Is there a need to run a AV with a HIPS?

Hello,

I've been pondering this question for awhile, is there really a need to run a AV with a hips/firewall product? like say my setup. I'm running avast v8 beta with Online Armor Is this maybe a bit of overkill? or no? is it a good idea to run both? and if so, why?

Thanks

 

Depends if your system is malware free or not. HIPS is designed to stop unauthorized modifications from the outside. Many are ineffective against existing resident malware.

 

Plus online armor is the only free firewall that appears to be immune to the avast web shield breaches.
I would stick with what you have if you intend to carry on using avast....

 

I agree

 

I see you ditched comodo..may i ask why.?

 

I experienced issues with avast! and COMODO for the first time today, so I was in search for a good firewall that passed leak tests, as well as one that played nice with avast!

So, because of that...I decided that Online Armor was the one to be a good fit for my AV

 

Good choice.
I used to run that combo and its rock solid.

 

It sure is, plus with EXE Radar Pro in Lockdown Mode, it makes it even better...I think.

My setup may be overkill to some, but heck...I like it that way

 

So it is a good idea to run a AV with a hips then? because I just didn't want to carry on avast basically be useless on my system...

 

One simply covers what the other one doesn't, trust me...keep both.

Plus, your setup is excellent

 

I thought my setup was overkill. I'm liking OA free. I only notice a few slow downs at times.
It wouldn't hurt to run an AV with a Hips/firewall. There are many free options that are plenty powerful. OA free and avast free or OA free and bitdefender free. Both are great free AV's and doesn't conflict with either like comodo might. OA free is running well for me and its only at 14-18K in idle. Wait till avast 8 comes out. OA and Avast combo will be great.

 

Depends, HIPS give you much more control over your PC and what it does.

 

On a clean system a Classic type Hips is good but only as good as the user.A antivirus is only as good as the antivirus if that makes any sense.Both together is a better option as the first line of defense being the hips and the second the antivirus in case you screw up and allow something you should not have and hopefully the antivirus will spring into action and save the day.

 

OA Rocks,I love it but don't use it and I have no idea why.

 

I stopped using it because of the conflict with chrome. It's been fixed since then so I'm using the free version again. I'll be using it till CFW is compatible with my system again.

 

As someone else said, it depends on the type of end user you are. Your knowledge and how much time you're willing to take to fine tune things. With a classic HIPS and some patience you can make your box darn near bulletproof, and with little to no popups. But will you take the time to fine tune your rule sets to get it there?

I wouldn't look at it as a substitute to a real-time AV. I'd look at something like Sandboxie more in that light. If you run a restricted sandbox and scan new things introduced to your machine (through any vector - USB sticks/removable drives too) on demand... then that IMO is more like a substitute for a real-time AV. Not a HIPS. Sandboxie & VT Hash Check, for instance, is more like it. But mainly, I wouldn't drop a real-time AV unless yours NEVER detects anything, and you feel like you've just been lugging around a dead weight for years. That IMO is the main thing everyone should ask themselves before making the change.

HIPS are only really for control freaks. If you're pretty certain you have a clean box, and don't really want to take the time/effort to do the crap I said above... don't go down that road. Do either the SBIE/VTHC method, or use a fully featured AV like Avast with other protections as well that can help fill those gaps.

Or something like Comodo 6, disable the HIPS and use the Behavior Blocker and integrated AV, along with the FW... kiosk/sandbox optional.

It all depends on the type of user you are, again.

 

I agree.
HIPS/Firewall can be useful though if you bring something new to your system that shows some unexpected behavior - attempt to send data to the Internet or attempt to modify some important system setting or file, for instance.But in the end it all really depends on the type of user.

IMHO, for those who don't have the need to use software that is only available for Windows, is a better choice to simply go for Linux (forget about security software and enjoy a fast and stable system), instead of having the hassle of configure and maintain a secured Windows - in one way or another, every security layer added also means one more thing to worry about.

 

Good discussion here. I expected a knee jerk automatic yes.

 

Well said.

 

It's smart to use AV if you pass a lot of files through your computer but you don't actually execute them. This way you protect everyone else who receive your files because HIPS won't detect them while they are in transit through your system. But thats pretty much the only reason i can think off.

 

Agree, only I think that av is the first line of defense: not for it has greater effectiveness, but because it should recognize immediately a malware.