Comodo Firewall w/ MSE or CIS Proactive or CIS
- Thread starter BSOD
- Start date
- Jan 8, 2011
- 22,361
The following information is what I observed in Comodo Internet Security 6 BETA:
Comodo - Internet Security (HIPS-disabled)
Comodo - Proactive Security (HIPS-enabled)
As for Comodo 5.10, I can't comment further. It may be different.
Comodo - Internet Security (HIPS-disabled)
Comodo - Proactive Security (HIPS-enabled)
As for Comodo 5.10, I can't comment further. It may be different.
Littlebits
Retired Staff
- May 3, 2011
- 3,893
Might think to yourself and ask yourself the question: How often do you get infections?
If the answer is never then you simply don't need any HIPS products for protections.
I have used no HIPS products since 2006 and still yet to get one single infection, therefore I don't need HIPS period.
When I did use HIPS products, they never blocked anything except for safe programs and process that I needed to run. My AV and my own knowledge about surfing and downloading blocked all malware. I found HIPS to be basically useless, they only time they actually block malware is when you try to manually download, manually run or manually install something that you should know better then to do in the first place.
I think of HIPS like a parent which tells their child what they can do, should do or can not do.
But if you are the parent, then you should already know without having to be told.
So if you want to be that child, then HIPS can be your parent.
I prefer to be the parent and use my own control.
If the answer is never then you simply don't need any HIPS products for protections.
I have used no HIPS products since 2006 and still yet to get one single infection, therefore I don't need HIPS period.
When I did use HIPS products, they never blocked anything except for safe programs and process that I needed to run. My AV and my own knowledge about surfing and downloading blocked all malware. I found HIPS to be basically useless, they only time they actually block malware is when you try to manually download, manually run or manually install something that you should know better then to do in the first place.
I think of HIPS like a parent which tells their child what they can do, should do or can not do.
But if you are the parent, then you should already know without having to be told.
So if you want to be that child, then HIPS can be your parent.
I prefer to be the parent and use my own control.
It's all about prevention. Whether or not you need it depends on many factors, but the question of whether or not you've ever been infected isn't one of them. :s
I've never been in an automobile accident and I've been driving since 1984. It would be silly to assume that because of this statistic, I will never be in an accident. I'm confident in my driving skills, but to assume that I'm safe because I know what I'm doing is folly. There are simply too many other factors that are beyond my control.
New malware tactics are introduced every day. Are you conversant in every tactic, even those that haven't been written yet? You're a better man than me, if this is the case. (not to mention, a mind-reader)
I've never had an infection in decades. (Yes, more than one...) The first computer I personally owned was released in 1983. Prior to that, I used my parents computer that was released in 1977. Yep, considerably longer than 2006! I know what I'm doing, but I definitely like the piece of mind I have from having a HIPS as a layer of protection on my system. Not to mention that even though I know what I'm doing, I'm human. People make mistakes...
And perhaps the better question is, why tell anyone not to use something that just might save them from an infection? Just because you feel that a HIPS is unnecessary has absolutely no bearing over whether or not it is necessary for anyone else. Especially if the deciding qualifier is "have you ever been infected before?".
To use such a quantification to determine what constitutes adequate protection on any given system is just irresponsible advice. If it weren't so far off-base, I'd be laughing about it.
I'm not even going to touch the inference about a HIPS user being a "child" and that they should "know better"... Perhaps the finger is pointing the wrong direction?
I've never been in an automobile accident and I've been driving since 1984. It would be silly to assume that because of this statistic, I will never be in an accident. I'm confident in my driving skills, but to assume that I'm safe because I know what I'm doing is folly. There are simply too many other factors that are beyond my control.
New malware tactics are introduced every day. Are you conversant in every tactic, even those that haven't been written yet? You're a better man than me, if this is the case. (not to mention, a mind-reader)
I've never had an infection in decades. (Yes, more than one...) The first computer I personally owned was released in 1983. Prior to that, I used my parents computer that was released in 1977. Yep, considerably longer than 2006! I know what I'm doing, but I definitely like the piece of mind I have from having a HIPS as a layer of protection on my system. Not to mention that even though I know what I'm doing, I'm human. People make mistakes...
And perhaps the better question is, why tell anyone not to use something that just might save them from an infection? Just because you feel that a HIPS is unnecessary has absolutely no bearing over whether or not it is necessary for anyone else. Especially if the deciding qualifier is "have you ever been infected before?".
To use such a quantification to determine what constitutes adequate protection on any given system is just irresponsible advice. If it weren't so far off-base, I'd be laughing about it.
I'm not even going to touch the inference about a HIPS user being a "child" and that they should "know better"...
Perhaps the finger is pointing the wrong direction?
- Aug 6, 2012
- 354
Littlebits
Retired Staff
- May 3, 2011
- 3,893
@ HeffeD, no offense, I don't think you understood my previous so let me rephrase it.
Instead of the question: How often do you get infections?
Ask yourself these questions:
How often has HIPS actually blocked a infection that yourself with simple browsing and downloading skills with a basic AV wouldn't have been able to block? (I'm not talking about testing it against threats)
How ofter has HIPS blocked, disabled or sandboxed a trusted process, program, driver and caused you problems?
How often do you have to keep configuring your HIPS to allow new processes, programs, drivers, etc?
How often has your HIPS got corrupted during an update process, lost its settings, not allowed you to save or restore your settings, etc.?
How ofter has your HIPS caused system errors, BSOD, crashes, lags, failed Windows Updates or disabled your ability to run chkdsk?
How many times have you had to uninstall and reinstall your HIPS in order to fix bugs? Remember bugs in a HIPS product indicate vulnerabilities.
If your are advanced enough user to know how to effectively use an HIPS product, then shouldn't you be advanced enough to know how to remove an infection, back your files and reinstall Windows? (Most users who think they know how to effectively use HIPS really don't)
Does your HIPS give your a sense of security to make you take risky chances, that you know you shouldn't do? like purposely downloading malware or visiting a known malicious website.
Every user has difference preferences but these questions should give someone an idea if they really need HIPS or not. Of coarse nobody needs to answer out loud, this is for themselves.
For the record, I don't recommend using a BETA product as the main security protection. BETA means it is not complete in a testing stage, has known bugs, etc.
Would you want to use a seat belt in your vehicle that was in its testing stage while driving though heavy traffic?
Thanks.
Instead of the question: How often do you get infections?
Ask yourself these questions:
How often has HIPS actually blocked a infection that yourself with simple browsing and downloading skills with a basic AV wouldn't have been able to block? (I'm not talking about testing it against threats)
How ofter has HIPS blocked, disabled or sandboxed a trusted process, program, driver and caused you problems?
How often do you have to keep configuring your HIPS to allow new processes, programs, drivers, etc?
How often has your HIPS got corrupted during an update process, lost its settings, not allowed you to save or restore your settings, etc.?
How ofter has your HIPS caused system errors, BSOD, crashes, lags, failed Windows Updates or disabled your ability to run chkdsk?
How many times have you had to uninstall and reinstall your HIPS in order to fix bugs? Remember bugs in a HIPS product indicate vulnerabilities.
If your are advanced enough user to know how to effectively use an HIPS product, then shouldn't you be advanced enough to know how to remove an infection, back your files and reinstall Windows? (Most users who think they know how to effectively use HIPS really don't)
Does your HIPS give your a sense of security to make you take risky chances, that you know you shouldn't do? like purposely downloading malware or visiting a known malicious website.
Every user has difference preferences but these questions should give someone an idea if they really need HIPS or not. Of coarse nobody needs to answer out loud, this is for themselves.
For the record, I don't recommend using a BETA product as the main security protection. BETA means it is not complete in a testing stage, has known bugs, etc.
Would you want to use a seat belt in your vehicle that was in its testing stage while driving though heavy traffic?
Thanks.
Littlebits said:
Very possible.
Littlebits said:
I'd say if you're having that much trouble with your HIPS, you need to try a different product. Either that or something is wrong with your system.
Sure, there is configuration that must be done. That is the nature of a HIPS.
Littlebits said:
Sure. The bigger question is, why bother with removing an infection, restoring, or reinstalling your OS if you don't need to? Does the attitude of, "If I get an infection, I know how to deal with it", really sound very advanced? (I know how to set a bone and place a cast on my limbs, so I'm not worried about breaking my leg...)
To me, it makes more sense to do everything you can to ensure you don't have the problem in the first place. Have you heard that old phrase, "An ounce of prevention is worth a pound of cure". It's been around a long time. I wonder why that is?
Littlebits said:
Absolutely not. I'm incredibly careful.
I just happen to know enough to realize that human beings aren't up to a lot of the tasks they feel they're up to, which is why I run a HIPS.
Littlebits said:
Neither do I. I wasn't aware we were telling anyone to run a beta product as their main protection. In fact, I would advise against running a beta product on any machine that has any data that you don't want to lose.
Plain and simple, if you don't feel you need a HIPS, great! More power to you! But to advise people that they don't need one if they can meet -whatever- requirement is inappropriate.
Littlebits
Retired Staff
- May 3, 2011
- 3,893
But to advise people to use an HIPS product, knowing nothing about their PC knowledge is appropriate? knowing about all of the problems and issues that are involve in keeping them configured, maintained, updated, etc?
Not knowing if these people can deal with the problems, bugs, system errors, BSOD, crashes, programs not working correctly, etc.
Is that what you call appropriate?
HIPS products and malware have some of the exact same properties.
The main difference is malware is much easier to remove then trying to completely get rid of an HIPS product because it didn't work the way you expected it to.
I find it very strange that users on security forums will recommend HIPS which tend to cause the exact same problems as what malware infection cause.
I have a friend who works for Microsoft tech support:
He said when someone has problems with Windows one of the first things they do is to find out what type of pc security is installed on that customer's system. If it is an advanced HIPS, the first advice they tell their customer is uninstall it and reboot your system. Microsoft tech supports doesn't recommend using HIPS products because they are known to cause problems with Windows. Windows was not designed to have a product to pause, block, limit (processes, services, drivers, handles, modules and threads). A product that does this shortens the life span of your computer's components. Therefore Microsoft does not recommend using products that do so. If Microsoft thought that these type of security products would be beneficial then they would have already designed one. Malware was the first to use these type of methods and we all know malware is not good for a PC. So why would a security product that uses these exact same methods be any better for the PC?
Enjoy!!
Littlebits said:
Again, what HIPS have you been using?
Current HIPS applications are pretty easy to use. No further problems keeping them updated/maintained than any other application. I've yet to encounter any system errors, BSOD's, or crashes due to HIPS. If I did, I wouldn't use one. Sure, some users might have compatibility issues due to some quirk with their system configuration that the software isn't happy with, but that is the same with any software. It's just not possible to guarantee that your software will be compatible with every system configuration.
As I said, sure, there is some configuration required, but that is the nature of a HIPS.
I've installed a HIPS on my sisters computer. Herself and her family are definitely not very computer savvy. If they can run a HIPS, anyone can.
If everyone was having the trouble running a HIPS as you are describing, nobody would use them! Even hardcore techy geeks will steer away from something that is guaranteed to give you the grief you are describing. The fact of the matter is, you only hear from the people with problems. With an installed userbase in the millions, I'd have to assume that what you are describing is rare.
Littlebits said:
I wasn't aware that I recommended a HIPS to anyone. I was saying that telling someone they don't need one because they've never been infected isn't a valid data point. Which is something that I find very strange on a security forum...
I've never been infected in decades. I probably don't need any security software. I use it on the off-chance that something may get by me, and I feel that HIPS offers the best protection.
And as I've already stated, if your HIPS is like a malware infection, you need to try another product.
Littlebits said:
:huh:
Ever heard of UAC, EMET, SmartScreen, Family Safety, or Microsoft Security Essentials? Those pause, block, limit...
By that token, any security software should be frowned upon. Not just HIPS.
And I'd love to hear how this is supposed to shorten the lifespan of the components of your system. :biggrin:
Perhaps a race condition from a poorly coded application that gets intercepted could drive up your CPU temp, but no more than any processor intensive process (Gaming, video rendering, etc...) that people do daily as part of their "normal" computer usage. The "normal" response is for an application to just wait. (Not Responding)
And yes, of course the first thing the tech support guys tell you is to uninstall a HIPS. That's standard troubleshooting. Start at square one with the basic OS, then introduce applications one at a time until you find the problem. In fact, they'll tell you to uninstall any third-party security software. I'm well aware of how Microsoft tech support (any tech support for that matter) works.
If i can involve in the discussion:
1- HIPS were very unfriendly-user in the past, now they are mostly easier to use if the user care to read the help files or googled how to safely use one; if not it is the user fault if his system get crippled, not the HIPS. I still not advise a common/beginner user to use it (just my opinion after seeing my customers average habits)
2- Microsoft should focus more on hardening its OS vs malwares, instead of adding useless features or delivering uncountable patches for each holes found; i liked Win8 but it is just a lighter-relooked-win7-tablet-oriented, built-in MSE in it is not enough to ensure security, it is why we still need 3rd party security apps.
Littlebits and HeffeD , both of your points are valid depending the context; what will make the difference is the guy sitting behind the screen, giving an HIPS to a careless users (advanced or not) may lead to a catastrophy, give one to a caring one will lead to a "secure" system.
i did an experiment, i put CIS on 2 computers:
1- CIS on my Girlfriend computer, set it to be userfriendly, teach her how to safely use it, no issues.
2- CIS on my careless friend computer, set it to be userfriendly, teach him how to safely use it, after one day, system crippled. I asked what happened ? he said "i don't know" i found out he just happy-clicked "block" all the time....
Thanks
1- HIPS were very unfriendly-user in the past, now they are mostly easier to use if the user care to read the help files or googled how to safely use one; if not it is the user fault if his system get crippled, not the HIPS. I still not advise a common/beginner user to use it (just my opinion after seeing my customers average habits)
2- Microsoft should focus more on hardening its OS vs malwares, instead of adding useless features or delivering uncountable patches for each holes found; i liked Win8 but it is just a lighter-relooked-win7-tablet-oriented, built-in MSE in it is not enough to ensure security, it is why we still need 3rd party security apps.
Littlebits and HeffeD , both of your points are valid depending the context; what will make the difference is the guy sitting behind the screen, giving an HIPS to a careless users (advanced or not) may lead to a catastrophy, give one to a caring one will lead to a "secure" system.
i did an experiment, i put CIS on 2 computers:
1- CIS on my Girlfriend computer, set it to be userfriendly, teach her how to safely use it, no issues.
2- CIS on my careless friend computer, set it to be userfriendly, teach him how to safely use it, after one day, system crippled. I asked what happened ? he said "i don't know" i found out he just happy-clicked "block" all the time....
Thanks
Littlebits
Retired Staff
- May 3, 2011
- 3,893
UAC is made to not cause problems like HIPS products do, but I do agree it doesn't benefit most users because they will simply click "Approve" without even reading or knowing what they just approved.
EMET is an advanced tool not installed by default, it can cause the same exact problems as what HIPS products do.
SmartScreen, Family Safety, or Microsoft Security Essentials do NOT pause, block, limit (processes, services, drivers, handles, modules and threads). They simply block execution of malicious files only which is much different.
I have tried them all and I'm an advanced user who knows how to configure them correctly and I haven't found one that hasn't cause severe problems. With the exception of WinPatrol which is not a complete HIPS product.
Fanboys and paranoid users are like being in a cult, they would use them no matter what kind of problems they cause.
Even if the user base is in the millions, that is still only less than 2% of all PC users which isn't that much. And no these problems are not rare, they are very common where users want to admit it or not I'm sure every single HIPS users has experienced these problems one time or another. If you don't believe me then visit the support forums of each HIPS product, the Bug Report section is one of the largest part of the forums. And those are just the one that got reported. Most users don't visit support forums and don't file bug reports. They just simply uninstall and move on and never look back.
I will admit many have become more user friendly but still have issues, I don't know how many reports I have read about failed upgrades, installation and uninstallation problems, products blocking or sandboxing trusted programs, no network access, etc.
It is a very easy principle, the harder components have to work to function then sooner they will finally wear out.
With a basic real-time AV, files are scanned on a system memory cache which doesn't cause components to work harder it causes increased RAM and CPU cycles which Windows and components were designed to handle.
With HIPS, CPU cycles are broken down into (processes, services, drivers, handles, modules, tokens, memory and threads) in real-time without a system cache. Each time something tries to run on your system it has to be broken down into these sub-categories and checked. Windows and components were not designed to handle this.
One single program can have 100 sub-categories that need to be checked each time it runs. This includes programs on your safe list as well. Let's say you have 60 processes running in your Windows Task Manager, each one has 100 sub-categories, of coarse some will even have more. That breaking down of the CPU cycles causes more wear on system components. Even though your HIPS maybe running low on RAM and CPU cycles. On a high end system you may not notice but on a low budget system, you should experience system lags and CPU cycle spikes in your Task Manager. What actually causes the wear is when the checking of sub-categories takes place, everything pauses for a second or more without running on a system cache. Over time this will lead to a shorten lifespan of your PC. This can apply to just about all the hardware components in your system.
If Microsoft can avoid these problems, then they would came up with something better than UAC. Right now SmartScreen, Family Safety, Microsoft Security Essentials, Microsoft Malicious Removal Tool Updates really are the best thing Microsoft can do to offer user friendly security without any system problems.
Thanks.
Yeah, now I've heard everything...
Sorry, a HIPS isn't going to reduce the lifespan of any of your components by any measurable degree. A single shutdown/boot cycle is considerably worse for your hardware than running a HIPS.
15 minutes of any 3D game is going to put more strain on your system than easily a days worth of running a HIPS.
I would love to see some white papers about your claims. Got any links for me?
Sorry, a HIPS isn't going to reduce the lifespan of any of your components by any measurable degree. A single shutdown/boot cycle is considerably worse for your hardware than running a HIPS.
15 minutes of any 3D game is going to put more strain on your system than easily a days worth of running a HIPS.
I would love to see some white papers about your claims. Got any links for me?
Littlebits
Retired Staff
- May 3, 2011
- 3,893
HeffeD said:
Sorry I will not be able to provide any links to confirm this claim but at the same time nobody will be able to provide any links to discredit this claim. It is just something that most Windows developers know. You can choose to believe it or not either way doesn't matter to me because it is your system that you will have to deal with.
Let's say if Microsoft published an article about how dangerous HIPS products are and how you should avoid using them. This would only hurt Microsoft since they have so many partners that they have to do business with. So don't expect Microsoft to post any links. But if you really want to know more join Microsoft Developer Network and ask some of the professionals what they think about HIPS products.
The term they use for HIPS products like Comodo, Online Armor, Outpost, Malware Defender, etc is "fools tools" and I'm not joking.
Good day.
House_maniac
Level 1
- Sep 21, 2011
- 426
Littlebits said:HeffeD said:
Sorry I will not be able to provide any links to confirm this claim but at the same time nobody will be able to provide any links to discredit this claim. It is just something that most Windows developers know. You can choose to believe it or not either way doesn't matter to me because it is your system that you will have to deal with.
Let's say if Microsoft published an article about how dangerous HIPS products are and how you should avoid using them. This would only hurt Microsoft since they have so many partners that they have to do business with. So don't expect Microsoft to post any links. But if you really want to know more join Microsoft Developer Network and ask some of the professionals what they think about HIPS products.
The term they use for HIPS products like Comodo, Online Armor, Outpost, Malware Defender, etc is "fools tools" and I'm not joking.
Good day.
great post man but believing what your developper friends said would be like believing half on the planet uses microsoft security essential
but like heffed said hips is userfriendly now and people who are not so technie just use another product! hips is for advanced and intermediate users!its sure would cause prob to people who wouldn't know what to answer with pop ups!- Status
