Please feel free to ask any questions to learn all about Computer Security.

[Guest]

[Melih]

Here you will have access to the world's best security experts to help you learn all about Computer security!

feel free to ask!

Melih
 

[alohA116k]

Is there a way to prevent site scraping?

[alohA116k]

I received a number of warnings after my HackerGuardian scan. Is there a place to find solutions to warnings?

[LeoniAquila]

Does CAVS 2 HIPS really monitor what you execute from other partitions than drive C? I store all my installation files for software on D, and ran a setup file some days ago - but there were no warning from HIPS (and I know the file was not in safe list because I tried to launch from C too and then a HIPS warning came up). Instead there were actually an error message from Windows XP: "NSIS Error - Error launching installer".

I don't know what's wrong, a month ago or so there were no problems launching setup files from D. Now I have to copy it all to C. Do you think HIPS would warn if this Windows installer error hadn't occured? I don't know how the HIPS technology works but I suppose it would warn if it got the chance?

[salmonela]

Here you will have access to the world's best security experts to help you learn all about Computer security!

feel free to ask!

Melih
 

Please Mr. Melih , could you tell me on what hooks relies CPF3 in Vista 32 and Vista 64 bits , Ring0 or Ring3 or on combination of them , could you explain a little more on this in relation with Vista patch guard , please?

[KevinSL]

I am not sure if this is the right forum to address my question but it does have to do with computer security, so here goes.....

I have been having trouble installing CAVS and the personal firewall on my Windows 2K Pro OS.  While I can download the file and save it, when I try to install it, the download wizard never starts.  I get the window to close all applications and when I press OK the box disappears but the wizard never starts.  I have even gone into task manager and endded all applications.  I have been able to install BOClean.  I have had problems with other programs that I have tried to install.  I  worked for a company until about a year ago, whose computer IT guy had once boasted to me that he could get into anyones computer.  Since I worked out of my home office 2 hours from headquarters, and frequently had to share files, attachments etc.  I often wondered if they had planted a monitor.  When I started having problems installing programs, I started looking around my computer.  From the control panel, I went to Computer management, Local Users and Groups, Groups, and then Administrators.  Under Administrators, I found four administrators listed that I never set up.  They are  \S-1-5-21-855903348-76970788-310601177-1005,   \S-1-5-21-855903348-76970788-310601177-1020,   \S-1-5-21-855903348-76970788-310601177-1038 and  \S-1-5-21-855903348-76970788-310601177-500.  They do not show up when I go to the Users and Passwords section in Control Panel.  Not knowing what they are, I did not want to remove them, but I am concerned that someone may have created a back door to allow them admin rights on my computer.

So my questions are:
1. If this is the wrong forum to address my questions, could you recommend the proper forum?
2. Are these administrators a normal part of Windows 2K Pro?
3. If someone gained control over my computer, could they have made changes to my Config file, Install Shield, register or what ever to prevent your product from  installing?
4. Is there a way to log what my computer is doing, so that I can find out why the install wizard just terminates?

Thanks in advance for your suggestions.

[MorphOS REBOL]

I sincerely recommend you do a virgin OS install and reinstall clean versions of your fave programs, my friend. Then do a rechecking on what is in your fearing mind alien administration.

Best and most secure way to find out...

Cheers

[zvaragabor]

Is HIPS a "subgenre" of behavior blocking?

Cheers

[Luketan]

Is HIPS a "subgenre" of behavior blocking?

Cheers

Definitions differ, but most would say HIPS is the broader concept.

HIPS can use behavior blocking, sandboxing etc.

But the way it is used in forums like this, it seems that many would not count antivirus type products as HIPS.

But according to Gartner, anything that runs on the host machine (as opposed to on the servers) that protects your system *is* HIPS (look at what HIPS means and it make senses), so they would say antiviruses and personal firewalls are HIPS as well.

According to them there are 9 different styles of HIPS,




I wonder how the whole Comodo suite stacks up....

Sources

"Understanding the Nine Protection Styles of Host-Based Intrusion Prevention" MacDonald. Gartner. 27 May 2005

"Best Practices for Implementing Host-Based Intrusion Prevention Systems" MacDonald. Gartner. ,20 November 2006

"Host-Based Intrusion Prevention: Myths and Realities", MacDonald. Gartner. 27 November 2006

"Understanding Strengths and Weaknesses of Host-Based Intrusion Prevention Styles", MacDonald. Gartner. 30 January 2006

"How TruPrevent Works" PandaResearch ,24 May 2007

An Analysis of Approaches to Host Intrusion Prevention Prevx, 16 December 2005.

[Luketan]

I would also point out the term "behavior blocking" or "behavior blockers" is also under dispute.

"I still believe that identifying malicious software by comprehensive analysis of all behaviors is a better solution than just watching for isolated actions. When I tested ThreatFire 3 and Norton Anti-Bot, they did a great job of blocking real-world malware using this type of holistic analysis. And because they look at the program as a whole, they don't flag valid programs that happen to use some of the same techniques. But CFP's implementation of single-action behavior blocking is among the best I've seen, especially the option to switch into Installation mode."

http://www.pcmag.com/article2/0,2704,2240715,00.asp

Some (most from the AV world) would say "single action behavior blocking" would not count as behavior blocking/ behavior blockers at all. To them only threatfire type technology that tries to decide by itself whether a series of behavior (plus other heuristic rules) is malicious count as behavior blockers. The major of comodo defense+ would be called "system firewall"

Others disagree saying that there are two types of behavior blockers, "smart" or "dumb". Expert based behavior blocker versus policy based behavior blocker...

It's all semantics really, as long as you understand what is being discussed.

[MorphOS REBOL]

For all intelligent users out there, or, should I say, users that know at least a lil bit about their machine and how it works, I recommend using a HIPS that warns about every single thingie.

For all others, I recommend so called "intelligent" Hips and "heuristic" proggies.

whatever they are. I am not here for advertising, am I?


cheers.

some prefer HIPS.
I prefer fine beer

Quoth the raven: Nevermore.

[dcepalewis]

Here you will have access to the world's best security experts to help you learn all about Computer security!

feel free to ask!

Melih
 

HELP!! I KNOW I'M MOST PROBABLY DOING SOMETHING WRONG BUT WHENEVER I GO INTO "HIPS APPLICATION CONTROL" THEN MANAGE     MANAGE ALLOW/BLOCK LIST, ALIST OF FILES IS LOADED ALL MARKED "BLOCKED" BUT BEFORE THE LIST CAN COMPLETE, AND WAY BEFORE I CAN ACTUALLY READ IT THE WHOLE PAGE DISAPPEARS!! I'VE NO CHANCE TO EITHER SEE WHICH FILES THEY ARE OR EVEN CONTEMPLATE WHICH TO SUBMIT OR NOT!

[Ragwing]

HELP!! I KNOW I'M MOST PROBABLY DOING SOMETHING WRONG BUT WHENEVER I GO INTO "HIPS APPLICATION CONTROL" THEN MANAGE     MANAGE ALLOW/BLOCK LIST, ALIST OF FILES IS LOADED ALL MARKED "BLOCKED" BUT BEFORE THE LIST CAN COMPLETE, AND WAY BEFORE I CAN ACTUALLY READ IT THE WHOLE PAGE DISAPPEARS!! I'VE NO CHANCE TO EITHER SEE WHICH FILES THEY ARE OR EVEN CONTEMPLATE WHICH TO SUBMIT OR NOT!

Please start a new topic in HIPS (Host Intrusion Prevention Systems) and also write what HIPS software you are using.
And please don't write with capital letters all the time.

Cheers,
Ragwing

[Tags:]