Which HIPS is apt for a novice?

PC smurfer is good Sorry PVsurfer I had to laugh about it. Off topic I know

 

Sandboxes without file virtualisation are easy (or 'seamless'), because you do not have to think about downloaded files (sandboxes with file virtualisation like Sandboxie, Bufferzone might delete files when you clear the 'boxed' sandbox).

We use both GeSWall and DefenseWall on different PC's, DefenseWall is the easiest one to use (but with the poorest user guide). When you have two disk or two partitions on one disk, PowerShadow in single mode is also easy to use (that is a smart implementation of file virtualisation).

I agree with Mab69, stick to HIPS which provide black and whitelist or do some eveluation for you (PrevX1, Online Armour, Anti Executable, Sana Security Primary response).

Regards K

 

Without qualifying EricAlbert as a novice (certainly not), this post illustrates why a seamless sandbox is more transparent than a sandbox with file virtualisation: https://www.wilderssecurity.com/showthread.php?t=173052

I can also remember a post of Eastern (definitely not a novice), telling he once deleted a collection of downloaded software with ShadowSurfer (same story) when clearing a sandbox.

Regards K

 

Dear members,

Thank you for all the replies - too many now to thank each member specifically, and this way your usernames are safe. Although, I have discovered the 'edit' function yesterday.

I will install prevx1 this afternoon, and let you know how I fare. Some users in my firewall forum reported system slowdown and conflicts, but I will give it a try.

I am a little wary of installing Sandboxie at the moment after reading ErikAlbert's thread... but will try to find a 'sandbox without file virtualisation'. If I understood the replies correctly, DefenseWall was mentioned as such an application, but when I visited their website, the program was described as HIPS.

Can I run DefenseWall alongside Prevx1? Or would PowerShadow be more appropriate?

Best wishes

 

I have used Prevx1 and Defensewall at the same time without any problems. I am actually using Defensewall 2.00 beta at the moment. It is looking good. Defensewall is really easy to use and light. I uninstalled Prevx1 from my system because it was too heavy for my liking. I also have Powershadow on my computer but i dont really use it anymore. I would at least give the Defensewall a try!

Kristian

 

Since jm0307 is a self-proclaimed novice, I strongly caution him to understand Defensewall's operating concept (how it works) before installing it (it may not be his 'cup of tea')!

 

You can apply that to every new software you want to use. I am not computer expert, so i had to learn by trialing progams and find out what it is best for me. I agree with you that you have to find out as much infromation as possible before installing Defensewall or any software that matter. But you dont know if it is your cup of tea unless you try it.

Kristian

 

Because all the behaviour-based anti-malware sandboxes are HIPS systems (sandbox HIPS this case). There are three types of HIPS- classical, expert and sandbox.

 

As of this point in time, the DefenseWall support forum is speedy to reply with excellent technical advice & helpful comments. The Prevx forum -- not quite so responsive nowadays.

 

Dear members,

Thanks for the clarifications on types of HIPS, and the sandbox subcategory. This forum has been very helpful in helping me choose a suitable application and in remedying my computing ignorance.

Have installed Prevx1 and find it quite nifty thus far. I like that the program stays free until you are actually infected, and as my pc is clean, I intend to keep it that way. I also have not noticed any significant slowdown, and have as of yet not had to answer a single pop-up.

I had a look at DefenseWall and GeSWall, and am swayed by the latter, as it appears easier, and it is free... I will also try PowerShadow, once I figure out whether the free version still exists...

Best wishes

 

Well I read alot about NOD32 too, just like I use a "frozen snapshot".
The answer is simple, FDISR is NOT a security software, it doesn't know what malware is and it doesn't recognize malware in any possible way.
A frozen snapshot only removes CHANGES on your harddisk and a malware IS a change on your harddisk.

Between two reboots a frozen snapshot is exactly the same as your harddisk, it can be infected, which means installation and execution of malware.
That's why I need security softwares to protect my computer during the period between two reboots, especially softwares that prevent installation/execution.
Any malware that bypasses my firewall of straw and all my other security software is removed by a frozen snapshot anyway. That's the reason why I use a frozen snapshot, to REMOVE THE REST, in other words the FAILURES of each security software and don't tell me they don't fail, there is proof enough of this.
It's not only the failures of security software, I also make mistakes and these are also corrected by a frozen snapshot.

A frozen snapshot is nothing special in FDISR, it's a variant of the copy/update function, which is used by ALL FDISR-users and there are different ways to use a copy/update function.