Does anyone here remember what was the name of a HIPS program that, I believe, got bundled into Privacyware Private Firewall? I recall people being upset that that program vanished, but I cannot recall its name.
Compu KTed is correct. It was Dynamic Security Agent. Even tho it was a *Hips-type* program, its firewall ability was very good in its day.
Online Armor Premium was top notch HIPS & Firewall, it was my favorite , shame they discontinued it ...
Online Armor was my favorite also. It is actually one of my all time favorites out of all security products. It was very user friendly compared to all the other HIPS. It did not annoy me with a lot of popups requesting a response for safe system actions. I very rarely received any popups from OA asking me to allow, or deny anything. It's whitelisting was superb, and I never found anything that could bypass it's HIPS.
Emsisoft had Mamutu, and PC Tools had ThreatFire. Both discontinued. (Mamutu's technology is now integrated in EAM and EIS I think)
Yes, it is discontinued as a standalone application....but is still developed as an internal module of EAM/EIS.
PC Magazine did a review of DSA in 2006: http://www.pcmag.com/article2/0,2817,2033948,00.asp You could say it was one of the first anti-exec's on the market. In reality, a HIPS running in interactive mode which is what it is. When I used PrivateFirewall many moons ago, I put it in training mode for a while. Then switched it to interactive mode and it was silent for the most part. As I recall, you can't change/add rules directly to it; can't remember for sure. I wouldn't trust it for WIN 10 due to all the OS changes done. A more friendly version of like software of that period was PC Tools ThreatFire. It was more of an intelligent behavior blocker than a HIPS though.
DSA was originally developed for commercial use i.e Endpoint products. I believe the developer moved on to something else and sold the licensing rights to Greg Salvo. TheatFire maintenance was costly for PC Tools and they were struggling economically. When Symantec bought PC Tools, they killed it; no need to explain why .............
That is covered in another Wilder's thread. Fabian from Emsisoft stated they couldn't economically cost justify further development of it. That is, it wasn't profitable for them anymore. Also I believe they was a development policy shift to promoting software "for the masses" which require minimum user interaction.
Found an old Wilders thread on DSA here: https://www.wilderssecurity.com/threads/some-tests-i-ran-on-dynamic-security-agent.162285/ BTW - It's part of PrivateFirewall which can be downloaded here:https://www.privacyware.com/personal_firewall_2.html. Note I do not recommend the product for reasons I wish not to discuss publically.
This is actually that I don't want in a HIPS, too much white-listing is never good. There has to be a balance. Not really, remember SSM and Process Guard? They have been around since 2003.
As to why old HIPS were dropped -- in early cases, it was for financial reasons. In later cases, it was because new versions of Windoze prevented HIPS programs from setting meaningful hooks. As to DSA -- one of DSA's *unique* security approaches ("unique" as far as I know) was that it monitored the user's ACTUAL normal usage patterns concerning such factors as email traffic volume IN, email traffic volume OUT, usage freq of each process, etc. It allowed the user to specifiy the percent variance that DSA would allow before sounding an alarm. Then DSA would block & notify the user of any over-tolerance usage. The user could then Allow or take other action. I really liked that feature!
Real-Time Defender/ProSecurity...NetChina...Antihook...Spyware Terminator...Malware Defender...GSS (RegDefend/AppDefend)...SSM...All-Seeing Eye...NeoavaGuard...TF...DSA... Good old rock'n'roll
That's only true to a certain extent. There's no need for the user to be bothered with harmless system activity unless you suspect a backdoor being used in the OS. You want have to worry about that unless you are on a watch list of some 3 letter agency lol You was always able to untick trust by digital certificate, and by the cloud whitelisting in OA.
Then you definitely want Eset's HIPS. Its default rules are next to non-existent. Actually, there is nothing wrong with a HIPS with default rules/policies as long as they can be viewed and preferably modified if so desired.
Actual DSA's capability pails in comparison of the next gen behavior blockers with artificial intelligence that are coming into the marketplace. Once such product using this is here: https://www.emc.com/collateral/software/data-sheet/ds-ecat-final.pdf These will eventually make into the retail market and Symantec's "Anti-virus is dead" prediction will be validated.
It's an advertisement, replete with puffery and containing many of the *standard claims* that are made by just about every new security app. If even half of what they claim actually transpires, then this forum might become a rather dull place to visit.
From the data sheet This sounds pretty dubious IMO. The .text segment of a program (static code) could be monitored this way, but the stack and heap are subject to change over time, and most exploits work there. (Possibly more in the heap these days, what with stack smashing protection measures on Linux and Windows; but I'm really not sure.) If an exploit used a stage that lived in allocated heap memory, I don't think any kind of comparison test would work. I would not say this is a standard claim, but I don't think it holds water. (Unless the marketing people have the method wrong, which I'll admit is quite possible.)