How do rules work? Coming from CIS and KIS I really need some help

[Utini 1]

 

 

Do you still have CIS installed?

 

Well, my view on paying for software differs from yours.

 

Every company needs a good money flow, without money flow it's goodnight.

 

Tzuk with sandboxie could use the lifetime license model for a long time because he was pretty much the only developer. 

Same with Bill and Winpatrol.

But sandboxie is now owned by a bigger company, not a one man show anymore.

And also Malwarebytes had one in the beginning but stopped not that long ago....because they have grown and have expanded their product lineup, and employ more people.

There is no way a medium sized company like MBAM could continue for much longer using the lifetime license model. Yes of course It makes customers happy to pay one time and have it for life, but it is a terrible business model in terms of money flow. 

 

Same with Surfright and HMP and HMPA. Its no longer a 2 man show with the Loman brothers they also have staff to pay. Plus they also use AV engines in the cloud on top of their own tech but I doubt Kaspersky let them use their engine for free. Not that they have had a lifetime license but to compare.

 

Qihoo 360 is free even if they use licensed engines in the product.....but nothing comes for free in this world people need to remember that.

 

Qihoo is a search engine giant.  ESET....is just ESET.

 

Now, even if ESET had a free product, I would pay for it anyway to support the company and the great job the devs & researchers do and of course because I think the product is worth paying for. Software companies is like any other company that needs a steady income, only because what they produce isn't something that you can touch and hold in your hand doesn't mean that it doesn't cost money to develop and maintain the products. But each product is different so there is pay for software that I don't think is worth paying for as well.

 

Yeah every vendor has 30-day trials so take advantage of them so you don't buy something and has to go through a refund process if you don't like it.

 

Yep I still have CIS installed. Not sure if the uninstaller will completely remove everything from CIS but I guess so.

 

Well CIS is free ;-) HMPA is free for me as I beta tested it. And with MBAM Pro I have the lifetime license

 

But I guess when I find a discounted offer I can live with a few € a year.

 

I didn't mention Comodo because I thought you knew why it is free, one reason is because of their cert business. ;-P

 

But HMPA can also worth paying for for non license holders, buy HMPA get HMP for free, buy HMP get HMPA for free. Nice deal IMO.

Yes I know, but you wouldn't be able to get your hands on a lifetime license today for MBAM as they don't sell them anymore. 

 

I tried Comodo couple years ago...never again! 

Not sure how good their uninstaller is these days, you can always check manually afterwards for left-overs like drivers etc...

 

It's very easy to find good deals for ESET in the U.S when for example Newegg almost give away licenses....but in Europe it can be a bit trickier. But if you look hard enough you might find some. 

 

 

Who knows if other companies aren't int othe same "cert business". Just because we caught one company doing it doesn't mean the others won't do it as well. I would wonder anyway how many AV-Companies would open their doors when NSA knocks (altough according to some tests CIS was the only one who blocked NSA spyware) ;-)

 

Mhh any ideas what the best way is to find leftover of CIS ? Should I rather use some "uninstaller app" ?

Edited December 11, 2014 by Utini

[SweX 871]

Who knows if other companies aren't int othe same "cert business". Just because we caught one company doing it doesn't mean the others won't do it as well. I would wonder anyway how many AV-Companies would open their doors when NSA knocks (altough according to some tests CIS was the only one who blocked NSA spyware) ;-)

 

Mhh any ideas what the best way is to find leftover of CIS ? Should I rather use some "uninstaller app" ?

 

 

What do mean with "caught" ? Comodo has been in the cert business for years, they make money from it, but they make no money from CIS free. 

 

Mhm...yeah, but Comodo exaggerated that just a bit, I didn't read it but from what I have read elsewhere that document was only about the FinFisher malware and nothing else. And they are not the only one that detects it, many vendors does. But FinFisher is not made by the NSA but by a company called Gamma Group.

 

And it has been around for ages: hxxp://www.welivesecurity.com/2012/08/30/finfisher-helps-people-spy-on-you-via-your-cellphone-for-good-or-evil/

 

About Gov malware detection, you may be interested in the following links.

 

Read this first:  https://www.bof.nl/2013/10/25/experts-call-upon-the-vendors-of-antivirus-software-for-transparency/

 

Then this: https://www.bof.nl/2013/11/15/av-vendors-we-will-act-upon-detecting-govt-malware/

 

And finally this: https://forum.eset.com/topic/1355-eset-response-to-bits-of-freedom-open-letter-on-detection-of-government-malware/

 

I would use CIS own uninstaller provided it comes with one.

Edited December 11, 2014 by SweX

[Utini 1]

Already read those links

 

I bought an ESS license for ~13$ today on amazon. I will uninstall CIS and use ESS for the next few months (or longer if I like it). Smart Mode HIPS made "good" results today. 2 toolbars were able to install and one .exe file was executed without any warning. How ever, MBAM and HitmanPro didn't dedect them either.. I still have them installed on my vbox and will see if they get dedected within a few weeks (or maybe they aren't even malware).

 

Anyway, as I use the FW with "interactive" I was able to block the Home-Calling of those files and atleast got one pop up that notified me about some random.exe trying to send data.

 

I will take the time to create an FW rule for every app on my system. Everything new will be added if its trustworthy.

 

AV wise and HIPS wise ESS seems to be better than CIS. How ever, CIS has the advantage of blocking every "unknown" file with a pop up. This alerts me and tells me that the file I just downloaded might not be original or very unknown. There for I can check the file on e.g. virustotal before I finally execute it on my system.

 

Thanks for your help, I might come back with a few question soon ! ;P

[SweX 871]

I see, well then you know about that anyway.

 

That's nice, I told you could find some deals if you looked hard enough ;-P

 

About that toolbar, do you have detection for Suspicious, Potentially Unwanted and Unsafe apps enabled in the product?

The 3 checkboxes seen here: hxxp://kb.eset.com/library/ESET/KB%20Team%20Only/SOLN3204/SOLN3204Fig1-1c.png

 

There is no guarantee the toolbars will be detected even with those detection cats enabled.

 

Yes in interactive you will be prompted just like you saw, but in policy-based mode it would have been blocked automatically as there was no allow rule for it.

 

No kidding the AV in CIS is a joke, they should try to rebuild their database and find a way to shrink down the amount of signatures from the many millions that they have today, make it more efficient. You could say most people does not use CIS for their AV but for other reasons.

Edited December 11, 2014 by SweX

[Utini 1]

I see, well then you know about that anyway.

 

That's nice, I told you could find some deals if you looked hard enough ;-P

 

About that toolbar, do you have detection for Suspicious, Potentially Unwanted and Unsafe apps enabled in the product?

The 3 checkboxes seen here: hxxp://kb.eset.com/library/ESET/KB%20Team%20Only/SOLN3204/SOLN3204Fig1-1c.png

 

There is no guarantee the toolbars will be detected even with those detection cats enabled.

 

Yes in interactive you will be prompted just like you saw, but in policy-based mode it would have been blocked automatically as there was no allow rule for it.

 

No kidding the AV in CIS is a joke, they should try to rebuild their database and find a way to shrink down the amount of signatures from the many millions that they have today, make it more efficient. You could say most people does not use the CIS for their AV but for other reasons.

 

Yep I had those options enabled

 

I don't want to just block everything. That could break some apps without me even realizing it

[SweX 871]

That's good keep them enabled!

 

No of course not, yes it could if you haven't created a rule for that app yet.