Now that these two Ghost Security Suite programs are no longer supported, what can take their place?

i advise Malware Defender and/or System Safety Monitor;) they are strong hips

Hi Jmonge,

Many, many thanks for your quick response.

Your two suggestions strike me as extraordinary. Are both, as I suspect, one or more steps beyond RegDefend and AppDefend?

Note that an incautious search for MalWare Defender can result in deep trouble, as there seems to be malware that goes by the name MalWare Defender. The legitimate site for MalWare Defender is that of Torchsoft.com.

Is it OK to install these programs while continuing to use RegDefend and AppDefend till I'm fully adapted to these new programs? The only adverse consequence I see to running all four programs at the same time is having to put up with a lot of popups.

-{ Quote: " The only adverse consequence I see to running all four programs at the same time is having to put up with a lot of popups." }-
And a BSOD or two. I wouldn't.

ofcourse one hips program is good to run alone;)

You could also use Comodo Internet Security or Online Armor.

Or you could switch to a behavioural blocker such as Prevx and ThreatFire.

I agree with someone,

Alternatives
Behaviour blockers or combo's
Go easy with freebie ThreatFire (behavioral blocker), or paid with PrevX (when you know your system is clean, set all sliders to medium AND apply heuristics AFTER age). A2 Malware with 'IDS' (=Mamutu) AV (Ikarus) and own AT/AS engine is also a good an easy option (also paid).

Policy Management HIPS
Have you considered policy management HIPS like GeSWall or DefenseWall? DW is really easy to use. It allows full functionality of your browser (and other internet facing apps) in a limited user environment. As such it does not prevent you to install Active-X, BHO, only cages them. For this old Winpatrol free (with services and host file protection disabled) is a nice add-on to warn you of these to happen, check this out (DefenseWall) http://www.av-comparatives.org/comparativesreviews/single-product-reviews

HIPS
Paid Online Armor is the easiest and the best. The freebie has some limitations. The free version does not protect at boot up (as far as I know, please correct me when this has changed), therefore when you are looking for an easy freebie use Outpost Free and set intrusion protection to max. When you have added your own Regdefend entries I would advise Comodo in its most aggressive setting (Pro-active), all other Comodo configurations are a lot weaker than OA free. Outpost free by default also has not enabled all protections out of the box, but this is much easier to change. As said Comodo is only an option when you have succefully added Regdefend entries AND you install it in its most aggressive configuration. By telling Comodo your system is clean this aggressive setup won't trigger a lot of pop-ups. This complaint of Comodo is story telling of the past (pitty they introduced so much user friendly configurations, D+ looks like a swiss cheese, in stead of a solid defense wall), so Comodo is great when you use pro-active setting, all other settings are fake security IMO (it looks like a ferrari, but has the engine of a Tata Nano).

Regards Kees

-{ Quote: "
HIPS
Paid Online Armor is the easiest and the best." }-

Please define why "the best". I thought that MD is the best traditional hips.

Well,

OA has some intelligence woven into its HIPS, as such it is more than a traditional HIPS, MD is also a good HIPS, just comparerd the same in class meaning Heavy FW + HIPS (Comodo , OA, Outpost). Look at matousec intrusion protection, they cover the widest scope.

On the other had: I have a lisence of MD, not of Outpost, Comodo or Online Armor, so . . .

I think MD should have some rule inheritage option logic build in, something like:

Two options needed:

a) Inherit rules Yes/No
b) Inherit overrules programs own rule Yes/No

Note: rule inheritage can never be applied to system processes (due to system stability)



Trigger Application A spawnes a process B,

Case1: Does triggering application has rule inheritage
YES:
Case2 : Is the spawned process a system application (in the system group)
YES: use spawned process rule set
NO:
Case3 : Is overrule specified?
YES: Use triggering application rules set
NO:
Case 4: Does spawned application has a rule set of its own in application group
Yes: Use spawned applications own rule set
No: Use triggering process rule
End Case 4
End case 3
End case 2
No: Use normal highest priority rule
End case 1

-{ Quote: "Just in case you didn't know, you don't need a license for Comodo - its full version is completely free." }-

No you agree with the usage agreements, so you have a contractual relationship with Comodo even when you have not paid for it, becasue Comodo has to keep all intellectual property rights.

It is like a driving lisence, you are allowed to drive. A freeware lisence is you are allowed to drive in somebody's else car (using comodo's software), but this grant is a lisence of sorts.

-{ Quote: "Well,

OA has some intelligence woven into its HIPS, as such it is more than a traditional HIPS, MD is also a good HIPS, just comparerd the same in class meaning Heavy FW + HIPS (Comodo , OA, Outpost). Look at matousec intrusion protection, they cover the widest scope.

On the other had: I have a lisence of MD, not of Outpost, Comodo or Online Armor, so . . .

I think MD should have some rule inheritage option logic build in, something like:

Two options needed:

a) Inherit rules Yes/No
b) Inherit overrules programs own rule Yes/No

Note: rule inheritage can never be applied to system processes (due to system stability)



Trigger Application A spawnes a process B,

Case1: Does triggering application has rule inheritage
YES:
Case2 : Is the spawned process a system application (in the system group)
YES: use spawned process rule set
NO:
Case3 : Is overrule specified?
YES: Use triggering application rules set
NO:
Case 4: Does spawned application has a rule set of its own in application group
Yes: Use spawned applications own rule set
No: Use triggering process rule
End Case 4
End case 3
End case 2
No: Use normal highest priority rule
End case 1" }-

Though I understand what you are writing, sorry but I do not agree.

Inheritage was the reason that I switch away from kaspersky, since it introduced it, in its hips on version 8. Never regret it.

I prefer to allow/deny each process regardless of how it started. Maybe the reason is that I use many launchers and things get messed up.

Is it OK to run Malware Defender at the same time with NOD32?

-{ Quote: "But my point was that it's "free".

My definition of "free" in this context is that you don't need to pay "money" for it. Everything in life is relative. Hence my point regarding having a "license" for Comodo full version is "free", while having a "license" for OA full version or Outpost full version is NOT "free".

I hope my point is now clear, relative to what you were conveying. Easy." }-

Yep, I understood the first time ;D


Nice definition of free by the way: it also applies to surpression in any context (religion, sex, race, politics), it even applies to doing porridge in some countries (you do not need to pay money for that either).

Are the jails in Australia free?

Best things in life are free :P