I found this bit of software very interesting as you can add what you want to be detected and blocked.

You can choose your own system calls, which I think is really smart, because if you come up against a new threat you can just add a new system call for it.

There is also a database in which you can find the specific rules you want. It's called an Access Control Database (ACD) that contains all rules defining system behavior.

Oh...Did I mention it is OPEN SOURCE and FREE? ;D

http://whips.sourceforge.net/objective.html

Here's a demo for it:
http://www.robertobattistoni.it/video/whips_demo.htm

cool:thumb: thanks:thumb:

Is anyome put this new one thru any legitimate acid test yet?

Any new HIPS can become of immense interest while they all have different models & methods that they work at to ensure it hopefully becomes at some point a very interesting and useful project for all.

EASTER

Well it does not work on Vista according teh documentation, but it has a Vista install directory

It is a do it your self HIPS to contain system calls. So for instance ThreatFire does not intercept system shutdown (because in 99,9 of the time it is legitemate action), with WHIPS you can set to intercept the API call which f.i. SystemShutdownSimulator sets. Only allow Explorer to close down the system.

Maybe I will give it a try in the future. The overhead per system call interception varied from 27% to 9% according to the proof of concept document. So maybe I will write a few rules to intercept system shutdown, going into debugging mode, acquiring backup priveledges etc.


Gave it a try but could not get the agent working to enter rules

Cheers

The demo looks very interesting. I like the syscall filters. It says it's compatible with 2K so I'll set up another testbox and give it a try.

It requires Net Framework to be installed. Couldn't get it to work on 2K. The system would reboot when the service started, endless cycle. Couldn't launch the agent.