The most idiotic test I ever seen on CIS

can anyone try to explain the aim of this test?? ;D

I don’t get it, you allow things and are surprised when the system is infected?

This is what I tought…It doesn’t make sense…

Indeed it doesn’t make sense. Unknown programs are allowed as if they were programs you use every day. Then one is at the mercy of detection and we all know that no scanner can catch them all.

there were two tests in this video:
one, which the testers THOUGHT they would perform,
and the main test, which tests actually the Safe Group testers…

what should i say, the result came out,
Safe Group fails dramatically,
even a good protection tool is not able to support them…
they will find ways around any protection!

its a very good test, it just has the wrong headline. thats all :wink:

What is the Safe Group?

I don’t get it, if they allow everything they are just testing the AV then, nothing else.

that were just the words which were shown on the desktop, and its the name of the channel …

“what is the safe group?” … anything but safe haha

maybe kids who want to impress with words and “leet stupidity”.

I will tell you a practical example of the miseries of having to choose between ‘Allow’ and "Block’ for novice users…which gives you an idea of what sense this test makes…

When my friend tried to open internet explorer, a message from CIS popped up, he clicked ‘Block’ and internet explorer did not start.

He tried again and the same popup alert was there, having no other go he clicked ‘Allow’ and he was delighted to see that internet explorer started and running.

He asked me about this and when I visited him, I observed what was happening and it was a malware causing Internet explorer to stop working, which associated itself with IE. So obviously, he was making the wrong choice by “Allowing” the process to run, but for him it was the only go.

He does not understand what that message was, why his AV (CAV) did not stop the virus if it was attached to IE, what he should do if IE does not start…

I had nothing to explain to him, since we really have no choice in many such issues,

Either you must be a geek to understand everything that CIS tells you
Go for some other simple and effective Internet Security suite, which does not bother users and makes decisions on it’s own… ( !ot! I suggested KIS to him)

This has been the same case with all Classic/Traditional HIPS…They add secutiry, but confuse users.

As someone in this forum already mentioned,

D+ is just as strong as the user,
if the user is a layman, D+ is nothing but a bunch of Popups+Frustration.

if the user is a geek, it is an invincible sword, with great control.

I always wanted to see how protected is average user with CIS suite i.e I always wanted to see a test the average user way i.e where AV alerts are quarantined, Bufferoverflow alerts are terminated, D+ alerts sandboxed where it recommends to sandboxed, D+ alerts blocked where it says malware found, suspicious malicious behaviour found or unsafe app, AND allow all other alerts like unrecognized, com, protected, etc where it simply gives the security description & doesn’t mentions any thing malware found, suspicious or unsafe found.

I though this would be that kind of test but when I checked the test its true to the title here “The Most Idiotic Test I Ever Seen On CIS”. He clicked on Dont Isolate Again, Allowed where Sandbox was Recommended, Allowed instead of Block where Unsafe App was mentioned, Skipped the BufferOverflow Alert, etc. Atleast the most average user will not allow the things where CIS atleast Recommends to Sandbox, Terminate or mentions Unsafe App or will not click on Dont Isolate where CIS AutoSandbox.


Maybe this guys are MRG branch… >:-D

I can ensure you I’m not a geek…but I can read…and as I said before, CIS popups are CLEAR…you have only to READ.
I don’t know what your friend problem was…but if CIS popups saiyng that something that I don’t know (because is the first time I’m using it, I’m trying it) wants a full access to my computer, and suggests it to be sandboxed for my safety…then I sandbox it!!! What’s so difficult in this??
If D+ saiys that something I know very well, since I have been using it for many years (and googleing I found out that it’s safe), is trying to access a protected com interface…even if I don’t know exacltly what a PCI is…then I can probably allow it!!
“If xxxxx is a your every day application, you can allow it”=> this is the main sense of 95% of D+ popups…and I think there’s nothing difficult in making a choice based on this concept…
The only thing I can understand is that a beginner, that turns on a computer for the first time in his life…could be confused…but only in this case…

Oh… the video has been removed ;D
Perhaps a sort of trolling attempt against cis users?!

:smiley: :-TU

Please tell me what would you do, when a D+ alert asks you to allow or block ‘internet explorer’ because of ‘blah blah blah…(something you won’t understand)’ ?

You want to browse net and if you click no, IE would not come up. What would you do ?

Googling about processes/applications and verdicting apps, identifying tampered processes… is what geeks do… not the common users.

As far as i can understand reading your post…probably your friend’s computer was infected by a malware that injected itself into internet explorer process…probably i.e. tried to change some registry keys or launch other unknown process in background…this was probably the sense of D+ alert…but is very hard to say without seeing the alert…anyway, in that case i would start a full scan immediately, as soon as I see such a strange browser behavoiur.
But…put the case you have another AV, or another security suite that has no HIPS/behavioural blocker: you wouldn’t realize that something is running in background on your computer!! If Av doesn’t catch it, you’re done. So…the matter is always the same: find the right balance between security and usability…and, in my opinion, CIS has reached a good compromise about that…

There is no use if my friend (who just uses computer for webmail and chat) is given an opportunity to decide and realize that something is running in the background which could be malicious. He always gets tons of such popups everyday, clearly most of them are genuine programs, what at the most he could do is either click allow, or block. Clearly block stops IE, and Allow runs IE (only we know that it further infected his PC, he does not know till I told him).

Reading HIPS messages, it is not so easy for computer users, most of them do not know what a ‘COM’ interface is, what a ‘hook’ stands for, what a process is and how it differs from an application…

When I design a program, I keep in mind the users who use it daily. Since, I am not making it for my own use, I will keep it as less verbose and as automated as possible. If it fails to do what it is supposed to, debugging is my job, not user’s.

The Developers and Fans of CIS have always been (for some strange, unknown reason) confused between Computer Users and Computer Technicians.

That is why I always mention in this forum,

CIS is a sharp and strong sword with which a Computer Tech can kill every virus, where as an ordinary Computer User kills himself.

I suggested him KIS because it offers an automatic HIPS mechanism, along with a strong AV. Even if AV fails to identify something, applications with unknown verdict are processed by HIPS, the decision is automatically made by KIS (unless we change it in settings). So, what KIS does in the same case is simply block IE from execution, and the user is not at all allowed to execute the infected IE. He will then call a technician for further assistance, as he has his IE corrupted and not working.

My only point with CIS HIPS is that it relies completely on user input (most of them do not have proper understanding of computer security, they just use the PC), rather than taking decisions with a profound security concerned artificial intelligence (an automatic HIPS, where the Security suite is designed to take decisions). I have seen how beautifully it works in Kaspersky Internet Security.

I would love to see how CIS behaves when DACS and Valkyrie are integrated in to it, and when sandbox matures.

Note: I am in no way a FAN of or a user of KIS, but I suggest it to new users, it is more user friendly compared to CIS. My intensions are only to show that there are already products which are implementing HIPS differently (ESET also introduced in ESET 5 beta an automated HIPS). If it works for them, why does not it work for US ?

Nice read buddy. I agree totally.


At SilvaSuresh. When you enable Parental Controls and let is suppress alerts I think you will get what you reach when using Kaspersky.

With one difference, CIS blocks every unknown, where as KIS decides what to allow and what to block basing on advanced heuristics.