you can be about 99% sure that not a single of those 40’000 malware samples use this “vulnerability” :-))))))) as for new ones… Once CFP becomes as popular as KIS, ZAS and Outpost - more crackers with disassemblers in their hands start to search for vulnerabilities in CFP and THEN we’ll see who’s THE MAN - them or Melih ‘n’ Co :-)))))
Do you even know what a trojan is? Trojan is short for trojan horse. How does a classic trojan horse work? It tricks the users into running it because the users think it is something else. So it could be a game or even a security program (or so you thought).
E.g some guy here posts about this new freeware app… You download it and run it…
In such case, there is no prompt for “creating the executable” (you yourself downloaded it), and you would click the allow for the prompt when it starts…
And btw I notice you didn’t deny it is “impossible” now?
i think since this technique is pretty hard to implement correctly it is no big deal that CFP don't protect from fake mouse clicks, but it SHOULD be there anyway. also, that "mouseclicking" module would have to either hook CFP (another bunch of alerts) or screen capture (still alerts, alerts...) to determine where should it click... and to be able to analyze screen captures - it should be pretty advanced... to be able to answer alerts for CFP via hooking - it must be even more advanced... CFP is bulletproof
Only noobs, think anything is bulletproof. 
That siad, I have already mentioned the problems with the fake mouse click technique, generally they don’t “analyze screen captures” (at least those that i have seen haven’t
, they just set it for a typical scenario, typical resolution etc… Though i wonder if it could actually get those by reading certain registry keys… or maybe other simple methods…
PS why screen capture? this "mouseclicking" technique requires pixel perfect accuracy, as stated in the article, and there's now way to automate this process without either direct hooking CFP (to know it's controls positions etc) or screen capture and then analyze screenshot for known elements... but then - if it uses basic pixel-matching - a simple theme change would nullify this type of screen capture analisys... if it uses more advanced algorithms - wouldn't it be too large then?
Size isn’t a problem. It’s complexity. And whatever it does has to be stuff that defense+ does not watch… Currently I see that is very possible.
first of all, no offence OK? no “only noobs can think…” bullsh-t. I ain’t no noob and i actually know that nothing is perfect, but hey, 99% bulletproof is nowhere near 60% bulletproof!
on topic… you’re right, but again, nothing is foolproof. that is - this freeware app wouldn’t fool ME, but it may fool someone else. There goes - HIPS is useless? oh come on, do you really think it is? Signature detection rulez? i don’t think it will ever rule any more. what do you suggest?
Well i will give you the benefit of the doubt for now. Let me say rather you know it actually, but you are too enthusiastic (like most of the people here) okay?
but hey, 99% bulletproof is nowhere near 60% bulletproof!
Either something is bullet proof or it’s not , your statement makes no sense.
on topic... you're right, but again, nothing is foolproof. that is - this freeware app wouldn't fool ME, but it may fool someone else.
Why wouldn’t it fool you? What magical powers do you have that allows you to tell if that freeware app is safe or not? If the freeware app that you usually use has its website hacked and replaced with a trojanised version , how would you know? If someone you trust mistakenly recommends something that is bad, why wouldn’t it fool you?
There goes - HIPS is useless? oh come on, do you really think it is? Signature detection rulez? i don't think it will ever rule any more. what do you suggest?
I didn’t say HIPS is useless,. Just that it is far from the perfect solution you are painting it to be.
I believe in nuanced positions rather than extreme ones…
OK, so let’s summarize this. Signature detection sucks, we already know that. Heuristics? They don’t deserve that much of an advertising they get. Right now HIPS is the most powerful way to protect against unknown threats. Of course, in that scenario you mentioned - like hacking a website - everything is useless, except whitelisting, at which i hardly pay attention. I wasn’t insisting something is 100% secure, but at least close to “secure” is enough to call it bulletproof. For me at least. I don’t mean it’s perfectly secure and stuff, but it’s certainly more secure than signature detection, since when HIPS faces other scenarios - it probably wins.
Okay let’s summarize.
You have no answers to any of my points, and you have decided go on a rant about AVs being useless And even then you are wrong.
in that scenario you mentioned - like hacking a website - everything is useless,
Wrong! If the website replaced it with a malware in the av database, or something similar that could be detected by heursitics, it would be!
I wasn't insisting something is 100% secure, but at least close to "secure" is enough to call it bulletproof. For me at least. I don't mean it's perfectly secure and stuff, but it's certainly more secure than signature detection, since when HIPS faces other scenarios - it probably wins.
You not being a noob should know that it isn’t about more security only. The greatest security is to pull the plug on your computer right, so why don’t we do that?
And the “probably wins” hinges a lot on the user responding correctly.
The attraction of HIPS is obvious, it gives you a chance to perhaps do the right thing… but the more salient question is “do you take the chance?”
Personally, I think you need to be more balanced on your views about HIPS. Yes, it has strengths, but you are totally blind to its weaknesses. The Comodo reps for official reasons don’t like to say often the problems with HIPS, but if you see what they do, they are clearly trying to mitigate them, I don’t think they will succeed totally, but at least they are trying.