Which HIPS or "alert" software can meet my criteria?

Yes, it's true that it isn't possible to deny execution from system space with AppGuard but given the way AppGuard drive-by download protection works that isn't an issue.

I also understand that some people like to have tighter control over what the system is doing, which is why running AppGuard in conjunction with a HIPS or AE, either for additional monitoring, or simply as belt-and-braces protection, isn't necessarily an overkill. It's simply a matter of user preference.

 

Hi pegr,

Ahhhh, I see now. Okay, thanks for setting me straight on this. My interest is sufficiently piqued that I'm going to do something radical: read the whole user's manual before installing AppGuard. *gasp*

Excellent advice on both fronts--thanks much.

I do indeed want the "belt-and-braces protection," as you aptly put it, and not just for preventing intrusions and malware. Back in the ProcessGuard days, I was able to control whether or not QTTask ran in the background of my install of Quicktime Pro. Ditto for all sorts of other programs that were overenthusiastic about delivering an "enhanced user experience" (commercial CDs and DVDs were the worst offenders). Better than blocking their ability to "phone home" at the firewall is the ability to prevent the little beasts from starting up in the first place. Best of all is the ability to block those modules from installing altogether. PG did this; it's not clear to me whether AppGuard alone will or not (hence my new interest in the users' manual).

I confess I'm not fond of paying annual subcription fees for an anti-exe program, so I'm going to look much harder at NoVirusThanks and see if it might serve me better than VoodooShield. It seems strange--why would an anti-exe need frequent updates anyway?? With PG I had a lifetime license for all updates for fifty bucks, and that was that.

Thanks again,

David

EDIT: Now I've a new wrinkle. Can anyone tell me where I might find user's manuals for AppGuard and NVT ERP? I'm lookin', but I ain't seein'...

 

Here are some links to resources for AppGuard: https://www.wilderssecurity.com/showpost.php?p=2253804&postcount=2687

I don't think there is an up-to-date user manual for NVT ERP. This thread is probably the best source of info: New Antiexecutable: NoVirusThanks EXE Radar Pro

 

Agree. But layered security it's not only a preference matter, but a security matter.

 

Agreed but turning that statement around, all security is also a matter of personal preference; otherwise we'd all be using the same setup. I've already said that I don't see a problem with combining AppGuard with a HIPS or anti-executable, but I've also said that isn't necessary as AppGuard is sufficiently strong to stand on its own, so yes it is a matter of personal preference.

 

To all,

Forgive my absence from this topic. I have been distracted with some issues on my PlayStation.

I must use this post to update you. There are some significant changes, but I am unable to update the original post...as the edit button is missing.

These were the edits I would have liked to make:

 

NoHolyGrail,

In regard to AppGuard - if I recall correctly, another user claimed that it would not meet my criteria. This must have had some subliminal influence on me, because I have not been tempted to try it since. But I will make an effort this weekend and let you know...

In regard to Online Armor - no, I did not report it. Time constraints are to blame here. I was in a rush - and I only had time to test various software, not engage in correcting their problems. You can point the Emsisoft staff to these two posts (copy them if you like), as it will let them easily re-produce the error & fix at their own pace:
https://www.wilderssecurity.com/showpost.php?p=2251936&postcount=20
https://www.wilderssecurity.com/showpost.php?p=2251929&postcount=19

 

why don't you try PrivateFW?
Is a great solution, with a strong hips and is very similar to ComodoFW, you can use almost the same setting (set high sensitive, disabling truster vendors and so on)
The only issue is that you can disable hips module but not disable the FW so you have to use Private as FW in your system
Is the lightest FW+Hips in the market
At the moment Bitdefender has some compatibility issue with PrivateFW but Bitdefender developer are looking at the problem I have reported

 

AppGuard won't meet your criteria. AppGuard focusses on preventing the first steps of an intrusion in stead of looking at all attack vectors.

Malware Defender looks at the world as if you were living in an open field and can be attacked by all sorts of intrusions from all sites and angles. MD only stops the memory intrusion which are described in the system table (written by the great operating ground landlord), not the ones based on exploits (buffer/stack/heap overflow). It has all sorts of hooks/api monitors running around in your camping ground (system) to catch the arrows/stones of the intrusions before they can hit you.

AppGuard looks at the world as though you are living in a house and adds a stronghold by forbidding some applications to come into your bed & bathroom (presuming that attacks while sleeping or under a shower are harder for your system to deal with as offending moves in the living room/kitchen etc). It even has a special MBR Guard to protect the master keybox in which you keep all the (spare) keys of your car/house/safety locker etc. On top of that it stops all unknown/new applications in the visitors areas from executing (who enter via the hall to the livingroom or via the back and the kitchin). As a special service it keeps some objects of you private (in accessible to strange or guarded apps). But the best trick of all that it also provides you with a memory guard, which reads the minds (also the exploits) of all people passing by to stop them making unallowed and hidden moves (attack preparations).

Head to head competition with Matousec PoC's will show that Malware Defender scores better as AppGuard. Head to head competition for latest malware/real life conditions will problably show AppGuard as being the one stopping most in the wild exploits.

Then again, when you want to see all intrusions, I am afraid you have to blend your own layered security package.

 

kees good explanation man i got to give a 10+ here

 

Classical HIPS for 32-bit: Comodo, OA
Policy-based HIPS for 32-bit: DefenseWall, AppGuard

Classical HIPS for 64-bit: Comodo, OA
Policy-based HIPS for 64-bit: AppGuard

For future-proofing, it's better to go with a HIPS software that is in development which supports 64-bit and newer OSes (like Windows 8 ). With Kernel Patch Protection being updated by MS from time-to-time, it's also better to go with a HIPS that is not adversely affected by KPP. If you can do without HIPS, look at alternatives that do not rely on hooking the kernel.

P.S. Since VoodooShield is mentioned here, I've got to put in my opinion here. Forget it (for now). Not only does it disable UAC (which is in itself a major change to the OS despite whatever the developer says), it is vulnerable to race conditions which allows malware to execute first and then kills it only after the fact. Let's just say I'm amused by the rebuttals by the developer for these 2 facts. As much as I appreciate the simplicity and the generous offering of 1 year free, and the dedication of the dev to his work (quick responses on the support thread), as a security software itself...it needs better implementation. No offense intended.