Who knows a good HIPS program (a free one)




(i hope its the rigth forum i posted in)

ProSecurity and SSM have free versions.

This probably belongs in the anti-malware section. As for your question, you might want to take a look here (http://wiki.castlecops.com/HIPS/IDP_programs/services). It provides a fairly extensive comparison of most HIPS programs out there and lists whether there is a free version in the 'License' row.

DSA is supposed to be improved from previous versions as well. Links to DSA, Prosecurity and SSM are below-

DSA-

http://www.privacyware.com/dynamic_security_agent.html

Prosecurity-

http://www.proactive-hips.com/

SSM-

http://www.syssafety.com/

If your looking for a basic, beginner type HIPS then Winpatrol is nice. The paid version has real-time protection, but the free version 'polls' the system every so often for changes. You can change how often the areas are 'polled'. This was my first HIPS :)
http://www.winpatrol.com/
http://www.winpatrol.com/features.html

EQSecure, though it,s beta!

I give a BIG thumbs up to both SSM & EQSecure 3.3

Really good HIPS but both require study but not so difficult once you review ALL the settings/rules.

You can use safe leaktests as a starter to observe the capture of anything attempting to run without approval, make your decision, rule is then set.

Very educational AND automatic then.

If you're in a hurry an desire an automatic HIPS word has it Prevx is formidable in that department with little or no interaction from user.

ProSecurity and EQSecure

But i like TINY

Someone have a link to EQSecure? All I get is Japanese or Chinese (not sure which) websites when I google it.

This post gives some info

http://www.wilderssecurity.com/showthread.php?t=170691

Pro Security is very good and does well in tests, even the free one.

-{ Quote: "Pro Security is very good and does well in tests, even the free one." }-

I disagree. The free version of PS sucks. Get the full version.

-{ Quote: "Someone have a link to EQSecure? All I get is Japanese or Chinese (not sure which) websites when I google it." }-

Not much but maybe enough :)

http://www.eqsecure.com/bbs/read.php?tid=5634

-{ Quote: "I disagree. The free version of PS sucks. Get the full version." }-
Did you say the free version of PS sucks?? :o

I disagree with your disagreement, the free PS is fine.

Can anyone list the major differences between PS non-free and PS free?

-{ Quote: "Someone have a link to EQSecure? All I get is Japanese or Chinese (not sure which) websites when I google it." }-
http://www.eqspywatch.com/download/EQSysSecureSetup.exe

http://www.wilderssecurity.com/showthread.php?t=181576

-{ Quote: "Can anyone list the major differences between PS non-free and PS free?" }-
Here's the feature comparison from their site:

http://www.proactive-hips.com/diffedition.php

The non-free does quite a bit more, however, the free is fine for my needs here... others may have different ideas naturally... :)

Would someone post some of the advantages/disadvantages of using EQsecure over DSA? I also am running NOD32 and Comodo fw (for the moment).

-{ Quote: "Here's the feature comparison from their site:

http://www.proactive-hips.com/diffedition.php

The non-free does quite a bit more, however, the free is fine for my needs here... others may have different ideas naturally... :)" }-

Yeah the lack of physical memory protection is a dealbreaker for me. YMMV.

-{ Quote: "Would someone post some of the advantages/disadvantages of using EQsecure over DSA? I also am running NOD32 and Comodo fw (for the moment)." }-EQSecure is a broad-scope HIPS. DSA is a hybrid firewall/HIPS, with only limited HIPS capabilities.

-{ Quote: "Would someone post some of the advantages/disadvantages of using EQsecure over DSA? I also am running NOD32 and Comodo fw (for the moment)." }-

DSA
You determine which programs are allowed to execute and which are allowed to initiate internet traffic. All other critical area's mentioned in this link http://wiki.castlecops.com/Host_Intrusion_Protection_System_-_Comparison
the makers of DSA have figured out what is of potential risk or not. Whwn violated it throws a pop-up.

Benefits: easy to use and you profit of the knowledge of the makers of DSA.

EQSecure
Complete protection on three major aspects: applications, registry and file protection. Each aspects has clickable items on which you can choose to be protected (e.g. protection against keylogger) from. Rules can be defined on three levels (system wide, allow exceptions and blocklist). Although it has learning mode and some comes with a rule set, the user is left to his/hers own knowledge to set up protection.

Benefits: for power users the granular configurable control and the strength of protection (on average it really protects against what it promises, what is quite astonishing in security software :-\ )

When you are behind a hardware firewall and have average security knowledge you could replace Comodo Firewall with DSA and still have stronger overal protection with no added complexity.

When you are a power user EQS would be the ideal companion of your current set up.

-{ Quote: "
EQSecure
Complete protection on three major aspects: applications, registry and file protection." }-
BTW I feel that file protection module makes my ystem slow as obviously many read/ write operations are filtered through EQS.
I think I might not use this feature most of time. Execution protection and start up registry protections is sufficient mostly.

Aigle,

I only limited this to the Windows and OS directories for executable like files for update (not create and deletes, since malware has more benifits of changing sources than deleting programs). This did not seem to slow down our PC. What really slows down EQS is MD5 checking.

Have you thrown your advanced HIPS test set on A2 with IDS with intelligent false positive reduction OFF allready or were you so disappointed by the few test you did wth worms that you do not bother any more. All I can see that I did some sampling testing (BO, data and DLL injection, some trojan tests, driver installation, unwanted outbound traffic initiation, etc) on A2 and it passed them all.

regards Kees

EQS 3.4 is proving out so far to be quite the repellant against attacks, of that my confidence is been bumped up several notches, but i also favor SSM. There was once a time i ran BOTH when EQS was in 3.3 beta and they ran stable even at the expense of duplicate protections some frown at.

Now i use EQS 3.4 "OR" SSM (Full) and am wholeheartily and completely satisfied with their results.

DSA is also a really nice compliment but i would like to see them improve and update it further.

IMO, a rule-based firewall with a tight ruleset, a integrity checker with scheduled scans and a sandbox is all the security you will ever need if you:
- Use up-to-date software (OS, browser, Java, media players, doc viewers, etc)
- Harden the OS and lockdown IE.
- Use Firefox w/NoScript (or Opera) and a non-OE mail client with preview and HTML disabled.
- Have a decent mail provider which removes spam, viruses and executable attachments.
- Don't use P2P to download pirated/cracked software.
- Practice safe computing (browsing habits, attachments handling, common sense, research prior to installing software, etc)
This, together with a NAT router and a solid backup/imaging policy will make you invincible.

Thanks Kees!-{ Quote: "I only limited this to the Windows and OS directories for executable like files for update (not create and deletes, since malware has more benifits of changing sources than deleting programs). This did not seem to slow down our PC." }-Can u post a snapshot of ur rules? Here is mine.-{ Quote: " What really slows down EQS is MD5 checking." }-They should fix it!
-{ Quote: "
Have you thrown your advanced HIPS test set on A2 with IDS with intelligent false positive reduction OFF allready or were you so disappointed by the few test you did wth worms that you do not bother any more. All I can see that I did some sampling testing (BO, data and DLL injection, some trojan tests, driver installation, unwanted outbound traffic initiation, etc) on A2 and it passed them all." }-I did not try anymore as it completely failed against keylogger and worm behaviour( I used actual malware rather than test/ POCs, though only two for each category).

-{ Quote: "IMO, a rule-based firewall with a tight ruleset, a integrity checker with scheduled scans and a sandbox is all the security you will ever need if you:
- Use up-to-date software (OS, browser, Java, media players, doc viewers, etc)
- Harden the OS and lockdown IE.
- Use Firefox w/NoScript (or Opera) and a non-OE mail client with preview and HTML disabled.
- Have a decent mail provider which removes spam, viruses and executable attachments.
- Don't use P2P to download pirated/cracked software.
- Practice safe computing (browsing habits, attachments handling, common sense, research prior to installing software, etc)
This, together with a NAT router and a solid backup/imaging policy will make you invincible." }-Hi! who needs all this. I am just playing around!;D

Right, we like to play with security apps like toys because most of us are not really exposed to malware. However, a security strategy should always be considered :)

Ok, It,s already there, emerged out of play n fun!:)