Advice Request Eset + osarmor or hitmanpro.alert ?

Please provide comments and solutions that are helpful to the author of this topic.

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
526
VoodooShield, HIPS and OS Armor all require a responsible and knowledgeable user. The user must know what's a normal function of a program and what's not. They must also be aware of what programs are on the system and which of those programs could be leveraged to perform vulnerability attacks.

For example a popup that states "PowerShell is attempting to perform CMD task" when installing a new software; does that means that it's part of the valid install or is it leveraging a scripting vulnerability? If I deny it and it's valid then most likely the software you are installing won't be stable or maybe ran at all. Then again if I allow it and it's malicious then benefit to the user for employing the extra layer of security suddenly become null and void.

It's best for the user to try it out themselves and see if they are comfortable with the level of prompts and the quality of information provided by those prompts. Otherwise at least it would be a waste of $$ and at most it will create a very chatty system which would result in the user either bashing the software as "stupid and useless" or just uninstalling it and never using it again.

Nowadays the number of users who know what HIPS is and how to use it is growing. Gone are the DiamondCS days and them breaking the ice into the arena of execution blockers (ProcessGuard and TDS-3).
 
Last edited:

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
526
I recall DisamondCS and those apps. Guessing that was circa win 2000? or even earlier than that...? :unsure:
Yeah win NT and 95/98 era. The time of Kevin and Nancy from BoClean, the time when NOD32 was just a giant pulsating red entity as a GUI, the time before the empire before the sith...oh wait wrong genre.

As per DiamondCS they shut the shop when NT kernel gut good (Windows Vista alphas). Once you required signed and verified kernel driver's then some barely above water shops couldn't really afford it. And diamondcs was a small group from Australia. Still TDS-4 sounded good on paper.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top