HIPS - necessary or not? which is the best?

Dear Forum users,

Is enough one hips only or should I use another one together or many together? May I use OnlineArmor with firewall, ProcessGuard, defenseWall, system safety monitor,Sandboxie, greenborder, bufferzone, neova guard and winpatrol plus? Which are the best security stuffs together? Should they conflict themselves? Do I have to choose only one Hips, one antispyware scanner, one AV scanner and one AT scanner. All opinions are welcome. Could you clarify me because I'm confused with hips. Is it a must or not? Do you have some hints? Best Regards.

 

wow, you aim to shoot flies with a canon One HIPS is more than enough, if you dont have a fetish for clicking on confirmation dialogs that is

IMO HIPS is not a must. I have used HIPS for a couple of years but grew tired of them. Sure they did block all the leaktests but that was all they did in my machine, they never caught any malware - simply because I never get any :/ but if you attract malware it could be a good idea to use a HIPS if you want to be sure.
Before I went over to Prevx1 I tried SSM and kind of liked it. Appdefend is (or was? isnt it abandoned nowadays?) good too.
If you decide to use sandboxes I would say that adding HIPS seems a bit overkill, unless you want information on what the eventual malware is trying to do behind you back.

 

HIPS is not a must.

My recommendations: if u like control or just like clicking dialog boxes go for SSM or ProSecurity. If u want a more silent solution you may want to look at Prevx1 or Cyberhawk.

As for sandboxes, sandboxie and geswall are good.

 

Take only ONE app from each group:
- SSM, PG, Neoava Guard.
- Online Armor, WinPatrol.
- Bufferzone, Sandboxie, Defensewall, Greenborder.

 

Hi, Lucas1985 : Since you brought this up in this thread, may I ask you a quick question? You mentioned that OA and winPatrol are in the same catagory, and I currently use Scotty, and have an impression that OA and Prevx1 are in the same class. Can you elaborate a bit why your thinking is different from mine? My sincere request, of course. Thank you.

 

HIPS, SHMIPS - why oh why do this at all? I use the internet for hours every day (downloading whatever appeals to me). I am constantly receiving emails with attachments that I open without hesitation (if I know the sender!). I've never encountered any problems that were beyond the detection, 'fixability', or scope of my current setup (see signature).

 

I´ve grouped full classical HIPS (SSM, PG, Neoava) and sandboxes (Sandboxie, Defensewall, Greenborder, Bufferzone).
WinPatrol and Online Armor don´t have much overlap (startup/BHO reg. entries come to mind) but since they don´t hook deeply into Windows I have put them in a same group.
Hope it´s clear now.

 

Hello,
Since you asked that question - no, HIPS is not for you.
To use HIPS, you need to know stuff; and when you know stuff, you do not need HIPS. It's a paradox. You'd best go with whitelisting sandboxing if you want that kind of protection, in which case DefenseWall is the best solution I can think of.
Mrk

 

Hi Lucas,

I think that you're talking about OA 1 because, version 2 hooks at Kernel Level and give the same (more ?) level of protection than SSM, PG or NG

Even, OA 1 could not be compared to Winpatrol because OA 1 monitors process execution ( i'm only speaking about HIPS like features)

Here is a description of the new version 2

May be you can give it a try (just joking)

MaB

 

I don´t think so. SSM and the likes hooks extensively into the SSDT and other system areas. IMHO, OA is less "aggressive" hooking Windows.

Yes, OA has more features. I wasn´t comparing Winpatrol and OA in terms of features:

I think that SSM can coexist with OA, but I wouldn´t use this combination.

 

Prevx1,is a nifty HIPS.

 

The absolutely 100% silent HIPS and also a Sandbox is . . . DEFENSEWALL

Better yet DW is also a good performer in tests (for what they are worth)

 

I consider DW as a possible in my frozen snapshot. It only needs to save the day, once I reboot I have my clean computer back anyway.
Another possible is Anti-Executable, I hope the combination of both works.
I'm still fishing, it's hard to find the RIGHT softwares.

 

Maybe but using a HIPS is a great way to learn and get you to the point where you do know stuff.

 

The most user friendly combination: DefenseWall and AntiExecutable (EDIT should be Primery Response Safe Connect, mistake) in my opinion. DefenseWall is 100% quite, PRSC (editted) makes most of the hard dicision for you (other behavior monitors let you decide). Together with first defense it makes one of the strongest (paid) setups in my opinion. The poistive side of PrevX1 is that it really assists the user (so on this point they score points).

PS 1.
I do not like HIPS which use a multiple of concepts like PrevX1 (community whitelist/blacklist and behavior blocking). Blacklisting is for AV's it does not keep the architecture clear, overlap is waists CPU and makes the defense architecture less transparent, more of the same does not give better protection (same holes keep existing).

PS 2.
I wonder why so many people do not like the idea of combined protection of traffic- (fire) and data-wall like (CoreForce, SensiveGuard, R-firewall + R-guard, etc.)

 

Mrk, it is partly true. I knew not much about security until my son, started to be a script kiddy, hacking others people's PC. He left warnings (your friendly hacker advises you to close port 9999 or what ever leak . . .). One day he hacked the wrong guy. We found out the hard way and got hacked back (with only windows firewall and a weak AV like AVG). That is why I use 3 HIPS-like programs (DefenseWall, SSM, SensiveGuard) on my wife's PC and were behind a hardware firewall. Now I know I should never have bought XP Home, but should have bought XP Pro, with restricted users and a nice policy management setup, I could do with less security programs.

 

Scanners are much easier to use, you don't have to be a genius to click on the scan/remove buttons.
False/positives are a problem, but average users remove them anyway, which might cause a small or big problem, but who cares.

 

Interesting, but if you think only about the community, then it's only natural to understand why/ how it blacklists and whitelists applications. They are related, that's how it sorts things out. Behaviour/heuristics is also natural, since that's how Prevx1 analyses applications automaticaly, localy that is (and without confirmation from the comunity).
It's all conected, and if you take one, you have a crippled Prevx1.

 

Hi
Kees1958,
Sandboxie is the most extraordinary sandbox software! In my opinion it is a jewel (small and bright) and is the best software I have tried on. Much better than greenborder, bufferzone, defenseWall and many others. Try it on and you will make your mind by changing to it. Besides, It's free and no overlapping ! Best Regards.

 

OK. I put Sandboxie on the list as a possible, it won't hurt my wallet.

 

I agree with the guys who say splitting between Winpatrol/Online armor on one hand and SSM,PG,Neoava on the other is a bad idea, even leaving aside whether OA 2 is kernel level or not.

If people followed your advise literally of picking 1 from each group they would run say Sandboxie + SSM + Winpatrol/OA.

That's overkill. I can see no reason why someone running SSM would need Winpatrol/OA.

 

You are right, but DefenseWall and GeSWall are seamless compared to SandBoxIE (not a seperate sandboxed environment). Since my wife uses the PC I needed the simplest of all DefenseWall. On my son's PC we have GeSWall Pro, also seamless, but with more configuration and safety level options and the fastest (in his opinion, I tried SandBoxIE first, but let him decide, he also favoured Regdefend and Cyberhawk free over SSM-Pro).

Regards K

 

True,

Maybe in time when PrevX1 developes to be stronger than other HIPS (in a test it missed four samples while CyberHawk only missed one and GesWall and DefenseWall missed none) I will change my opinion. Although there are some pretty strong suites, I favor the 'best of breed' approach (downside more configurating effort).

Regards K

 

Hi Kees1956,
What about prosecurity Pro? Have you tried it on? I have heard some praising comments about it. Someone said that it's similar to SSM or perhaps better than it. Besides, I read a thread that this software Co. charges only a lifetime edition. Concerning licenses I have heard DefenseWall was lifetime earlier and It breached the contract by charging some anual fee nowadays. But it's not a lot of bucks. I've heard it's about u$d 10.00.Best Regards.

PS: now I'm triying prosecurity pro and it's working smooth. Thus,we can change experiences about this security software in the future. There is also a free version.

 

Is this the software you are talking about ?

Feature list of ProSecurity 1.30

I. Process Guarding / Control

Process Execution Restricts
1. Restrict from executing
2. Restrict from loading applications

Process Protections
3. Reading Memory
4. Writing Memory
5. Terminating
6. Injecting thread
7. Terminating by windows message and task end

Process Accession Restrictions
8. Read Process Memory
9. Write Process Memory
10. Terminate Process
11. Inject Thread to Process

Process Global Privilege Restrictions
12. Read Physical Memory
13. Write Physical Memory
14. Install Service/Driver/Rootkit
15. Install Global Hook/Install Hook to Other Process
16. Modify Protected Registry Key / Value
17. Access Network
18. Modify Registry

II. Registry Guard

19. Registry Key Protection

20. Registry Value Protection