Welcome to the Comodo Forum
Welcome,
Guest
. Please
login
or
register
.
November 30, 2009, 04:41:32 AM
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
338685
Posts
37479
Topics
85070
Members
Latest Member:
efi
more news...
Search:
Advanced search
|
Tag Cloud
Welcome to the Comodo Forum
Learn about Computer Security and Interact with Security Experts
HIPS (Host Intrusion Prevention Systems)
HIPS in the upcoming CPF
« previous
next »
Pages:
1
...
3
4
[
5
]
Author
Topic: HIPS in the upcoming CPF (Read 41230 times)
gibran
Average User
Comodo's Hero
Offline
Posts: 5063
A bad workman always blames his tools
Re: HIPS in the upcoming CPF
«
Reply #60 on:
June 05, 2007, 03:30:21 PM »
Quote from: carioca on June 05, 2007, 03:04:44 PM
(R)
Hi, buddy! When I used Prevx and safe'n'sec pro FYI my computer got a mule or a turtoise and I had had with the second one too many splash screens that I almost went bananas! Thus, I woudn't like CFP got that way! I think in my humble opinion it's too much aggressive for a security stuff ! I have the ghost security licenses but I stopped using because a lot of popups. It's annoying.Best Regards.
That's a good point, maybe it would be useful a setting to choose the hips depth level.
About HIPS training there is a workaround... Like I suggested elsewhere.
Quote from: gibran on May 19, 2007, 12:40:16 PM
SNIP...
Training a HIPS is way more difficult that configuring CPF.
A solution would be a STANDARDIZED Signed Certificate which carry all the info needed to train a HIPS (Melih?
).
However this solution will not catch fake legit behaviours for a specific software. But it would really be an Improvement.
If there is a widespread standard, every certificated developer could:
digitally sign his apps(ok this is possible right away
)
include his app behaviour description in the certificate (called api, needed privileges, hips-behaviours and so on) so any hips can configure itself automatically
A side-effect would be that every user will know more about what's under the hood (if he wants). And potential dangerous behaviours and poor implementations will be know or audited using some automated software solution.
(Notepad app X has the rights to launch a kernel driver...
and so on...)
Regarding Opensource developers or developers who cannot afford a certificate bundled with their app, something like PGP signed textual Behaviour Description would be a viable solution. You know this would be needed to avoid trusted-computing like grudges...
Users of such opensource softwares would only need to copy/paste these info in the hips (or use these info to manually configure the hips).
SNIP...
Logged
"In the beginning the Universe was created. This has made a lot of people very angry and has been widely regarded as a bad move."-
Douglas Adams
jst42day
Newbie
Offline
Posts: 13
Re: HIPS in the upcoming CPF
«
Reply #61 on:
June 10, 2007, 04:14:36 PM »
I look forward to Comodo 3. The current version of the firewall has been great.
But I join the others who are saying, about all security software, that there is a need to keep in mind that most users are not technically inclined.
Does the wife or husband who comes home from work necessarily know about loopbacks or setting permissions for inbound and outbound traffic?
For all the progress you are making, please keep in mind that many companies lose customers/users because the users don't understand what they are supposed to do and don't want to study something just to be able to use their pc.
And I fall into that category too.
Thanks for a good product.
J.
Logged
Damitha
Comodo's Hero
Offline
Posts: 210
Re: HIPS in the upcoming CPF
«
Reply #62 on:
June 11, 2007, 06:37:20 AM »
Quote from: jst42day on June 10, 2007, 04:14:36 PM
I look forward to Comodo 3. The current version of the firewall has been great.
But I join the others who are saying, about all security software, that there is a need to keep in mind that most users are not technically inclined.
Does the wife or husband who comes home from work necessarily know about loopbacks or setting permissions for inbound and outbound traffic?
For all the progress you are making, please keep in mind that many companies lose customers/users because the users don't understand what they are supposed to do and don't want to study something just to be able to use their pc.
And I fall into that category too.
Thanks for a good product.
J.
I agree with you to a certain extent! But you gotta remember that you can't write an essay without knowing grammar! The thing with firewalls are they are all about "computer jargon" as a novice would say! It's not like using a multimedia player! You gotta know what you are doing!
But then again as you said most users are not all that familiar with these terms. I think that's why they have given options like Low, Medium etc. etc. security level in configurations. And you can use the FW without any modifications! But if you want to go ahead and test out the "advanced options" then you have a problem! I really don't think such a system (novice friendly) would be easy to implement.
And that's where the Help comes in! Comodo forums are as good as any (if not the best) help you d find today! you just need to post your question and they'll tell you how to solve your problem step by step! And you don't have to wait for days to get the answer!
BDW if you want to learn what all these terms are it's not all that hard! Cuz you dont need to learn every little detail you just have to know "where" to put "what". And just like any other thing you will get familiar and then it's as easy as reading a book! (remember how hard it was to install XP or whatever the first time and now, you can do it with your eyes closed
)
reagards,
Dam
Logged
AnotherOne
Computer Security Testing Group
Comodo's Hero
Offline
Posts: 712
Re: HIPS in the upcoming CPF
«
Reply #63 on:
October 02, 2007, 03:15:54 PM »
I notice a distinct lack of reference to the FAQ "How-to" pages. Some of the questions can be answered here:
http://forums.comodo.com/new_member_information/links_to_faqs-t2519.0.html
The Firewall Tutorial Compilation has some useful descriptions of methods and background.
Logged
What do you mean, my shoes are on the wrong feet??? These are the only feet I've got!
panic
Global Moderator
Comodo's Hero
Offline
Posts: 7527
... and I say to myself, "What a wonderful world"
Re: HIPS in the upcoming CPF
«
Reply #64 on:
October 02, 2007, 06:53:30 PM »
Quote from: jst42day on June 10, 2007, 04:14:36 PM
I look forward to Comodo 3. The current version of the firewall has been great.
But I join the others who are saying, about all security software, that there is a need to keep in mind that most users are not technically inclined.
Does the wife or husband who comes home from work necessarily know about loopbacks or setting permissions for inbound and outbound traffic?
For all the progress you are making, please keep in mind that many companies lose customers/users because the users don't understand what they are supposed to do and don't want to study something just to be able to use their pc.
And I fall into that category too.
Thanks for a good product.
J.
G'day J,
I'm working on somehing like that at the moment, but it's a fair way off. I'll try and get a wriggle on. I did one earlier on explaining internet and technology terminology, using public phone system that everyone is familiar with.
How in depth do you think it needs to go? What topics do you think ne3ed to be covered?
Ewen :-)
Logged
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the
Comodo Forum Policy
.
If you don't like it, don't use the forum.
Steinsk
Newbie
Offline
Posts: 23
Re: HIPS in the upcoming CPF
«
Reply #65 on:
October 10, 2007, 07:38:20 PM »
Melih's explanation of HIPS was very informative
I know all answers are already in the forum, but I hope you will forgive me for trying to explain it loud to myself in my words on the forum. I'm really a layman here, but I'm trying hard to learn, and self-explenation is such a good way
Would you please correct me if I'm wrong...
1) (Easy step): A firewall controls connections to (and from) internet. Very well, but once a connection is opened or a program is allowed access, the firewall doesn't really control what the connection is used for - eg. Opera downloading viruses...
2) An anti-virus checks for viruses or traces of such in files and processes, right? The problem with this is:
- Detection is often based on detection lists and rules, which almost by definition is one step behind creation of viruses
- In scanning processes, it is already "too late". Although processes can be stopped and terminated, they have already reached a certain point in execution, and might have inflicted damage at the point when they are detected. So, the AV scanning "memory processes" is a bit on its heels...
These points also apply to anti-spyware. (?!) (So far so good??? )
3) A HIPS-system monitors "wannabe-processes." How to say? The seeds of processes? As it can prevent them from executing (becoming processes), it also is several steps ahead of any AV / AS. As I understand it, a good HIPS enginge is also able to check if a prosess is trying to launch "by proxy" - through or by the help of another "accepted" program.
(Does CFW2 in that respect already work as a "mini-HIPS" in the sense that it detects if a program or process tries to access internet through or by another program? )
If (if, if!!) I got it so far, I'm really happy with myself
But if this is correct (or anyway), why CF3 with HIPS? What is the connection between forewall and HIPS? Why not develop a seperate HIPS program?
Thanks for your patience (L)
Logged
Melih
Comodo's Hero
Administrator
Comodo's Hero
Offline
Posts: 8275
Re: HIPS in the upcoming CPF
«
Reply #66 on:
October 10, 2007, 10:25:29 PM »
Quote from: Steinsk on October 10, 2007, 07:38:20 PM
Melih's explanation of HIPS was very informative
I know all answers are already in the forum, but I hope you will forgive me for trying to explain it loud to myself in my words on the forum. I'm really a layman here, but I'm trying hard to learn, and self-explenation is such a good way
Would you please correct me if I'm wrong...
1) (Easy step): A firewall controls connections to (and from) internet. Very well, but once a connection is opened or a program is allowed access, the firewall doesn't really control what the connection is used for - eg. Opera downloading viruses...
2) An anti-virus checks for viruses or traces of such in files and processes, right? The problem with this is:
- Detection is often based on detection lists and rules, which almost by definition is one step behind creation of viruses
- In scanning processes, it is already "too late". Although processes can be stopped and terminated, they have already reached a certain point in execution, and might have inflicted damage at the point when they are detected. So, the AV scanning "memory processes" is a bit on its heels...
These points also apply to anti-spyware. (?!) (So far so good??? )
3) A HIPS-system monitors "wannabe-processes." How to say? The seeds of processes? As it can prevent them from executing (becoming processes), it also is several steps ahead of any AV / AS. As I understand it, a good HIPS enginge is also able to check if a prosess is trying to launch "by proxy" - through or by the help of another "accepted" program.
(Does CFW2 in that respect already work as a "mini-HIPS" in the sense that it detects if a program or process tries to access internet through or by another program? )
If (if, if!!) I got it so far, I'm really happy with myself
But if this is correct (or anyway), why CF3 with HIPS? What is the connection between forewall and HIPS? Why not develop a seperate HIPS program?
Thanks for your patience (L)
10/10!!!
welldone.. you got it!
Melih
Logged
Who is Melih? What is he trying to do?
--
Follow me on Twitter
AnotherOne
Computer Security Testing Group
Comodo's Hero
Offline
Posts: 712
Re: HIPS in the upcoming CPF
«
Reply #67 on:
October 10, 2007, 11:50:37 PM »
I recently participated in beta-testing for a security program. In that time there were frequent updates - sometimes every few days. This safe list approach would make that effort a major pain, since I would have to submit the most recent beta to Comodo for inclusion in the safe list and by the time I got it back, the next beta would be ready to go. This also would mess up updates of ordinary software. You would not be able to install the security patch or whatever until a signature is included in the safe list from Comodo. I know that you guys are fast in getting back to us with responses, but this looks like trouble to me. Don't you think that it would be a good idea to give us users a way to add the most recent keyboard driver update from my computer manufacturer's Auto-Update service to some kind of ignore/exclude/safe list? I would be a bit irritated if I could not use my keyboard until you put out the next signature file. (ok, there are ways around it, but you get the idea).
Logged
What do you mean, my shoes are on the wrong feet??? These are the only feet I've got!
panic
Global Moderator
Comodo's Hero
Offline
Posts: 7527
... and I say to myself, "What a wonderful world"
Re: HIPS in the upcoming CPF
«
Reply #68 on:
October 11, 2007, 02:12:19 AM »
In CFP V3Beta, you can already add files that you know to be safe to your own "My Safe Files" list. This safe files list is read in conjunction with the safelist DB.
Cheers,
Ewen :-)
Logged
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the
Comodo Forum Policy
.
If you don't like it, don't use the forum.
AnotherOne
Computer Security Testing Group
Comodo's Hero
Offline
Posts: 712
Re: HIPS in the upcoming CPF
«
Reply #69 on:
October 11, 2007, 11:46:55 AM »
Thanks Ewen... At one point there was talk of not having such a feature because it would then be possible for a script to alter the "My Safe Files" list to accept a virus. I assume that they have a password or some other protection for the safe list...
Logged
What do you mean, my shoes are on the wrong feet??? These are the only feet I've got!
panic
Global Moderator
Comodo's Hero
Offline
Posts: 7527
... and I say to myself, "What a wonderful world"
Re: HIPS in the upcoming CPF
«
Reply #70 on:
October 12, 2007, 02:39:59 AM »
Quote from: AnotherOne on October 11, 2007, 11:46:55 AM
Thanks Ewen... At one point there was talk of not having such a feature because it would then be possible for a script to alter the "My Safe Files" list to accept a virus. I assume that they have a password or some other protection for the safe list...
or something ...
Logged
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the
Comodo Forum Policy
.
If you don't like it, don't use the forum.
Tags:
HIPS
Pages:
1
...
3
4
[
5
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Want to help Comodo?
-----------------------------
=> Help Spread the Word - Official Comodo banners and logos
=> How can you help Comodo? (Please we do need you!)
===> Help spread the word! (Please read and help)
===> Comodo website issues for submitting website problems only
=> Please tell us your views and Vote here!
-----------------------------
General Category
-----------------------------
=> Melih's Corner - CEO Talk/Discussions/Blog
=> Comodo.TV - Our Internet Video Channel
===> Comodo.TV - News and Announcements
===> Comodo.TV - Program Lineup
===> Audience Feedback and Suggestions
=> Which Product do you want Comodo to develop next?
=> General Discussion (off topic) Anything and everything...
===> Member Confessions :-)
===> Funny Photos :-)
===> Cool Stuff
-----------------------------
Desktop Security Products
-----------------------------
=> Comodo Internet Security - CIS
===> Overview - CIS
===> Help - CIS
=====> Anti Virus Help
=====> Firewall Help
=====> Defense+ Help
=====> Install / Setup / Configuration Help
===> FAQ - CIS
=====> Anti Virus FAQ
=====> Firewall FAQ
=====> Defense+ FAQ
=====> Install / Setup / Configuration FAQ
===> Feedback/Comments/Announcements/News - CIS
===> Guides - CIS
=====> Anti Virus Guides
=====> Firewall Guides
=====> Defense+ Guides
=====> Install / Setup / Configuration Guides
===> Wishlist - CIS
=====> Anti Virus Wishlist
=====> Firewall Wishlist
=====> Defense+ Wishlist
=====> GUI -Graphical User Interface - Wishlist
===> Bug Report - CIS
=====> Anti Virus Bugs
=====> Firewall Bugs
=====> Defense+ Bugs
=====> Other - General - GUI etc Bugs
=====> False Positive/Negative reporting - (Is this a malware that CIS has/not detected?)
===> Virus/Malware Removal Assistance
===> Leak Testing/Attacks/Vulnerability Research
=> Comodo Time Machine - CTM
===> Frequent Asked Questions (FAQ)
=> Comodo Dragon - CD
=> Comodo Instant Malware Analysis Online - CIMA
=> Comodo Disk Encryption - CDE
===> Overview - CDE
===> Help - CDE
===> FAQ - CDE
===> Feedback/Comments/Announcements/News - CDE
===> Wishlist - CDE
===> Beta Corner - CDE
===> BUG Reports - CDE
=> Comodo Secure Email - CSE
===> Frequently Asked Questions (FAQ)
===> Feedback/Comments/Announcements/News about CSE
===> Bug Reports
===> Help for Comodo SecureEmail
=> Comodo TrustConnect - Securing the Wireless world!
=> Comodo EasyVPN - CEVPN
===> Frequently Asked Questions (FAQ)
===> Feedback/Comments/Announcements/News about Comodo EasyVPN
===> Bug reports
===> Help for Comodo EasyVPN
=> HopSurf (Bringing Internet to you)
=> Comodo Online Backup - COB
=> Comodo Backup - CB
===> Comodo Backup - FAQ
===> Comodo Backup - Help
=> Verification Engine - CVE
=> Comodo Vulnerability Analyzer - CVA
=> Comodo AntiSpam - CAS
-----------------------------
Desktop Utilities
-----------------------------
=> Comodo System Cleaner - File/Registry/Privacy Cleaner
=> Live PC Support (geeks ready to help 24/7/365)
-----------------------------
Enterprise Security
-----------------------------
=> Comodo Endpoint Security Manager
-----------------------------
Compliance
-----------------------------
=> PCI DSS Compliance
-----------------------------
Learn about Computer Security and Interact with Security Experts
-----------------------------
=> Computer Firewalls
=> Anti Virus/Malware Products/Other Security products
=> Free Virus/Spyware/Trojan/Malware Removal by Comodo Experts
=> HIPS (Host Intrusion Prevention Systems)
=> Anti Phishing solutions
=> Digital Certificates, Encryption and Digital Signing
=> General Security Questions and Comments (not product related)
-----------------------------
Free Services for End Users
-----------------------------
=> UserTrust - First Independent Website Rating - Empowering our users!
=> Hacker Guardian
=> Trustfax (free Trial) (online faxing)
-----------------------------
Free Products
-----------------------------
=> Link to Free Comodo Products
-----------------------------
International Comodo Forums
-----------------------------
=> International Comodo Forums
===> 汉语语言, 漢語語言 / Chinese Simplified, Traditional
===> Nederlands / Dutch
===> Francais / French
===> Deutsch / German
===> ελληνικά / Greek
===> Magyar / Hungarian
===> Italiano / Italian
===> Nihongo / Japanese
===> Norsk / Norwegian
===> Polski / Polish
===> Português/Portuguese
===> По-русски / Russian
===> Espanol / Spanish
===> Svenska / Swedish
===> Turkce / Turkish
===> Українська / Ukrainian
===> tiếng Việt / Vietnamese
===> Slovenský / Slovak
-----------------------------
Digital Certificates
-----------------------------
=> Code Signing Certificate
=> Content Verification Certificate
=> Email Certificate
=> SSL Certificate
-----------------------------
Web Server Products
-----------------------------
=> Two Factor Authentication for Web Applications
=> Trustlogo
-----------------------------
Other
-----------------------------
=> Forum Policy Violation Board
-----------------------------
Archive Boards
-----------------------------
=> Comodo Diskshield
=> Comodo Firewall
===> Feedback/Comments/Announcements/News
===> Help for v3
===> Help for v2
===> Frequently Asked Questions (FAQ) for Comodo firewall
===> Comodo Firewall Translations
===> Bug Reports
=> Comodo Anti-Viruspyware (CAVS)
===> Help for Comodo AntiVirus
===> FAQ for Comodo Anti-ViruSpyware
===> Feedback/Comments/Announcements/News about CAVS
=> Launch Pad (Discontinued)
=> Trusttoolbar (Discontinued)
=> Comodo Meet (Web Conferencing Product) (Discontinued)
=> User Anywhere (Remote Access product) (Discontinued)
=> Trustix Enterprise Firewall
=> ZTL
=> Comodo BOClean Anti-Malware
===> Announcements
===> Comodo BOClean Anti-Malware FAQ
=> Comodo Memory Firewall(Buffer Overflow Protection)
===> Comodo Memory Firewall Beta Corner
===> Help
===> Frequently Asked Questions (Comodo Memory Firewall)
===> Feedback/Comments/Announcements/News
=> i-Vault
=> Safesurf
Page created in 0.048 seconds with 17 queries.
Powered by SMF 1.1.10
|
SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Design by
7dana.com