Version 1 just released; a standalone behaviour blocker. http://www.mamutu.com/en/software/mamutu/
It is the IDS module of A2 Malware repackaged. Overall it's A2 Malware without the blacklisting.
# Monitors live all active programs for dangerous behavior (Behavior Blocking).
# Recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates.
# Small but very powerful. Saves resources and does not slow the PC down.
Mamutu recognizes and reports the following types of behavior:
# Backdoor related behavior
# Spyware related behavior
# HiJacker related behavior
# Worm related behavior
# Dialer related behavior
# Keylogger related behavior
# Trojan Downloader related behavior
# Injection of code into other programs
# Manipulation of programs (patching)
# Invisible installations of software
# Invisible Rootkit processes
# Installation of services and drivers
# Creation of Autostart entries
# Manipulation of the Hosts file
# Changes of the browser settings
# Installation of debuggers on the system
Mamutu is based on the Malware-IDS technology of a-squared Anti-Malware, but introduces some new and specialized extensions and additions that are optimized for behavior blocking.
IME, is very light in real-time and stable. Has only 2 process : a2service.exe about 5400K, and mamutu.exe about 14,000K
Recommended to run in paranoid mode and with intelligent False Alerts Reduction disabled for best protection.
Maybe Kees1958, who is a license holder can comment upon its protection and how he compares it at present with his other HIPS?
Full Version: Mamutu-
Gladiator Security Forum > Security Software & Hardware > Anti-Virus, Anti-Malware, Anti-Spyware & Privacy
QUOTE (Blackcat @ Jan 1 2008, 01:14 PM) 
Maybe Kees1958, who is a license holder can comment upon its protection and how he compares it at present with his other HIPS?
I look out for his comment!
Well, here it is.
It is a decent and very light IDS with some behavioral aspects. I'sts anti-trojan history makes it covering most suspicious outbound traffic. So when you have a router with a build in firewall/using the default XP/Vista FW and do not want to hassle with software firewalls or classic HIPS rules it is a low system impact security layer.
When you are used to good service the helpdesk's user firendliness lays somewhere between Comodo (hard questions are never answered) and DefenseWall (Ilya is great, sometimes a bit radical in his opinions). Also the guys from the ThreatFire helpdesk are way much responsive.
After some testing I would advise the following setup:
- I ran it with Intelligent False Positive Recognistion turned off, Paranoid mode on and Internet Explorer registry key protection OFF (because we have DW protecting these settings and we are not running IE anyway, but Opera)
- Use it with Paranoid mode OFF and IFPR ON (the simplest mode)
People using it in this mode could better buy A2 (blacklist + IDS), I think Avira free and A2 Malware are a good light combo (Avira also having good heuristics). In this way you pay a few Euro's for a decent blacklist combo covering AV, AT and AS.
So plus:
- light with same protection as ThreatFire (a little more than PRSC) and as extra
- very good against trojans, dialers, creepy software that seeks outbound traffic
On the minus
- IE registry protection generates some strange FP (TF generates the same FP's, so it is a Behavior Blocker issue, but use Opera instead with a IE skin and no one will notice the GUI difference, just the increased speed)
- Self protection is not strong
- Worm protection only limited to RUN keys in Registry. This is strange Emsisoft also provides HijackFree, which pinpoinbts a lot of other tricky startup
locations. They have the knowledge. When you are running VISTA and are using UAC, you will have registray Virtualisation of Vista and won't be
needing it.
For whom interesting:
- people upgrading to Vista with a performance rating of around 3 - 3.5: Vista + UAC + IE7 Protected mode + Defender (plus create restore point) + Mamuto will have sufficient HIPS/IDS protection
- when you buy a heavy dual core with Vista than ThreatFire is a cheap alternative (set protection to level 4, to match Mamuto's outbound protection)
It is a decent and very light IDS with some behavioral aspects. I'sts anti-trojan history makes it covering most suspicious outbound traffic. So when you have a router with a build in firewall/using the default XP/Vista FW and do not want to hassle with software firewalls or classic HIPS rules it is a low system impact security layer.
When you are used to good service the helpdesk's user firendliness lays somewhere between Comodo (hard questions are never answered) and DefenseWall (Ilya is great, sometimes a bit radical in his opinions). Also the guys from the ThreatFire helpdesk are way much responsive.
After some testing I would advise the following setup:
- I ran it with Intelligent False Positive Recognistion turned off, Paranoid mode on and Internet Explorer registry key protection OFF (because we have DW protecting these settings and we are not running IE anyway, but Opera)
- Use it with Paranoid mode OFF and IFPR ON (the simplest mode)
People using it in this mode could better buy A2 (blacklist + IDS), I think Avira free and A2 Malware are a good light combo (Avira also having good heuristics). In this way you pay a few Euro's for a decent blacklist combo covering AV, AT and AS.
So plus:
- light with same protection as ThreatFire (a little more than PRSC) and as extra
- very good against trojans, dialers, creepy software that seeks outbound traffic
On the minus
- IE registry protection generates some strange FP (TF generates the same FP's, so it is a Behavior Blocker issue, but use Opera instead with a IE skin and no one will notice the GUI difference, just the increased speed)
- Self protection is not strong
- Worm protection only limited to RUN keys in Registry. This is strange Emsisoft also provides HijackFree, which pinpoinbts a lot of other tricky startup
locations. They have the knowledge. When you are running VISTA and are using UAC, you will have registray Virtualisation of Vista and won't be
needing it.
For whom interesting:
- people upgrading to Vista with a performance rating of around 3 - 3.5: Vista + UAC + IE7 Protected mode + Defender (plus create restore point) + Mamuto will have sufficient HIPS/IDS protection
- when you buy a heavy dual core with Vista than ThreatFire is a cheap alternative (set protection to level 4, to match Mamuto's outbound protection)
The last time I checked (couple of days ago) there was a 20% discount on Mamutu at HERE.
Also, Emsisoft has just now established a special discount as follows...
Since PCTools (including Threatfire - TF) is in process of being assimilated by the evil yellow Borg, I have switched from TF to the big Mamoo (Mamutu).
I like Mamutu a lot so far -- even though its system tray icon looks like it was cut from a bag of M&M's (yum), & "Mamutu" sounds like the name of the evil witch doctor in a Tarzan movie.
"Batoom-bamba!"
Also, Emsisoft has just now established a special discount as follows...
QUOTE
Emsisoft has enabled a time limited 20% discount on A-squared Anti-Malware and Mamutu for all customers, who want to switch from other products to ours:
Discount code: EMSI-YOFG
The code can be entered on our order form for all 1- and 2-year licenses only, to get a 20% discount.
Discount code: EMSI-YOFG
The code can be entered on our order form for all 1- and 2-year licenses only, to get a 20% discount.
Since PCTools (including Threatfire - TF) is in process of being assimilated by the evil yellow Borg, I have switched from TF to the big Mamoo (Mamutu).
I like Mamutu a lot so far -- even though its system tray icon looks like it was cut from a bag of M&M's (yum), & "Mamutu" sounds like the name of the evil witch doctor in a Tarzan movie.
"Batoom-bamba!"
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.