Best free complement for SSM Free

I've read threads about Cyberhawk, ProSecurity, DSA, SensiveGuard, EQSecure, Neoava and countless other free HIPS but still quite confuse as to their features.
Please help me choose another free HIPS to complement my SSM Free. Slight overlap in features with SSM Free is acceptable but I basically want to control network access of applications. At present, I'm using PCTools Firewall (packet filtering disabled) for this purpose..

My Current Setup:
Linux Firewall/Proxy
Windows XP SP2
CHX-I
PCTools Firewall (for Application Filtering only)
SSM Free
F-Prot 6 (of course!)

Thanks everyone!

 

I would suggest the only addition you may want to add to your already stellar setup is an antivirus. NOD32 is excellent. Even SSM free with your firewall and CHX-I packet filter is more than adequate. Personally, I don't like the idea of running two HIPS, even if one can provide some protection the other can't. As long as you can stop a suspicious looking executable from running, you are ahead of the game. If you do mistakenly allow it to run then there is a very good chance your antivirus - if you run one - will catch it. In a nutshell, I would favour an antivirus added to your package over a second HIPS.

 

oops, sorry I forgot to include my antivirus, but as you can see from my avatar...

thanks for replying, anyway!

 

Okay, I didn't recognize your avatar as F-Prot ...Then I would say you have a bullet proof system!

 

Thanks! But I still would like to know any free HIPS complement for SSM Free, instead PC Tools Firewall which I only use for basic application network access control...

 

With SSM it is down to you to configure it and excercise control via the pop-ups. So if you are looking for a complement I think you should look out for an App with behaviour blocking features that will control processes behaving suspiciously. Perhaps Cyberhawk would fit the bill?:-

http://wiki.castlecops.com/Cyberhawk

http://wiki.castlecops.com/HIPS/IDP_programs/services

Network access control may be a problem, since this is usually found in the paid for versions of these type of progs. The network control of SSM full may be what you seek.

 

Yes, I am particularly looking for a basic application network access control and Cyberhawk doesn't fit the bill. I tried it in it's early days and it's the only HIPS I used until System Safety released the free edition of SSM (I can't find any download link of the original SSM freeware by max at the time). SSM and Cyberhawk combo worked for me but the later versions of Cyberhawk simply slowed down my machine that I decided to ditch it... I might consider adding it as my behavior blocker HIPS in the future. btw, I regularly download new versions of Cyberhawk to test if new versions would work well in my system.
meanwhile, I'm still on the hunt for a HIPS that would complement SSM Free's lack of network access control..

 

I use Dynamic Security Agent (DSA) with SSM's paid version. DSA's 2 HIPS components are (1) System Anomaly, & (2) Email Anomaly. Neither of those modules duplicates SSM's capabilities, & both offer valuable added protection.

DSA also has modules for Process Detection & Application Protection. The latter gives application network control plus other control.

Each of the 4 modules has its own training mode. The System Anomaly module can be fine-tuned for sensitivity.

Additionally, with {DSA + SSM + router}, I don't need a firewall. DSA's firewall capabilities + SSM's Network rules complement each other nicely, as is evident from Matousec's recent tests.

 

@bellgamin:
Can DSA's firewall feature be disabled? I don't want another SPI firewall as I am very much happy with CHX-I.

 

Use prosecurity free alongside ssm free. Setup PS to just monitor network access, it can control inbound as well as outbound.

 

DSA is a free component of PrivateFirewall (PFW). PFW is not free, whereas its HIPS component (DSA) IS free. Obviously, DSA does not conflict with PFW but, instead, complements & strengthens it. According to DSA's website...

I know from my previous experiments that DSA doesn't conflict with Kerio firewall 2.1.5 nor the Comodo FW. Beyond that I haven't tested it as to conflicts.

 

Tried ProSecurity Free, and I don't quite like it. But I do like it for the simple fact that it seems to be a direct competion of SSM Free. With such, System Safety will add features to SSM Free to avoid being overtaken as the leading classical HIPS around, hopefully.

DSA interests me.. From what I gathered in their website, Application Security is it's main feature, which may explain why it can't be disabled, while all others are optional. Thanks also for the link to matousec's site. DSA did perform well in their tests. I'm really impressed!

BTW, how is DSA's resource usage?

 

OK - we're getting into the area of extreme overkill here. Why do you want to run 3-4 apps that basically do the same thing? Running SSM with these others is a waste of time, IMO. Run SSM with something that doesn't overlap, such as Sandboxie. In fact, if you run Sandboxie, most likely nothing will ever even get to SSM since it will never reach the actual system. Just cover your bases:

Firewall (Network control)
Antivirus (Malware control)
BoClean (memory processes, behaviorial as well as signatures)
Sandbox (permissions, isolation of apps from system)

And, if you must, run ONE HIPS: preferably SSM - but not really necessary if you run the previous four above. Running too many security apps can slow your system down or cause worse problems than the malware would. Keep it simple and don't waste your resources needlessly.

 

Agree totally. I will even drop BOClean. One good real time scanner is enough.

 

I do not intend to run 3-4 apps that basically do the same thing. I was just hoping to use another free HIPS to complement SSM Free's lack of application network access control, and replace PCTools Firewall which I use for this purpose..

 

Replace SSM with PS free.
BTW why not just PC Tools FW, it,s light. I can,t understand.

 

I think EQSecure is still in beta but man what a first release here in Wilder's. It's a great HIPS with plenty of potential and it's highly configurable down to any folder/file/registry key you want to tighten security on. It is a bit of a task to manually configure everything but believe me once you do it catches ANYTHING trying to signal your system and lets YOU know FIRST!

Plus is really light on resources from what i seen. I want to try their subsequent upcoming releases in hopes to see just how much they've tweaked it; but the first beta i still have and test occasionally.

System Safety Monitor is my mainstay though. Solid protection! Fast!

CyberHawk i still consider faster then SSM but somewhere along these latest versions it's lost some of it's former important functionality IMO, but i'm no expert in Novatix. Can only hope they trim it down, i discovered it uses (4) active drivers to operate and that seemed a bit too much for my taste, but maybe works well for others.
My experience with early versions CH was fun and enjoyable because it TERMINATED on-the-spot any process that you denied access plus it jumped up faster then SSM to intercept. That was impressive then but recently i given absence to it in exchange for a newer version when released.

Regards:

 

Yeah, I agree.. But, there are times when you just want to fiddle around with your setup. I know, "don't fix something that is not broken." But, still...

 

You could also try appdefend to control network access. At the moment the free version works exactly the same as the paid version with the exception that it has an ad that pops up once after every reboot.

 

Hi, folks: I would look for a firewall(free) w/ network access control, IMO, if a fw w/o this feature is actually a half-firewall. Besides, SSM free may have given you enough alert pop-ups already, you really do not wish to have any HIPS asking duplicated questions each time along w/ SSM. This will make you head spinning, and what if you slip one key stroke, bingo, you are at total loss. Or you can try a HIPS w/ network access control to replace SSM free, of course the final choice is yours; sometimes dropping one is a good trade-off for gaining two. Good luck.

 

I agree with others simplify your security aps

Linux Firewall/Proxy

Windows XP SP2

SSM Free with registry extra's https://www.wilderssecurity.com/showthread.php?t=168928

F-Prot 6

SensiveGuard see https://www.wilderssecurity.com/showthread.php?t=161749
in stead of CHX-I and PC-tools firewall. This ads data prorection to your setup, makes it bullet proof

 

Sorry if I my statement came across as other than intended. It's just that so many times I see people suggesting running a bunch of apps together that overlap and needlessly waste resources as well as create the potential for system conflicts and crashes. If what you want is a light setup, then use SSM for HIPS and replace PCTools with a lighter firewall. Though very outdated, I have been using the old Tiny Firewall (2.0.15), which is light as a feather. It is the forerunner to Kerio 2.1.5, except I do not believe it has the problem with the fragmented packets (at least from what I've read). The reason I run BoClean is that it performs in a manner completely different from the other AS/AT software, and I've found it is very effective. Also, I stick with my statement about Sandboxie, since you can run any app on your system in a sandbox and isolate it from the rest of your system. So look at the setup I suggested this way:

* Tiny Firewall (Rules-based, application control, ability to write tight rules) P.S. I also tried PCTools firewall and found it to be very buggy. It also failed most of the exploit tests I threw at it, while the old Tiny FW passed them all. I didn't test Tiny against all the leaktests, as I feel those are 99% hype. I want to concentrate on keeping the bad guys out in the first place. I keep my system squeaky clean, so am not worried about anything phoning home.

* A Good Antivirus (which I would suggest KAV or AOL AVS, which is Kaspersky Jr.)

* BoClean (while AV looks after files, BoClean looks after memory processes and behavioral anomolies - I've found it is similar to most HIPS in the way it works).

* Sandboxie (isolate your browsers, email clients, newsreaders, p2p, chat programs, etc. Keeps any malware from getting to your system, period).

With that, you have all your bases covered. Intrusion protection via firewall, file protection via AV, memory protection via BoClean, and isolation of all malware from your actual system with Sandboxie. And, if you want to, you could run SSM for behavioral blocking, etc, though not really needed if you isolate your browsers and other programs that access the Internet in Sandboxie. Also, I would choose SSM over some of the others mentioned simply based on its stability. I tried Prosecurity - hosed my system royally. Also tried Cyberhawk and found it to be nothing but a system drain. Also tested a couple of others that I wasn't all that impressed with. SSM is a good HIPS, gives you ultimate control and doesn't use that many resources (am speaking of the free version here). Anyway, hope you find the setup you like and that you feel will do the job.

 

What behavioural anomlies does BOClean look after?

Since it is scanning processes as they enter memory and comparing them with its sigs, it should not be concerned with behavioural analysis at all.

App Defend is the obvious choice for network access control (if SSM full is not being run) but I'm not sure anyone would wish to run both AppDefend and SSM free; so dificult decisions will be required. Given the need for network control, I would ditch SSM free and go for either AD or SSM full. AD is still free at the moment, which could be the deciding factor.

 

thanks for the suggestions regarding firewall, but I think this is not the right forum. but I do not intend to replace CHX-I in the near future..
regarding my antivirus, I've been with F-Prot for about 10 years now and I don't intend to change my 'avatar' also.
I'm currently testing DSA for my basic application network access control. it seems to perform well, though it's using more resources than PCTools Firewall which I use as application firewall..
AppDefend is a great suggestion. might try it next.
btw, Kees, thanks for the link regarding registry module settings for SSM Free.

 

Why do you think that? You asked for opinions and you got many varied ones. The majority of the members on this forum are very knowledgeable about computer security utilities and concepts and have a lot of good ideas. It is up to you to filter out the ones you like.

You could keep CHX-I packet filter if you want. It uses almost zero resources and will restrict network access on ports, direction and protocol, even though it does not have application control.