MAC HIPS

Does somebody knows a good HIPS on Mac OS X
On my PC, I use SSM paid version , GhostWall and ShadowUser
To protect the MAC I found several firewall (the best ?), I found Deep Freeze to replace ShadowUser but none HIPS (Little snitch protect only to network access).
There is not a lot of Mac users but is somebody has a solution ?

 

OSSEC supports Mac OSX.

 

I already saw OSSEC but it seems a bit hard to understand, no ?
I search a tool with a GUI like SSM

 

Iv'e been told by people whom I believe know more than me that you don't currently need all that stuff for a Mac. But I have no actual experience with Macs YET.

 

I don't need all that stuff for a Mac ?
But when I try some freeware and shareware how can I know if they don't execute another program, access the network or anything else.
All the program on Mac are nice ?
Am I paranoid ?

 

Vast majority of programs on macs are nice. Of course, it all depends on who you download from -- there ARE viruses for OS X, but they are by and far less prevalent than those on PCs.

My personal experience is that so long as you aren't grabbing too much SW, you should be fine.

-HF

 

Mrkvonic seems to know a fair bit about Mac's. Perhaps he will see this thread.

 

Hello,

I am not familiar with anything HIPS-like that is reasonably friendly that you could use on a Mac.

Bear in mind that Mac is a *NIX platform and therefore, highly modular, and separates user from the root. Thus, except for the critical vulnerabilities that you patch with vendor releases quite frequently, you need not worry.

The user is separated from the root. That's the best HIPS around. Just keep your system up to date - to prevent possible escalations of privileges, the beginning of possible trouble on a *NIX system.

Mrk

 

Many thanks for all your answers.
So, no HIPS, just create an separate user from root.
But I want to know (and to block if necessary) all program having access to the network (IP destination, port ...)
I see two programs : a small program called "Little snitch" and a big firewall "Netbarrier X4". An idea ?

 

Little Snitch prevents ALL network communication by ANY program unless you program it to allow it.

 

...and it is a Host Intrusion Detection System (HIDS)

 

Oops.