privatefirewall - quite nice ;)

I would not include DW or GW in the above list.

The HIPS I listed are all classic-type HIPS. As such, they notify the user whenever a process is trying to perform a potentially unsafe action. The user may allow or block that one specific type of action by that specific process, or the user may tell the HIPS to "trust this process and quit bothering me."

DW & GW are not classic-type HIPS. They are, instead, policy-type HIPS. As such, they basically build walls (sandboxes, so to speak) around "untrusted" apps (including ALL internet facing apps) so as to limit their access to potentially unsafe regions of one's computer. Once a process is designated "trusted" or "untrusted", it is primarily the program's built-in POLICIES that have primary control over what any given process is, & is not, allowed to do.

In sum:
+ The USER has primary control when using a classic HIPS.
+ The POLICIES have primary control when using DW or GW.

The above is an over simplified explanation. The differences between classic-type & policy-type HIPS are more profound & complex than is covered by my brief explanation.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Now then -- if someone wants to *deeply* discuss WHICH type HIPS to use -- classic or policy -- I suggest you pose that question in a new thread. PM Kees 1958 & Sten to make sure they participate. Me? I am inclined to dodge the issue but I would enjoy reading the comments that might ensue.
.

 

bellgamin puts a nice summary

However, imo the terms 'classical HIPS' and 'policy-based HIPS' is quite a misnomer because some 'classical HIPS' can be configured to have policies. The difference being the policies are custom-made by the user vs a default rule-set decided by the developer, both of which have their own pros and cons.

It seems to me that people view classical HIPS as the "HIPS that prompts me often and require substantive white-listing" while policy-based HIPS as 'the quieter HIPS that requires less interaction/involvement by the user".

Anyway, if one were to take the terms as it is used right now, I'd say there's a trend among some HIPS to go "hybrid"? For e.g.

a) SpyShelter's HIPS is 'classical-type' (prompts user for action/decision) but it's Restricted Apps is similar to 'policy-type' (follows the principle of putting threat-gates as 'untrusted')

b) Comodo's Defense+ is primarily 'classical-type' (prompts user for action/decision) especially more so if you use the Paranoid setting.
However, if you use it's sandbox feature and set Computer Security Policy, it sort of imitates 'policy-type' (follows the principle of 'trusted vs untrusted').

The choice of which to go with pretty much depends on what one deems as 'control' vs 'annoyance'; 'being informed/alerted' vs 'information overload'. I'm pretty sure having a *deep* discussion may lead to a strong debate and possibly unsightly arguments among different folks here.

P.S. Sorry for going OT.

 

Comprehensive summary and very clear Guru ! anyway, what would you prefer, turn it off while I have WinPatrol or turn them both ON ? any possible conflict ?

 

I think Filseclab block or allow specific IP to specific applications ...and it's free
tab "Log Applications"

tab "Monitor Applications"

and "Monitor Connections"

 

I can presume that Private Firewall is the only firewall you ve used untill now?
Jetico or Outpost have more than enough granularity.
As free Comodo or Sunbelt Firewall also offer granualrity when you make your rules.

 

I think that usually every firewall can block specific IP when you create a detailed application rules ... but not there was a problem(?) ... or am I wrong?

 

how often does this PrivateFirewall updates/upgrades their version?
is it like ZoneAlarm it updates almost every month's ?

 

If you go to the privatefirewall website you can see all the versions/release notes and dates

http://www.privacyware.com/PF_support.html

 

I don t understand you.In PF you can t do IP based rules.Only block IP based on a block list similar to Outpost Blockpost plug in.

 

OK...forget about it. I like the old classic firewall - I use them rather as shown by Filscelab FW. This firewall allows to block IP from the list of applications or connections and in the process of creating rules - it has done old Sygate or new Symantec firewall too.
I don't know all the possibilities of new firewalls, and although I used PFW, I had no need to block specific IP...so I wrote, "or I wrong?"
Mainly I was thinking of such a mechanism - see the IP on any list - you don't want to connect to it - set the block.

 

Think about this senario.
You want to do a rule to alow specific DNS servers IP-s.Theoretically you would like to add them in a rule like "where remote IP is".Or to alow Explorer.exe/Installer .exe towards the Verify Class ID IP-s only.And so on.