ProSecurity v1.21 [HIPS software]

I think there are other considerations to take into account.
Lets look at the "installation / learning" mode within PS. If a user download a program,. selects one of these modes, and runs the program/installation,.. and the program turns out to be "bad",.. what is stopping this program from closing down the firewall/AV if this program can be given permission (learn how) to terminate any other program. I do think there is a need for full protection from termination for programs (firewall / AV) so regardless of other programs settings, these can be protected.

 

maybe we should put this to Jie, the developer of PS

 

I did make a post (at PS forum) in ref to the termination of applications,... but as yet no reply. I will add my last post to that thread to see if any movement

edit:
Have copied my last post to PS forum

 

he is aware i just told him. we will see when he replys . . soon i guess but not sure

 

This is one of the issues I have with these programs. I usually turn off the learning mode at the earliest opportunity. Then I was told that was wrong - I tried it but don't agree with it. As you say and I said earlier, you do not necessarily have a clean machine even though you have taken all precautions.

SSM does give you the opportunity to go through running but unapproved processes. Have not noticed the equivalent in PS

 

But this can be said of the installation of any HIPS program.
As with SSM,... after a new install,.. there is a popup, informing you that there are running programs without rules,... how do you handle this? Do you just allow/trust all, or go through all the processes to ensure they not "bad", and then create rules per app.
With PS, after running in learn mode,.. you can then either leave as is, or go through the application rules to check on the programs allowed, and remove / change anything you find to be incorrect, or should not be there.

I think if you had malware on the PC, then this could do whatever damage to your system while you had no HIPS installed,....

Both, in the end, rely on the user input,... the only difference being that SSM will allow, by default, certain applications to run with hard_coded rules.

 

I agree stem. I personally though like the way PS works. Nobody knows if their pc has been compromosed prior to HIPS, how can HIPS protect against a Rootkit already running rampant on your pc ? You would never know its there.

Best thing you can do is make you have a good clean install.

this goes for ANY HIPS programs

 

Interesting post about driver loading order resulting PG not detecting a parts of NOD here:

https://www.wilderssecurity.com/showthread.php?t=152550


I had a look at the drivers for SSM, PS, PG, GSS and Prevx with the exception of SSM they mostly appear to be set as automatic rather than system or boot.

The pg help file says

The ProcessGuard driver (procguard.sys) is loaded before any user logs into a system, with a driver load option called AUTOMATIC. This offers heavy protection, however users can experiment with this option to load the driver even earlier. This could provide better protection in exceptional circumstances, but should only be attempted by experienced users as this could also lead to crashes.


Any thoughts in relation to the protection offered by PS vs other apps?

This seems to give a further advantage to SSM?

 

I did notice that PS did not pick up NOD32krn when I run in W2K. PS blocked NOD32krn from reading process memory, but will not pick up this application and place into the application list while in training mode. I had to enter this manually. I do not see this problem in XP (more work needed for W2K compatibility)

I am still playing with PS,... so early days for me yet.

 

At the moment I like PS - but prefer the functionality of SSM. But like the general GUI layout of PS more.


I have a lic for both so easy enough to keep an eye on developments in both camps

 

yes . . Both PS and SSM are seeming to me to be the better ones, but i believe with the developer of PS being how he is, he will beat most HIPS by the time he is done lol. I bet if you look up the definition of determination on wiki you will see the developer of PS in there somewhere !

 

I do like how PS appears (well to me) to have been developed from the control of dll`s up, giving very good base protection,....

 

i have been in text conversation on MSN with the developer, and he says hes doing a little more development on PS and maybe complete within 4 or 5 days. I cant wait to see what he counjors up !

 

I do not like the latest version, way too intrusive. And I´m mainly speaking about all the prompts about libraries btw. Of course I´m sure that it offers great protection but there has to be balance between security and usability IMO.

Don´t get me wrong I´m not saying that it´s not a good product, because it seems to be very powerful (covering quite a few things), this is the way that PG should have been IMO. However at the moment I prefer other HIPS.

 

That is one of the reasons that I prefer SSM. After a couple of days PS was beginning to annoy me. Bit of injustice if it is doing its job well but at the time it was not protecting as well as I thought it should. Now I find that SSM is also failing in areas I was not aware of. This is probably the case in whatever you try as malware is always one step ahead.

This does create a problem in setting up a computer for my Wife. She could never cope with or understand any of the pop ups. Her main focus is gardening. Sounds very innocuous but she is into the more exotic forms, and you can guess where that leads her at times!

 

@ djg05

Yeah I think you shouldn´t choose a HIPS that gives lots of popups to protect your wife´s PC, especially if she does not know a lot about PC security. However if she does not install apps a lot I think SSM with the GUI disconnected will do just fine. Also which areas does it fail to protect you? And I agree, 100 % security will never exist.

 

Sure clasical HIPS are not for ordinary users. In that case I think Sandboxie might be useful to her.

 

It is a difficult one. The only alternative is avoid pop up is to run "naked". She currently uses PG full and it runs without problem but now seems to be lacking development and is lagging behind the others.

If you read down this posting you will find areas in SSM that Stem has highlighted

 

I have been reading about sandboxes but it hadn't occurred to me to use that for her. Will have to look into it.

 

Other option could include Geswall (free) or Defensewall (paid)

You might find this useful
http://www.av-comparatives.org/

 

Thanks. Will try out GesWall. Would not run on my machine but will try it on hers.

 

Sure there are popups, but when you are using your system in Learn mode as you should be doing with ANY hips software, then after you are satisfied you have done everything you would use the pc for normally, inclusing switching user accounts, logging off loading software etc, then you should see little or no popups. If you do something new like install something or do anything you id not do, then you may depending on the action have 3 popups or so to acomodate for exe loading and some dll etc hooke etc

Please people dont forget that HIPS and ProSecurity are security products, they do their job extreamly well with some input. My parents use this PC for banking etc , and i tell them "read the damn message if your gut tells you its probably ok, then allow it and i will deal with the reprecussions when i am home again.Some users just dont know or understand ANY thing technical, and in this case if its their pc then you should considder using something with simple protection with not many popups like Process Guard. If you value your security and know and understand such things then you should considder ProSecurity or ssm which ever your personal choice is
PS
There is further developement going on with ProSecurity , i am not 100% sure what it is but i am assured its improvements etc

Cheers
WG

 

Most of the users here or contributing to this thread are pretty knowledgeable; normal users cannot and will not cope with too many pop-ups. They either allow or block everything. Most have to react on a gut feel.

Learning mode is great but the pc must be clean for it to be safe.

That leads me to a question using Ice sword I noticed that various hips hook the SSDT table to varying degrees.

• SSM seems to link everything , PS, Prevx and GSS seem to link selected things

They seem to achieve similar results but in bit different ways. Is one way better than another?

 

Star, i informed the developer on msn, he is offline and will recieve it when he is online.