CS says to turn off HIPS because it frustrates new users, and autosandbox will protect you well enough.
But if you are a dedicated COMODO user and want advanced protection, her recommendations were not intended for you.
Well, actually she made two different configurations:
- Part 1 for advanced user
- Part 2 for novice
Both of them have HIPS OFF, the only difference is how to manage popups
thanks for your correction. I didn’t know that.
@Jon,
I am not sure if I understand your question or confusion. Testing in Sandox is just not accurate most of the time. Here’s a simple example : Virtualized application attempts to delete empty folder. You will be informed that folder was deleted. In reality: It’s not.
im just wondering if hips on can increase security and exactly how.
i read that, even if hips is off, some protection is still active. is there any deeper information about it?
EDIT: maybe the advanced hips settings are active even if hips is off?
It depends. For most cases, yes. It’s just another layer. Using proactive configuration (even with HIPS disabled) is a good idea as you get a better coverage of direct access, for example. Another point is that Explorer gets treated better with proactive configuration compared to default configuration because you get alerted for every process execution.
In general, for experts, there’s a problem with safe applications (when these are not running as virtualized). The problem with HIPS (in general) is that you need inhuman understanding of activities. In the end, you will get human error – you cannot know the consequences of an activity (as in my example from above with keyboard access). Not to mention that some are not inspired and treat various applications as installers (eg Explorer). (It is a good thing that they’re developing Viruscope nowadays.)
You shouldn’t rely on HIPS as foundation in my opinion.
Hope it helps.
By the way, mentioned website written in Italian language is using Matousec`s tests (similar test names). CIS is even better now. 