ProSecurity HIPS ?

Does anyone know how good the ProSecurity HIPS Program is, talked about in another thread here? I have tried and liked Cyberhawk, and SSM Free, but ProSecurity Free looks very promising. I asked over in that thread if anyone thought it was as good as Cyberhawk is, considering the results it got in the testing done recently. Take care.

 

Re: Six HIPS Programs Reviewed and Rated

Prosecurity is very good at what it is designed for. this is classed as HIPS. This is a different aproch than CH, but this in my opinion will give better protection if the user is concious of what is happening. THis is true for all HIPS software. As i understand it CH is bahaviour based and not HIPS. HIPS will fundamentally give you better protection while CH is more of a safety net incase you really have an accident and let something bad in. Safety net only is what i would call Cyber Hawk

 

Re: Six HIPS Programs Reviewed and Rated

Thanks TECHWG. Just two more questions. Is ProSecurity Free safer and easier to use than SSM Free is. And do you know if it supports Fast User Switching so it can it be used on a PC that has more than one user. Thanks again.

 

Re: Six HIPS Programs Reviewed and Rated

Actually we now have a freeware version now. And yes if you leave it in learn mode for a day or so, and in this time run all your programs etc log off, restart, switch accounts etc. after all this then remove learn mode.

 

Re: Six HIPS Programs Reviewed and Rated

I find it confusing that ProSec's forum moderator (quoted above) has said that Cyberhawk is a "safety net" & not a HIPS. In my opinion, CH is a full-fledged HIPS -- far, far more than a mere "safety net." I will seek to support that opinion in the paragraphs which follow.

"HIPS" is an acronym for Host-based Intrusion Prevention System...
+See this LINK, or do a google on HIPS, to find dozens of other similar definitions of HIPS.
+Per the definition linked above, "Host-based" means the system resides at workstation level -- in other words, the software resides on the user's own computer.
+Per the definition linked above, "Intrusion Prevention" refers to a system that blocks or alerts to suspicious/malicious packets and processes.
+There are numerous other in-depth explanations of these matters. HERE is yet another link which I offer as just one of many possible examples.
+CH is host-based (H) and it is a system to prevent intrusion (IPS). Therefore, CH IS most assuredly a full-on HIPS.

For an unbiased definition of the various categories of HIPS...
+Goto AV-Comparatives
+Click "Comparatives" in left-side column
+Scroll ~3/4 of the way down the page to the line labeled "Comparative of various protection tools"
+On that line, to download AV-C's .pdf report of its HIPS tests, click "Report (PDF)

+Another excellent definition of HIPS can be found at THIS CastleCops Wiki page.
+Yet another can be found at Kareldjag's
+All 3 of the above cited sources are not affiliated with any software, and all 3 categorize CH as a full-fledged HIPS.

Bottom line...
+Based on independent & authoritative definitions, it is my conclusion that CH is unquestionably a very powerful, full-fledged HIPS, and not just a "safety net" as ProSec's forum moderator (quoted above) has written.
+It seems to me that a significant attribute of CH, as compared with many other such apps, is that CH has actually been tested & found effective by objective testers.
+ProSec is a very promising HIPS. It can stand on its own merits. It is my 2-cents that there is no need to refer to one of its competitors as merely being a "safety net" rather than a full-fledged HIPS.

 

Re: Six HIPS Programs Reviewed and Rated

I have not checked on Cyberhawk since i uploaded my own test malware concept files i made and got no responce from them. Do they protect against exe loading ? last time i checked No . . and also they have far far way too many popups when i saw it. I generally dont like CH and i would never use it. I (from my last test of it) would concidder it to be a safety net not a HIPS.

 

I have given CH a test in my vmware also running PS freeware . .
With CH, you are allowing malware to enter your system and you rely on the fact that CH is doing a bang up job abd has no exploit holes. Why oh why oh why would you allow bad things to enter your pc, then deal with it and try to intercept the bad actions ? I peraonally would rather have the chance to prevent an exe from running to begin with - Thus giving extra control and security. If you (using internet explorer) goto a "bad" site and malware dfownloads it self would you rather get a message saying "this is trying to delete these files" or "malware.exe is trying to run" ? its plain and simple to me. CH is good at its task and this is a backup for other things. Example run your "real HIPS" and also CH incase you mess up.

Again my opinion.

 

TechWG, This really gets stupid

My company has made an extensive study plus usability test to advice employees on security, escpacially HIPS related.

Findings:
HIPS approaches fit for the novice, average home PC-user:

1. Behavior Blockers like CyberHawk have stretched the protection and
power of this type of security software. In the test period it was the
program rated second best for NOT THROWING POP-UPS at users

2. Community based protections systems, like PrevX1 (and also
CyberHawk bt the way), help the user in two ways:
a) minimising the zero day protection gap by sharing the blacklist in
the community
b) making intelligent white list decisions for the average user by sharing
the white list across the community

3. HIPS using access/policy restrictions. Leader in the field is DefenseWall,
wich does not throw a sigle pop-up to its user (only a pity the manual
is not very informative)

4. The current Top-Notch AV's like KAV (PDM) and NOD (active Heuristics)
extending their malware recoginition without solely relying on their
black list.

Hips approaches well suited for experiences PC users.
HIPS based on white lists (the traditional HIPS), like Process Guard, SSM
Antihook and ProSecurity.

Your claim

To say that the security approach of CyberHawk is that of retarded primal is sheer nonsence. Behavior Blockers catch malware when they start to do bad things. So they also prevent the bad from happening. It allows such programs as long as they behave normal/pose no threat to your system integrity. Programs with behavior blocking aspects reduce the gap of zero day threats and exploits for the 'not security educated' PC User in a user friendly way. Why should well known security applications suppliers take the trouble of blending in behavior blocking as an 'add on' on traditional Anti Virus and FireWall aps?

Has the complete security industry become insane and are there only a few who have seen the light (being the developer of Prosecurity and TechWGG)?


TECHWG because you are related to ProSecurity, please post factual data no nonsence. You are giving wrong info on competitors, what you said earlier about CyberHawk and earlier on SSM free is just not okay.

You (Techwg) claimed that SSM free is a old and nearly retired version of the paid version, while Prosecurity users would be better off because you would always have the latest version. Read the release notes of SSM free it is based on the paid 2.08 version.

I looked at the spec's and I have to conclude that SSM free has an advantage over Prosecurity free, but that Prosecurity Paid has an advantage over SSM paid. That is factual information based on the specs.

~certain comments removed....Bubba~

 

This is my opinion which i also state. My opinion - you have yours. I like cyber hawk but i personally do not classify it as HIPS. i never said its a bad product , just as i see it a layer aproch. use cyberhawk and other things to compliment each other. Also i am wondering what you did to evoke attention from bubba for some comments to be removed. I have no negativity towards CH so please keep your comments nice and easy. No hostility here . . Lets just chat about Hips and this is about ProSecurity

 

There will be no hostility if you will PLEASE stop saying negative and untrue things about your competitor's software.

You are not helping ProSec by doing this.

 

i am not posting negative things. I am statng my opinion about things, IE in my view you should use a HIPS software like PS or SSM etc and think of using a behavior base like CH. What is your problem with this ? do you want me to sit here and say everything is wonderful ? I am saying my favorite is PS always will be. I like other softwares too, but you dont use 1 magic bullet program and think you are done. Now unless you have something constructive to add to this conversation please refrain from talking about nonsense and trying to make me look like im saying rubbish about other programs. because i am NOT saying rubbish about others software.

This is not a forum to complain about people having an opinionm, this forum is to talk about security softwares and misc things. Lets keep it this way PLEASE

 

So my questions after reading this thread are. What is the best choice for the average user when it comes to some type of HIPS protection? Cyberhawk would seem like the obvious choice for simplicity reasons, but would using the free versions of ProSecurity or System Safety Monitor not be better choices? I saw where Cyberhawk did well in a recent test done by Gizmo's, but some users claim it's not as effective as it was in it's earlier versions. I would think even the free versions of SSM and PS would be better, but just not as simple. Just looking for something to add to ZA Free and AVG Anti-Malware as an extra layer of security without too many hassels.

 

For power & user-controllability, SSM is best IMO.

For superb protection with a set-it-&-forget-it HIPS, IMO Prevx1 is the leader by far.

 

I downloaded PS yesterday on a computer I use to trial different software and I have 2 questions.

1) What is alarm.exe ?

2) Why does Anti Trojan Elite appear in the registry ?

 

in my opinion its either ssm or ProSecurity. personal choice between them since they have similar featuresets. Prosecurity is growing much faster than SSM and the developer is working constantly on it.

 

alarm.exe is the user input screen you see with block or allow buttons.
ATE is another product he makes and i do not know about this since antikeyloggers and antitrojans are kind of obselete with HIPS software products.

Also i dont know if they fixed it, but when i was testing ssm i did not like the number of BSOD i recieved. I had some BSOD from the early versions of ProSecurity but ssm i dont know i think had more. Not tried the latest version since i use PS now and i dont need to test ssm. Both are good choices though

 

SSM gave me far more BSOD than PS ever did, needed to reinstall my OS after SSM botched my sys, as for PrevX, it worked fine without any surprises but the system slowed down considerably, also the fact that anonymous stats were sent out by PrevX to their server didn't make me comfortable.

 

Don't forget, you can revert to an earlier version of SSM if your system is BSOD'ng and giving you fits. I returned to earlier version that is quite stable and satisfactory. My feeling is SSM might be accellerating way too many updates and additions that could be creating issues like you mentioned.

HIPS Vendors feel they are in a race to win popularity but they need to become more conscience of what is working for users as a whole and not try to press more into them then users systems can adequately support.

 

I did not like SSM. I did not get BSOD's but worse I was not able to boot my computer, luckly I had an backup Image. I will never install SSM ever again because of that.
I have been using ProSecurity (paid) for about a month now and in my opinion has advanced features, highly configurable and I have not any problems with PS. The developer is very fast to fix bugs and add new features.

 

see when people do what we suggest and is also in the help file and do the learn mode phase, then all goes well with HIPS in general but mainly PS because its written to give control. However if someone abuses PS or messes with the settings they do not understand or do not learn mode for long enough, then PS can also cause boot issues, but a safemode uninstall should fix it perhaps.

In general i have not ever had a BSOD from ProSecurity since the early versions of like 1.10 after this its been small glitches with no major consiquences.
However i have had my share of bad times while testing SSM + i dont like the interface

 

I have used PG, SSM, PS, SnS, Ghost Security and a few others - all can cause problems.
lockout .. is easy enough to fix from safe mode.

Show non plug and play drivers and disable the offending product - without the driver the product is disabled. I guess you could boot from knoppix and then delete the driver file itself.


At this point I prefer SSM - support is strong and updates just as regular as PS. PS is very good and continues to get better with every release....

Depending on what sort of experience you want or have SNS, CH or KAV with PDM could be very good ....

 

I guess I could have fixed it in safe mode.
But why start disabling stuff to fix something, I don't want to use software that half works!!!
But as you know uninstalling software will never uninstall everything.
My best option I felt at the time was to restore an Image.
BTW- I did at the time have SSM in learning mode.
ProSecurity has never caused any problems for me.

 

I removed PS and sure enough Anti Trojan Elite was also removed.
I'm not going against PS, only used it for a day and it seemed o.k. for the little time I used it.
The only thng is I just dont like the idea of another program showing up in the registry without knowing about it.

 

I use both ps and ssm. For an amateur like me i find the prosecurity UI is a lot better and easier to use. SSM is a little more confusing and has been a bit harder to use. As to which one is better, i think ssm may have the edge at this point in time but PS is improving quite quickly.