Ok, I have a VM ready to go with an old copy of XP Home to try out a new HIPS-firewall, but now I am wondering if it is better to go with a firewall that became a firewall+HIPS, or a HIPS that became a HIPS+firewall. Opinions?
This is quite true. My initial feeling was that, to build a powerful HIPS, all one must do is provide an easy-to-use interface that allows great control via the Windows API, whereas a superior firewall requires some intelligence to determine what is a threat, but I am not sure.
I wouldn't think they're comparable. One requires extensive knowledge of internet protocol. The other requires equally extensive knowledge of Windows API's. Assuming equal abilities for both developers in their fields, I'd think the firewall would be easier to design. Internet protocol is well documented. Windows is not. The latest Windows doesn't give a HIPS developer the kernel access they'd like to make a really strong HIPS that works at the lowest levels. No such restrictions on internet protocol. I wouldn't choose either one. I'd rather use apps that were designed for one thing and stayed true to that design, not one that tried to do everything. IMO, a firewall should focus on filtering and controlling internet traffic. HIPS should concentrate on applications, processes, and their activities.