Looking For a Set/Forget Rulebased HIPS:

I have had enough of Comodo D+. I also tried out Threatfire and it was just as annoying as D+. I am looking at something like EQsecure, so that I can give certain apps certain rights and everything else is solid and secure. I bought Defensewall a few minutes ago and probably will be Faronics AE very soon.

I am looking for a security setup that doesn't nag all that often but keeps the bugs from biting. Know what I mean? I am sure EASTER can help with this one.

 

I'm happy DefenseWall user too and it's very powerful alone so there's no reason to add anything if you don't like. But but... because you don't want to use Comodo D+ any more I'm offering to you Online Armor Free/Paid. With it you can drop Comodo totally because OA firewall is superb as like it HIPS.

 

Thats the combo I'm using - Online Armor (paid) & DefenseWall

 

Hi

How is ThreatFire annoying? It's practically totally silent.

 

Not really sure there is such a thing as set and forget HIPs. Not sure there should be either. Anyway, I too found Comodo tiresome and replaced it with on-line armour (paid). You can select 'trusted' programmes at install to cut down on alerts and set your programmes to 'run safer' with limited permissions as well as protecting them from hijack or termination. It's a good firewall too.

 

I use nothing but a Firewall, Anti-Executable and DefenseWall in a frozen system. Maybe I will add ThreatFire without scanner if that is possible.
AE has a detection rate of 100% and is the only security software, I do understand completely. Keep also in mind that most dangerous softwares have to be executables to be good in their evil job.
All the rest is too vague, unpredictable, not safe to use or unuserfriendly.

 

One possibility might be Rudra anti-virus which does not need any update.

 

Hello apathy,

Since you are a fellow DefenseWall user, the following links below may be of interest to you.

http://gladiator-antivirus.com/forum/index.php?showtopic=74120&st=0&p=207983&#entry207983
http://gladiator-antivirus.com/forum/index.php?showtopic=74057

Hope this helps.


Peace & Gratitude,

CogitoErgoSum

 

Very interesting.
http://www.efytimes.com/efytimes/fullnews.asp?edid=8801&magid=

 

Perhaps the level was set too high? The only things annoying about Threatfire were the warnings about "Unknown", in which it wouldn't give me ANY idea what had happened, just that it blocked it (though they were never in the blocked list). I HATED that, it was useless, I couldn't Google the problem because it didn't give me anything to Google. I also didn't like the slowdowns and stalling the system it liked to do fairly often.

 

I think my problem with TF is that I ran it along side Comodo FW with D+.
So as soon as I saw an alert from D+, TF showed one too and it became annoying. I am debating switching from Comodo to OnlineArmor but Comodo has been good to me as I haven't had any malware/adware/spware on my machine in a very loooong time. Although with FDISR, I could rollback the damage .

Thanks for all the help guys

ErikAlbert, you mentioned a 'frozen system' did you freeze your snapshot in FDISR and update when needed?

 

I wonder if u were using TF above default security level or you were using custom rules.

TF will never pop up like this so often. It is pretty silent.

 

Since you mentioned it, would the HIPS in OA and TF cover too much of the same area, making one of them redundant?

 

As I know OA n TF have confilcts, so u must not use them together.

Both are different, OA is classical HIPS and TF is behav blocker. U can choose one or even both( provided no conflicts, slow downs etc).

 

That clears it up. Thanks.

 

Actually OA for adbanced users, it will give plain pop ups and will pop up frquently until u have made most of ur rules.

TF on the other hand is pretty silent. It will pop up only when it finds a possible malicious/ suspicious action. Very few pop ups. It will not bother u. It,s good for relatively beginners.

 

Freezing the snapshot is correct, but I don't update/re-freeze the snapshot, at least not the way you think.

 

I was just as sick of Comodo D+ and TF turned me off the first week of it's inception, and ever time i would try it left me grumbling for the good old days of CyberHawk!!
So after asking around myself and not finding any solutions to compliment my Superior Prone protection of EQS 4.0 (beta) (Alcyon Rulesets), what did i do? I scramble thru tons of my old hard drives and was fortunate enough to find at least 6 early versions of CyberHawk!
After testing the one that did best, especially on Dll Injections, which in reality System Safety Monitor and EQS can both do that "BUT" require human intervention to Terminate the source injector, i found CyberHawk "didn't" need me for that since it Terminates them at the same time all by itself without my having to spend an extra click. That saves me time.

In conclusion, a "Lite" HIPS i would recommend has to be EQS. I've had it too with those time-consuming Combos that previous firewall makers have turned integrating HIPS= Pop Up City routines into their firewalls.

 

AFAIK, OA is not quite a *full-fledged counterpart* to D+. D+ includes configurable modules for (a) protecting files, and for (b) protecting ALL registry hives. OA presently lacks both of those important HIPS capabilities.

 

Do yourself proud and your security with EQS. It's the "Litest" HIPS bar none, and it will offer your systerm superior MAXIMUM PROTECTION! You can even LOCK OUT 100% either folder or files in the black List settings then test all your common HIPS test against it.

So what about the pop ups here and there, their there to make new rules that stick and never bother you again.

AFAIK, EQS is a set-and-forget HIPS once you add Alcyon's Rulesets to it.

EASTER

 

Easter, I've heard all kinds of good stuff about EQS from you, and I gotta tell you, as dumb as I am with HIPS stuff, I can't help but be tempted by it. For a guy like me who basically surfs the net, plays games once in a while, and does P2P (I do try to be careful with it though), just how hard is it for someone who knows their way around a computer pretty well, but just has never figured out quite all the "dll injection" type of jargon that a HIPS will often spout off, to learn their way around such a program as this?

 

Links please (yet again) for (1) EQS & (2) Alcyon's latest & greatest.

P.S.-- While we're on the subject of set/forget -- what's your favorite single-malt?

 

I think http://drop.io/eqsecure is the place Bellgamin, though Easter and Alcyon know for sure.

 

It's a crying shame ProSecurity threw in the towel just when they finally got it working to perfection IMO. That decision i will never understand, if nothing else they should give away 1.43 as freeware since the new owners will no doubt make changes and who's to say for the better or worse.

BUT! EQS doesn't change or leave a user grappling for a "lite" but extremely modern HIPS that allows the user to set his or hers own course of how much monitoring they are willing to accept in exchange for absolute security as per goes HIPS.

EQS for all purposes is the Ultimate in system protections, nothing can get past it (that i know) once you LOCK in your ban list, and that concludes any more attempts present or future from issuing malicious command orders to your good machine.

It's "lite" on the system but a bear trap for any intrusion attempts. I couple EQS with Cyberhawk (never TF), and it works like a charm and not only alerts but immediately terminates the offending source file on-the-spot like a Terminator. And it doesn't make mistakes or FP's like is been discovered by TF.

Sometimes older is MUCH better in security. I continue to see this time and time again.

EASTER

 

Hi Easter, in your opinion, would EQS with the ruleset be fine on it's own, or is it betetr suited with another whitelisting application? The reason I ask is because if I use EQS, I prefer to keep things free, and, even more important, "lite". Right now I use SandboxIE and Returnil to keep things "virtual", but having a well-rounded, strong, yet simple for every day use HIPS is becoming a necessity it seems.