Check out this HIPS:

http://usec.at/ushields.html

(The one on the left - I believe PROROOTECT has recommended it before.)

It intercepts a whole bunch of stuff via the registry, including driver loading. However... If you try to kill it via the Windows task manager, it quite cooperatively shuts down.

(And if it uses any kernel level driver, I can't see it.)

Would I therefore be right in saying that it is utterly worthless? A HIPS without self termination protection doesn't seem much good to me...

'Confirm change?' pop-up always what happens THE thing ...ALWAYS.

Sure.


PROROOTECT


PS. It is blue. Like your eyes.:thumb:

It seems that the lack of responses to your question pretty much answers it. :argh:

Shame that... If it actually protected itself from termination, it would be *exactly* what I'm looking for in terms of HIPS - something light and standalone that intercepts modifications to important registry areas, driver and service loading, as opposed to asking my permission every time I try to launch something.

(With HIPS, IMHO, less can be more... Get spammed with too many popups and you might miss something important.)

FWIW I did post about termination protection on Usec's bulletin board. Nobody's answered so far, but presumably somebody will at some point... From what I've heard Radix anti-rootkit is pretty good, so presumably these folks have *some* good programmers at least. ???