Multi layered security suggestions...

While running Outpost Firewall Pro, I've decided to add another layer of protection. Since Outpost has a HIPS, I'm trying not to overlap. I'm looking at: 1. SpyShelter (Not the Firewall version)
2. AppGuard
3. NoVirusThanks EXE Radar
I need to know if I could run one or more of these three with my present firewall without overlap or conflicts. Thanks...

 

I would combine non of those with Outpost because they all fall in the same range. AppGuard forbids actions by policy which Outpost would ask you to allow in the appearance of a pop-up. ERP is an anti-executable and the HIPS of Outpost should ask you anyway if unknown applications were trying to start, or shouldn't it? Spyshelter I don't know anything about, but isn't most of it HIPS as well?

As to what to combine with a HIPS others may be able to help you out better, because I have never been on the interactive HIPS track and never will be.

 

I don't know if AppGuard can have problems working with Outpost, but with CIS it works fine, but you could consider to use it: you can't add a second HIPS to Outpost, while AppGuard is a second different, effective protection layer. You only had to switch it in install mode to install new programs.

 

I would add AppGuard. It's nice restriction policies would be a good addition to Outpost HIPS. As for ERP and SpyShelter they seem to be just repetitive to what you already have.

 

Agree with Solarlynx.. ERP is redundant with HIPS, but AppGuard can provide memory read/write protection which will stop exploits as well.

 

don't forget that ERP also blocks drive by downloads and exploits also

 

None. Seriously. Outpost Pro is AFAIK completely adequate for policy sandboxing and blocking executables. Adding more software that does the same thing will not help you at all.

Personally I would look into how Outpost is configured. In particular you want an absolutely minimal level of interactivity, because each interactive query is an opportunity for you to goof up and get your OS infected.

 

I wouldn't add much to Outpost with HIPS correctly configured. Maybe some light blacklisting... and don't forget to backup your personal data and update your system and software.

hqsec

 

My personal setup always should contain the following:

1 Anti Executable
2 Behavior blocker
3 Anti Exploit
4 Firewall

Outpost = 2 and 4

So I would add: EMET and/or Malwarebytes Anti-Exploit plus EXE Radar Pro, to cover 1 and 3.

 

@Rasheed187, not sure about behavior blocking, but IIRC Outpost Pro has a full HIPS as well.

Good point re EMET, though; I can't really think of a reason not to use it.

 

I run appguard alongside Outpost firewall v8.0 with no problems so far.

 

1. Disable Outpost HIPS or set it to monitor executables only.
2. Among the 3, I'll pick AppGuard. This will be your policy-based HIPS.

 

Many thanks for all your advice and input.... I really appreciate it.

 

To clarify, perhaps not correct, but the way I see it: HIPS = behavior blocker

Actually, if you think about it, all the things that I mentioned are HIPS.

How would you classify EMET, isn´t it basically also a HIPS?

 

A HIPS is a HIPS a BB is a BB (an intelligent HIPS)
EMET is an exploit mitigation tool.

 

HIPS = (crude) mandatory access control = limits the scope of damage once an exploit has occurred.

EMET = exploit mitigation = prevents certain types of exploits from happening in the first place.

BB = no idea. HIPS with automatic learning mode? Antivirus that relies only on heuristics? Marketing buzzword? The stupid acronyms could be taken to mean anything... :/

 

Not in their developers mind, but I think that BBs are so.

 

Like I said before, all the things that I mentioned in post #9, are in facts HIPS, they are all trying to prevent the host from intrusion. Personally I don´t make a difference between BB and classic HIPS.

 

so what thing ERP is going to intercept that's not done by Outpost?

 

AppGuard out of these or SBIE.

 

I didn´t know that Outpost had executable control? Can you white-list apps with it?

But I bet it´s not that easy to manage as in EXE Radar.

 

Yeah you can whitelist apps. Though it has a long list of allowed digital signers, which IIRC cannot be turned off...

And I suppose EMET could be called a HIPS if we're going to be pedantic, but the mechanism is completely different. A HIPS will protect you from things EMET won't, and vice versa.

 

it doesn't make any sense to use ERP with outpost. And with all due respect, if you don,t know about a software how can you make recommendations for any one.

 

Well, that depends on the user.

I would choose Exe Radar over any other anti-exe tool, simply because of the ease of use.

I must admit, I didn´t test Outpost extensively. Also, the anti-exe feature in Outpost was already mentioned by several posters, my bad.

There you have it, it´s not possible to disable the "allow digital signed apps" feature, reason enough to use another anti-exe solution IMO.

 

Do note the "IIRC" part though. That was with Outpost Free 6.51, back in 2008 or so... Things may have changed since.