HIPS - necessary or not? which is the best?

Hi, Kees1956: I respect your test results, as a PC layman, I would like to ask you a quick question, not a challenge or so to you, please understand that.
(1) What type of malware writers would use the samples that you have to infect PC users?
(2) What is the probability for general PC users to get exposed to those malwares on a daily basis ?
(3) Prevx1 is reportedly based on million and million of data inputs provided by a vast client base. If it misses more than others, does that single out something that should be warned about ? Can you possibly draw a conclusion in regard to what may be the defficiency of Prevx1. I currently use Prevx1 and hold a high regard to it. But your brief discovery makes me a bit uneasy. Your opinion is greatly appreciated.

 

Just want to say that if the tests involving Prevx and Cyberhawk were the ones done by AV Comaparitives, that both of them now detect the samples they initially missed. I do wonder though, if the IDS Behavior Analysis that a squared Anti-Malware has is a good HIPS? Emsisoft is calling a squared a HIPS by the way.

 

carioca:
Did you get the answer/help so far? What have you decided?

 

He was referring to the tests by av comparatives, not of his own.

 

I decided to use together my old winpatrol plus, onlinearmor 2.0 (with firewall included), System Safety Monitor and as sansandobox the extraordinary sandboxie (very small and effective) and enough is enough! I gave up using the others I mentioned before. What do you think about my choice? I accept some good sugestions about the fair matching of security stuff combination. What about you? I forgot the others because I think I was overdoing almost paronoiac. The first security combinantion I asked this thread was a paradox! Best Regards.

 

Hi, Aigle: Thank you for the clarification. And duke1959's posting has said all. I would assume my concern is a bit outdated. Thanks.

 

I must add here that I'm not too sure about the results of the HIPS Software Testing done by Gizmo's, and If you read some of the recommendations for the 46 best free software's, I think you'll understand why.

 

Aigle, thx

Perman,

Sorry to answer so lately. To answer your question about the malware a average PC user is likely to be infected. Those are drive by infections (e.g. IEframe.dll setting a global hook when browsing the internet or ntvdm.exe being evoked to get infected via dos/16 bit win downward compability), your own downloads and e-mails.

My conclusions on the CyberHawk (1) and PrevX1 (4) missed samples:

A webbased sharing of malware attacks (e.g. CyberHawk, PrevX1), has the big advantage of having a world wide tripwire for malware signalisation. Apperently most 'average' users do not get infected by the real sophisticated/bad ones (otherwise PrevX1 would be informed by its world wide user network and have passed the AV comparatives test), so for now expert testing still seems to beat massive average user testing.

All those discussions on what is the best protection and with how much effort and knowledge these aps can/have to be configurated is academic compared to the impact of the common sense of the user. In other words monkey proof security still depends on the monkey (me behind my PC).

My two pennies worth opinion

Regards K

 

Overkill, just run your AV, along with Spyware Blaster, and SSM free,or Prevx1, and SAS as an on Demand Scanner.

 

BEST?

HIPS=System Safety Monitor
Although for my part EQSecure has great potential for closing ground as well as CyberHawk if it ever gets around to it.

necessary or not?
Very neccessary, the net is more notorious then ever if not worse ATM.

Those my choices and work for me. I test them with "real" risks malware.

 

I Easter,

Can you post some screen shots showing some of your malware interceptions?

Thanks,

-rich

 

Online Armour with SandboxIE should be more than enough.

 

Hello,
I second this. I am really curious to see how one finds malware, let alone intercepts a working drive-by...
Mrk

 

Well, I've *never* encountered a drive-by site in normal daily work - I have to look for them, such as when posted on sans.org.

fcukdat will send you some sites to try. I recently received this one from him, and just now analyzed it:

keygen

I'm interested to see how others test such sites.

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

I have used tested several of the different HIPS, including PG, OA, SSM, Prosecurity, & Cyberhawk. I liked OA and believe still think SSM is a great app. Prosecurity hosed up my system real good, and Cyberhawk also caused nothing but trouble. Out of all the apps, I have found Neoava Guard to be the easiest to operate as well as the most comprehensive. I didn't think Neoava would be as easy to operate as SSM, but I was wrong. It really provides a lot of flexibility, and not nearly as difficult to learn for a beginnner as SSM. The developer is also in the process of making it better. It also runs lighter than any of the other HIPS I've used. Also, unlike some of the others, the free version is a fully-functioning app. It's a very powerful, yet also very usable HIPS program. I would definitely recommend trying it.

 

I sure will, it won't be today or tomorrow, or maybe not even untill next week but i'll be more than happy to add to my ImageShack collection for display here.
I'm really tied up right now trying to organize every hard drive i have on hand right now and consolidate them into divisions where things won't be so scattered about from one drive then another. That was the main reason i picked up a 200+ HD recently and partitioned it, plus now maybe i can finally wipe some of those other drives and use them for either storage or heavy malware/rootkit tests. I like VMware, don't get me wrong, but i prefer to test malware on a plain ordinary system like what's encountered in real life, and besides, some malwares already make provisions for not working on Virtual Drives. Stay Tuned.............

 

When you like NeoavaGuard, you also will like EQSecure. NG worked flalwlessly on my wife's PC but crashed ny son's PC. After running different on both (Wife SSM first free, than Pro, later on free again, Son CyberHawk free and Pro), I managed to install EQSecure on both. Works great (easier to maintain for me).

I am waiting on the new User Interface of NG, should be ready half april (??)

 

Oh my......... I'm afraid I have to take back what I said about Neoava Guard. I just about lost my computer this morning when it glitched. Neoava froze up, then I could not reboot my computer. The Windows XP Screen would appear, then the moving blue bar quit moving. My computer came with XP preinstalled, so I thought I was hosed. Finally got the thing to boot into safe mode and uninstalled Neoava. I had saved system restore point before installing, but you know how that goes. Still took some tweaking to get the stinkin' thing back to normal. Heck with it - gonna stick with SSM, as it has never caused me the slightest problem (knock on wood) Amazing how these softwares can be cruising along, working like a charm, them BLAM! Anyway, people, as for me, I'm sticking with the proven programs from now on. This is one experiment that just about cost me a whole lot of money.

 

Hello,
Never test software on a production machine.
Use a virtual machine or a spare computer and then, give a nice 2-3 weeks at least before deciding.
Mrk

 

I wonder u have no backup stragety?
U can even get free until today.

https://www.wilderssecurity.com/showthread.php?t=171144


U can,t play with seurity software without instant recovery/ imaging software.

 

Neoava Guard is BETA software, which means NOT for average users.
Instead of testing Neoava Guard, you better work on a decent recovery solution :
Image Backup and Immediate System Recovery and then you can do whatever you want. First things first.
My suggestion : ShadowProtect + FirstDefense-ISR + external harddisk and you are invincible.

 

Likewise. That one is very worth watching for. I use it if only occasionally and am impressed with how much you can do with it, and then it proceeds to not so much bug you (after configuring) then transparently indicates by virtue of it's alpha blended notices really useful information. I'm surprised at it's versatility as well as it's A bility to block/log and otherwise allow the user to add their own areas of concern to the LIST! Very Nice and compliments SSM in addition, that is if anyone feels compelled to layer up HIPS like i do.

 

Prevx1

 

I don't agree at all that if you know stuff you do not need HIPS. Everyone needs HIPS to control what starts and what it can do and cannot do. The two programs I would never want to be without and that are more important than an AV are ProcessGuard and the Proxomitron.

 

Of course i have to side with Mele20 opinion. HIPS, after configured and rule set, pretty much automates the task of sensoring and thus shielding, provided the user takes at least some initiative at learning a few things & stuff

Foremost and above all others though, this relentless push of suggesting a recovery solution is as vital as feeding electricity to the machine for it to work. Otherwise, be prepared at some point in time to reinstall by disc your O/S and all the frustrations that go along with starting over with installing all your programs again, not to mention the possibility of losing some you may never find again on the net. This has happened to me with 98SE b4.

FIRST!