Battle Comodo Internet Security vs Online Armor++

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Comodo Internet Security vs Online Armor ++
 

Littlebits

Retired Staff
May 3, 2011
3,893
bogdan said:
new user said:
I voted neither because they are overkill. If you want heavy duty security, CIS is all you need, but I would probably not use it.

I see allot of people moving away from HIPS based products and willing to compensate by backing up regularly and lowering their security risk (exercise more caution when browsing and downloading apps, etc.).

Here is my view on HIPS/Sandboxing programs.
1. Only advanced users benefit from using them, they are too complicated for basic users.
2. If advanced users know how to use HIPS/Sandboxing programs and configure them correctly, then they should have enough knowledge to know how to avoid malware in the first place. They should know how to effectively remove infections and repair most system errors, make backups and restore them effectively. Since it takes more knowledge to configure and use HIPS/Programs than what it does to do these complicated tasks.
3. HIPS/Sandboxing programs degrade your system's performance and cause errors. Most advanced users know this, that why they have to continue to solve problems, re-configure and fix errors. Windows OS was not designed to have programs to intercept Threads, Tokens, Handles, Memory, etc. Even Microsoft doesn't recommend using HIPS/Sandboxing programs. It the leading cause of failed Windows Updates.

When users advance to my level, they will see how useless HIPS/Sandboxing program really are.

Thanks.:D
 

Littlebits

Retired Staff
May 3, 2011
3,893
ghost said:
Are you talking about classic HIPS or the new whitelisting based HIPS?

Both because there really isn't much difference between the two.
Whitelisting is very controversial because it has major problems.

1. Whitelisting on works if the files are digitally signed by the vendor. Many vendors even Microsoft don't digitally sign all their files. It is not uncommon for Windows Update files to not be digitally signed. Many freeware and open-source developers don't digitally sign their files because it costs them money to do so. Many Windows hardware vendors don't sign their drivers. It is impossible to add whitelists for these programs, therefore they will usually get blocked by HIPS.

2. Many security vendors like Comodo, Emsisoft, PC Tools, Outpost, etc. have ad partners that they use to advertise their products, therefore the ad distributors products will automatically be added to their whitelists where they have full permission to run on your system without notifications. You might be surprised to know how many security vendors add rogueware, adware and spyware distributors to their whitelists.

So if you ask me, Classic HIPS is better than whitelisting based HIPS.
Because Classic allows you to make all the decisions, instead of auto blocking or auto allowing processes to run.

Thanks.:D
 

Ramblin

Level 3
May 14, 2011
1,014
Littlebits said:
bogdan said:
new user said:
I voted neither because they are overkill. If you want heavy duty security, CIS is all you need, but I would probably not use it.

I see allot of people moving away from HIPS based products and willing to compensate by backing up regularly and lowering their security risk (exercise more caution when browsing and downloading apps, etc.).

Here is my view on HIPS/Sandboxing programs.
1. Only advanced users benefit from using them, they are too complicated for basic users.
2. If advanced users know how to use HIPS/Sandboxing programs and configure them correctly, then they should have enough knowledge to know how to avoid malware in the first place. They should know how to effectively remove infections and repair most system errors, make backups and restore them effectively. Since it takes more knowledge to configure and use HIPS/Programs than what it does to do these complicated tasks.
3. HIPS/Sandboxing programs degrade your system's performance and cause errors. Most advanced users know this, that why they have to continue to solve problems, re-configure and fix errors. Windows OS was not designed to have programs to intercept Threads, Tokens, Handles, Memory, etc. Even Microsoft doesn't recommend using HIPS/Sandboxing programs. It the leading cause of failed Windows Updates.

When users advance to my level, they will see how useless HIPS/Sandboxing program really are.

Thanks.:D
I agree with you on HIPS but disagree on sandboxing.
Sandboxing its easy and can be used by basic users in a proper
way. Let me give you a real life example. My mom lives in
a different country than myself, when she visits me, I create a
dedicated Firefox sandbox for her. She never has to ask me about
anything when she browses her regular websites, when she opens
files sent to her by her friends, that includes PDF and Power Point.
She downloads whatever she wants, bypassing the recovery function.
She does not get infected, even though she has no idea what
Sandboxie is or how it works.

Errors on Windows? not on mine. Performance? Sandboxie is using
as I am writing, about 12MB. My CPU usage is always 0 when in idle,
never surging or peaking, like you get with most antiviruses/HIPS/
firewalls, etc. If the user needs to do Windows update, all his got
to do is disable forced programs and its done or run IE unsandboxed.
When I close my browser, my total memory is around 200MB, thats it.
My XP don't suffer any because I have Sandboxie installed instead of
the real time antivirus, a firewall(I use Windows ), a few scanners and
who knows what else.

Pretty much all I said about SBIE, can also be applied to DefenseWall.
Actually, for somebody like my mom, DefenseWall might be even easier
since I would not have to loosen the sandbox a little bit or have to
change settings in order to bypass the recovery function.

Bo
 

ghost

Level 1
Jan 16, 2011
132
Good answer, HIPS/Sandboxing are a little too old technology but at this moment it's the only security software that could protect you most times from 0-day malware in extreme scenarios that could never happen. Everything failed too many times. Not working properly with your OS? Then that's the developer problem and the way he chooses to bypass windows files.
 
D

Deleted member 178

Littlebits said:
1. Only advanced users benefit from using them, they are too complicated for basic users.
2. If advanced users know how to use HIPS/Sandboxing programs and configure them correctly, then they should have enough knowledge to know how to avoid malware in the first place. They should know how to effectively remove infections and repair most system errors, make backups and restore them effectively. Since it takes more knowledge to configure and use HIPS/Programs than what it does to do these complicated tasks.
3. HIPS/Sandboxing programs degrade your system's performance and cause errors. Most advanced users know this, that why they have to continue to solve problems, re-configure and fix errors. Windows OS was not designed to have programs to intercept Threads, Tokens, Handles, Memory, etc. Even Microsoft doesn't recommend using HIPS/Sandboxing programs. It the leading cause of failed Windows Updates.

1- totally agree
2- agree too
3- disagreee, for example Comodo HIPS run very smooth on my system , i never had an issue from it or need to fix something because of it.

When users advance to my level, they will see how useless HIPS/Sandboxing program really are.

if you never go to malicious websites or trying "risky" softwares, generally having a safe behavior, you right, you even dont need any security softwares just a backup image; but some people like taking risks.
Using an analogy: why you should wear an helmet when driving a car; useless to you but not for a car stuntman.

And the huge whitelist "issue" of some vendors can be ignored by deleting the whitelist file and replacing it by a blank one (what i did with CIS vendor file)
 

Littlebits

Retired Staff
May 3, 2011
3,893
3- disagreee, for example Comodo HIPS run very smooth on my system , i never had an issue from it or need to fix something because of it.

It may appear to run smoothly check your "Event Viewer" on your system for system and application errors.

I know when I used Comodo, Online Armor and other HIPS, I always had unexplained errors in my Event Viewer. I searched everywhere to find answers then one of my friends who works for Microsoft ask me about my security setup.
After I told him, he said to uninstall all related HIPS and reboot and the errors should be gone. I did and he was right. He explained to me why HIPS programs cause these errors. Windows OS wasn't designed to have programs that intercept, block or pause Threads, Tokens, Handles, Memory, etc.

He said over time HIPS can cause even more noticeable errors much like malware does. I'm sure he just didn't make this all up, he has worked for Microsoft over 10 years and knows what he is talking about.


Sandboxing its easy and can be used by basic users in a proper
way. Let me give you a real life example. My mom lives in
a different country than myself, when she visits me, I create a
dedicated Firefox sandbox for her.

Sandboxing requires setup which most users don't know how to do. You even said that you created the sandbox for your mom which proves my point. Why couldn't your mom setup the sandbox herself? My mom don't even understand how to use Windows default firewall, she calls me every time she get a unblock notice because she has gotten malware in the past from clicking something and is afraid to do anything. There would be no way she could setup a sandboxing program and use it effectively. Have to realize over 98% of all users are complete novice. Even a simple AV and firewall is a challenge for them.

Thanks.:D
 

Ramblin

Level 3
May 14, 2011
1,014
For novice users, setting up an antivirus just like creating a sandbox
is a challenge. The difference is that with the sandbox, the user wont
get infected(probably) but the novice user that depends on the
scanner will(no doubt) get infected, its just a matter of time.
Littlebits, when I talk to my mom about security, the expression in her
face is "son, I don't understand what you are talking about". Her face
is the same whether I am asking her "mom, are you using an AV? or
"do you know what Flash is, Java?.
The thing is, when shes visiting me, she surfs and downloads,
doing what she always does, without a real time antivirus and kept
clean by doing her surfing on a dedicated Sandbox created for her.
If your mom lives near by, try it out, you might be surprised how well
moms get along with Sandboxie. :cool:

Bo
 

Littlebits

Retired Staff
May 3, 2011
3,893
bo.elam said:
For novice users, setting up an antivirus just like creating a sandbox
is a challenge. The difference is that with the sandbox, the user wont
get infected(probably) but the novice user that depends on the
scanner will(no doubt) get infected, its just a matter of time.
Littlebits, when I talk to my mom about security, the expression in her
face is "son, I don't understand what you are talking about". Her face
is the same whether I am asking her "mom, are you using an AV? or
"do you know what Flash is, Java?.
The thing is, when shes visiting me, she surfs and downloads,
doing what she always does, without a real time antivirus and kept
clean by doing her surfing on a dedicated Sandbox created for her.
If your mom lives near by, try it out, you might be surprised how well
moms get along with Sandboxie. :cool:

Bo

I might give Sandboxie a try with my mom. In the past she has got infected so many times because she would just click anything. I tried to get her to use Firefox but she didn't like it and kept going back to IE and getting more infections. Finally got Opera setup with Ad-block and WOT extensions and she really likes it. Since the main reason she was getting infected was because she was clicking on ads. Since she has been using Opera, she has been doing pretty good with not getting as many infections. I have MBAM Pro and Avast Free installed on her system with Windows default firewall and still some malware gets past it. But it is much better than before. One time I removed over 900 infections from her system while she was using Norton with expired subscription for over a year. She still thought Norton was working.

My mom mostly just plays online games, uses Yahoo Mail and searches the web. I have bookmarked several safe sites to keep her from wondering into unknown territory as much. She has finally learned the hard way to not open spam email and click on links in emails. Now every once in awhile she gets a minor infection nothing like before, so I know I'm making progress. She is 67 years old and hard headed and is not interested in learning much about her computer.

Sandboxie might be a good idea as long as it does mess with her flash and Java games. She really gets pissed when her games don't work.

Thanks.:D
 

Ramblin

Level 3
May 14, 2011
1,014
To get Flash working for my mom, I also have to disable NoScript on her
sandbox, otherwise she would look at me with a facial expression that
says "whats going on, Bo".
My 73 year old mom is like yours, clicks on everything, she does not
even know if her laptop has an antivirus or not and most likely is infected
by who knows what.
She lives in Miami, its been a long time since I was there last, otherwise
her laptop would be setup with Sandboxie, pretty much as I described
her sandbox on my PC.
Its perfect for her because even though she opens and clicks on just
about every thing, she does not download too many things and installs
nothing.

Regards
Bo
 

Littlebits

Retired Staff
May 3, 2011
3,893
bo.elam said:
To get Flash working for my mom, I also have to disable NoScript on her
sandbox, otherwise she would look at me with a facial expression that
says "whats going on, Bo".
My 73 year old mom is like yours, clicks on everything, she does not
even know if her laptop has an antivirus or not and most likely is infected
by who knows what.
She lives in Miami, its been a long time since I was there last, otherwise
her laptop would be setup with Sandboxie, pretty much as I described
her sandbox on my PC.
Its perfect for her because even though she opens and clicks on just
about every thing, she does not download too many things and installs
nothing.

Regards
Bo

Your mom and my mom seem to have a lot in common.
Of coarse this represents the majority of computer users.

It is really sad, because these are the type of users who need malware protection the most. These users are the ones that keep unknowingly spreading infections across the web. And HIPS does nothing to help them since it is too complicated for them to understand.

In an over-all world wide statics, HIPS stops under 1% of all malware infections, whereas signature based AV can stop around 65%. I read these statics from a test performed last year, I wish I could remember the website.

Of this doesn't apply to advanced members who use HIPS effectively on their own systems. In that case HIPS would be able to block nearly 100% of infections. Too bad the majority of users are not advanced.

So as for worldwide, HIPS is an complete failure and signature based is not good enough. Computer education is the key, but most users are not willing to learn. What I get sick of seeing is all of these advanced users trying to push HIPS on these novice users which they should know isn't going to work for them. You can go to many different forums, and Comodo fanboys are always trying to push Comodo on these novice users. Not only Comodo, but you can find other fanboys for Online Armor, PC Tools Firewall, Malware Defender, Privatefirewall, Outpost Pro, etc. These fanboys are not helping the situation at all. They are just advertising their favorite products which is useless since advanced users would have no problems finding these products in the first place.

Thanks.:D
 

LaserWraith

Level 1
Feb 24, 2011
497
On our family computer, I set up CIS and used the parental feature to block most anything new. It worked okay.

But you are right - HIPS protection can cause problems. I replaced CIS with OA free recently, and some of the problems have gone away (not sure about the one minute HDD freeze...maybe a hardware problem?).

But I'm not sure what else to use. I don't trust an AV or something which decides for me. And a sandbox seems like it might get in the way, or I'll think it is protecting me when it isn't (maybe I don't want the learning curve :D ).
 

Ramblin

Level 3
May 14, 2011
1,014
LaserWraith said:
But I'm not sure what else to use. I don't trust an AV or something which decides for me. And a sandbox seems like it might get in the way, or I'll think it is protecting me when it isn't (maybe I don't want the learning curve :D ).
About the sandbox(Sandboxie), the learning curve seems hard but the
reality is that its not. The hardest part is understanding the concept
about what it is being sandboxed. The rest comes easy and it can be
learned as you go. Sandboxie does not need to be learned in one day. :)

I started to use Sandboxie because I realized, like you, that AV can not
be trusted. The day that I realized that they always fail, I started
looking for something to replace them. Thats how I got to Sandboxie.

In a way I was lucky, because Sandboxie was the second program that
I tried after I started looking for the extra layer to protect my PC against
Zero day threats. So, I did not get all rattle up, choosing between the
hundreds of programs out there that claim to be greatest thing against
malware.

After using Sandboxie for six months, I knew it was the real thing, doing
what its supposed to do. It has never let anything through in the two
and a half years that I have been using it and whenever I can, I pass
it on to people, like you, since I know it would benefit you from day one,
if you start using it.

Bo
 

Littlebits

Retired Staff
May 3, 2011
3,893
As far as the configuration, what is more easy to setup Sandboxie or BufferZone Pro? To myself BufferZone Pro looks easier to setup by looking at the screenshots on Softpedia.

The only sandbox that I have used is the auto sandbox with Comodo which is a complete over-kill, it doesn't allow processes to run correctly and the one with Avast which still allows process to run effectively, but it is unknown if it can actually be effective blocking malware.

I tried Sandboxie many years ago and for some reason didn't like it, I don't remember why. I know Sandboxie is very effective blocking malware when setup correctly but it doesn't look like simple to configure. Of coarse I know I could figure it out after messing with it for awhile but I'm trying to figure out if it is worth my time since it would be for my mom, I would never use it myself. Also isn't the free version of Sandboxie limited? if so then BufferZone Pro might be a better option since it is now freeware.

Thanks.:D
 

Ramblin

Level 3
May 14, 2011
1,014
Littlebits said:
As far as the configuration, what is more easy to setup Sandboxie or BufferZone Pro? To myself BufferZone Pro looks easier to setup by looking at the screenshots on Softpedia.

The only sandbox that I have used is the auto sandbox with Comodo which is a complete over-kill, it doesn't allow processes to run correctly and the one with Avast which still allows process to run effectively, but it is unknown if it can actually be effective blocking malware.

I tried Sandboxie many years ago and for some reason didn't like it, I don't remember why. I know Sandboxie is very effective blocking malware when setup correctly but it doesn't look like simple to configure. Of coarse I know I could figure it out after messing with it for awhile but I'm trying to figure out if it is worth my time since it would be for my mom, I would never use it myself. Also isn't the free version of Sandboxie limited? if so then BufferZone Pro might be a better option since it is now freeware.

Thanks.:D
You can set BufferZone in a way in which browsers and other untrusted apps
always open and run in the Buffer Zone(sandboxed). If she installs something
or something installs on its own:D, it will be installed in the sandbox.

BufferZone keeps this files in the sandbox until they get deleted,
that's something you can do when you go visit her. Personally, I prefer
SBIE since I feel certain that its more bullet proof than BZ but using BZ
would be a lot better than not using any sandboxing.

Buffer Zone sort of combines Sandboxies virtualization with DefenseWall
policy restriction. You can leave most policy settings on place but you
should change one, in my opinion. This setting has to do with downloaded
files that are signed. BZ has on default, that this files are downloaded as
trusted and will be installed out of the sandbox, if they are installed. That
is fine for you and me, but not for mom. :D

Give it a try, got nothing to lose.

Bo

You said something about Sandboxie "blocking malware", the reality is that
sandboxing programs, actually, don't block malware, they contain malware
by isolating it from your system. The beauty of the sandbox is that every
thing comes in the sandbox, the key is ....what is allowed to come out of
the sandbox into your real system. With something like Sandboxie, my only
concern are the files that I decide to bring into my real system.
Malware or anything that comes into the sandbox, that stays in the sandbox
until it gets deleted, does not concern me at all.
 

LaserWraith

Level 1
Feb 24, 2011
497
Bump: I tried out Sandboxie, but it seemed like I'd have to manually start programs in the sandbox each time, and that it took the premium version to have a program run in the sandbox when executed. Is this correct?
 

Ramblin

Level 3
May 14, 2011
1,014
LaserWraith said:
Bump: I tried out Sandboxie, but it seemed like I'd have to manually start programs in the sandbox each time, and that it took the premium version to have a program run in the sandbox when executed. Is this correct?
Hi LaserWraith, when you install the free version, Sandboxie installs a
icon on your desktop. If you click on the icon, your default browser
will open sandboxed.
If you use a email client, your email client will open sandboxed when
you click on the icon.

The 2 differences between the free and registered version of SBIE are
#1 Forcing programs so they open sandboxed automatically.
#2 Multiple sandboxes open at the same time.

Seems to me that you want "forced programs", unfortunately that's only
available in the registered version. If I may suggest, use the free version
for a while and after a while when you realize the benefits that you get
from Sandboxie, then consider purchasing it. It is worth the money that
we pay and more, in my opinion.

The protection that you get on both versions is exactly the same. The
protection that SBIE gives you in the free version is not watered down
unlike most security programs were the free version protects you less
than the paid one.

Bo
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top