Types of HIPS

Erik,

CyberHawk and DEP enabled in XP (and your processor supports it)will protect you against many exploits.

SpywareTerminator has a HIPS feasture that scans your harddisk and build a list of existing programs (only pop-ups when you install new). Abtrusion protector more or lesss does the same thing (building up a white list with checksum).

Regards

 

That's one solution. But if you're paying for AE (is it freeware?), that's why Prevx1 is better in my opinion. It does that and cleans, etc(much more complex, but i'm trying to keep my post simple). Then if you want more, maybe Cyberhawk. But first a sandbox. Much simpler and effective. Everything else is a backup, for whatever gets pass it.
As for ST, i think it talks too much, and i think it doesn't cover everything critical. If it's about control, SSM, Antihook, Process Guard, all much better.
My opinion

 

It's not about freeware/payware or about control. I don't need to be in control, if someone else is in control.

So my security setup could be like this :
1. Router + Look 'n' Stop
2. Anti-Executable
3. Prevx1
4. CyberHawk
5. A sandbox software.
All installed in a frozen snapshot. That must be enough to save me between two reboots.

 

ErikAlbert I thought your philosiphy was to only have Prevx1 and Rollback software? I think that's a nice light idea, don't muck it up with more software that you don't seem to need since you never said you've had a problem.

 

In that setup, i would say i think like you, except the sandbox should be the primary concern, at least now that you've settled more or less on the others. I have GeSWall and i haven't seen malware for a while now. Yes something could be here (paranoid), since i'm not an expert. But i don't think so, so many scanners in my pc.
For prevention, these days, Firewall+sandbox are the best 1st defense
Maybe dump AE? What does it do that Prevx1 doesnt? (i don't know AE, i'm really asking)

 

My backup solution is finished. I never said that my security setup was finished, I'm still WORKING ON my security setup.

 

Some of the differences between the two are as follows:

• AntiExecutable:
  • Assumes any user allowed application is fine. No assessment of good/bad.
  • One time purchase charge, no ongoing renewal. Base price is ~$30 US, but watch for discounts (typically 50%) in their quarterly newsletter.
  • To add new programs, one must disable AE, run/install the application, re-enable AE. This is a fairly high operational barrier, so you really don't approve things on the fly. However, be cautious here - AE does track activity during the off period and uses that information to add applications, so minimize the off time unless you want to spend an extended time waiting. Worst case scenario is performing a comprehensive AV scan while AE is in an off state. In this case, re-enabling is akin to a full reinstall.
  • Best suited for static configurations
  • Appears very robust, minimal SSDT hooks. They stick to very basic primitives (File Open/Write/Create/Delete, Thread Open, Process Terminate, etc.)
  • The one "in principle" deficiency would appear to be script based exploitation of approved applications. However, virtually anyone should be able to quickly read through a script/vba macro and see what's up if they are using these items
  • Compatible with Win 95/98/2000/XP
• PrevX:
  • Novel licensing structure that is essentially a productive use-initiated subscription model. It's a decent compromise between free and subscription based. Yearly subscription license is ~$22 for a single PC. Family licenses available ($64/4-PC's). Monthly and quarterly subscriptions available (i.e. pay for problem occurrences only - very decent option for infrequent problems - $5/month, $10/quarter)
  • Assesses good/bad/caution/unknown applications via a community derived database. Blocks bad, flags caution/unknown applications, so there is a black/white listing behind actions
  • Suited for either static or dynamic configurations
  • Appears very robust, fairly extensive SSDT hooking.
  • Can approve unknown items on the fly, which is a low (but typical) operational barrier
  • Compatible with Win 2000/XP

Either product (among others) is suited for casual users.

Blue

 

Hi Blue,

Just one minor correction - hope you don't mind.

Prevx1 currently compatible with 32-bit Win 2000/XP/2003.

32-bit Vista support in progress.
Native 64-bit XP/2003/Vista also in progress.

No plans for Windows 95/98/ME/NT as they are unsupported by Microsoft and frustratingly developer kits are no longer available.

Regards,

ghiser1

 

Not at all! I'm all in favor of the most up to date and correct info being out there.

Blue