Author Topic: Competitor's Behaviour Shield 64bit  (Read 3660 times)

0 Members and 1 Guest are viewing this topic.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Competitor's Behaviour Shield 64bit
« on: March 29, 2010, 09:49:01 PM »
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Competitor's Behaviour Shield 64bit
« Reply #1 on: March 29, 2010, 10:18:34 PM »
The main problem is that these behavior shields don't seem to do anything even on 32bit systems.
And that begs the question about their real efficiency... In AVIRA's and avast!'s case...
Visit my webpage Angry Sheep Blog

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Competitor's Behaviour Shield 64bit
« Reply #2 on: March 29, 2010, 10:30:44 PM »
What do you mean by "Seem to do nothing"?
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

sded

  • Guest
Re: Competitor's Behaviour Shield 64bit
« Reply #3 on: March 29, 2010, 10:36:01 PM »
A reasonable article from Vince's shift at Symantec at http://www.symantec.com/connect/articles/behavior-blocking-next-step-anti-virus-protection on the concept of a BB as an automated HIPS.  The date emphasizes the lack of progress in this arena.  I don't think anyone really knows what the Alwil version does.  But if there is really any kind of automated HIPS in there, its performance on the Matousec site is what should have been evaluated, and Alwil should have raised Hell about them testing the firewall alone, not the BB.  AND done the testing themselves.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Competitor's Behaviour Shield 64bit
« Reply #4 on: March 29, 2010, 11:12:44 PM »
What do you mean by "Seem to do nothing"?

Exactly what i said. I haven't seen a SINGLE alert from behavior shield. Not one. And i was throwing everything at it.
ThreatFire? No problem, throw at it and it will jump on it sooner or later. Kaspersky Antivirus 7 (yes, the very older version), same. It actually cought very new samples with very outdated behavior module because they aren't updating it anymore for a long time.
But avast!. Ok, it has the shield, but for me it doesn't do anyting. Same goes for AVIRA ProActiv that basically works the same as the one in avast!. Nothing from it at all. Like it's not even there. Now if you add something like that to the program i'd expect to see at least 1 detection. Just one would be enough. But nothing, makes me question it's effectiveness.
Visit my webpage Angry Sheep Blog

Offline Justin_22

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 445
  • Free your soul and let it fly
Re: Competitor's Behaviour Shield 64bit
« Reply #5 on: March 30, 2010, 12:28:36 AM »
I saw one alert from Avast! behavior shield, and that for a suspicious outgoing connection from when I was testing on a virtual machine. other then that for Behavior blocker I use threatfire.
Avast!  2014 beta - Sandboxie - K9 Web Protection

Hermite15

  • Guest
Re: Competitor's Behaviour Shield 64bit
« Reply #6 on: March 30, 2010, 01:10:19 AM »
good 8) thought it was completely ineffective on 64 bit systems only (no rule sets), but it seems our 32 bit brothers experience the same ecstatic sensations when the BS is in action ;D