Seems like Comodo is just wrapping an old technology under a new name, just like many other AV and anti-malware vendors want to use their own “special name” rather than identify as an existing technology. An application firewall also regulates what can load into memory. Like many programs, they could incorporate a whitelist of known good apps along with a user updated whitelist. I remember looking at a couple app firewalls back around 2years ago called “Abtrusion” and “System Safety Monitor”. In System Safety Monitor (http://www.syssafety.com/), they called their technology “Host Based Intrusion Prevention System” (which could obviously also be abbreviated to HIPS). HIPS pretty much seems like what DiamondCS’ ProcessGuard does now except CAVS added a known app whitelist but ProcessGuard added process protection (to prevent unauthorized termination of a process, like the anti-virus, anti-malware, or other critical processes).
Definition: application firewall
Doesn’t look like Comodo came up with some new fantastic means of regulating what can run into memory but instead borrowed from an existing scheme. That is, HIPS isn’t new. It’s just newly added to CAVS.
You’re quite correct - HIPS ain’t new - they’ve been around for years. They originally operated as a relatively simple real-time system entry vector monitor, but have now expanded, as outlined at the URL above. In fact, reading that definition, it sounds more like the application monitoring done by V2 and V3 of Comodo’s firewall. It’ll get interesting in the future when the FW and the AV co-operatively use the one HIPS library and safelist.
From some posts that I read here (and maybe elsewhere), it seems Comodo intends to rollup a suite which includes Comodo Firewall, Comodo Antivirus/Spyware, and BOClean while integrating them together to provide synergy beyond just installing all 3 products. BOClean seems something like an intrusion detection system (IDS) with a blacklist of known trojans while regulating what gets into memory, like ProcessGuard (but which doesn’t include pre-defined and updated whitelist or blacklist). Although I am now using ProcessGuard, I’m think of replacing it with System Safety Monitor because I get more control, like what child is allowed to be ran by what parent. I lose the ability to protect the critical processes but then if the nasties aren’t allowed to load then they can’t kill. In fact, with SSM and Comodo firewall’s component monitor, it seems like I’m doubly protected. And some of SSM duplicates protection by Windows Defender. So I’m still trying to come up with a suite of security software that provides a high level of protection but without so much overlap between them.
I was almost going to use Comodo’s firewall but was dismayed at the memory consumption (see other post). Guess I’ll wait until CAS isn’t beta anymore.
I think “suite” is the wrong way to look at it, using the current, conventional “suites” as examples.
I believe Comodo intend to do what they are currently doing, providing separate security utilities so that people can choose which components they want/need. A future release MAY utilise a monolithic-style installer, where you all components are included in the download, but the user can pick and choose which ones to install. I also believe that there will be a far greater degree of inter-operability between the components, but NOT to the point where there are introduced dependancies.
The above paragraph is not based on insider knowledge, more like the collected “between the lines reading” going back over 18 months. I don’t think I’ll end up too far off the money.
Cheers,
Ewen
P.S> I agree that CAVS is too big, but the two instances of cavse.exe was deliberately introduced to eliminate bottlenecks in scanning. They are working on CAVS V3 which should use a whole new architecture.
