Hello everyone!
Is there any HIPS (both freeware and shareware) compatible with Windows 7? I'm interested primarily in HIPS, not the firewall itself.
Thanks. :)
P.S. Is the UAC W7 any good?

Malware Defender -- Not Free but worth the money if you like a classic HIPS.

comodo internet security
system Requirements:

Windows XP (SP2) or Vista 32 bit or Windows 7.0 32 bit
64 MB RAM / 70 MB hard disk space
Windows XP (SP2) or Vista 64 bit Windows 7.0 64 bit
64 MB RAM / 105 MB hard disk space

HIPS without FW is not easy to find nowadays...

I also use Malware Defender with Windows 7 and without problems.
I only had two BS so far when playing with svchost rules, but that was my fault. :ouch:

Malware Defender has a network protection, but this can be turned off or used with or without the Windows FW.
I use it together with the Windows FW.
Well, you never know.

Cheers

Malware Defender is great. However, not available for any 64 bit OS.

Comodo with D+ or threatFire are freewares.

The lightest deny execution HIPS is PGS :-)

-{ Quote: "You mean Microsoft Window's SRP haha. Let's not steal away the vendor (Microsoft haha) who has provided the actual implementation of a most excellent deny execution HIPS." }-
;D you got it :argh: , but let's give sully credits for making it available on the non-pro or ultimate versions :thumb:

Since when is windows SPR the best HIPS at denying executables from running?

what HIPS product has failed to prevent executables from running?

-{ Quote: "Just following up on this. Out of curiosity, I've tested AE 2.3 against SRP, and got some rather interesting results:
1. AE 2.3 on "Low" setting - SRP blocks execution of the malware file first
2. AE 2.3 on "High" setting - AE 2.3 blocks execution of the malware file first - and I've got no idea why!

So there you have it - if anti-executable software was classified as a type of HIPS, then my statement (in the above quote) is wrong! AE 2.3 set on "High" is faster at blocking file execution than SRP.

And here's my attempt to get back on topic haha - does anyone know if AE 3 works on Windows 7?" }-



and what about sandboxie in blocking the execution of malware is it faster or slower than SPR ?

on a side note as long as malware is blocked from running is main thing, the time
difference in products at intercepting would be less than a second so how can you test? with MD if I try to run something that hasn't been given permission to run it is blocked instantly.

-{ Quote: "
Yes indeed, but it's just something that I've been observing with some interest - why is SRP so fast at blocking file execution? I first noticed it when I had SRP and Defense+ running. Then I tried to run a drive-by malware file in my sandboxed browser (thus also testing Sandboxie's anti-execute function). SRP was the first to block the execution. If someone could explain why, it would be appreciated.

I suppose in theory, the faster execution is blocked, the less likely the malware can do anything while waiting to be blocked? I don't know enough (or anything haha) about malware coding to be sure though." }-

I really wouldn't worry about the speed. Unless the situation is that it's so slow that it actually bothers you - a delay that you can easily notice, a delay nearly a second long or even longer, which would to me at least be very annoying.

Comparing SRP and some classic HIPS really isn't fair to either, considering that the HIPS product will do much more and doing more means taking more time to do it, obviously. SRP isn't HIPS in any way, it's just an execution blocker, and since it's a part of the OS, it shouldn't be a wonder that it's fast.

The speed or lack thereof of blocking, however, does not matter at all as far as security is concerned. Malware can't do anything while it's "waiting to be blocked". It doesn't work that way: instead of waiting to be blocked, the malware isn't doing anything at all, because it's not running yet. It can't do anything before it runs. Instead, you could say that the system is waiting to hear from SRP or the HIPS whether it should run the malware or not. If the HIPS (or SRP) says no, then the malware never runs, and never gets to do anything, including waiting. That is, if the execution blocker product is really blocking, instead of terminating. If it's blocking, then that means intercepting the function calls used to create processes and load libraries. This means the malware never gets to execute. But, if it's about terminating, then the malware first runs and the security software that's polling for new running processes notices that and then tries to terminate it. The latter is a bad idea: you don't want the bad stuff to run in the first place.

As for HIPS recommandations, I can't make any. I can say, though, that UAC isn't a HIPS in any way, and should not be relied upon to prevent nasty things from happening. If you want to prevent malware from messing with the system, then instead of relying on UAC to protect you while you're still logged in as an admin, create a limited user account and use that. There are things that the limited user account will not prevent - like infecting the account instead of the system and stealing data the account has access to - but it is a real security boundary, unlike UAC.

Winpatrol if you'll consider a lightweight HIPs.

what about smart uac?

Does SRP definitely work on W7 Pro?
Thanks.
Hugger

Ah, this thread has become way too complicated for me! ;D Yet, thank you. :) One more question - since some of you have suggest CIS, which other firewalls are W7 ready?

edit - I have no intentions to start A vs B battle, so please just list the compatible firewalls. :)
Thanks. :)

-{ Quote: "One more question - since some of you have suggest CIS, which other firewalls are W7 ready?" }-

FortKnox Personal Firewall
Jetico Personal Firewall
Look 'n' Stop Firewall (2.07)
Malware Defender (32-bit only)
Online Armor (32-bit only)
Outpost Firewall Pro (beta support)
PC Tools Firewall Plus
Privatefirewall
Rising Personal Firewall 2010
ZoneAlarm Pro Firewall 2010

Cheers

-{ Quote: "Online Armor has just released official Windows 7 support:
http://www.wilderssecurity.com/showthread.php?t=257363" }-

-{ Quote: "FortKnox Personal Firewall
Jetico Personal Firewall
Look 'n' Stop Firewall (2.07)
Malware Defender (32-bit only)
Online Armor (32-bit only)
Outpost Firewall Pro (beta support)
PC Tools Firewall Plus
Privatefirewall
Rising Personal Firewall 2010
ZoneAlarm Pro Firewall 2010

Cheers" }-

Lovely! :) Thank you guys! :thumb:

-{ Quote: "Hello everyone!
Is there any HIPS (both freeware and shareware) compatible with Windows 7? I'm interested primarily in HIPS, not the firewall itself.
Thanks. :)
P.S. Is the UAC W7 any good?" }-If you're running Ultimate look at the built in Applocker

-{ Quote: "Does SRP definitely work on W7 Pro?
Thanks.
Hugger" }-
Yes it works very well.

-{ Quote: "Yes it works very well." }-

Thank you.

I've been playing with the Applocker settings in 7 along with the advanced FW rules and I am impressed with its performance. Though it is not really a HIPS if you have Win7 Pro or Ultimate I would recommend playing with these before committing to a third party product. Applocker rules can be exported too.

-{ Quote: "I've been playing with the Applocker settings in 7 along with the advanced FW rules and I am impressed with its performance. Though it is not really a HIPS if you have Win7 Pro or Ultimate I would recommend playing with these before committing to a third party product. Applocker rules can be exported too." }-
I thought that in 7 Pro that AppLocker rules were just that. Only a list of apps with no protection.

-{ Quote: "I thought that in 7 Pro that AppLocker rules were just that. Only a list of apps with no protection." }-
Applocker is kinda like SRP on steroids. I for example, I have a folder on my desktop that I download stuff to, and nothing is allowed to run in this folder; scripts, installers, or exe's. This gives my downloads a "staging" area where they are scanned by my AV. However, I can set exceptions for publishers and hashes. I have done the same thing with my Program Data directory.

-{ Quote: "Applocker is kinda like SRP on steroids. I for example, I have a folder on my desktop that I download stuff to, and nothing is allowed to run in this folder; scripts, installers, or exe's. This gives my downloads a "staging" area where they are scanned by my AV. However, I can set exceptions for publishers and hashes. I have done the same thing with my Program Data directory." }-
Then you must have Ultimate. I thought from your reply that it was the Pro version.

-{ Quote: "Then you must have Ultimate. I thought from your reply that it was the Pro version." }-

I believe the Applocker feature is the same on both.

I'm pretty sure that Spyware Terminator is Windows 7 compatible.

Ha with Sully's PGS you can do path rules and application name rules and wild cards. I agree that publisher rules are a great enhancement.

To check whether a program has a useable publisher id, just right click the exe, click the tab digital signatures.

I tried PE Guard 1.2. Will have to wait for an updated version since it keeps crashing Windows 7 when you click anywhere in Windows! :(

-{ Quote: "Just following up on this. Out of curiosity, I've tested AE 2.3 against SRP, and got some rather interesting results:
1. AE 2.3 on "Low" setting - SRP blocks execution of the malware file first
2. AE 2.3 on "High" setting - AE 2.3 blocks execution of the malware file first - and I've got no idea why!

So there you have it - if anti-executable software was classified as a type of HIPS, then my statement (in the above quote) is wrong! AE 2.3 set on "High" is faster at blocking file execution than SRP.

And here's my attempt to get back on topic haha - does anyone know if AE 3 works on Windows 7?" }-

So what types of executables does SRP block? does it also block javascript executables?