I would like to see your proof that the Behavior Blocker did not block something that HIPS can, please.
I missed Online Armor, yes - but at least parts of its code lived on in Emsisoft Internet Security. To me it was the guy that introduced me to a wonderful vendor.
While I am also sad of this news I am confident that even-though I prefer HIPS (because I always want to have full control of my applications) I can do some workarounds.
I think I can answer that since I have proven it to Fabian Worsar when I beta tested EIS before
http://support.emsisoft.com/topic/1...isoft-internet-security-90-public-beta/page-3
Also I think what
jasonX is stating as "trigger mechanisms for launching another application" is similar to the nature of what he had tried in his Eset Smart Security trial of 2012
http://malwaretips.com/threads/block-a-browser-launch-from-a-shell-link-in-eset-hips.7172/.
In that post I made in the Emsisoft Forums, Fabian mentioned there the difference of the BB from the full blown HIPS.
http://support.emsisoft.com/topic/1...isoft-internet-security-90-public-beta/page-3
See post #115 / post#118
Raul90, on 27 May 2014 - 11:29 AM, said:
I see that when I repeat to click "View Website" there is still the pop-up with another port number. PuranDefrag triggers firefox.exe for a connection and continues to search for every port available(1031, 1053, 1059, 1061, 1087 and counting). Isn't it more simpler to block the "trigger" or PuranDefrag to start another application? Can that be done with EISv9..?
Fabian Wosar's reply
You could block Firefox from running, but not Firefox when started by PuranDefrag. The later is more of a HIPS feature, which we consciously decided not to implement due to the shear amount of complexity it adds for normal home users which EIS is targetting. If you want more control, I suggest staying with Online Armor.
post#120 #122 and #123
There it has been stated by Fabian himself that you can block the browser from running but not the trigger application(which in that case was PuranDefrag)
If you will read in detail the post's I did that is also related to the "behavior of an application trying to launch an application" -- that is the trigger mechanism that
jasonX is mentioning. Something like I did with my Bitdefender tests(same principle). An application like a game or an exe when exited triggers the browser to launch and go/connect directly to home. On both trials that I did based on the same principle of trigger mechanism or "application like a game or an exe when exited triggers the browser to launch and go/connect directly to home" Bitdefender failed to block it. It's shown here.
Checking out BitDefender Internet Security 2014 performance
http://malwaretips.com/threads/checking-out-bitdefender-internet-security-2014-performance.25189/
Short trial of Bitdefender Internet Security 2015
http://malwaretips.com/threads/short-trial-of-bitdefender-internet-security-2015.41361/
To illustrate that trigger mechanism for you. I am posting the images of EAM(BB active) and OA Premium (HIPS active)with their respective rule.
In EAM with Behavioral Blocker active, the application rule for PuranDefrag GUI is "blocked" except that of the "install services and drivers". Also take note that "Dialer related Activity" is also set at "block". Now when you launch PuranDefrag>About Puran Defrag there is a button there that says, "View Website". Clicking that still launches the default browser (which is Firefox.exe). See image below.
To compare with the power of OA Premium HIPS. In OA>Programs>PuranDefragGUI>Advanced Options> there is permissions there on the top which says, "Start Applications". Look closely as this is where you can block "any" application that is triggered by PuranDefragGUI.exe. All you need to do is "Add" the application there in "Allow Except" or just tick "Block All".
Now same launch trigger mechanism as used with EAM, launch PuranDefrag>About Puran Defrag>click "View Website". OA HIPS blocks the firefox.exe launch dead cold as seen in the OA History. No browser launch is seen.
See image below.
I missed Online Armor, yes - but at least parts of its code lived on in Emsisoft Internet Security.
Have not used Online Armor before...? Seems you do not know OA HIPS capability. The guys here who have been part of the testing/development of EIS (
Umbra guru is one) can say it is different from OA. EIS has it's BB that is different from OA's HIPS. This example that I showed you shows that HIPS power and it's difference from BB. It is in the preference of the user or how does he wants his applications controlled. As shown in EAM's BB/Application Rule you cannot block that trigger mechanism there. You can only do that with something like OA's HIPS. In Comodo you can also do that but it's different but it's also in the HIPS. Kaspersky and Outpost Firewall Pro can do that also. As Fabian mentioned there,
The later is more of a HIPS feature, which we consciously decided not to implement due to the shear amount of complexity it adds for normal home users which EIS is targetting. If you want more control, I suggest staying with Online Armor.
Now to my opinion, the only workaround you can do so BB can block that browser launch is to assign a different browser(say, Opera) as "default browser" and block that in BB -- "Always block this application" -- (impossible to run). So when you click "View Website" in the PuranDefragGUI the browser(Opera is blocked thus connection to home is also blocked). But doing that does not block the "trigger mechanism" but what you did was block a "specific application" from running via BB. All default browser launch whether it be legitimate or not is and will be "blocked". That is entirely different from the HIPS block where you can still use the browser. It only blocks the trigger as specified in "start applications" Allow Except -- firefox.exe.
Maybe you can show us here how can EIS block that same trigger mechanism since you are a user of EIS. That I'd like to see for myself.