Xan,
Yes, I am aware that D+ is a HIPS but its more on the classic model (or at least that how others see it). Threatfire is also a HIPS, and I don't really know how D+ differs from Threatfire under the hood, but I do know that they behave differently. On the surface, it seems that D+ is more talkative and dependent on user interaction while Threatfire minimizes it and SEEMS more intelligent. In my opinion, both tools are very useful and powerful although it seems easier to use Threatfire.
Don't get me wrong, I like D+ the way it is right now, it IS powerful, but it is also dependent on user input. What I'm saying is it would be nice if Comodo also had another option to D+ that is more user friendly than the way D+ is now. Like another mode for D+ that kinda emulates what Threatfire does. Well, just a thought. Anyway, I'll be checking the thread you pointed out. Thanks!
Rhaegar
Hi Rhaegar,
First of all, Defense+ is NOT "Classic" HIPS.
Hi,
Renaming and replacing a file:
Default policy allows such operations. SFI automatically protects explorer.exe in this case. Well, policies are the part of CFP intelligence ofcourse. However one of the points here is, we are able to create and distribute such default policies with CFP because CFP can live with such a default policy.
Can other classical hips solutions make sure that explorer.exe can not be used by other applications to bypass the policy?
For example, do they provide means to protect COM interfaces that could be used to manipulate explorer.exe?
Do they provide means to protect knowndlls both in MEMORY and on DISK, to prevent injection into explorer.exe? I can list a couple of more threats.
Believe me when I say, developing a classical HIPS, is one of the easiest tasks. An above-average developer can develop a simple classical HIPS in 2 weeks. Surf the internet and you will even find open source versions.
If you look at CFP, even its heuristics can catch 60-70% of unknown viruses BEFORE you execute them. It is not a 2 week classical hips. So when we say something in public, we dont just say it. We mean it. We genuinely try to protect the users. Not trying to sell them our software by marketing stuff...
Also in 2-3 months, we will introduce some new technologies into our Defense+ and make it Defense++++. I think comparing with the others will then be quite irrelevant.
Egemen
That was from the lead developer. After COMODO Internet Security (CIS) is launched, the other technologies that will be put into CFP 3 will be Threatcast & Sandbox, Where Threatcast gives advice based on users responses to alerts, and Sandbox where files get passed through the sandbox producing ZERO alerts, etc. So it will be the most powerful, yet quietest, "HIPS" if you like on the market!
Off course other technologies is to come, and the infrastructure to build such unique technology is in progress!
Wait and see...
Josh
Author