After reading all the HIPS threads here, I thought why not. Outside of Cyberhawk slowly becoming more popular, (Also my choice because I'm a less than knowledgeable user type) SSM and PS have been talked about highly. I'm wondering also if ProSecurity Free may even be easier than SSM free for a less than knowledgeable user like myself too.

What other apps do you have installed?

You need to decide on what type of experience you want?

Cyberhawk and Prevx are set and forget

If you have Cyberhawk that should be all you need - see the AV comparative test it did very well...


SSM, PG, SSM are more intrusive. To start with I'd probably choose Process Guard free - learn a bit and then try ssm, ps or another.


From your list I'd try SSM first track record and forum
.......but all that you mention are pretty good

In my opinion,duke 1959, ProSecurity 1.22.1 -even the paid one,the only one i know- is certainly easier than SSM Free.

I run both, in two different computers, i like both of them, but i find that the PS approach is more intuitive and logical, like i already said in another post.
Less 'obtrusive' or repeated pop ups, the same basic configuration chances,
although here SSM is more articulate, but this is exactly its undoing for a novice or non expert user.

In SSM there is for instance the option to Block-if you so decide-Startup changes (which is on Permit by default,mind you) but on my trip towards tweaking as much as i could i set it on block, which later led me to a new image of my C partition: my fault,of course,but PS does not invite for these unnecessary excursions into the unknown and the dangerous,
hence, its better for a novice.

Moreover, with SSM i was initially very often on Help, whereas i scarcely gave a look at PS Help.

It seems to me you want only something free, because, otherwise, you can also have the chance of trialling Antihook 3.0,which does not cost a lot, and is more silent than SSM and PS and works fine protecting your pc at a low level, once you make a Learning mode consistent period it wont hassle you in vain.

I think due to the little bit more of a simple nature of PS freeware, i would tend to say PS free is easier because people seem to like the interface and the fact it has a few less functions than the paid version also means less popups. ofcorse in paid you can disable things you dont want or need if you should so wish.

Trialed them both, and for the one who isnt gifted with knowing the perfect answer to every question, go with ProSecurity. I love applications who do 90 percent of the hard work and leave me the 10 percent to tweak.::) And get the paid version, it is worth it.

-{ Quote: "Trialed them both, and for the one who isnt gifted with knowing the perfect answer to every question, go with ProSecurity. ." }-

Er when you say the " one who isn't gifted with knowing the perfect answer to every question" are you talking about people who don't know much about computers? If so, using Prosecurity or SSM (free or paid) is suicide.

-{ Quote: "I love applications who do 90 percent of the hard work and leave me the 10 percent to tweak.::) And get the paid version, it is worth it." }-

LOL. Prosecurity doesn't do an ounce of work (okay overstatement but you know what I mean). It has no white lists , no default rules, it's all *you* and your knowledge of answering prompts, configuring the rules that is protecting you.

I gave ProSecurity Free only a quick try,but i ended up back to SSM Free.Now,maybe i did something wrong,but here's my impression.My main concern is executing hidden malware.I mean a file that i THINK is legit,while it hides malware.So my primary concern isn't to get alerted about the initial exe,but for what follows.I used some leak tests to that end.With SSM Free,i did get AFTER letting to execute,a second warning that the application was trying to do dll injection etc.With Prosecurity,after letting the exe run,the leak tests run without further notice.

So,i keep SSM.This is also the reason why i consider PG Free almost useless.I mean,ok,it can prevent a rogue exe from executing behind your back and termination of processes.But i feel much more important to have something warn you AFTER you execute something.I also don't care that much about termination etc,cause if my firewall gets terminated for example,i ll notice and take my measures.While if something that i THINK it's safe,while is not,executes with my permission,i can get infected without me even knowing it.And so,i think SSM free gives more defence.

PS: ProSecurity seemed to use less CPU than SSM,but i don't like the GUI,the colour and has a small visualization bug when one uses large fonts.

-{ Quote: "I gave ProSecurity Free only a quick try,but i ended up back to SSM Free.Now,maybe i did something wrong,but here's my impression.My main concern is executing hidden malware.I mean a file that i THINK is legit,while it hides malware.So my primary concern isn't to get alerted about the initial exe,but for what follows.I used some leak tests to that end.With SSM Free,i did get AFTER letting to execute,a second warning that the application was trying to do dll injection etc.With Prosecurity,after letting the exe run,the leak tests run without further notice.
." }-

It depends on which leak test you are talking about, not all do injections some like wallbreaker simply start up IE.

Even with the paid version there is a fairly simple test it fails because it seems that any process that gets a rule also automatically gets " Allowed to load applications" and "Allow to execute".

The former means that it can start off any child process I think. Most commonly, I start some new exe. I approve it and create the rule, then i have to go in and remove the "allowed to load application", otherwise it can start any child process to its content.

Very irriating, Doesn't seem to be any way to change the default.

PS the free version should stop dll injection I thought?

-{ Quote: ".My main concern is executing hidden malware.I mean a file that i THINK is legit,while it hides malware.So my primary concern isn't to get alerted about the initial exe,but for what follows.I used some leak tests to that end.With SSM Free,i did get AFTER letting to execute,a second warning that the application was trying to do dll injection etc.With Prosecurity,after letting the exe run,the leak tests run without further notice." }-

That is what I found with PS

-{ Quote: "So,i keep SSM.This is also the reason why i consider PG Free almost useless.I mean,ok,it can prevent a rogue exe from executing behind your back and termination of processes.But i feel much more important to have something warn you AFTER you execute something.I also don't care that much about termination etc,cause if my firewall gets terminated for example,i ll notice and take my measures.
" }-

I wouldn't bank on noticing your f/w stopping. I have had mine silently stopped for some unknown reason. It was a while before I noticed it.

-{ Quote: "It depends on which leak test you are talking about, not all do injections some like wallbreaker simply start up IE. " }-

Yes,but here is given a brief description
http://www.firewallleaktester.com/

So i didn't pick them on luck.

-{ Quote: "Even with the paid version there is a fairly simple test it fails because it seems that any process that gets a rule also automatically gets " Allowed to load applications" and "Allow to execute".

The former means that it can start off any child process I think. Most commonly, I start some new exe. I approve it and create the rule, then i have to go in and remove the "allowed to load application", otherwise it can start any child process to its content.

Very irriating, Doesn't seem to be any way to change the default." }-

I see.Well,it's too much of a annoyance for my taste to do manually that.

-{ Quote: "
PS the free version should stop dll injection I thought?" }-

I thought that too,otherwise i wouldn't have installed it at all.But it seemed that it didn't bother to warn about it on various tests,while SSM did.Maybe it's because i didn't reboot?I don't know.I had read here that it wasn't necessary to reboot.


-{ Quote: "That is what I found with PS" }-

Ah,glad to hear i m not alone.

-{ Quote: "I wouldn't bank on noticing your f/w stopping. I have had mine silently stopped for some unknown reason. It was a while before I noticed it." }-

Well,i don't have anything precious here in the first place.Even if i didn't notice the firewall going off,i still prefer SSM ,cause it warns on more things i think.When i get infected (rarely) i prefer formatting anyway,so my main concern is to stop something before it's too late even if i do an initial mistake.