HURST
March 27th, 2008, 03:03 PM
Hi
I decided to take the jump and start trying to use a HIPS.
I tried ThreatFire, CFP and EQS.
I'm surprised how light HIPS are, compared to my AV (and I thought NOD32 was light).
All 3 have good things, but I have some concerns.
ThreatFire: I'm not to sure about it's protection level, I have spend the whole morning here in wilders and in castlecops and have found different opinions. I also don't like that it has alerted me that Outlook was logging keystrokes, which I think is a FP. I do like it's simple UI and the fact that it keeps alerting things, but i'ts not overwhelming (I have it at level 5).
CFP: I like the option to have a Firewall in the same package, but also I've read different opinions saying that it's buggy, etc. I found it complicated to navigate through the UI and configuration and found myself wondering what different options where suposed to do. I also didn't like the fact that it displayed no pop-ups, because it was in clean-pc mode. So it relied in a scanner to assume my PC is clean (i came to HIPS escaping from signature scanners). Maybe it's usefull if I install it after a clean install.
EQSecure: On my laptop, the lightest of the 3. I installed it with Alcyon's ruleset. Despite the infinite pop-ups, I never had the feeling that it was "too much for me". This could be a problem in the future though as I supose I could get tired of that. Also, I found the problem that the optiond "Allow" and "Block" can be selected with keys "A" and "D". I was typing something, a pop-up jumped and accidentally I blocked something. This is a problem IMO.
Could you suggest which one plays nicest with my setup (see my sig). Can you comment on protection levels? Any other thing I'm not paying attention to?
I decided to take the jump and start trying to use a HIPS.
I tried ThreatFire, CFP and EQS.
I'm surprised how light HIPS are, compared to my AV (and I thought NOD32 was light).
All 3 have good things, but I have some concerns.
ThreatFire: I'm not to sure about it's protection level, I have spend the whole morning here in wilders and in castlecops and have found different opinions. I also don't like that it has alerted me that Outlook was logging keystrokes, which I think is a FP. I do like it's simple UI and the fact that it keeps alerting things, but i'ts not overwhelming (I have it at level 5).
CFP: I like the option to have a Firewall in the same package, but also I've read different opinions saying that it's buggy, etc. I found it complicated to navigate through the UI and configuration and found myself wondering what different options where suposed to do. I also didn't like the fact that it displayed no pop-ups, because it was in clean-pc mode. So it relied in a scanner to assume my PC is clean (i came to HIPS escaping from signature scanners). Maybe it's usefull if I install it after a clean install.
EQSecure: On my laptop, the lightest of the 3. I installed it with Alcyon's ruleset. Despite the infinite pop-ups, I never had the feeling that it was "too much for me". This could be a problem in the future though as I supose I could get tired of that. Also, I found the problem that the optiond "Allow" and "Block" can be selected with keys "A" and "D". I was typing something, a pop-up jumped and accidentally I blocked something. This is a problem IMO.
Could you suggest which one plays nicest with my setup (see my sig). Can you comment on protection levels? Any other thing I'm not paying attention to?