Silent death of a behaviour blockers!

_

by the way it is very sad to see BB are gone or almost gone like cyberhawk remember this one?

 

Yeah, I remember Cyberhawk, man, that's been a LONG time, lol. Sandboxing seems like it's finally having its day in the sun, what with browsers incorporating them and all. With the masses, you have to K.I.S.S, otherwise they won't bother and then malware and bad guys will have even more fun than they are now.

 

i used to run Cyberhawk and Core Force what a combo it was

 

Good thread this. I agree with dw426, although we here enjoy interacting with programs, investigating processes, seeing which handles are open, if security programs, or in fact the operating system were more secure, we should be able to just get along with our daily business.

In a perfect world, we shouldn't even have viruses, just good programs, and programs that aren't how we expect. Without sounding like a fanboi, mac users seem to get close to this 'perfect world', without AVs, they just install apps, entertain themselves, browse, open attachments, then switch off their ipad, iphone, or mac.

ThreatFire is pretty straightforward, same with Mamutu, but both can result in the user panicking and selecting the wrong reply. Mamutu improves this with its community alert reduction, set at default if 90 per cent of users block or allow, this action is taken.

Although prevx's alerts are clear, in the main interface, in all these products, such as TF, Mamutu, prevx, and others, there should be one button where users can click, 'user-friendly mode - works in the background'. In this mode, everything is taken care of. Norton achieves close to this, being automated, Kaspersky AV does too (just the AV I find is the most easy to use, limited features, but taking care of a user's system).

But ideally, there should be the option for protection which doesn't inform of updates, doesn't inform of a malicious file being blocked, it (the security program) just does what it's supposed to do.

Most of us here won't enjoy that program, or have it in that 'mode', but the majority of people will. That's why many of us here don't have Norton, and most regular users do, it seems to bother users the least.

 

they have not died, actually it is a technology that may be just starting to reimerge. Threatfire died not at its on hand, or for not being sucessful, but at the greed of a vendor who basically bought it so it would not compete with its own product.

Cyberhawk is a different story and a sad one. It to died not becaise it failed, but because humans failed it.

Prevx is very good and is suceeding and moving forward. Panda had always had a great BB and has sucessfully incorporated it into its product.

BBs are not dead by no means. But it is hard for a standalone to suceed when other vendors with larger arsenals come a killing.

 

Mamutu has this:

 

Prevx is easy to, just tick the box for automatic blocking of malware detected. No user intervention.

 

Agree.

Narxis, Mamutu also has the ability to lower the percentages to allow etc. Just have to ask whether most average users would see this setting or whether it'd be better off being 'automatically' applied from the main GUI (or in other words, checkbox from main GUI applies this setting).

 

Prevx is awesome BB

Avast6 will have gay voice

 

I think the time to say "BB = R.I.P." has not come.

 

I still prefer HIPS though i don't have any currently

MAMUTU FTW!

 

How do you keep your trousers from falling down?
~~~~~~~~~~~~~~~~~~~~~~~~~~

But seriously -- Mamutu is far from dying. In fact it has just been reborn with an updated/new version.

 

There ain't that much difference between pure behavior blockers and HIPS.

 

I agree with Coldmoon and Sully. Behavioral Blocking based on patterns, is incorporated into technology which has found its way to consumer/business markets through platforms which had an established relation with these markets.

Modern AV's have or will incorporate this pioneer technology into their arsenal of defense mechanismes: fingerprints, general family signatures, heuristics based on the binaries, code emulation and now behaviral analysis.

AV's incorporating Behavioral Blocking is as natural as FireWalls incorporatinng classic HIPS technology, OS-ses incorporating sandboxing.

In the end the known major streams will survive: firewalls, policy or virtualisation sandboxing and AV's

For the majority of us, this is a blessing

Regards Kees

 

I don't know all behavior blockers nor how all of them work and what's their current status. But, since you mention AVG Identity Protection, I can tell you that I don't think it's dieing. Like someone already mentioned, rather being incorporated into their other security applications, and in this specific case, into AVG Internet Security suite. It also exists as a stand-alone tool. At least, for the moment. Since it isn't available in all languages that AVG Internet Security is, for example, perhaps, indeed AVG is considering to end it as a stand-alone. Makes sense, I guess. Whether we like it or not.

Taking what Sully said:

AVG Identity Protection is one of those that would stand its ground and it will, whether AVG keeps it stand-alone or incorporated in their suite. There isn't any hassle for the user. No more than what is needed for UAC, for example.

So, in the future, if any one the behavior blockers that I'm aware of would stand its ground, it would be AVG Identity Protection.

 

I think that BB are declining for power users prefer HIPS, that give a full control of the system, and common users find BB - as HIPS - useful, boring, " strange ".

 

I don't have any HIPS because as i have said before, this PC is shared with my brother which gets annoyed EASILY by the so called "Pop Ups".
If he gets annoyed with MAMUTU, just imagine how he reacts when i install CIS or something like MD, OA etc.!

 

Throw MD on there, set a password, put it in Silent Mode, and lock the user interface. No more pop-ups for your brother.

 

OH, what happens when in silent mode?

 

avast! plans to enhance its Behavior Shield with the release of v5.1.
I look forward to that, but also wonder how effective it is at this point?
A work in progress, I suppose... but hardly classified as the silent death.

 

You know, I've been a user of Avast for quite some time on and off. I don't think I've ever seen the behavior shield do anything at all, let alone catch anything.

 

Thanks, LowWater, sorry about the derailment there

 

I did a bit of digging (I had actually posted the interview here on Wilders and forgotten that I did!) and found this from Vlk (ALWIL Chief Technology Officer Ondrej Vlcek), taken from a Softpedia interview on May 1st, 2010...

 

Looks like avast! Behavior Shield improvement has taken place, as promised.

With the release of v5.0.545, Vlk noted...

"Improvements in the Behavior Shield (realtime antirootkit part)"

and with the release of (current) v5.0.594, Vlk noted...

"performance improvements in the Behavior Shield"