Earth said:
If prevention, it would have not allowed the malware to enter the system, but of course HIPS wouldn't know the difference good and bad, so it's completely user-dependent after that.
To safeguard a system, you must prevent. To prevent you must block access before entry to anywhere near the system.
HIPS and BB are closer to the inbetween state of Prevention and Infection.
There is no inbetween state of infection. Either your machine is clean, or it is not. Either infection has been prevented, or it has not. HIPS and BB's sole purpose is infection
prevention.
To
prevent is defined as
stopping something from happening. Any mechanism that
stops an infection, has
prevented an infection.
Are you saying that if I attempt to install some malware and my HIPS or BB warns me of suspicious behavior and I block it, (thus avoiding infection) the HIPS or BB has not in fact
prevented an infection? I think you'd be hard pressed to find anyone who would say that this was not the case.
It sounds like in your opinion, if malware is on my HD, my
prevention has already failed, correct? You feel that the malware has already gained entry to my system?
I would beg to differ. It has not gained entry to my system at all. It's sitting on my HD, yes. But inert malware isn't a risk. It needs to be executed in order to do anything, which is where my HIPS or BB will (hopefully) step in. (In the event that this is a new threat that my AV doesn't have a signature for yet)
There is no starting point to prevention. As long as the end result is avoided, it is considered to be prevented.
If a car starts rolling down a hill towards a group of school children and you jump in and press the brakes, you have just
prevented the car from hitting the children. No one would say that you didn't
prevent the catastrophe because the car was already parked on the hill...
