Dear members,

Which HIPS combines ease of use for a security novice with proven effective protection?

Thank you for your input, and best wishes.

Go here (http://www.prevx.com/) and click on the green download button. ;)

Hello pvsurfer,

Thanks for the recommendation. I had come across prevx in previous posts and threads in this forum, but so many HIPSs were mentioned that I thought I ask a purely novice related question. I had looked at the websites for System Safety Monitor and DefenseWall, but thought that I might be out of my depth with these programs. Your suggestion appears to confirm this.

I am just beginning to learn the basics of security, and don't even yet fully understand all of the functions of my firewall. I am still grappling with rules creation and protocols and the like... Yet, I do want to become familiar with pc security and think that a certain level of paranoia is probably quite healthy.

Thanks again for the swift repy - a very friendly forum,

Best wishes

PS: I apologize PVSURFER - have just read the post after submitting and noticed that I misspelt your name - your picture... embarrassing

{QUOTE-> Hello pvsmurfer, <-QUOTE}

That's kinda funny. Back on topic, have you considered using a sandbox type app. I used sandboxie in the past and it is a good, light program and very simple to use. Many post here at Wilder's on the subject.

Hello benny bronx (double checked that),

Unintended humour, I hope pvsurfer is not mad at this mishap.

Regarding sandbox applications, I have often read this term, but just had to look up what it actually means. It is my understanding that a sandbox provides a safe environment to execute unknown or unsafe programs. I am not sure whether I do need such an application, as I never knowingly download unknown programs. I fall into the safe surfer and user category. I am more concerned with adware, spyware and trojans - generally speaking, the kinds of things which might get onto the pc without my being aware of them.

Thanks though for the suggestion, and I will try to learn more about sandbox applications.

Best wishes

I agree Prevx is ideal. Just set it up in ABC mode

{QUOTE-> I am not sure whether I do need such an application, as I never knowingly download unknown programs <-QUOTE}

Sandboxie can be used as a security tool for simple browsing. Right click on your default browser, choose "run sandboxed", and you're off. You will surf as you normally would, but everything done is contained in a sandboxed folder(cookies, spyware, trojans, etc.). After you are finished, you may recover any files you want from the sandbox, manually delete the sandbox, or have the program set for automatic delete when program is closed. I would not say this app is bulletproof(are any?), but it has very good reviews from members of this forum. The program is small and free, after 30 days it will display a small nag screen politely asking for a donation to the dev.

I should add that this is only one of many security solutions, and I am by no means as knowledgable as many other members on this forum. Also, ironically, I stopped using Sandboxie in favor of Powershadow; Go figure.

Hi, folks: Hi,jm0307: Prevx1 is an ideal HIPS type app for you, just like me; an idiot; layman etc. If you are in market for a sandbox/virtualization app, you may want to explore this one: DeepFreeze standard. It has only three options; thawed, freeze and clone. It is so simple that any pupils in elementary school can use it w/o bothering their teachers. But the trade off is that you will lose some flexibility. IMO, it is fair. Good luck.

Hello All,

I agree with all who endorse Prevx1:thumb: Fantastic product!


Take Care
Rico

Thanks for the input Huwge.

{QUOTE-> You will surf as you normally would, but everything done is contained in a sandboxed folder(cookies, spyware, trojans, etc.). After you are finished, you may recover any files you want from the sandbox, manually delete the sandbox, or have the program set for automatic delete when program is closed. <-QUOTE}

I like this concept. Can prevx be combined with sandboxie, in addition to an AV and a firewall?

I don't use Prevx so I am not sure there, but your firewall should still intercept anything going in and out of your comp, an your av should still react to malware writing to the HD in the sandbox.

Hi all,

I think all community based HIPS : Prevx and Online Armor are easier to use for beginner.

MaB

MaB69, Perman and Rico, thanks.

Sounds like prevx is a solid recommendation endorsed by all replies.

Regarding a sandbox, I am a little confused: Powershadow, DeepFreeze, Sandboxie...

Which one is the easiest to configure and causes the least conflicts?

{QUOTE-> PS: I apologize PVSURFER - have just read the post after submitting and noticed that I misspelt your name - your picture... embarrassing <-QUOTE}
Don't sweat it - actually I never noticed, as it was time for my nap... Hmm on 2nd thought maybe it's time to change my avatar! ;)

Thanks to all members for the great feedback - very friendly forum.

Have just downloaded prevx and am merely waiting to hear from my firewall forum on configuration recommendations before I will install it.

I must confess that I was reluctant to ask the outlining question in case it would have started one of those zealous comparisons of which quite a few can be found in the AV section, and which would have left me very confused and undecided in the end. Prevx appears to be unanimously endorsed.

I will also check out the sandbox applications which were recommended.

Best wishes

Prevx is good choice. You can also try Cyberhawk (http://www.novatix.com/Cyberhawk/).

I am very satisfied with this product.

{QUOTE-> Which one is the easiest to configure and causes the least conflicts?
<-QUOTE}
Both sandboxie and Powershadow are extremely easy to configure and use, and I had no conflicts with either. I don't know about Deepfreeze, but Perman's word is good for me. I mentioned sandboxie because it is freeware/shareware and is, I believe, a little more flexible than the others. You can move in and out of sandboxed mode without the need to reboot, and can recover sandboxed files if you'd like. That is why I think it is a good starting program for someone new to this. Many will have differering yet legitimate opinions about this, so it really comes down to to what fits the needs of the user.

If you want a good comparison chart of the leading HIPS progs see here:-

http://wiki.castlecops.com/HIPS/IDP_programs/services

By clicking on the top of each column you can find out more info, eg here is a review of Prevx:-

http://wiki.castlecops.com/Prevx1

I'm going to ditch Prevx1 after the trial period.
I like Prevx1 very much and it's one of the first userfriendly HIPS softwares and I like its concept too.
Unfortunately it doesn't fit in my frozen snapshot.
Softwares like Anti-Executable, DefenseWall, Sandboxie, ... do fit in my frozen snapshot, because they don't require signature updatings, only program updatings.
They also prevent installation/execution of infections and that's what I need.
I don't need security softwares that remove infections, my frozen snapshot takes care of that.
If you have to remove infections, you are already too late.

{QUOTE-> I'm going to ditch Prevx1 after the trial period.
I like Prevx1 very much and it's one of the first userfriendly HIPS softwares and I like its concept too.
Unfortunately it doesn't fit in my frozen snapshot.
Softwares like Anti-Executable, DefenseWall, Sandboxie, ... do fit in my frozen snapshot, because they don't require signature updatings, only program updatings.
They also prevent installation/execution of infections and that's what I need.
I don't need security softwares that remove infections, my frozen snapshot takes care of that.
If you have to remove infections, you are already too late. <-QUOTE}

If there would be a contest about who is using most often the words "frozen snaphot" you will be defenitely the winner.
But seriously: When you are using Frozen Snapshot do you need Prevx1 and/or Anti-exec. and/or Defensewall and/or Sandboxie and/or whatever.
Or is Frozen Snapshot the only thing you need?
Might be a stupid question but I still don't understand it completely.
Best,

Gerard

{QUOTE-> ....I don't need security softwares that remove infections, my frozen snapshot takes care of that.
If you have to remove infections, you are already too late. <-QUOTE}
Erik~

Doesn't your method of operation also remove infections (by rebooting your system)? And in doing that, do you not remove all changes (good and bad) to your system? Of course it all depends on what you typically do on your computer and your system configuration. Based on my daily activities and my system configuration, I would find your m.o. impossible - but whatever works, works. ;)

~pv

{QUOTE-> Prevx1 is an ideal HIPS type app for you, just like me; an idiot; layman etc. <-QUOTE}

Hi Perman,

I am not too keen on the term 'idiot', I deem it uncharitable - I prefer computing challenged, but computing hilarious is also acceptable. ;)

here's a podcast about sandboxes
http://www.grc.com/sn/SN-055.htm

Hello,
None, but if you must, you could try DefenseWall and Online Armor.
Mrk

{QUOTE-> PS: I apologize PVSURFER - have just read the post after submitting and noticed that I misspelt your name - your picture... embarrassing <-QUOTE}

PC smurfer is good:D Sorry PVsurfer I had to laugh about it. Off topic I know

{QUOTE-> MaB69, Perman and Rico, thanks.

Sounds like prevx is a solid recommendation endorsed by all replies.

Regarding a sandbox, I am a little confused: Powershadow, DeepFreeze, Sandboxie...

Which one is the easiest to configure and causes the least conflicts? <-QUOTE}

Sandboxes without file virtualisation are easy (or 'seamless'), because you do not have to think about downloaded files (sandboxes with file virtualisation like Sandboxie, Bufferzone might delete files when you clear the 'boxed' sandbox).

We use both GeSWall and DefenseWall on different PC's, DefenseWall is the easiest one to use (but with the poorest user guide). When you have two disk or two partitions on one disk, PowerShadow in single mode is also easy to use (that is a smart implementation of file virtualisation).

I agree with Mab69, stick to HIPS which provide black and whitelist or do some eveluation for you (PrevX1, Online Armour, Anti Executable, Sana Security Primary response).

Regards K

Without qualifying EricAlbert as a novice (certainly not), this post illustrates why a seamless sandbox is more transparent than a sandbox with file virtualisation: http://www.wilderssecurity.com/showthread.php?t=173052

I can also remember a post of Eastern (definitely not a novice), telling he once deleted a collection of downloaded software with ShadowSurfer (same story) when clearing a sandbox.

Regards K

Dear members,

Thank you for all the replies - too many now to thank each member specifically, and this way your usernames are safe. Although, I have discovered the 'edit' function yesterday. :)

I will install prevx1 this afternoon, and let you know how I fare. Some users in my firewall forum reported system slowdown and conflicts, but I will give it a try.


{QUOTE-> Sandboxes without file virtualisation are easy (or 'seamless'), because you do not have to think about downloaded files (sandboxes with file virtualisation like Sandboxie, Bufferzone might delete files when you clear the 'boxed' sandbox) <-QUOTE}

I am a little wary of installing Sandboxie at the moment after reading ErikAlbert's thread... but will try to find a 'sandbox without file virtualisation'. If I understood the replies correctly, DefenseWall was mentioned as such an application, but when I visited their website, the program was described as HIPS.

Can I run DefenseWall alongside Prevx1? Or would PowerShadow be more appropriate?

Best wishes

{QUOTE->
I am a little wary of installing Sandboxie at the moment after reading ErikAlbert's thread... but will try to find a 'sandbox without file virtualisation'. If I understood the replies correctly, DefenseWall was mentioned as such an application, but when I visited their website, the program was described as HIPS.

Can I run DefenseWall alongside Prevx1? Or would PowerShadow be more appropriate?

Best wishes <-QUOTE}

I have used Prevx1 and Defensewall at the same time without any problems. I am actually using Defensewall 2.00 beta at the moment. It is looking good. Defensewall is really easy to use and light. I uninstalled Prevx1 from my system because it was too heavy for my liking. I also have Powershadow on my computer but i dont really use it anymore. I would at least give the Defensewall a try!

Kristian

{QUOTE-> I have used Prevx1 and Defensewall at the same time without any problems. I am actually using Defensewall 2.00 beta at the moment. It is looking good. Defensewall is really easy to use and light. I uninstalled Prevx1 from my system because it was too heavy for my liking. I also have Powershadow on my computer but i dont really use it anymore. I would at least give the Defensewall a try!

Kristian <-QUOTE}
Since jm0307 is a self-proclaimed novice, I strongly caution him to understand Defensewall's operating concept (how it works) before installing it (it may not be his 'cup of tea')!

{QUOTE-> Since jm0307 is a self-proclaimed novice, I strongly caution him to understand Defensewall's operating concept (how it works) before installing it (it may not be his 'cup of tea')! <-QUOTE}

You can apply that to every new software you want to use. I am not computer expert, so i had to learn by trialing progams and find out what it is best for me. I agree with you that you have to find out as much infromation as possible before installing Defensewall or any software that matter. But you dont know if it is your cup of tea unless you try it.

Kristian

{QUOTE-> but will try to find a 'sandbox without file virtualisation'. If I understood the replies correctly, DefenseWall was mentioned as such an application, but when I visited their website, the program was described as HIPS. <-QUOTE}

Because all the behaviour-based anti-malware sandboxes are HIPS systems (sandbox HIPS this case). There are three types of HIPS- classical, expert and sandbox.

{QUOTE-> Since jm0307 is a self-proclaimed novice, I strongly caution him to understand Defensewall's operating concept (how it works) before installing it <-QUOTE}As of this point in time, the DefenseWall support forum is speedy to reply with excellent technical advice & helpful comments. The Prevx forum -- not quite so responsive nowadays.

Dear members,

Thanks for the clarifications on types of HIPS, and the sandbox subcategory. This forum has been very helpful in helping me choose a suitable application and in remedying my computing ignorance. :thumb:

Have installed Prevx1 and find it quite nifty thus far. I like that the program stays free until you are actually infected, and as my pc is clean, I intend to keep it that way. I also have not noticed any significant slowdown, and have as of yet not had to answer a single pop-up.

I had a look at DefenseWall and GeSWall, and am swayed by the latter, as it appears easier, and it is free... I will also try PowerShadow, once I figure out whether the free version still exists...

Best wishes

{QUOTE-> If there would be a contest about who is using most often the words "frozen snaphot" you will be defenitely the winner.
But seriously: When you are using Frozen Snapshot do you need Prevx1 and/or Anti-exec. and/or Defensewall and/or Sandboxie and/or whatever.
Or is Frozen Snapshot the only thing you need?
Might be a stupid question but I still don't understand it completely.
Best,

Gerard <-QUOTE}
Well I read alot about NOD32 too, just like I use a "frozen snapshot". ;D
The answer is simple, FDISR is NOT a security software, it doesn't know what malware is and it doesn't recognize malware in any possible way.
A frozen snapshot only removes CHANGES on your harddisk and a malware IS a change on your harddisk.

Between two reboots a frozen snapshot is exactly the same as your harddisk, it can be infected, which means installation and execution of malware.
That's why I need security softwares to protect my computer during the period between two reboots, especially softwares that prevent installation/execution.
Any malware that bypasses my firewall of straw and all my other security software is removed by a frozen snapshot anyway. That's the reason why I use a frozen snapshot, to REMOVE THE REST, in other words the FAILURES of each security software and don't tell me they don't fail, there is proof enough of this.
It's not only the failures of security software, I also make mistakes and these are also corrected by a frozen snapshot.

A frozen snapshot is nothing special in FDISR, it's a variant of the copy/update function, which is used by ALL FDISR-users and there are different ways to use a copy/update function. :)