Status
Not open for further replies.

Tani

Level 8
behavior blocker completely blocks the application to be executed & harm the machine (if not false positive & obviously it detects negative aspects of application by it's behavior on your machine) while hips blocks any particular action of the application & asks you to either allow or disallow, like you can execute program but hips can block its access to internet & asks you if you want to allow that application to communicate with the network.
 

jamescv7

Level 85
Verified
Trusted
Behavior Blocker determines the suspicious behavior by analysing in related patterns of other common viruses/ malware trying to lurke on critical system for execution. Doesn't need any signatures for here.

Host Instrusion Prevention System or HIPS is consist of alerts where it notifies the changes which needs user interaction; either a suspicious or not if it doesn't meet from the rules set then it should be check.

Well HIPS is powerful if handle by experience users while Behavior Blocker can be strong enough as long it detect possible suspicious activity,
 

Maxxx58

Level 13
Behavior Blocker determines the suspicious behavior by analysing in related patterns of other common viruses/ malware trying to lurke on critical system for execution. Doesn't need any signatures for here.

Host Instrusion Prevention System or HIPS is consist of alerts where it notifies the changes which needs user interaction; either a suspicious or not if it doesn't meet from the rules set then it should be check.

Well HIPS is powerful if handle by experience users while Behavior Blocker can be strong enough as long it detect possible suspicious activity,
You mean that HIPS can only work well if it's configured by experience user?
 

jamescv7

Level 85
Verified
Trusted
You mean that HIPS can only work well if it's configured by experience user?
In certain area HIPS is already work in action, however it needs knowledge to determine from every user interaction which for novice users have to be supervise. + These days implement of HIPS like recommending to set in Learning mode for allowing all the applications as much as possible before turning to the mode of detecting that wasn't registered to the rules.
 

Maxxx58

Level 13
In certain area HIPS is already work in action, however it needs knowledge to determine from every user interaction which for novice users have to be supervise. + These days implement of HIPS like recommending to set in Learning mode for allowing all the applications as much as possible before turning to the mode of detecting that wasn't registered to the rules.
Thanks for your information.
 

eXPerience

Level 1
Think of the behavior blocker as an extension of your antivirus/antimalware. A normal antimalware will detect a milicious file using a signature it got from the antimalware researchers. Behavior blockers dont use signatures, they detect malicious files using advanced patterns and investigating their behavior, hence the name. Therefor it will only flag and give a warning about an unknown but suspicious file when it's "behaving like malware". It's an advanced software behind the scenes which will be visible in exceptional cases.

Now think of HIPS as an extension of your firewall. You allow applications to access the internet or not. This is mostly by user interaction. Program x wants access to the internet, do you want this or not. This is how HIPS works but then instead for the internet, for your computer. Therefor you will get questions like, do you want program x to access file x or modify registry key x?
This makes that HIPS is far more in the foreground. Standard HIPS will report basicly everything an unknown application wants to do and therefore require a lot of user interaction.

Neither of the software is better than the other, the best way is if they're used together. But nowadays basicly every antimalware company has some kind of behavior analyser in their software. HIPS is more rare as it is more intrusive.

best regards,
eXp
 

Behold Eck

Level 12
Verified
Some HIPS are smarter than others and wont alert to known safe programs and processes thereby cutting down on the amount of pop ups.
HIPS are great in that if you make a wrong decision you will still get an oppurtunity to block and terminate the malicious process unlike an antiexecutable will usually allow once or block once.

HIPS alerts will diminish as time goes on making any further alerts worthy of your full attention.They`re also a good way to get to know your system`s files and processes.BB`s alert to suspicious or malware like behavoiur such as file replication,installing drivers,making internet connections etc.They`re probably more user friendly keeping a more general eye on your system.

HIPS/BB`s are your zero day protection meaning they can deal with very new malware threats because they dont rely on traditional malware signatures unlike a regular AV.As mentioned above most good AV companies include one or the other or even both but not all.

Regards Eck:)
 
Status
Not open for further replies.
Top