HIPS with worst slow down of system

[aigle]

Many of u, like me, may be in habit of running multiple HIPS(separately or in combination ) on ur system. I have recently run many HIPS on my notebook and I have felt that all these HIPS slowdown the system by a different amount. Some are so light and smart that you will not feel anything, some just make u feel that all ur system is just crawling instead of running.

So I designed a pool just to know what is ur experience with various HIPS regarding the slow down in PC performance. I will happy to see ur response. If u have something to explain, pls fell free to write as well.

[aigle]

Personally I have used following HIPS in different combinations, some for a short period of time and some still in use.

PG free
Norton Intenet Security( with its IDS)
ZA Pro( with its IDS)
AntiHook
PrevxR1
Arovax Shield
CyberHawk
WinPatrol free
OnlineArmor

Out of these, I found PrevxR1 affecting my system most badly, making it slow. 2nd to it( in making the system slow) was AntiHook and the worse combination was when I combined the two-- I found my PC like a paralyzed person acting in slow motion. Also I feel Jetico makes system a bit slow( it has application control but as it is basically a firewall, so did not included it in the pool).

However I was not able to use Winpooch, System Safety Monitor, Neova beta, Tea Timer and Abtrusion Protector Personal9 some of these not even included in the pool), so no experience.

[Alphalutra1]

Prevx1 has had the biggest impact on my system and is a big pain in the you know where if you have opera, followed by the one in ZoneAlarm( actually, it was a beta so I guess it doesn't count, but the 22.5 second stutter before a program opened was VERY annoying).

Antihook was very light, but wouldn't remember its fingerprinting settings .

Processguard was fine, but I haven't tried out the full version YET.

Online Armor was pretty quick for the wide range of stuff it did.

Coreforce had a weird way of configuring, so I didn't like it(firewall rules weren't flexible enough and configuring it was too weird). I also don't like community programs due to the fact you rely on someone else, not necessaryily as smart as you who configured a preset that isn't very tight. It also doesn't protect against process injection.

Windows software based DEP is a real pain, and causes too many crashes, so I hacked the boot .ini file.

System safety monitor was great, but I don't like the impedeing loom of it becoming payware.

I haven't tried any others, may try tiny in a little while , if I do, I will tell you how that goes

Just my opinion,

Alphalutra1

[TNT]

Does WinPooch count? 'Cause that was a MAJOR resource hog when I tried it. I appreciate the fact that it's an open source project trying to do this. However, it's not really ready for use yet IMHO.

That said, I have to deactivate Process Guard when I use cygwin shell scripting, because it makes it INCREDIBLY slow, most probably because it checks the hashes of the executables every time... in a 100-loops script where ten commands get executed repeatedly, it's quite a lot of hashes Process Guard does, indeed, seem more suited to Windows native executables than something like cygwin.

[WSFuser]

i would say prevx has caused the biggest slowdown of any HIPS, but its still light compared to KAV.

[aigle]

Quote:

Originally Posted by Alphalutra1

Antihook was very light, but wouldn't remember its fingerprinting settings

AntiHook almost doubled the time of lauch of applications like IE(4.5 sec v 7.4sec average), Firefox( 4.8sec v 7 sec on average) etc. First time launch of these was even more prolonged( IE-- 5 sec v 23 sec, Firefox 11 sec v 21 sec) !!! I did use it with many others like NIS, PG free, OA, etc.

I suspect some combinations may be especially worse that accounts for different observations by different users.

[Alphalutra1]

I personally believe that combos can cause major problems and system slowups. One program is usually sufficient, and the overlap caused by multiple HIPS can cause considerable errors in my experience. Antihook in learning mode is a bit slow, but it picks up considerably after it. The only problem is that it questions even when you move your mouse or approach the computer .

Alphalutra1

[Slovak]

Quote:

Originally Posted by Alphalutra1

Prevx1 has had the biggest impact on my system and is a big pain in the you know where if you have opera

I 2nd that, with Prevx installed and running, Opera browser cannot download any files from anywhere with the .exe extension, just .zip, .rar etc.

[aigle]

Quote:

Originally Posted by Alphalutra1

The only problem is that it questions even when you move your mouse or approach the computer .

Alphalutra1

So don,t move ur mouse, and stay away from PC!! LOL

CyberHawk plus System Safety Monitor plus LaunchMonitor seem to work fine together on XP Professional.

Don't know if it qualifies as a HIP or not but by far the worse of any apps i tested that agonizingly slowed the system down for me was CoreForce.

[Alphalutra1]

Quote:

Originally Posted by aigle

So don,t move ur mouse, and stay away from PC!! LOL

Pretty smart actually, and it must be effective since it makes you want to not use the pc, so it won't get infected since it isn't turned on

Alphalutra1

Successful in my testings so far is this new and effective approach that works!

No installed AV PERIOD! Using Online Virus Scans Only!

With the arrival of HIPS like System Safety Monitor i find no need anymore to apply some Anti-Malware "resident" to watchguard. SSM covers a great deal more and then some of system calls.

Kerio supplies the firewall surveillance.

Backups are made to an alternate HD and then it's pulled and put up on a shelf, no plastic media to worry about corruption.

The only one I've tried is SSM. In it's present form, it doesn't slow my system at all. Some of the earlier versions were a big load on CPU, especially the registry modules. Now the system load is almost nothing.
SSM has become payware now. $24.95 for a single lecense, lower prices in quantities of 5 or more. Until now, all the security software I used was freeware. SSM will be the exception for me. It's easily worth the price.
Rick

[aigle]

Quote:

Originally Posted by TNT

Does WinPooch count? 'Cause that was a MAJOR resource hog when I tried it. I appreciate the fact that it's an open source project trying to do this. However, it's not really ready for use yet IMHO.

Infact each time I installed Winpooch, I was not able toi start it, as soon as I tried to start it, system was locked and I had to reboot each time. May be some incompatibility with some other applications on my system.

[Mrkvonic]

Hello,
You're not the only one. I could not use Winpooch on 3 comps.
Mrk

[Notok]

I'm actually not getting any slowdowns with Prevx1, especially since the last release (the made some additional optimizations in the last release). The thing I notice, however, is that if you've got other apps that do the same things, or work in the same way, as Prevx1 then the redundancy can cause slowdowns.. and Prevx1 covers a lot of ground, so just about any other HIPS program is going to do this. When installed with only scanners and a firewall, I actually don't notice any difference in performace with or without Prevx1 installed.

[aigle]

It,s surprising. I used all, Prevx beta, Prevx 1, and Prevx R1, and all showed some slowdown more or less.

[pojispear]

i'm only running F Secure 2006 and BOClean right now, and system is noticeably slower, both opening programs and opening directories in windows but i do have everything set to Custom with real time scanning (not all files, only recommended + compressed) and all other functions on high security.

i have an email question into F Secure support about this

before: KAV 5, kerio 4.2.3, BOClean, ewido real-time and pretty fast

[Notok]

Quote:

It,s surprising. I used all, Prevx beta, Prevx 1, and Prevx R1, and all showed some slowdown more or less.

It was never all that slow on my system when I ran it without any other generic protection (HIPS) programs running, but performance was something they invested some time in with the last release or two, and it shows... you might give it another try.

[Paranoid2000]

Quote:

Originally Posted by EASTER.2010

Successful in my testings so far is this new and effective approach that works!

No installed AV PERIOD! Using Online Virus Scans Only!

With the arrival of HIPS like System Safety Monitor i find no need anymore to apply some Anti-Malware "resident" to watchguard. SSM covers a great deal more and then some of system calls.

SSM has a feature that makes "on-demand" scans more convenient if your AV scanner can be run from the command line. In SSM's Preferences/Options/Antivirus, specify the full path name of your virus scanner along with any other parameters needed. Once this is done, all further SSM "Application Activity" prompts will have the "Locate" link (under the icons) replaced with a "Scan" link (which will run a scan on the file in question).

Quote:

In SSM's Preferences/Options/Antivirus, specify the full path name of your virus scanner along with any other parameters needed. Once this is done, all further SSM "Application Activity" prompts will have the "Locate" link (under the icons) replaced with a "Scan" link (which will run a scan on the file in question).

Indeed very nice feature, in fact SSM is absolutely loaded with very effective preventions/protections and immediately returns complete full control back to where it always belonged in the first place, to it's rightful owner.
For my systems it ends a lot of the nonsense that some signature vendors create whether missing malware or causing issues. When you finally get your system all stablized vendors enjoy making new changes and then it's off on another chase to level matters out again. That to me is as bad as the endless cycle of malware itself, it's also bad enough having to discover and self-stabilize windows limitations without that harrassment from programs.

[PhiloVance]

OK, first what does HIPS stand for?
Also SSM, while you're at it?

Thanks.

[CJsDad]

Quote:

Originally Posted by PhiloVance

OK, first what does HIPS stand for?
Also SSM, while you're at it?

Thanks.

HIPS= Host Intrusion Prevention System
SSM=System Safety Monitor

Hmmm, didn't see the one which is give me personally the worse slow down of them all, named CoreForce. I still hold out some high hopes they'll one day perfect that program where it won't drag the entire system to a slow crawl.

CyberHawk then SSM are the quickest rapid responders with my systems.