Testing HIPS

I have been looking at DefenceWall and Kerio with the HIPS function and cannot see what the diference is between the two as far as the user is concered.

Is there a HIPS exploit available to test our current systems so we can make a judgement?

 

I haven't used Kerio specifically, but from what I understand it's a more typical HIPS type products, so the difference as far as the user goes is going to be in how the program is used (assuming all other things being equal). DW requires that you add programs to the untrusted list, and it then puts restrictions on those programs and any child processes, and does so without any alerts. Your standard HIPS type product is going to alert on any monitored action taken by any program at all.. You're right about the protection features being similar, it's just a matter of which approach you're more comfortable with

 

Thanks Notok

That explains the approach they take, and I assume both approaches are effective, though I have not seen anything to one or the other. That I was wondering there was a benigh test to check the current protection. With DW there is a question of whether it is worth twice the current price of Kerio for just one aspect, though is really a personal choice.

 

Download IceSword and install as untrusted into i.e. DW and see if it can break out of the box.

Would that be a test?

I have downloaded - but I am not computer-savvy enough to test - or rather - take care of the eventual consequences.

Best Regards

 

A good HIPS prevents you from installing software even if you want to?

Okay check! Good to know , Peter

 

Download some of the leaktests from www.firewallleaktester.com A good HIPS should detect almost everyone of them because the more advanced leaktests try to do dll injection, process injection, etc.

Alphalutra1