Best Free HIPS

[tisatashar]

Many people such as students cannot afford the extra cash required to invest in a HIPS. However Wilders Forum is foremost in promoting this 'new' defense arsenal. And so many realise the benefits but money keeps it out of reach.

Now we know there is a difference between free & paid versions and many threads refer to paid versions of HIPS.

So this POLL is to give a guide as to what is a 'quality-featured' FREE HIPS on the market as of December 2007. I have included some like PG that are no longer 'in production' but can still be installed and used troublefree. Some come with a firewall bolted on like OLA & Comodo. (For these please consider their HIPS benefits only).

I have made the POLL multiple Choice so you can nominate more than one.

[lucas1985]

For classical HIPS I prefer Process Guard (free), the most user-friendly of all and 100 % bullet-proof used as anti-executable.
For behavioural HIPS, Threatfire and Prevx are both very good products with high potential.
For sandboxes HIPS, Sandboxie, Defensewall (not free), GeSWall, SafeSpace are pretty good. I happen to prefer (and use) GeSWall, the lightest of all.

[WSFuser]

Just an fyi, Prevx only offers detection for free. It no longer has the 30 days of cleanup.

Anyways I voted for Online Armor because its easy to use but it still is powerful. Also I havent much experience with the other classical HIPS

[FadeAway]

I don't feel qualified to vote, having only tried about half of the
applications listed in the poll. However, PG free has been my choice
for a long time. Combined with a well considered overall security strategy,
its anti-execution and anti-termination capability fills my needs very well.

[031]

eq secure is nice . oa is also good but i think eq-secure is better than oa free .

[TVH]

Prosecurity and SSM are by far the best in my opinion though they're not for novices. I personally use Prosecurity in my setup.

[aigle]

DW is not free. Ghost Security is also not free except AD.

[tisatashar]

OOppps. I meant GesWall GW (not DW) but didn't know how to edit poll.

I'm surprised Comodo has a following. Is it it's quality or are people just nominating it because they're stuck with it as its part of Comodo FW?

[Coolio10]

Quote:

Originally Posted by tisatashar

OOppps. I meant GesWall GW (not DW) but didn't know how to edit poll.

I'm surprised Comodo has a following. Is it it's quality or are people just nominating it because they're stuck with it as its part of Comodo FW?

Not everyone skips at first sight. They actually learn it unlike most testers here at wilders .

Anyway back on topic. Did not know polls needed any criticism.

[Mrkvonic]

Hello,
It would be AppArmor.
Mrk

[Pedro]

AppArmor sure promises. CFP needs a few more builds.

Right now, as in usable in this moment, i prefer SSM free, as Lucas says for PG, "100 % bullet-proof used as anti-executable", but SSM can also lock my PC with Disconnect UI: blocks new executables or completely blocks anything not allowed in the rules, and additionally it can block programs allowed with the UI connected (cmd, IE7, etc).
To me this among a few other details makes it the best freeware choice.
It just needs a "Wormguard module" (there's always something ..)

Oh, and it also changes the color of the icon when changing status

SandboxIE still is my favorite sandbox, but i don't use it that much. Still a powerful too to have, it doesn't need to start with Windows.

[LoneWolf]

I'd have to say GeSWall.
Liking the policy based hips idea.

[EASTER]

Well as usual it's taken long enough to disect the inner workings & settings for EQSecure 3.41 so that's gonna have to do for now as my favorite.

[19monty64]

ThreatFire with custom ruleset (SmartHips+Firewall, which is probably why it wasn't included.)

[Rasheed187]

I have voted for Neoava Guard, it´s not perfect, but overall, I´m quite impressed.

[subset]

I vote for EQSecure... No, I can not sort all this stupid rule-lists.
I vote for Comodo 3... Oh no, it looks like McDonald's Advent calendar.
I vote for OA Free... Ah stop, no updates included, a real pain.
I vote for DSA... Hm, maybe hope and pray ist not enough.
I vote for ProSecurity... Win95-16Bit-colormode-look, german translation is holprig, no, maybe not.

I have some favorites right now, but I am not sure which one

Cheers

[Brian N]

SSM makes most sense to me.

[Hairy Coo]

If free HIPS are your fetish-Micropoint-Prosecurity and of course the maestro himself ;

Threatfire

[EASTER]

Probably the most favored free HIPS would fall someplace between either OnlineArmor & System Safety Monitor, but EQSecure still holds my favor and can't wait for them to draw up another even better version soon.

HIPS is the way out from under the stressful demands of resident AV's and their power engines.

[tisatashar]

Quote:

Originally Posted by EASTER

HIPS is the way out from under the stressful demands of resident AV's and their power engines.

I've looked at HiPS as a support product while the AVs & firewalls are the 'regular army in charge of defense'. I wouldn't think HIPS would challenge AVs' in the market place. For the 'population at large' HiPs is like trying to drive with a ten gear manual gear stick compared to the 'auto-transmission' offered by AVs.

So is HIPS to be considered more as an alternative to say AVs' rather than another complimentary component in one's defense-array?

[LUSHER]

Quote:

Originally Posted by Coolio10

Not everyone skips at first sight. They actually learn it unlike most testers here at wilders .

You must be deluded.

Wilders people/testers are pound for pound the most paranoid people who *enjoy* answering prompts as long as it makes them feel safe....

If even testers in wilders reject it, i doubt you can even find 1 in a billion people to use it,

[Cerxes]

Quote:

Originally Posted by tisatashar

...So is HIPS to be considered more as an alternative to say AVs' rather than another complimentary component in one's defense-array?

IMO no.

HIPS is a very powerful tool for tighten up your system and If properly configured it´s hard for malware to penetrate. But does it protect you when it´s time to install/update? If you have the skill to understand the pop-ups, then yes, but if not, then signature/behavioural based protection could save the day.

Regarding the poll I voted for OA free since it´s simple and stable.

/C.

[EASTER]

Quote:

Originally Posted by Cerxes

IMO no.

HIPS is a very powerful tool for tighten up your system and If properly configured it´s hard for malware to penetrate. But does it protect you when it´s time to install/update? If you have the skill to understand the pop-ups, then yes, but if not, then signature/behavioural based protection could save the day.

Regarding the poll I voted for OA free since it´s simple and stable.

/C.

Very good opinions both ways. For me HIPS didn't spell the demise or even dismissal of AV's, only the reduction of what used to be additional taxing to system resources/performance AV's just can't help but place on any windows unit.
I logically rely on NOD32 only as an On-Demand probe (occasionally) but since the introduction of HIPS in the form of SYSTEM SAFETY MONITOR & now EQSecure 3.41, HIPS have released my units completely from resident AV's and nothing, i repeat, nothing is entered undetected that HIPS didn't sniff out and alert to.

This is a New Century which in turn also follows New Technology and (HIPS) meet challenges head-on that AV's simply cannot do. When i used resident AV's i eventually fell victim like others still do today, with HIPS, that percentage has fell drastically to 0%, and folks, i am not exaggerating, not do i discount the importance and usefullness of AV's, only that in Virtualization, Sandbox, and HIPS technologies, and especially teaming them together, AV's simply are no match for this more advanced protection.

Why do you think AV's are exploring & now implimenting some of these same Pro-Active elements into their own products now?

[huangker]

Black listing is still the bread and butter for most users. 'Dumb' HIPS is more of toy for me. It is just fun to have the system fully locked down. With an updated AV (and maybe AS) and good policy (no porn/crack sites) I think most users will be sufficiently protected.

[tisatashar]

I don't know about that, Easter.

If I download something and there's a stowaway hidden inside, NoD will smell it when its still at the door in the postman's bag. But how does SSM etc detect a virus? Don't they let the cockroaches live inside the computer software until they hatch and then try and swat them?

I think I'd like to know my house is clean. Or have I misunderstood how HIPS tries stop a virus?