDefender and such let us retain a pretty much normal relationship with our systems.
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    dave is correct i had expirienced this with DefenseWall saving my bacon alot:thumb: by default:thumb: :thumb:
     
  21. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Even Defensewall, back when I had a 32 bit system was too noisy for me, lol. That tells you how little I want to screw with security and just enjoy my computing life.
     
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    Dave :D DW is very silent man:) i see you dont like pop ups at all :)
     
  23. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Not a one, I even get mad when that nice sounding lady from Avast pops up to tell me my virus database has been updated. I forgive her though :D
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    when i used avast long time ago the voice was from a man:D now a lady:cool:
     
  25. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I remember him, I hated him even more, lol.
     
Thread Status:
Not open for further replies.