Is HIPS some kind of a Heuristic Scan?

Nikos · September 13, 2006, 7:51pm

What exactly is HIPS that new CAV v2 will have and how it works?!

mike6688 · September 13, 2006, 7:53pm

Hi,

HIPS is Host Intrusion Prevention System. It monitors everything that happens on the computer, such as applications opening other applications, new applications opening, etc. It then alerts the user to this so they can make a judgement as to if it is safe or not.

This method makes it impossible for any malware to bypass the AV without an alert being raised. The HIPS in CAVS will have a ‘safe list’ so there isn’t too many popups for a user to deal with.

There is more information here

Mike

Nikos · September 13, 2006, 7:59pm

So Heuristic scan is soemthing different?
Will cav v2 have heuristic scan enabled?

Also i ahve a suggestion to make!
Why not make CPF + CAV into 1 application so we can have 4 free an firewall + antiviris + antispyware in just one app!

Cool huh?!

mike6688 · September 13, 2006, 8:04pm

Yes, heuristics is different and will be enabled in CAVS version 2. Heuristics look for similarities in files that are similar to current malware in its database. If they are similar then it is identified as a possible new malware type.

I don’t think putting all the applications together is a good idea. Many users prefer to have a choice between different providers when choosing programs like these, but wouldn’t be able to in this case.
However, I think Comodo were planning on making each Comodo application ‘communicate’ with each other if they were installed.

Mike

Nikos · September 13, 2006, 9:07pm

Thank you very much that would be great thing to do by the Comodo Team!

mike6688 · September 14, 2006, 12:43am

You’re welcome.

Mike

Graham1 · September 14, 2006, 4:53pm

Sorry to jump in on this thread :-[. So will version 2.0 act similar to System Safety Monitor? In that it will maintain a list of trusted applications and which child processes, the parent can execute.

mike6688 · September 14, 2006, 5:02pm

Hi,

Yes, CAVS will have a safelist something like this. I’ve never used System Safety Monitor so I don’t know exactly how it works to make a full comparison.

Mike

Rotty · September 27, 2006, 10:19am

So will the trusted list be updated along with the definitions downloads? So we won’t have to re-install to have the latest version of the “Trusted List”.

cheer, rotty

Graham1 · September 27, 2006, 11:57am

I do hope so, including CPF as well.

panic · September 27, 2006, 12:35pm

I believe it will merely download the deltas, plus you will be able to submit known good apps for analysis and inclusion in the white list.

cheers,
ewen

Melih · September 28, 2006, 12:33am

Yep, just download the certified list regularly… like AV’s do for their signatures.

Melih

Rotty · September 28, 2006, 3:01am

Cool

cheers, rotty