HIPS - light, fast, easy learning

Thanks for clearing that up. I knew I wasn't crazy

And believe me, I know it's not a good thing (the lack of prompts). As a matter of fact that's why I switched to SSM. I was just recommending PG to Iangh because he wants a HIPS that produces minimal pop-ups.

btw bellgamin, I'll take your advice. But before I do that I will read the help file for DW just incase it might answer my questions. But I must admit, I just installed the trial on my test machine and it doesn't look like it is all that powerful. But it is highly likely that I am using it incorrectly. I'll do my research tomorrow

 

you could try online armor? its a good HIPS and shouldnt give many popups.
lodore

 

Hi!

DefenseWall HIPS is a HIPS that is using sandbox ideology for his job. In fact, any program that works at end-(H)ost and do (I)ntrusion (P)revention (S)ystem's job is HIPS. Just take a look at "Types of HIPS" topic.

 

No, and it's not really a fall from grace, it is more a reflection of the market. At the moment, it's a very crowded market with new options being tested left and right, and they're capturing everyone's attention and commentary.

Blue

 

Use ProcessGuard free, it's easy to learn. Since you already have WinPatrol Plus, then it could be another plus to protect you more. They worked hand in hand without conflict.

Don't be felt paranoid with those nasty things that might only prevents you from enjoying the net.

You can also add HardenIT, SafeXP and Windows Worms Doors Cleaners for added protection. They're "passive protectors" that won't affect pc system resources and memory but adds more layers to the active guards you had.

 

Hello,
For Windows, try DefenseWall. Otherwise, upgrade their PCs to Linux.
Mrk

 

Just about easiest HIPS to learn and no need to bother any popups is a program like Sandboxie. It runs browsers and other programs in a sandbox. A copied state of the program files, user settings and even registry state.

User can with Firefox as an example surf unsafely, install extensions to try etc. As a default the sandbox is deleted afterwards. So no corrupt firefox profiles cause of bad extensions or other malware that got installed.

Should guard also of getting corrupt profiles just by running too many other hips's same time when a system BSOD's or gets an automatic reboot for some reason.
Allows also to run programs for a user to examine their behaviour for possible malicious behaviour. While still allowing the system to be safe and isolated from that malicious behaviour. So it is truly a HIPS, of a virtual sandbox type.

I was surprised while I installed it few days ago. No learning or hips teaching curve as with classical HIPS's like SSM or PG.
A very pleasent surprise.

 

Maybe i wasn't clear. I was recomending Prevx1. For Prevx1 to have really failed in those tests, it would have to miss the clean up they promise you after 1 day or so. After whatever was installed being reviewed by the automated research and classified as bad.
Anyway the Heuristics was updated i think to cover that type of unknown threat.

Cheers

 

I see nobody mentioned Neoava Guard. It is a very powerful HIPS program, very very light on resourses. It passes all the leaktest tests. But it is in its infancy (beta), the devoloper is in the process of updating the GUI. I recently started using ProSecurity which is also top notch.
I would recommend either one they are very good programs.
I tried the newest SSM and it would not work on my system.
Neoava Guard has very little popups.

Rick

 

CyberHawk is really an easy to use program with amazing protection level. I noticed teh same thing, but I only run scan's before close down of my PC or when I am planning to do others things. It is not the smartest work around but . . .

 

Thanks for all the replies - very interesting.

I think behaviour blocking/CIPS is best for them to minimise their input.

Tried Prevx but too heavy. Price OK.

Cyberhawk is lighter but my antivir scan takes twice as long.

Online Armor looks interesting. Bit more pricey.

Had a play with Defensewall seemed OK. Thunderbird wasn't automatically sanboxed? When I did sandbox T'bird and I uninstalled Defensewall it left a load of new files in my mail? Also, if I remeber correctly it kept remembering firefox sessions as untrusted processes so my untrusted processes list grew with Firefox usage?

I'll have another play this weekend and show the kids some programmes in action.

Thanks
Ian

 

Most hips will have some pop ups unless you do pretty much everything while its in learning mode.
Processguard, Antihook and system saftety monitor all have free versions, you may need to try a few out to see which suits you best.

 

Untrusted list will definitively grow during your work, but there is nothing I can do with it- it is up to you is module you've downloaded malware or not.

 

DefenseWall is really a HIPS which does not throw pop-ups at you. In a survey of my work it was the HIPS recommended for novice users with CyberHawk as second line defense (but CyberHawk occasionally thows a pop-up at you).

 

Kees

what would I gain with CH as second-line (accepting I won't install it until I can run Antivir without being affected by a slow scan). Can't wait to see the next release.

Did your work colleagues give you any numbers: defensewall will stop 95% with CH taking out the other 5%.

Does Ilya's baby need a backup?

I currently get 10Mbits on my cable connection and I am loathe to install anything that impacts the speed. I feel the need for speed.

Thanks
Ian

 

Haha you got me there I asked today, this was the response:

Idea was to setup a multi layer defense with non-overlapping functionality. That is why the preference was for security aps focussing on one entry area:

This were the defined entry area's:
1. Network level: (Firewall)

2. Threat gate entry level
a) external (Downloads, shared P2P folder, Internet, E-mail, USB, Floppy drive, et cetera).
b) internal (vulnarable OS-files, registry, ini- and start files)

3. Application level (process: start monitoring/change/dll+data injection/memory)

4. Data level (AV)

They just had set some criteria for 'reasonable' system response. Because no security ap is 100% a missing area would be covered when performance would allow it (one of th usability criteria). That is why they stacked CB behind DW, no known issues of falling through.

They also listed several possibilities (when you already had bought an Antivirus with add-on's like behavior blocking). Each of the levels above had an blacklist option, behavioral and white list option. This was given to people to easily find out were the overlap in ptotection was.



Most people encountered a speed up of their PC any way, because a lot of them tended to have several AntiSpy programs running parallel.

I asked them about Antivir + CyberHawk slowing down the scan, they told me to install a program called 'last chance' this automated some tasks at system shut down (like AV-scanning). As I said, I use the stupid work around.

 

I can't see how CyberHawk adds more protection. To be clear: of course something is always added, something getting by DW, etc. But with something like DW, either there is a flaw, or the user shoots himself in the foot (downloads). I use a sandbox + Prevx1 just because it can detect real malware and clean it (not just block suspicious actions). Still evaluating though. Very good so far. Hasn't detected anything (sandbox's guilt )

 

Kees

Thanks for the reply.

Much appreciated.
Ian

 

I've always found Prevx's support at CastleCops very slow...though they'll answer you promptly if you send them an email (go figure - you'd think they'd answer the public ones first)

Prevx1 will provide minimal popups. Online Armor will provide less popups than Process Guard (because OA has a whitelist of programs, whereas PG doesn't). CyberHawk I've heard good things about. For Sandboxes, many say Defensewall, and I've tried and tested a similar product - BufferZone, which also works very well (with the exception of using it inside another virtual program like ShadowUser - and it has an incomptibility with Prevx last I knew). BZ never produced popups.

 

You are welcome. I asked the schedule they used. I have posted it on Wilders
https://www.wilderssecurity.com/showthread.php?t=155098

I thought this diagram to be very helpfull to analyse overlap in your setup.

 

Ian,


What I would do is get ssm free.put it in learning mode.launch all the apps ur kids use and then "disconnect user interface".That way they will only run the apps they need.The rest will be blocked.If they only run say firefox, mirc and the like just sandbox them and ur good to go.


Hope it helps some

 

Based on the orginal requirements of the threads author, Prevx1.

 

Hi Vikorr,

The forum at Castlecops is not a Prevx support forum - it is a forum for users to discuss Prevx1 with each other. If you have an issue with Prevx1 or you want support from Prevx, you should use the support channels on the Prevx website or preferably the support link on the Prevx1 console.

We monitor the discussion forum at Castlecops and Wilders and when necessary we ask people to contact support when see postings that should have gone to support.

The forums are monitored on a "when we have time" basis. The official support channels are monitored and tracked by all staff as a matter of priority.

Hope this helps to clarify things,

Regards,

ghiser1