Six HIPS Programs Reviewed and Rated

Notok, Socketshield was not tested in gizmo's sandbox or HIPS test. I do not get your point that it should not be in such a test.


Regards

 

He was answering an issue raised by a post in this thread.

 

I completely agree with this statement. DefenseWall did very well. Nuff Said. Now disreguard it's results and concentrate on the others. And the only one that performed well was cyberhawk. But remember he used his judgement about what the warning indicated - e.g. - warned such and such game was trying to run but not warning about anything malicious in the game, etc. So it's what your expectations are for these types of programs. In your mind, it might be a pass, but in his definition, it was a failure.

 

LOL
Simple really.

 

Of course. Basically i want the best thing that protects me. He just tested new products that don't rely on signatures and reduce or eliminate pop-ups of "standard" HIPS, with Process Guard as a reference.

 

Yes: interesting that PG is still regarded by most as the "reference" utility.

 

It wasn't used as THE reference, it was A reference. lol
Just a choice i guess.
But sure, alot of people view it as a reference. I don't, i want it for free! Free version=crap. Sorry for the fans.
The full version is very good though. Just needs continuous upgrades, as many people asked. It's alot more intuitive than SSM, although not as thorough.

 

Disagree. A tester who practices *dis-homogeneity* is rather free to manipulate results. I'm NOT saying that such was done in this case, but if one wants to manipulate outcomes, dis-homogeneity is one way of doing it.

I wouldn't select a doctor based on a test about medical science that is administered to 10 people, 9 of whom are lawyers and one of whom is a doctor. Nor would I select a winter tire based on a test of 9 racing slicks and one winter tire.

I keep wondering WHY DefenseWall was conspicuously omitted from this tester's recent reviews of sandboxes (even though DW is a sandbox) and then was conspicuously included with his latest tests that included NO other sandboxes.

A test is a test, yes. But if one is looking for a meaningful test (as opposed to just any old melange that proves a point someone wants to make) then a poorly structured test is by NO means a sound basis for making judgments -- comparative or otherwise.

By way of contrast, I point to the recent tests of certain HIPS by AV-Comparatives. I point to those tests because AV-C also tested a mixed group. But read AV-C's report and notice that AV-C's test results for discreet groups are clearly and pointedly distinguished from test results of other discreet groups.

DW is a superb security app that neither needs nor deserves such a questionable analysis as the one that is the lead-off topic of this thread. To me, THE definitive, objective, competent, and eminently fair proof of DW's excellence was firmly established by THIS test, not by the mish-mash *review* that is the subject of this particular thread.

 

This is exactly what I wanted to say.

BTW DW is really good I know!
A hybrid sandbox-- sandbox plus policy restrictions--this is the best approach for zero day attacks in my experience and it protects agaianst the most nasty malware without user interaction or any pop ups. The way to go!!

 

I wanted to add to my earlier post regarding the invalidity of including DW in this test. If you are going to test a certain type of security application then you only include that type. Ok, some HIPS work in slightly different ways than others. But the difference is not great. It's not like the difference between say a Antivirus and a Firewall. All AV's work slightly different from each other but they are classified as AV's because of how they work. If a new AV came along that works pretty much like any other AV then it wouldn't be called a HIPS or a Firewall would it? I diverge, but you get what I mean.

If the tester in these tests wanted to test any type of security app against these threats then where are the AV's, AT's, AS's, Virtualisation and registry protection application's? You see where i'm going? If they feel it necessary to mix in a sandbox with 5 HIPS apps then why not go the whole hog and put in other sandbox apps, AV's, AT's etc. This is where this test falls down. The tester conveniently pitched in a sandbox among five HIPS. It's like someone throwing a duck in with five different breeds of Hawk, then chucking them all in a pond to test which swims the best. Now of course the duck will win but try testing who is the fastest and guess how the Duck does, or who can catch more rabbits in a day! You see that testing methodology come into this and if you are going to test then you have to use the same breed thoroughout. In this case all 6 apps should have been HIPS. Alternatively all 6 should have been sandboxes. But not a mixture as the results become clouded.

I've used DW and liked it. In fact I use a sandbox myself with a HIPS app. I don't use one or the other as I know they work in different ways. What my sandbox protects me against isn't always available with my HIPS, and vice versa. It could be construed that the tester purposely used the samples in an attempt to manipulate the results in favour of the Duck. And why oh why was this particular Duck not rounded up and included in the prevous test with all his brethren? Did I say clouded? I meant mucky!

muf

[edit: Spelling]

 

Hey Bellgamin!

I understand your points, and I don't disagree. In general though I believe many folks in the thread here took the 6 "reviews" as a comparison, and it struck me that the author called them reviews - but "we" all took it to mean "Of this group DW is the best". Each review has to be read individually etc.

As to Defensewall being omitted from tests - who knows? The author does mention that DW was the only one that could not be tested within VMware. Makes it a little painful I'm sure

Then there is all this sandbox talk DW is HIPS anyway you slice it. Classic, sandbox, whitelist, blacklist etc. All HIPS. I think Ilya named his pretty dead on though

 

@Bellgamin & Muf
Why are you so "cross" with the publishing, methodology, selection of utilities and tester?

AFAICS this test and the utilities are not dissimilar to AV-C comparative tests from October which included sandboxes and HIPS and CIPS and chimeras (DW).
I fully appreciate that AV-C is a well established organisation and am not comparing Clementi and Richards.

As per Toadbee (not counting he is the "winner" here )

I dont really see a problem, I see some popular tools being subjected to a standardised set of of tests and results available for scrutiny.
You may well be correct: I probably dont understand some of the finer points and there may well be some oranges aint oranges in there.
What is really beginning to bother me is that PrevX for all it's claims is repeatedly failing to deliver on some promises: could be time for a rethink here.

Regards

 

All i'm going to add is this.

Just because DefenseWall was included in this test SHOULDN'T and DOESN'T excuse some of the others POOR performances.

 

Numerous posts unrelated to this thread split out and placed in it's own thread for further discussion.

Moved here---> https://www.wilderssecurity.com/showthread.php?t=154863

Let's attempt to keep this thread confined to the thread starters intended target....which is the Six HIPS Programs Reviewed and Rated and take the discussion of other programs to another thread Please.

Thanks,
Bubba

 

Note that the title was not just reviews but "rated" and putting them all the results together in one table, just called for a comparison.......

My guess is, he probably decided to try some thing he never tested before. Nothing sinister in that.

I don't think it's a matter of semantics. Whether DW is HIPS or not is not the issue. The issue is whether the test was misleading in suggesting that DW (and other sandboxing tools) are superior.

Sadly, people are just going to look at the scores. Few people are going to actually look at the testing methodology.This review will rack Ilya quite a few sales i bet. Not that he doesn't deserve them....

 

No reason why it shouldn't.

Don't make the mistake of assuming the HIPS crazy, "latest means best" crowd wilders is reflective of even 0.00001% of the rest of the world.

Do you think real people spend every hour testing the latest and greatest HIPS? Most people just settle on one and stick to it until they hear otherwise.

In any case, I'm not convinced that the latest and greatest fads here really provide any extra significant protection over PG.

 

Yes
Still a benchmark for HIPS.

 

I think PG has had its day, its a good product, and works well and is stable. But i feel that with the reacent emergance of more powerful products, i feel we should think of using something more powerful until the PG team update and add a whole lot of features. Although those who want real simple HIPS i would suggest if you want something nice solid and not over complex then PG is the way to go.

 

Indeed - my father sticks with what I give him and would never change.

I waver with PG I think that the parent child stuff that other products deliver is very useful for someone who wants to spend time but ....


The simple nature of PG sometimes makes this better. With SSM or PS you can click yes to many dialogues and allow a key logger. With PG if the global permission is set it will just block - fail - and then the user has to hopefully think. Lots of people just click yes - too many questions.

I know my segement 0.00001% - like most here. I am almost ready to switch completely from PG to SSM but ..... still value PG


I was surprised by some of the test that PG failed ...

 

Posts removed.

Let's focus on the products contained in the review and not the people posting about it. The 6 products were Blink, CyberHawk, DefenseWall, Online Armor, Prevx1 and ProcessGuard.

 

I don't think it's fair to compare DefenseWall and ProcessGuard. I'd like to see DF compared to PG+ ShadowUser+ RegDefend: Expensive alternative you might argue, but nevertheless in the same league.