Do I need HIPS?

I have currently this security setup:

- Router VIGOR with firewall
- Windows XP firewall
- AVAST Antivirus
- SpyBot SD
- SpywareBlaster
- Firefox (NoScript, AdBlock)
- Mc Afee SiteAdvisor

Do I need some HIPS software along with AVAST? I am a novice. When I run HIPS, is some antispyware soft needed? What HIPS for me

 

Not really. If you use safe computing, meaning dont open unknown attachments or links in email, use noscript when browsing, dont use cracks or keygens and so on, there is no need in my opinion.

I have used HIPS for years (admin account) at the same time as I used common sense and the result was that the HIPS i´ve used had nothing else to do than ask me a lot of confirmations for legit apps But to be fair it is only the first time they execute one has to confirm and after that they only react if something is changed.

Personally I am exploring Limited user accounts right now so I can get rid of the HIPS for ever (hopefully) but until now I have used Prevx1 which I´ve been happy with since it is one of the few security software that don't bother me with all sorts of questions for legit apps. Prevx1 is so called community based intrusion software so you will need an active internet connection so Prevx1 can check the files against their database. I believe that Cyberhawk and Geswall a couple of other not so intrusive HIPS (it´s been a while since i tried them).

If you want almost full control of what happens in your computer you can use software like Comodo Firewall, SSM, App and regdefend, prosecurity, there are more but those pops into my mind right now (and I have used). They are all very good at what they do but require a bit of knowledge of what to allow and not.

Another approach is software like Defensewall, Geswall and Bufferzone, they use sandbox technology.

 

From a less knowledgeable position, but slightly above "novice", I think sukarof
has given good advice. HIPS programs can take a bit of learning what to allow or block.
I see you've already asked about a firewall, and would agree with using Comodo (or similar) for outbound protection, depending on how important security is, but be aware there can be a lot of pop-ups with this firewall, as it learns your applications, and also after any program update.
For inbound protection, the Windows firewall is good. (Tested at ShieldsUp, perfect stealth rating on several tests. As does Comodo's.)
I also use Avast (home) and have found it very good. Pretty much trouble free. Configurable. Plenty of shields.
You might want to consider an additional demand scanner, like Superantispyware, AVG AS, or Asquared, to cover the stuff that Spybot may miss. Be aware that they can have false positives at times, so best to investigate a file before quarantining it. And never delete; always quarantine.

 

I don't know. Some times I swear I believe I can survive with nothing but a router protecting inbound connections while surfing in admin mode, other times I get all paranoid, and snap on the best HIPS (AD+RD+FD) I can find plus AV,AT, and AK plus Personal firewall.

Currently I'm more on the low side of things, but getting more paranoid by the minute and moving towards the other extreme.

 

You can. It's perfectly possible as long as you don't use IE.

 

I think i will try eqsecure again. To see if it makes sense to me...

Seems to me I keep expecting default deny (actually default prompt but you know what i mean), but EQsecure doesn't seem to do that.

I looked at the tree chart thingie posted, and I get really scared off.

The there is the whole hash check off by default. Yes i read the "solution" to try to block all .exe creation, but that's introduces several complications that do not occur with just a hash check.

eqsecure is good don't get me wrong, but maybe i'm too used to playing with other hips that are basically suped up PG clones which tradtionally are weak in FD but strong in AD and okay in RD) but eqsecure might be developed independently??

AD+RD+FD = HIPS!

 

Maybe I'm just tired right now, but Lusher what is FD short for?

 

The chart shows the level of control and precision with the rules can be written, but to sum it up, all it's saying that: Blacklist rules take top priority and cannot be overriden by other rules, Application Rules take second priority unless you explicitly specify that a particular rule has lower priority than Global Rules, and Global Rules take lowest priority.

I'm not sure what you mean that EQSecure doesn't prompt by default. You could pose an example scenario, and I'll see if I can help you with it.

 

AD = Application defense
RD = Registry defense
FD = File defense.

 

No

I have read that if you know enough to run HIPs properly then you don't need
HIPs and if like me you don't know how to run HIPs properly then you are more than likely to end up causing problems.

Router Firewall and Firefox - yes These are the 2 most important things - the rest will probably just slow you down and provide you with a number of time wasting false positives.

like sukarof I'm currently seeing if I can live with a limited User account.

 

Maybe.

Try one out and experience the effect it has on you. You may like it and even find it addictive, or you will find it it irritating, nothing but a nuisance.

Just like the “What is the best firewall” threads there is a surfeit of HIPS threads throughout this forum if you are looking for a recommendation. All you need to do is run a search and you will be presented with a billion hits.

here is a HIPS Poll thread for starters, giving you an idea on what are the current favorites.

 

Only reason for a HIPS in that setup is if you're worried that something might somehow get past Avast and Firefox with NoScript. I wouldn't worry about it too much, but then again, it's a personal thing...

 

YES, you need a HIPS.

Why? The answers:

(1) 0day

(2) layered protection

(3) without a HIPS-to-tweak, you won't have anything to play with... except, of course, for THAaaaaT >>>

 

Need ? No. I don't think they are needed.
Wise to have ? Yes. I think so.
It adds to the layered security setup.
But one must be willing to learn how it works and how to deal with every popup.
I've tried a few OA,SSM,GSS,PS.
PS is looking like a keeper to me.
My only bitch with PS at this time is the GUI.
But I have read that it will change.

Is AS software needed with hips?
Yes,so is a firewall and an AV
In my opinion.

Some sort of restore/image software is wise to have also.

 

I also consider myself in the "slightly above novice, but not much"
category. With a bit of common sense, your set-up is fine. Is it
enough? That depends on how much you want to learn. I did lots of
playing around with HIPS/IDS/Behavior/Registry protect software over
a three year period, and as a result, I became an expert at
re-installing Windows, LOL. I did, however, finally find a combination
that works for me.

If you are totally unfamiliar with the power of such software,
suggest you start your learning experience with something fairly
safe from damaging your system, like WinPatrol or Spyware Terminator.
Try the heavy stuff when you feel you are beyond the novice stage.

 

I basically agree that running a HIPS isn't really critical, particularly if you have a good Firewall and a top notch AV. For Years ProcessGuard hasn't done anything as Nod32 was always first to spring into action.

For the first time I'm running without HIPS (I liked ProSecurity a lot, but do I need it?). The question still remains about running without HIPS: What program is going to protect the AV, FW, and the virtual mode against termination? It seems to me that only restoring an image could do the trick.

Limited user account, I tried it and it's a real pain... Not for me.

 

Osaban

I must be doing something wrong. I keep reading that Limited is a pain but after
following instructions on this site ( and spending a couple of days tweaking) it works great for me. All the programs that I use installed without complaint.
Some will, of course, not run from limited unless I "run as" but isn't that what the protection is all about. As I don't run any real time AV or HIPS or Anti-spyware I have less programs to update. Perfect disk defrags from limited as well as Admin so no problem there. Acouple of reg cleaners have to be "run as" but as I'm using Returnil to freeze C: again not much of a problem. Office programs, scanning, DVD programs, music all just work.

So if something bad gets on then limited will probably stop it. In any event whatever gets on will be gone at reboot. I tend to reboot far more now that I have Returnil - go far a coffee and I reboot. Ultimately everything is protected by Acronis images.

I still have a piad for version of Prosecurity but in the time I ran it nothing was ever found - in fact in 11 years of surfing I have yet to see a live virus or
suffer from any malware - what I did suffer from was a layered approach made of of too many security programs each of which imperceptibly slowed down my machines. I became accustomed to programs taking several weeks to load ok I have one program which used to take 30 seconds to load - now takes 6 ---- now have a slow machine is what I call a pain.

 

If you're an average joe user then i don't see the need for you to add hips to the mix. If you're eager try one and learn then by all means go ahead but if you practice safe surfing then you're fine as you are.

 

Running the various "security" programs does seem to be a trade off, it's amazing how snappy things are without them all. I have seen the difference myself. But.... right now my setup is Nod32 with Cyberhawk and Firefox. This seems pretty secure for my purposes, and I have not yet been "annoyed" with a popup of any kind. So that's nice. But I must admit that things aren't as snappy performance-wise. That's the price I pay at the moment... to me it just seems easier this way...