Author Topic: Another HIPS test  (Read 10992 times)

Offline tKido

  • Newbie
  • *
  • Posts: 1
Another HIPS test
« on: April 21, 2009, 03:07:36 AM »
Another HIPS test by Anti-Malware.ru

Products which have been tested:

PC Tools Firewall Plus 5.0.0.38
Jetico Personal Firewall 2.0.2.8.2327
Online Armor Personal Firewall Premium 3.0.0.190
Kaspersky Internet Security 8.0.0.506
Agnitum Outpost Security Suite 6.5.3 (2518.381.0686)
Comodo Internet Security 3.8.65951.477

more:
http://www.anti-malware.ru/hips_test_ring0

translated version (google): http://translate.google.com/translate?u=http%3A%2F%2Fwww.anti-malware.ru%2Fhips_test_ring0&sl=ru&tl=en

Offline mjj09

  • Comodo Loves me
  • ****
  • Posts: 192
Re: Another HIPS test
« Reply #1 on: April 21, 2009, 10:13:06 AM »
 :comodorocks:

Offline Budda

  • Comodo Loves me
  • ****
  • Posts: 178
Re: Another HIPS test
« Reply #2 on: April 21, 2009, 07:24:01 PM »
If I understood the translated results well enough the top 3 winners were Online Armor, Comodo, and Kaspersky.  Woot for Comodo.

The only negative comment they had to offer was that Comodo and Online Armor were rather noisy with pop ups.  In version 3.5 I could see this but now a days my Defence + rarely pops up.  Hmm, what are your opinions?  Does Comodo still/are plan to expand the black/white list in future releases?

In the end Comodo still has my ultimate trust for layered security.

Offline Commanding The Celsius

  • Product Translator
  • Comodo's Hero
  • *****
  • Posts: 1520
  • ^^^^
Re: Another HIPS test
« Reply #3 on: April 21, 2009, 07:29:33 PM »
COMODO and OA was the only two to stop all the RING0 penetrations they tested! If I understood it correctly? =)
If so GJ comodo! :-TU :-TU

And cool site, (I love test sites)  ;D :) too bad its not in English =(..

Offline Commanding The Celsius

  • Product Translator
  • Comodo's Hero
  • *****
  • Posts: 1520
  • ^^^^
Re: Another HIPS test
« Reply #4 on: April 21, 2009, 07:38:13 PM »
The only negative comment they had to offer was that Comodo and Online Armor were rather noisy with pop ups.  In version 3.5 I could see this but now a days my Defence + rarely pops up.  Hmm, what are your opinions?  Does Comodo still/are plan to expand the black/white list in future releases?

They are working on reducing popups all the time.. Melih promises version 4 will do great stuff on the usability.. Version 3.9 is less noisy than version 3.8 as well.. at least IMO.. =)

As for unknown baddies, the HIPS will always be poppy, as it was in this test.. Thats the expected behavior, and how CIS threats unknown files (at least for now).. I like it that way.. Deny and ask.. =)

Offline dot_sent

  • Newbie
  • *
  • Posts: 1
Re: Another HIPS test
« Reply #5 on: April 22, 2009, 04:02:04 AM »
COMODO and OA was the only two to stop all the RING0 penetrations they tested! If I understood it correctly? =)
If so GJ comodo! :-TU :-TU

And cool site, (I love test sites)  ;D :) too bad its not in English =(..
This site has an English version also: http://www.anti-malware-test.com/

The only drawback is that English version is secondary and test reports are published in Russian first and in English after some time.

Offline The Joker

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 564
  • Let’s put a smile on that face!
Re: Another HIPS test
« Reply #6 on: April 22, 2009, 11:54:45 PM »
Very good!

As for unknown baddies, the HIPS will always be poppy, as it was in this test.. Thats the expected behavior, and how CIS threats unknown files (at least for now).. I like it that way.. Deny and ask.. =)

Well said! Because of this I suggested I new feature in Firewall/Defense+ alerts. An option where the user could Terminate this process and Block (for malicious app, the user didn't need to block every behaviour, he/she could simply Terminate and Block it) / Reverse its actions (LaserWraith/Jeremy idea). See the topic below https://forums.comodo.com/usability_study/cis_d_fw_alerts-t37493.0.html
HP Pavilion DV4 2040BR l Windows 7 SP1 Home Premium x64 l CIS 7.0 BETA (Proactive Security) (AV: Stateful l FW: Safe Mode l HIPS: Safe Mode l Sandbox: Fully Virtualized)

______________________________

It's all part of the plan!

Vettetech

  • Guest

Vettetech

  • Guest
Re: HIPS Test by Anti-Malware.ru
« Reply #8 on: May 03, 2009, 11:35:12 AM »
Notice that Online Armor scored has high as Comodo but Comodo is FREE and the Online Armor that tested and passed cost $40. LOL.

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Comparitive test of HIPS in regard to kernel protection.
« Reply #9 on: May 03, 2009, 12:54:31 PM »
The Anti-Malware.ru team recently tested a number of HIPS products against real malware that infect at the Ring 0 level,CIS 3.8 did rather well.

http://translate.google.com/translate?u=http%3A%2F%2Fwww.anti-malware.ru%2Fhips_test_ring0&sl=ru&tl=en&hl=en&ie=UTF-8

The results did show a high number of pop-up alerts in order to block these threats,so it would be interesting to see how 3.9 performs with it's reduced alert architecture.
« Last Edit: May 03, 2009, 01:00:13 PM by andyman35 »


Offline JoWa

  • Humanist
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6160
  • I believe in doubt.
    • Evolutionary history of life
Re: Comparitive test of HIPS in regard to kernel protection.
« Reply #11 on: May 03, 2009, 01:08:16 PM »
Ubuntu 20.04 | Firefox 80β | HTTPS Only Mode | Privacy Badger
Forum Policy | Comodo Product Help

Vettetech

  • Guest
Re: Comparitive test of HIPS in regard to kernel protection.
« Reply #12 on: May 03, 2009, 01:12:09 PM »
LOL...................

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: Comparitive test of HIPS in regard to kernel protection.
« Reply #13 on: May 03, 2009, 01:15:55 PM »
dang now I've got to start merging threads and my dinner is on the table lol.

*Update* now merged,dinner cold. :(
« Last Edit: May 03, 2009, 01:25:38 PM by andyman35 »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek