That thread, Is now locked unfortunately… :-
Anyway a new similar thread is made due to I felt the topic was not dead just yet…
I would like to know why comodo feels the need to even consider a BB in CIS? 88)
Comodo is well aware that a BB will mean no added protection to CIS, also Melih knows this, so does most on the forum too… :-TU
Testing?
It could mean better result on some virus tests, as most seems to refuse the testing of HIPS… Still if that is a reason then its something that goes against Comodos stance on tests, that it won’t add unnecessary bloat just to pass some tests… A BB would be just BLOAT, We are protected to the extent of any BB’s COMBINED and BEYOND thanks to D+… 88)
WHY BB’s DON*T WORK::
A BB puts FP’s over security, eg the writing to registry, a HIPS would alarm or the adding to startup, HIPS alarm… A BB, is adding parametrars to not give FP’s, Those doing BB’s knows that some malwares adds themselves to startup, but a lot of legitimate applications does that too… so there must be more parametrars to say hey its bad or it would be just as poppy as a HIPS, eg adding to startup won’t mean an alert (too many FP’s), but adding to startup + more bad stuff eg writing to protected registry parts will due to not many legitimate progs does that, but many malwares do…
This is totally fail against new viruses 88) that could behave enough normal not to trigger an alert. And a lot of them can, due to so many legitimate applications do those stuff malwares does too, a bb tries to avoid detecting those good apps, and in the same attempt to not detecting those doing it on a legitimate basis will mean malwares acting similar will avoid detection…
This is why PrevX and probably all BB’s relay on signatures also… So they can catch the “few” (20%)? ;D that gets undetected after they mostlikley already infected a lot of people left without warnings…
ADDING a BB will not mean any more protection if someone claim something else, then HOW will this enchant CIS?? BB IS WEAKER BY DESIGNE, ITS DOOMED TO NOT HAVE AS GOOD DETECTION AS A HIPS, NEVER EVER… What in the world does a BB detect that a HIPS can’t??? ??? And if a BB “happen” to detect something a HIPS fails to then just add more interception… :-TU
Also a HIPS and a BB CAN run together BUT will provide LESS security, or more popups with no added security… :-\
The options to implant this are:
- You leave the task mostly to the BB, to defend you then you have weaker protection.
- You leave both on, then D+ will catch everything anyway, but you might get extra warnings from the BB’s on the few occasions it detects something D+ already detected… making a BB pure BLOAT… that increases the number of popups, for nothing.
D+ is comodos BIG GUN, It Shoots every piece of baddie… Its what makes comodos PREVENTION AS FIRST LAYER approach, the thing that Melih spoke so well about in his blog would not be there any more. A BB is NOT a PREVENTION as FIRST LAYER… Its called catching up, one more “detection” layer, (the layer that failed user since day one, and still is).
My experience:
I was very happy and always has been with CFP, CIS and similar… I also liked the attitude presented on the forum after reading a few of melihs and various members posts… Security goes first, no bloat just to pass tests and look a bit better on paper… Also it was a happy surprise when CIS 3.8 was released, both INCREASED security and a good job to LOWER the number of popups was presented, all without decreasing security… ! Comodo proved that it won’t back off to hard challenges and instead take the hard, but right way to secure users to 100%… I think in the future, the goal should still be catching 100% of malwares, and don’t fall down to others vendors low standard where catching 40-60% of new threats is an acceptable or even seen as a good level “after all we catch what we know…”… CIS catches what it knows, and what it don’t know, thanks to DENY system approach…
Conclusion:
Improving the Default DENY approach (D+) and white list is the way to GO… :a0 As a BB is the same as a HIPS with a TWIST, making it weaker… there are no arguments whatsoever showing that a BB would improve security, usability should be a focus on current D+ instead of putting a huge team to develop junk.
Or while we are doing a less powerful HIPS, why not make a less powerful firewall too? TCP filtering should be sufficient for most people… UDP is just overkill… Instead of tweaking CFP lets make a new product that is doing the same, filter packages, just less good, due to it being sufficient to most people… and of a bit less disturbance… =S And a new CSC, without all the clean history, registry should do it! making it easy to use.