History question about old HIPS program

Discussion in 'other firewalls' started by act8192, Nov 29, 2015.

  1. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    Does anyone here remember what was the name of a HIPS program that, I believe, got bundled into Privacyware Private Firewall? I recall people being upset that that program vanished, but I cannot recall its name.
     
  2. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    Not sure, but I think DSA (Dynamic Security Agent) was Privatefirewall HIPS component.
     
  3. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Compu KTed is correct. It was Dynamic Security Agent. Even tho it was a *Hips-type* program, its firewall ability was very good in its day.
     
  4. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    Agreed it's day.
    Falls over every so often on my xp machine
     
  5. guest

    guest Guest

    Online Armor Premium was top notch HIPS & Firewall, it was my favorite , shame they discontinued it ...
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Online Armor was my favorite also. It is actually one of my all time favorites out of all security products. It was very user friendly compared to all the other HIPS. It did not annoy me with a lot of popups requesting a response for safe system actions. I very rarely received any popups from OA asking me to allow, or deny anything. It's whitelisting was superb, and I never found anything that could bypass it's HIPS.
     
  7. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,340
    Location:
    Québec, Canada
    Emsisoft had Mamutu, and PC Tools had ThreatFire.
    Both discontinued. (Mamutu's technology is now integrated in EAM and EIS I think)
     
  8. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Yes, it is discontinued as a standalone application....but is still developed as an internal module of EAM/EIS.
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    PC Magazine did a review of DSA in 2006: http://www.pcmag.com/article2/0,2817,2033948,00.asp

    You could say it was one of the first anti-exec's on the market. In reality, a HIPS running in interactive mode which is what it is. When I used PrivateFirewall many moons ago, I put it in training mode for a while. Then switched it to interactive mode and it was silent for the most part. As I recall, you can't change/add rules directly to it; can't remember for sure. I wouldn't trust it for WIN 10 due to all the OS changes done.

    A more friendly version of like software of that period was PC Tools ThreatFire. It was more of an intelligent behavior blocker than a HIPS though.
     
  10. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
    If the above HIPS products were so efficient why they disappeared? I really don't understand.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    DSA was originally developed for commercial use i.e Endpoint products. I believe the developer moved on to something else and sold the licensing rights to Greg Salvo.

    TheatFire maintenance was costly for PC Tools and they were struggling economically. When Symantec bought PC Tools, they killed it; no need to explain why .............
     
  12. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
    Thanks. And what about Online Armor?
     
  13. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    That is covered in another Wilder's thread. Fabian from Emsisoft stated they couldn't economically cost justify further development of it. That is, it wasn't profitable for them anymore. Also I believe they was a development policy shift to promoting software "for the masses" which require minimum user interaction.
     
  14. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
    OK, thanks.
     
  15. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
  16. guest

    guest Guest

    you believe right , it was mentioned.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    This is actually that I don't want in a HIPS, too much white-listing is never good. There has to be a balance.

    Not really, remember SSM and Process Guard? They have been around since 2003.
     
  18. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    As to why old HIPS were dropped -- in early cases, it was for financial reasons. In later cases, it was because new versions of Windoze prevented HIPS programs from setting meaningful hooks.

    As to DSA -- one of DSA's *unique* security approaches ("unique" as far as I know) was that it monitored the user's ACTUAL normal usage patterns concerning such factors as email traffic volume IN, email traffic volume OUT, usage freq of each process, etc. It allowed the user to specifiy the percent variance that DSA would allow before sounding an alarm. Then DSA would block & notify the user of any over-tolerance usage. The user could then Allow or take other action. I really liked that feature!
     
  19. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    Real-Time Defender/ProSecurity...NetChina...Antihook...Spyware Terminator...Malware Defender...GSS (RegDefend/AppDefend)...SSM...All-Seeing Eye...NeoavaGuard...TF...DSA...
    Good old rock'n'roll :)
     
  20. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
    Interesting stuff indeed, thanks.
     
  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    That's only true to a certain extent. There's no need for the user to be bothered with harmless system activity unless you suspect a backdoor being used in the OS. You want have to worry about that unless you are on a watch list of some 3 letter agency lol You was always able to untick trust by digital certificate, and by the cloud whitelisting in OA.
     
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Then you definitely want Eset's HIPS. Its default rules are next to non-existent:rolleyes:.

    Actually, there is nothing wrong with a HIPS with default rules/policies as long as they can be viewed and preferably modified if so desired.
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Actual DSA's capability pails in comparison of the next gen behavior blockers with artificial intelligence that are coming into the marketplace. Once such product using this is here: https://www.emc.com/collateral/software/data-sheet/ds-ecat-final.pdf

    These will eventually make into the retail market and Symantec's "Anti-virus is dead" prediction will be validated.
     
  24. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    It's an advertisement, replete with puffery and containing many of the *standard claims* that are made by just about every new security app. If even half of what they claim actually transpires, then this forum might become a rather dull place to visit.
     
  25. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    From the data sheet

    This sounds pretty dubious IMO. The .text segment of a program (static code) could be monitored this way, but the stack and heap are subject to change over time, and most exploits work there. (Possibly more in the heap these days, what with stack smashing protection measures on Linux and Windows; but I'm really not sure.) If an exploit used a stage that lived in allocated heap memory, I don't think any kind of comparison test would work.

    I would not say this is a standard claim, but I don't think it holds water. (Unless the marketing people have the method wrong, which I'll admit is quite possible.)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.