Recommend a light HIPS?

Among the freebie HIPS, GeSWall is exceptionally light, due at least partly to the fact that it uses OS API's to a significant degree.

Another free HIPS, namely Threatfire, *can* be a close second in lightness once it has settled in after a bit of use. It works fine with Vista.

 

Ok thanks, I will try GeSWall.

Does the freeware version GeSWall give realtime protection?

 

yes it does.

 

I too resemble this statement although I do use Windows7FirewallControl Plus

 

Ok. I am running Geswall right now. Looks good.

But it didn't ask me about Skype, Filezilla, BF2142 or Punkbuster and a few other programs at all when I ran them. But they all gain internet access. But it asks about most other things that I have loaded. Why not for BF2142 and PB etc?

And if I run IE and Firefox in a Geswall session and get a driveby download, and it tries to execute, why Geswall stop it? And what about if someone tries to connect to my Laptop Wireless Connection?

 

There are some programs that have internet access which should not be isolated -- such as AV updaters, DNS Benchmark, etc. Therefore, there may be some of your programs that have internet access where GW doesn't know whether or not to isolate them. If you have additional programs that you want to isolate, then use GW's Application Wizard to add them to GW's list of isolated apps.

 

culd be their whitelist allowing those programs on purpose.

 

As I remember, this was a very handy feature to use in setting up additional apps to work properly. I can remember two that would not function right without doing this, Window Blinds of all things was one and Free Download Manager was the other.

 

That's a concern, because it should stop ALL programs from accessing the internet. At this stage MOST of my programs are gaining access to internet and GesWall is not complaining at all.

So what if I get a future malware, how can I trust Geswall will stop it?

 

There is no Wizard in the free version it seems.

 

How far are you into trialing this. I used the professional addition until the time ran out. All rules were made for what I had at the time. If I remember correctly, there was a dat file that was made whilst using the pro version that could be saved and used with the free version. Save the dat file, uninstall the pro, install the free and before re-boot of free, replace that dat file. It may be that the pro just defaults to free when the trial is up. Don't know if it's like that now or not. It's been a while

 

I think the only HIPS with network protection which is somehow free and works with Vista SP2 is System Safety Monitor.

Btw, you want to use D+ only without Firewall, but it should stop all programs from accessing the Internet.

Cheers

 

GW only controls network access for applications running isolated and therefore won't say anything. The freeware version serves mainly as a containment program that keeps untrusted files from damaging your system. I have had problems in past getting GW and punkbuster to play nice together...in the end I had to disable GW when gaming . There is probably a way around it but I got tired of having to create a rule and tweak it just to have GW protect other apps.

 

For further assistance, the GesWall *experts* in this forum are aigle and Kees1958. You might get faster replies if you contact them by PM.

The expert at the GesWall forum is Henk.

BOTTOM LINE: GesWall (GW) requires less user intervention than is the case for most HIPS, but it DOES require some configuration.

If it turns out that you are not comfortable with GW, then IMO the only other free HIPS that are worth using are...

Threatfire (TF) TF is VERY easy to use and needs little or NO configuration.

Spyware Terminator (ST) -- ST's spyware detection is only "okay" AFAIK, but its HIPS component is quite good SIH, & VERY user friendly. It has ten -- count 'em 10! -- real time shields. It is a snap to configure. As to how light or heavy it is now, I don't know -- haven't tried in the past several months. It used to be fairly light. Hopefully, it still is. You might want to give it a try.

 

Someone can say when will be released the version 3.0 ?

 

Do you use Win7FirewallControl Plus?

 

nope, just default plain old windows 7 built in firewall

 

Correct. Problem is that GW Application Wizard only check for the program to run. For Punkbuster and game updaters the automatic creation of allowed rules has to notice that. This only happens during gaming or on a later moment in time. So you either spell out the logs and waist some time with trial on error of just leave it to be unprotected.

 

bellgamine, I use to use TF but am currently using Mamutu (via a license give away). I believe I've read complaints here about it lacking "Deny" option. Is that correct and is that still the case?

 

How about Windows Defender??

Under Tools > Microsoft SpyNet > Join SpyNet with advanced membership
Read http://www.microsoft.com/windows/products/winfamily/defender/privacypolicy.mspx prior to joining

And under Tools > Options, Enable real-time protection & Choose if Windows Defender should notify you about:

Software that has not yet been classified for risks
Changes made to your computer by software that is permitted to run