cartaphilus
Level 5
- Mar 17, 2023
- 202
VoodooShield, HIPS and OS Armor all require a responsible and knowledgeable user. The user must know what's a normal function of a program and what's not. They must also be aware of what programs are on the system and which of those programs could be leveraged to perform vulnerability attacks.
For example a popup that states "PowerShell is attempting to perform CMD task" when installing a new software; does that means that it's part of the valid install or is it leveraging a scripting vulnerability? If I deny it and it's valid then most likely the software you are installing won't be stable or maybe ran at all. Then again if I allow it and it's malicious then benefit to the user for employing the extra layer of security suddenly become null and void.
It's best for the user to try it out themselves and see if they are comfortable with the level of prompts and the quality of information provided by those prompts. Otherwise at least it would be a waste of $$ and at most it will create a very chatty system which would result in the user either bashing the software as "stupid and useless" or just uninstalling it and never using it again.
Nowadays the number of users who know what HIPS is and how to use it is growing. Gone are the DiamondCS days and them breaking the ice into the arena of execution blockers (ProcessGuard and TDS-3).
For example a popup that states "PowerShell is attempting to perform CMD task" when installing a new software; does that means that it's part of the valid install or is it leveraging a scripting vulnerability? If I deny it and it's valid then most likely the software you are installing won't be stable or maybe ran at all. Then again if I allow it and it's malicious then benefit to the user for employing the extra layer of security suddenly become null and void.
It's best for the user to try it out themselves and see if they are comfortable with the level of prompts and the quality of information provided by those prompts. Otherwise at least it would be a waste of $$ and at most it will create a very chatty system which would result in the user either bashing the software as "stupid and useless" or just uninstalling it and never using it again.
Nowadays the number of users who know what HIPS is and how to use it is growing. Gone are the DiamondCS days and them breaking the ice into the arena of execution blockers (ProcessGuard and TDS-3).
Last edited:
