"Why Comodo calls it Behavior Blocker if it is only a autosandbox that checks hashes? "
Once you execute an unknown program, first there is a local TVL check, then a Cloud TVL and whitelist check THIS is the hash checking. Then if the app is still unknown BB executes it inside sandbox (what we call AutoSandboxing).
Yes, this is not a BB like Mamutu is right ?
Devs said they were going to put its own rules later (it seems 6.1).
I hope it’s ok now.
As Spywar has mentioned, the intention is to become more of a traditional behavior blocker with a later release. It’s more of an automatic sandbox/HIPS combo at the moment. (In other words, it does more than just check file hash)
Yes, thats right! The HIPS blocks certain behaviours. But a Behaviour Blocker analyzes the behavior of a file/programm! So, no, it is not a Behavior Blocker! It is misinformation if we/Comodo call it like this. Sorry, but that is the truth, even some people want not hear this, but it does not change the truth.
It remembers me a lil bit of the discussion about AV-Comparetives, they called themself independent, but they was not independent. And now Comodo call themself Behavior Blocker, but it is not a Behavior Blocker. Thats why i say, it could be critically, cause its misinformation for some users.
yes, thank u, i saw it. and i had answered u … like i told u, in the Behavior Blocker Help guide is no info about, that the Behavior Blocker is a autosandbox/Hips combo! there u can only read that it will check hashes and then autosandboxing the file.
Hmmm, ok, that is maybe 1 reason for. - But i have not read an officially statement about this.
And its still misinformation so long time, like it is what it is, just a sandbox/hips Combo!
Edit: And we dont know with which version a REAL BB will come, the truth is, we dont know that they want develop a real BB with real behavior analyzing or not or still want call the snadbox/hips combo as BB. We dont know, we have no officially statement.
ok, nice. But it would be better, if we could read about it in the BB help guide, in the official documentation.
I hope u can understand what i mean. Cause right now, we cant use the help guide cause its wrong, there is no description how the HIPS/Sandbox Combo works and how we can handle it.
And second, if it is the plan to implement a real BB for future versions, like 6.1 or 6.2 or 6.x, so please please clarify that right now it is not a real BB, just a Sandbox/Hips Combo. It is still misinformation as long as it does not do what it is called for! - if CIS makes some day really behavior analyzes of files, then u can call it BB. That is my opinion an i think i am not wrong with this!
I agree. Since this release operates very differently than previous versions, these differences should be addressed definitively.
The definition of a behavior blocker is just as wide as the term “sandbox”. For example, this article from ESET doesn’t mention anything about a behavior blocker needing to analyze any behavior, merely that specific actions are blocked depending on how the BB is configured.
Behavior blockers do not care what the motive of the program is, they stop certain things from happening. Airport security is a lot like a behavior blocker. It doesn't matter if a person is the best surgeon in the world, the doctor cannot take a knife onto an airplane. Behavior blockers do not generally care what the program is, if it tries to perform a specific action the behavior blocker will stop it. If the behavior blocker is set to stop programs from writing to the registry then many bad programs will fail to work and many good programs will be completely unusable as well.
This would definitely apply to the current incarnation of the BB in CIS…
Hmmm, ok, that is your view of this point. But for me there are clearly definitions about HIPS and Behavior Blocker - u can find in the www. See this quote:
HIPS and Behavior Blocking
From Mary Landesman, former About.com Guide
A host intrusion prevention system (HIPS) monitors each activity a program attempts and (depending on configuration) prompts the user for action or responds based on predefined criteria. Conversely, behavior blockers monitor and profile whole program behavior. When a collection of behaviors tips the scale, the behavior blocker will (depending on configuration) alert the user or take action against the entire program based on predefined criteria.
Though they sound similar, HIPS is application-level control (i.e. this program is allowed to do X but not Y), whereas behavior blocking is more cut and dry - the entire application is either good (allowed) or it is not. Fortunately, many of these types of products combine both. Still, for those that don’t, it pays to understand the differences.
While HIPS allows far more granular control, it is best suited for experienced users who have both the knowledge and the patience to answer the prompts and make the proper configuration choices. Used properly, HIPS cannot only offer superb protection for your PC, it can also educate and inform you about the individual actions certain programs take.
Because it assesses a collection of actions taken by a program, behavior blockers help with much of the decision making. For example, a program deemed to be wholly bad is typically automatically quarantined with no input from the user. And since behavior blockers are concerned with the entire program rather than individual actions, they can be far simpler for users to understand (and thus use appropriately). For this reason, behavior blockers are ideal for the less experienced user.
When combined, behavior blocking technology can make the decision for the HIPS side of the equation - something both novice and experienced users will appreciate. Even more of a plus, both HIPS and behavior blockers can be run together (and both in conjunction with traditional signature based antivirus software and firewalls).
above you can see what i understand of an HIPS and of a Behavior Blocker!
if Comodo tries to combine it, sure, it would be nice.
But right now, officially, we have an HIPS and a Sandbox + checking of hashes. Or am i wrong?
ok… what must i still say? U have your opinion and i have mine. Its ok for me
At first, thank u HeffeD for sharing egemens words about that.
But as you can see in this other topic, for me, nothing has really changed…
For me, CIS is still a very good software, cause i can handle it good and it has all what i need. But i dont like the way that Comodo drives right now. Why there was no clear and officially words about the CIS software and how it works right now from Comodo staff?
What is really new right now? - i think only the Interface of CIS, the KIOSK and that the autosandbox and the HIPS components needs not working together anymore. But really true changes? - like a real BB, sorry, i dont see it. So for me the renaming was wrong. And ok, if they do like they have done it, then it was wrong that the Comodo staff not really clear spoke about it. What is the problem to say: “Hey, we rename our product components already for future coming improvements”. ???
But ok, it is how it is. Hoping Comodo drives a better way in future and speaks clear words to their clients, users and so on.
You have still not understand what I said not long ago … “Real BB” as you said is gonna be implemented soon v6.1 or higher don’t know exactly … They have named it Behavior Blocker but it has not got its own rules right now. I understand what you mean by “there isn’t any real BB” but now I’ve clearly explained why.
like i said:
" And ok, if they do like they have done it, then it was wrong that the Comodo staff not really clear spoke about it. What is the problem to say: “Hey, we rename our product components already for future coming improvements”. Huh
But ok, it is how it is. Hoping Comodo drives a better way in future and speaks clear words to their clients, users and so on."