I need a good, free HIPS

I tried EQSecurity but if I understood that correctly it doesn't do hash comparison of files by default, you have to enable that on a per program basis (that is for every program one by one) and then the only choice is MD5, which is as unsafe as it gets because it has been broken. Furthermore I had some system freezes when it initially blocked some behaviour.

 

Hello sunking

As with any program for a Windows PC what works just fine with one doesn't always work like expected for another, so sorry EQS doesn't fit the bill for your setup, but have you looked at OnlineArmor yet? Theres much abuzz over it plus you get prompt answers and help from one of it's chief characters who is always at the ready to take any concerns seriously enough to work anything out to users satisfaction.

EASTER

 

Hi,

I tested OA Free, good app but I had a few problems with it, therefore I’ m in waiting position right now.
So Sygate PF is back (with KAV) and I’m looking out too for a Freeware HIPS/Behavior blocker.

Suddenly DefenseWall came as a gift, but I had to recognize, that it couldn’t even defend itself.
Both processes can be ended within windows task manager, worst behavior for a security app in my opinion, had to give it away immediately.

So I’m looking out again.
It’s a little bit irritating, because everything seems to be HIPS today and many offer (limited) Free Editions as well:
ProcessGuard, ProSecurity, System Safety Monitor, ThreatFire, WinPatrol and so on.

On Matousec.com are some Leak Tests:
http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php
CastleCopsWiki offers this: Lists of freeware behavior blockers
http://wiki.castlecops.com/Lists_of_freeware_behavior_blockers
On another site I found this: unhooking tests
http://membres.lycos.fr/nicmtests/Unhookers/unhookers_results.htm

Does anyone know links, where these kinds of (free) apps have been tested?

So what would I require in general?
Low on resources (memory, CPU usage)
Cannot easily be terminated within task manager (or by scriptkiddys)
No point and click adventure (set it and forget it)
Good protection against unwanted/unknown apps, drivers, autorun entries, root kits etc.

That’s all. Which one to choose?

Cheers!

 

I'm afraid you missed DW's purpose completly. It's not supposed to protect you/itself from trusted processes, only untrusted (sandboxed).

 

Hi, Subset.

Still searching for your love(free, but good to your heart, HIPS
)? No need to look further. They are just all around you.

I would do a thorough search of this forum, there are tons of tons reports/remarks/suggestions for you to digest. Independent tests serve good guidance, but it is you, I mean yourself to use the app to protect your own...
You just need to feel it yourself. And other thing, any free offer from any good quality program, I would be thrilled to know it, let alone to critize it. Enjoy it, when you can get your hand on it free.

Take care.

 

There are sandboxes (SandboxIE and GeSWall have useful free versions, SandboxIE is almost the same as paid).

Then if "classical HIPS" is what your looking for, stand alone, i prefer SSM free. It's stable, does the most important thing which is block executables, and other features make it VERY flexible - disconnect UI , parent- child control, registry monitoring (take it as just that, monitoring) etc.
Disconnect UI is one cool feature, it will allow you to block all unknown executables + optionally block all previously not allowed actions. AND you can for ex. allow IE7 in normal mode, but block it in disconnected UI mode.

SSM rocks in this regard, someone asks to use my PC, i just disconnect the UI and "go ahead". They can't tamper with it even if they try, it's password protected, and silent!

Now there's CFP3, firewall and HIPS. I need time to get used to it and form an opinion (the HIPS part, not the firewall).

 

Threatfire over BoClean.

However.............


If you need a firewall with inbuilt hips, then Comodo v3.0 is your savour

 

When you run external facing communications aps like your webbrowser, p2p (eg limewire/kazaa), e-mail, messenger etc as safer (with limited rights), it is a strong (de)bugger.