When I started up A2 Squared saw a notice about Mamutu being available.

Looks like a new program similar to BoClean? :THNK


no its not similar to BoClean.

BoClean is based on malware database while mamutu is behavior blocker which dun rely on database.

and its not freeware either :slight_smile: → comodo rules!

haf someone tried dis newbie?

According to their own web page it’s a (behavioural) HIPS. Interesting alternative to whitelisting HIPS, but I’d like to see how effective it is.

It’s got absolutely nothing to do with BOClean, really. :slight_smile: But I guess you shouldn’t use it if you use another HIPS, like the Defense+ in CFP v3.

yes, actually CFP3 is all dat u nid!

Actually not hips., Mallware IDS(Intrusion Detection Systems) I own A-Squared Anti mallware by the way. This is a special system which is able to detect and block malware without the need for signatures. It analyses the behavior of all active programs, and alerts you if anything harmful is detected. The program is stopped and cannot continue until you decide whether or not to authorize the behavior.

All this probably sounds too good to be true, and there is one disadvantage: the a-squared IDS only recognizes behavior, and cannot give you the actual name of the malware in question. In other words, you will know if it’s a worm, but not if it’s the NetSky or Bagle worm. Of course, this doesn’t really matter - the important thing is that you know it’s there, and you can run the appropriate removal program

Now that you mention it, this is confusing. They claim that their product

is a member of the "Behavior Blocker" (HIPS) species

But then they say it’s actually a IDS. If I’ve understood the Wikipedia right, an IDS tries to stop attacks after they’ve already got into the system, whereas a (H)IPS stops them before they ever get in. As Melih puts it, an IPS is a processor firewall.

I don’t know for certain if it will conflict with Defense+ or other product; maybe neither Comodo nor Emisoft know since both are new programs.

The behavioural approach sounds nice, but the problem is not that the malware doesn’t get identified; but that the approach is not infallible. There can always be some malware that passes through their algorythms unsuspected. Of course a blacklisting approach has the same problem with zero-day threats. My opinion is that if Comodo’s intelligent whitelisting, low-on-popups approach works out well, that’s the way to go for IPS or IDS. (And so far so good over here with CFP v3, I was using Spyware Terminator’s HIPS before, which was also whitelisting and thus more secure than the behavioural or blacklisting approaches, but less intelligent and more intrusive --more popups).

Actually it does not conflict with Comodo Firewall Pro v2.4 (:CLP)
All I did was create a rule for comodo in a-squared to ingnore it totally (:KWL)

My main concern with these purely behavioural based products is that sometimes legitimate processes can exhibit behaviour similar to malware and consequently be blocked.Otherwise there could be an overload of pop-ups which becomes annoying very quickly.It would need a huge whitelist database in order to limit this.Also if it doesn’t name any files it blocks,that’ll make determining the good from the bad more difficult.

A similar product,PrevX gets around this problem due to it’s huge community database.