which is the best/trusty HIPS

Hi
i have a question about program behavior blocker
right now i 'm running with threatfire , and i'm happy

well i would like to share with you , your personal experience


about your personal experience which behavior blocker does work better ( i mean which software adorn, decorate , shield your backside? )

thanks

ps is there a free version of defensewall?

 

No. But it is well worth the small fee; support is superb.

 

Right now i am using mamutu and i really like it. It is very light on my system. It offers a totally sufficient level of protection for me. Sure classical hips may give you more protection but i test new programs in sandboxie first or in virtualbox. ThreatFire is also very nice but uses a bit more CPU imo.

 

Hi, Mantra:

First, I thought you asked HIPS in general, then you pinpointed to Behaviour Blocker. Free one and trusty ?

I think you are holding one right now, TF has passed a handful of tough tests, I would hold onto it.

As far as DW is concerned, it is not a behaviour blocker , rather a sandboxed HIPS, a keeper you like to spend $$. Meanwhile--

You may be able to attain the same level of protection as Defense Wall, if adding Sandboxie to current TF. Both are free.

Good luck.

 

sorry but a is HIPS a behaviour blockero or?

 

HIPS may refer to classical HIPS (SSM, ProSecurity, EQSecure) or any security software which doesn't use signatures as the core of the protection. The latter definition includes behav. blockers, sandboxes, whitelisting apps, etc.

 

2-way tie for "best paid HIPS" -- Prosecurity and 1 other.

2-way tie for "best free HIPS" -- Threatfire & 1 other.

 

Very agree as I have found Ilya to take extra step in support issues. This guy works his business and software seriously.

 

No, but there is a free version of GeSWall which is also a policy based hips.

 

Ive tried both Threatfire and Mamutu. Without using the intelligent alert reduction in Mamutu, I think Threatfire is quieter.

And performance wise, I didnt notice a difference between the two.

 

SSM paid.

 

DefenseWall

SSM Paid is superb too

 

DeepGuard

 

+1

 

Defensewall all the way!!!!

 

TF+comodo is ok, both free, you can change the comodo notify frequency as you want, this is suitable for most people.
1)TF+comodo D+ Disabled
2)TF+comodo D+ Training mode
3)TF+comodo D+ Train with safe mode
People choose TF it is for the less noisy and smart response, comodo is more control and flexiable

 

DefenseWall!!

EQSecure!!

SSM!!!

 

For ease of use with no pop ups, and superb customer support i`d say DefenseWall.

 

Hi,

I would say Online Armor and GeSwall or Online Armor and Defensewall

Regards,

MaB

 

Yep, another vote for Defensewall here. Now I understand it, I wouldn't be without it. As to the support. Only had to contact Ilya once and he asked me for a log file associated with the error and then sent me a special build of the main exe file. Fixed the problem. Best of all, from reporting the problem it was fixed within 24 hours.

muf

 

thats why i didnt choose defensewall, i was never aware of what it was doing and how it was protecting.

although, if it does all it says without zero pop ups, that is very impressive.

 

Policy sandbox
Nr 1 = DefenseWall (easiest), Nr 2 = GeSWall

Behavior Blocker
Nr1 = ThreatFire, Nr2 = Mamutu (=easiest)

Classical HIPS
Nr1 = EQSecurity, Nr2 = Comodo's Defence plus

Integrated FW/HIPS
Nr1 = Online Armor (easiest), Nr2 = Comodo FW/D+ (all windows platforms)

Great combo's
- policy sandbox with tuned down classical HIPS (in new EQS V4 the application protection is split in process, system and advanced, in combo with Policy Sandbox you onlu need to use system + advanced, for D+ use my settings)

- policy sandbox with behavioral blocker (old systems I would choose GW-free with Mamutu paid, stronger systems I would choose DW paid with TF free)

- OA solo paid (now with Toni Klein's startup protection) with run safer for internet facing aps, use a freeware AV (save yourbucks for OA)

- Vista64 run UAC in quiet mode (TweakUAC), use HauteSecure beta (freeware), keep on using Defender with create restore point, use freeware VistaFireWall control to control Vista's internal FW for outbound control. Combined with (I would suggest the new AVG8 kernel optimised for multi threading which is better with multi core CPU's) a freeware AV, yu problably only have to pay for HauteSecure in future.

 

Hi,

After reading NeroGuard developer's open letter on the other thread, he says to this effect "
Windows' kernel patch protection on x64 system will effectively stop kernel hook based softwares(most HIPS at the present time) from working on x64 O/S version."

Is there any HIPS currently supporting x64 O/S ?

How is their (HIPS) future as a whole ? since 64-bit O/S will be getting more popular and eventually will force 32-bit O/S to retire.

Would the same situation be applied to behaviour blockers ?

Just wonder. So much talk about nicest HIPS here, but in the event, the rug is pulled out from under, what will be left from then ?

Take care.

 

threatfire is not so popular

 

I can say about 64-bit Vista- with SP1, there should be an API m that allow low-level hooking. The real reason for not having 64-bit HIPS is just low propogation level of such the OS and high level of the current code improvements/changes. Right now it is just not any reasonable from the point of view of the business.