- May 17, 2018
- 5
Long story short:
The idea is to let only signed (and therefore trusted) applications to run and to make changes to the system.
If a application is not signed:
- It is sandboxed
- It is blocked
I only know these vendors who do it:
Comodo Internet Security: HIPS "Safe Mode" only allows signed executables to run. Users can submit vendors executables to be whitelisted. One of the most effective methodologies that I know which effectively block all kind of threats: known and unknown, independently of the threat being recognized by signatures or not. When I setup this on users that run everything blindly I never had problems again
Kaspersky Internet Security:Trusted Applications Module, works similarly to the Comodo. If a .dll/.exe/whatever isn't signed and unknown to the Kaspersky Security Network (KSN). Unkown dlls are blocked. You can even query if an executable is common and run by many users in the KSN
BitDefender App Protection: the weaker one (and huge confusion with the "Threat Defense" and "behavior blocker" ?). Doesn't seem to do much. I barely see any information about signed/unsigned apps, dlls or whatsoever. Or even if this is the way this module runs or if it is even more basic than that. Barely any documentation how is the module operates.
A discussion about Kaspersky Free vs Bifender Free an user states the following:
I've tested CIS and KIS and I'm currently evaluating the renewal of the security product. I'm having a few doubts if Bitdefender is sophisticated and in pair with CIS/KIS.
1. Best: CIS
2. Second nd best: KIS
3. Weak: Bitdefender
CIS seems to be the most polished implementation, flowed right back by KIS.
So, a few questions:
a) Any opinion about the BitDefender modus operandi?
b) Any difference between BitDefender's Threat Defense, behavior blocker and App Protection?
b1) Is any of those actually built in the BitDefender free?
c) Any other vendors that have implemented something like this?
Any comments/experience about this kind of next-generation defense is appreciated.
The idea is to let only signed (and therefore trusted) applications to run and to make changes to the system.
If a application is not signed:
- It is sandboxed
- It is blocked
I only know these vendors who do it:
Comodo Internet Security: HIPS "Safe Mode" only allows signed executables to run. Users can submit vendors executables to be whitelisted. One of the most effective methodologies that I know which effectively block all kind of threats: known and unknown, independently of the threat being recognized by signatures or not. When I setup this on users that run everything blindly I never had problems again
Kaspersky Internet Security:Trusted Applications Module, works similarly to the Comodo. If a .dll/.exe/whatever isn't signed and unknown to the Kaspersky Security Network (KSN). Unkown dlls are blocked. You can even query if an executable is common and run by many users in the KSN
BitDefender App Protection: the weaker one (and huge confusion with the "Threat Defense" and "behavior blocker" ?). Doesn't seem to do much. I barely see any information about signed/unsigned apps, dlls or whatsoever. Or even if this is the way this module runs or if it is even more basic than that. Barely any documentation how is the module operates.
A discussion about Kaspersky Free vs Bifender Free an user states the following:
My opinion: bitdefender free. Why? No Ads, good signatures and with atc (proactive detection). Kaspersky free and sophos don't have a behavior blocker.
I've tested CIS and KIS and I'm currently evaluating the renewal of the security product. I'm having a few doubts if Bitdefender is sophisticated and in pair with CIS/KIS.
1. Best: CIS
2. Second nd best: KIS
3. Weak: Bitdefender
CIS seems to be the most polished implementation, flowed right back by KIS.
So, a few questions:
a) Any opinion about the BitDefender modus operandi?
b) Any difference between BitDefender's Threat Defense, behavior blocker and App Protection?
b1) Is any of those actually built in the BitDefender free?
c) Any other vendors that have implemented something like this?
Any comments/experience about this kind of next-generation defense is appreciated.