Self Protection? Does it hold any real value?

I’ve noticed alot of programs advertise that they have “Strong self protection” Well, Do they? Or is it just Hype…?
It’s my understanding that if malware gets the chance to install it’s own driver then it’s game over…Since, It has the same “power” as a security program does.

What do you think?

IMHO (not as an expert)
I would say this is correct? IF you allow this with CIS or any other hips it could hide from detection

How will it install the driver bypassing the security app?

One way is to kill the app. But this has to happen before the rootkit is introduced. Thats where the self protection comes in.

These products are about Prevention. So I don’t think the example of infecting the PC with a rootkit (which prevention should prevent in the first place) then saying this would defeat the self protection is fair example. Its like saying, only if I could get into fort knox I could carry all the money out thru the main door. Sure, maybe you can… but how will you get in the first place?

Prevention being first line of defense is a paradigm shift and not something easily understood or appreciated. People still fall back to detection, thinking it offers more protection. Detection based scanners are from 1980’s where the threat was viruses spreading themselves thru floppy disks. Imagine the speed of infection! And now the speed of infection is fast as internet is! Reactive technology cannot protect you anymore.

Melih

I think Kyle was referring to any program which advertises “Strong self protection”, not only HIPS software.

For example, security product with blacklisting technique as its only weapon against malware like standalone Antivirus. Or Firewall (or Antivirus and Firewall) product(s). No names here. And “Strong self protection” is advertised for this/these app(s).

I see, thank you for the clarification.

Melih

Default allow Antiviruses are advertised to protect users but if by chance the user get an undetected malware it might as well be game over.
Banks rely on professional security guards but if by chance a robber disarm them or take an hostage it might as well be game over.
People use umbrella when it rains but if by chance they get exposed to Influentia it might as well be game over.

Is the chance to mitigate/nullify the weaknesses of the attack surface worth any value?

Maybe, newertless more than half of the products listed in Matousec can be terminated without a driver for sure, whereas it is unclear if the chance to fail also driver-based termination was their reason.