HIPS

Can someone recommend from their experiences the best HIPS program (paid or free). Im trying to choose between Prosecurity, SSM, Online Armour and Defencewall

 

If you take the time to check the Forum, you will find many, many threads on this subject.

As for myself I am using DefenseWall and SSM. Both have their use and I think they complete each other. SSM is a little bit difficult to configure, but it's a formidable piece of Software. Others may have different opinion. I guess you have to try for yourself what's best for your needs and especially for your machine.

 

Ive now narrowed it down to Prosecurity and SSM only. Any recommendations?

 

Per Antarctica:

MHO: Both are excellent at what they do. I find PS a tad more user friendly / less intimidating.
For HIPs comparison as they relate to leaktests, look here: http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php
For an overall HIPs comparison, look here:
http://wiki.castlecops.com/HIPS/IDP_programs/services
Not to muddy the waters, but you may want also to look at others such as Neova Guard, Dynamic Security Agent, (both free) and others.

 

Hi, folks: Just prior to any decision, you may want to explore this one:
EQSecure 3.41 freeware. One member here has comment that it is as good, and perhaps as strong as the other two on your short list. Those two are paid wares. These three, I believe are very noisy in the beginning(learning mode). I probably would have EQSecure installed, if not due to plenty of popups. Take care.

 

I would go with OA, but I personally feel that if I want HIPS, all I need to do is turn around and look at my wife.

 

You do know how to ask for trouble.

 

I like ProSecurity myself... never did like SSM that much, it seemed a little buggy at times and more annoying in general. But then again, I am not a big HIPS user, so all this is mostly based on 1st impressions....

 

I've experienced excellent results since transitioning over to EQSecure 3.3/3.4, and even though i still retain a SSM Pro license & i still run it on some snapshots, i find EQ is taken the limelight and captured my attention with it's HIPS.

You can also SandboxIE in another virtualization app like Returnil & Power Shadow with about any reliable HIPS, and if you happen to use FD-ISR, you're really behind some quite formidable walls.

 

And to further muddy it, you can also look at Online Armor, Comodo Firewall 3 which includes powerful HIP functionality via Defense+ module (freeware, beta).

 

I recommend SSM & ProSecurity. Con mucho gusto.

 

From the looks of things, like these ongoing requests & inquiries in favor of Host Intrusion Protectors, i venture to say that there still exists a need for MORE developments from new source vendors, even the most small.

With AV's at a somewhat disadvantage really between keeping their respective competing AV's at their best overall levels for detections with stable performance, and with this HIPS technology still somewhere in infancy but maturing, theres room for new introductions from new makers of these behavioral blockers IMHO.

It certainly by pure numbers is to all of our advantage that new ones do emerge, granted if they can come out of the gates stable, reliable, and accurate enough.

Virtualization also has it's place as do AV's and AS scanners. In like manner HIPS is a welcome and so far very efficient means in this ongoing battle to thwart forced intrusions onto our systems.

 

of course defensewall.

DefenseWall is an HIPS program, working on the « white-list » principle : It reduces the rights of the programs and executable files running outside of the trusted zone. The idea is to set the programs which are vectors of infections (browsers, e-mail, P2P, Instant messengers and IRC clients, script engines, etc) as “untrusted”, meaning that everything getting through the computer from theses programs will be enclosed inside the untrusted zone.


The protection works in a “no popups” mode. In other words, the protection is automated, because the ‘untrusted attribute is set for everything which is coming through ‘untrusted programs, on the parent process mode : processes, scripts, and registry activity. And the ‘untrusted attribute is “contagious” : when an ‘untrusted process launches another process already present on the system (ie. cmd.exe) , this process is made ‘untrusted too. Then very little user input is needed to run the program.

 

WELCOME TO WILDER'S COMMUNITY FORUM baerzake

Excellent point and i might add equally reliable security program too.

Thanks

 

thank you.

DW is policy restriction and virtualisation. I think it's the best way to balance safe and ease of use.

 

Very well said and clear, thanks for this input. Please stay and enjoy the World's Best collection of security membership & staff ever in one place. Theres much in the way of constructive resources to draw from here as well as safety. LoL

 

An oldie but goodie is also DynamicSecurityAgent, with an adjustable sensitivity threshold. If you want less pop-ups you just raise the %. Adjustable training priod too. I originally didn't like this app. 'til I read the thread on it, and understood it better. (Also figured how to stealth my router, thanx guys!) *****