What on earth has happened to viable HIPS software availability?

Discussion in 'other anti-malware software' started by Smiggy, Mar 10, 2017.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    The other reason if recollect his statement was that the product return/refund rate was excessive. Primarily by nobs who lacked the technical knowledge to properly configure it.

    On the other hand, OA was well known for its quirks and bugs which again a nob would not be able to handle.
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    I won't bother to banter over my own grand satisfaction turned disappointment for EQSecure as well as Malware Defender. If only some 64 bit versions of those were possible it might been another story but I can say with great Glee that EQSecure w/Alcyon's Rulesets made for plenty of panic-free snagging of rootkits and other baddies intercepted before landing. A technique that eventually SD assumed for my malware grabbing efforts after Classical HIPS ride into the sunset.

    I agree with all of the above conclusions though since compatibility with 64 bit waned and new forces assumed the battle.
     
  3. guest

    guest Guest

    Yes this too, when i read the noobs complains i was 90% facepalming.
     
  4. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    THIS, THIS AND THIS!

    I was going to post exactly this, after all these years visiting security forums I am really tired of those "system expert professionals" elitists who bash antivirus solutions and yet use much more impractical security solutions.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    I am not a system expert professional, but alas I am not as perfect as you guys either. And since I have critical client financial data on my machines I can't take the risk. So I test my setup against every mistake I can possibly make and see if the data is safe. So I have some overlap and it makes for a sort of paranoid setup, but it works....FOR ME
     
  6. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,858
    in times where symantec announced antivirus programs as dead. ofc the classical AV is dead, with its signature based search. but the newer AV made it more complex and in parts really worse.

    Malware Defender and OA were the first public and comprehensive hips (from my view). leaning mode. outpost has similar, not just a firewall. i also owned several license for OA and one for MD. but i makes work to keep it up to date. after OA died i tried different programs but i reduced it to a simple firewall.

    bashing AV programs is inevitable today - those are causing too much interference with its features, hidden features and poor commented features. if some feel overstrained -> uninstall - simple as that. but i have a recommendation for some if they would ask me. i am not 100% against antivirus but at least im over it and its time to show people other methods.

    from the x-files: "i want to believe"

    point 3 - i dont share in no way - if so we wont have discussions like these.
     
  7. guest

    guest Guest

    some go even farther, bashing Windows make them feel like experts in their small universe. but they keep using it... hilarious...
     
  8. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    976
    DSA was actually Privatefirewall with a dumbed down interface. You could run the privatefirewall executable and change the defaut security settings for DSA.
     
  9. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,638
    Location:
    Under a bushel ...
    Agree :)
     
  10. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,099
    Location:
    Hawaii
    I still run DSA on my XP machine. Excellent! It's basically Private FW without the HIPS.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    It's only impractical if you don't know how to use HIPS. If you actually understand those alerts, then it's possible to identify threats, that AV's miss. What's normal behavior for a certain app, might be totally abnormal for another app. The only true problem with HIPS is that they try to monitor too much. For example, I do not want to see alerts about about "COM objects" and "process memory reading", because even a system expert wouldn't know if it's normal behavior or not. I would advise HIPS makers to stick with the basics.
     
  12. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,099
    Location:
    Hawaii
    Except for user-configurability, what are the *main differences* between a relatively simple HIPS (such as the dearly departed Online Armor) and a Behavior Blocker (such as the ones included in some current AVs)?

    @ Rasheed -- I agree 100%. Good comment.
     
  13. guest

    guest Guest

    HIPS are dead, what real HIPS are still alive and actively developed? Comodo and Spyshelter, those on suites are lighten HIPS closer to BBs than HIPS.
     
  14. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,342
    Location:
    Europe, UE citizen
    Cis Defense+ used without the sandbox is a classical HIPS.
     
  15. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK

    And this is another area of debate, exactly what is a HIPS software?...If you read through Wilders and other like forums, software developers I find it varies..Plus many of them are not user friendly and that is where they lack, everyone wants to be safe and the challenge is on the developers to make them simple to use without offering a trainload of options..Its not the end-users fault as suggested by Fabar, its their lack of skill in making a efficient security product for all.
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    [QUOTE="clubhouse1, post: 2660790, member: 137356"..Its not the end-users fault as suggested by Fabar, its their lack of skill in making a efficient security product for all.[/QUOTE]

    Do you mean Fabian as in Fabian Wosar. Also I found the really effective security products do require a learning period. Look at all the hacks and successful intrusions. they all usually start with a human mistake.
     
  17. guest

    guest Guest

    Exactly
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes most standalone HIPS are dead, but my point was that sometimes less is more, just monitor the stuff that users can actually make decisions about, it doesn't make sense to alert about stuff that almost every app will trigger. And BTW, both Comodo and SS still monitor the things that oldskool HIPS were monitoring, like System Safety Monitor and Process Guard.

    Many products employ HIPS technology, think of tools like HMPA and AppGuard, but in general when we talk about HIPS, we basically mean behavior blockers that can either auto-block or leave the decision up to the user. And that's exactly the problem, because most HIPS/BB's will generate too many false positives in auto-block mode. When it's purely user controlled, it comes down to the expertise of the user.
     
  19. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    As such, they are best installed after a fresh OS install and then set to training mode. If they are installed or set to training mode at a later date and malware exists, it will be allowed and corresponding execution rules created for it.
     
  20. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK


    Two great examples, HMPA pretty much install and forget, AppGuard riddled with course and fine tuning options to achieve pretty much the same level of protection, for the average end-user HMPA wins due to its simplicity and I bet outsells AppGuard as a result.
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    True enough, but humans will still need training to use the software tools after they have been trained.
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Absolutely incorrect. While in some cases the end result might be the same the means are also totally different. In other cases the protections are totally different.
    Without going into detaii as it is available in various threads, if you tested against real malware you would see the difference. I wouldn't want to be with out either.
     
  23. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    I'm talking about mass market appeal and simplicity...I have said many times although I have antivirus, antimalware and other security softwares installed they have served me no use in years! In short I've NEVER had an unexpected warning or pop-up..Perhaps the pretty simple system and browser hardening along with commonsense browsing I employ is enough.

    Plus I think most out-of-the-box settings offered by most AV softwares are sufficient for the vast majority of users..The extra settings are to sate the appetite of paranoiacs and it just results in AV's becoming competitive via offering extra settings to try and outsell each other, the more bells and whistles the better for some.
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    That's probably true, but that has nothing to do with HMPA being just a simpler version of Appguard
     
  25. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    I have run HMPA before and really liked it but not sure it would work with appguard installed.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.