An HIPS for Windows 10

I was a bit doubtful, due to an old prejudice about WD. For this reason I looked for reassurance. But if I find at least an additional program - may be AppGuard, Spy Shelter... - I'll use WD av and firewall.

 

Comodo creates issues, godd idea SpyShelter o ReHips, thank you.

 

There is a program called ReHIPS, which has a very nice HIPS component to it. ReHIPS in fact specializes in isolating vulnernable apps, such as browsers and MS Office and certain PDF programs, but the HIPS component is quite good on its own.
If you use the free demo version of ReHIPS, and your browsers keep pushing you over the demo limit, just set the browser exe to "inspect" instead of "isolate" (I think that's what those options are called). Then the HIPS component will govern them, all for free.

 

Thank you, shmu26 !

 

Very much agree! Personally I consider 100% to be rather iffy...

 

Windows Defender has been re-named to Microsoft Defender. MS Defender is a competent AV.

If you are running a computer where MS Defender seems a bit sluggish, then ESET might be lighter on your computer's resources. Despite its low impact on computer resources, ESET is very competent, multi-faceted AV.

 

Just about all the popular alternatives are competent these days AS LONG AS we keep Windows and the security application current. This is an important fact to remember. I personally don't care what people use, as long as they use a security solution AND keep it current. I have to laugh at those who brag that they don't use security programs, who pretend they are so clever, they are smarter than the bad guys. Yeah right. They are just tempting fate.

I think there is a misconception about the impact on resources that the marketing weenies with some alternative solutions "spin" to make their products "sound" or appear to be superior.

It is critical to understand that there is a HUGE difference between the "perceived" impact on performance during on-demand manual scans, and all other times during normal use when the real-time component is doing its thing.

If you, as the user, initiate a "manual" scan, does the time it take, or the CPU or RAM utilization really matter? Or is the real issue, "is my computer clean of malware?" I personally want to know my computer is clean.

And during other times, when the real time, full time component is constantly scanning and monitoring, does it really matter if a few more percentage points of RAM or CPU utilization is being used? As long as the program is not pegging out performance at 100% for extended periods, the answer should be "no". I have worked with many computers and security programs and, except during manual "or scheduled manual) scanning, I have never seen a security program "noticeably" impact performance - unless there was something else wrong, or going on at that time.

An often overlooked resource is disk space. Are you using additional disk space with Microsoft Defender? Nope.

For sure, ESET "used to be" one of the lightest on resources. That is not always the case these days. On of my concerns with installing 3rd party alternatives is so many are really challenging to totally remove, should you change your mind.

But again, use what you like. Use what you are comfortable with. I don't care. Just use one of the many acceptable security programs. keep it and the OS current, and don't be "click-happy" on unsolicited links - the exact same precautions we need to take regardless our security solution of choice.

 

Hardly a significant factor nowadays, except for the needs of specialized occupations such as architects.

 

While I definitely agree with your other points, in my experience some antiviruses (and I've used every antivirus) make my computer run noticably slower at times, even when they are not running scans. I often see a big difference in system impact from one antivirus to the next. I'm talking about my computer running slowly, rather than looking at resource usage in Task Manager. Unless my computer is running slowly, I have no need to use check on resource usage. My main system only has a 2nd gen i3 CPU. One day when I upgrade to something more powerful, then I'm sure that system impact from security software will be less of an issue.

I certainly believe that using any big name third party antivirus, or Microsoft Defender, along with keeping Windows and vulnerable software updated, and not being click happy is enough to keep you very well protected, without using HIPS or any other security software.

 

I frequently image my computer's system drive. Thus, my main concern, relative to computer security, is that a malware might manage to connect out before it's detected by my AV &/or prevented by my firewall. Ergo, I use SpyShelter for its added layers of protection against connect-outs by keyloggers et alia, not to mention its encrypter (which I do not presently use).

Info based on THIS website (plus others) shows that...........
=> Cybercrime rates are increasing fast
=> Main goal of hackers is to steal data, passwords, etc. To do that, they must connect out.
=> AVs are NOT bullet-proof (or cybercrime rates would not be increasing, whereas they ARE increasing)
=> Ergo, it seems to make some sense, at least, to look to improve one's protection against unauthorized connect-out's.

Are added security layers needed? I think it depends on the sensitivity of the info on one's computer. My present home was built in 1962 & has never been broken into, but I still lock my doors at night & arm my security/fire alarm. Wasted effort? YES! (so far) By the same token, is SpyShelter totally superfluous? YES! (so far, that is. May it ever be so.)

 

There's certainly no harm in doing that.

 

@roger_m -- I edited my post before I saw your post #36. I'm sorry that happened.

 

Too too true. However, "manual scans" (aka "on-demand scans") mainly look at dormant files. Thus, no matter how competent an AV's behavior blocker might be, it won't help the user much when scanning dormant files. Of course, some files may be running at the time of the scan, but I expect that most files would be dormant during on-demand scans.

I am NOT saying that on-demand scans are not valuable, because they are VERY valuable (I use KVRT for mine). Even so, using a real-time AV that has a strong and proven behavior blocker component is THE primary foundation of any strong computer security set-up -- IMO, of course.

 

the time for personal breaches is over, it has more gain to attack and hack servers and forums where users put their credit card infos and more, inclusive email+password.
hacked email, steam and more accounts are result of re-used passwords.

 

Ummm, sorry but not really true. I agree it is less common these days with monster hard drives being so affordable. But it definitely is not a rare occurrence. I note it is not uncommon at all to see budget systems with small (even tiny) SSDs as the boot drive - and often their only drive.

To illustrate - this brand new Acer Aspire 5 laptop comes with just a 128GB SSD. And they even have a less expensive model with only 64GB! Check out these, all major brands, from Best Buy. There are lots of AiO computers with only 128GB too. At least tower PCs usually come with at least 256GB drives - but that can fill up quickly too. So running low on disk space is still, sadly, a significant factor nowadays - despite the increased prevalence of monster drives.

@roger_m - You are absolutely right about the computer's horsepower playing a role and I should have mentioned that earlier. I feel I must add, however, that it is my experience that there is no "1" product out there that stands out as "always" having the least "noticeable" impact on performance. That is, on Machine A, it might be AVG, Machine B, ESET, Machine C, Microsoft Defender. This is due, mostly in part, to every computer being unique - with unique hardware configurations and users setting up different programs to start with Windows too.

Sadly it is up to the user to, by trial and error, figure that out.

I will say this too - there are some programs that do stand out as being resource hogs - despite being excellent security programs. And sadly, the main two I am thinking about are two of the biggest names (I'll just call them N and Mc), and frequently come pre-installed on new factory built systems as trial versions specifically to influence (Coerce? Intimidate? ) users into paying (year after year after year) for a subscription plan that includes all sorts of [bloated] features they don't need. My point being, folks do not need to pay for capable security. But that's for a different discussion.

Another thing I have seen is performance impact "may" also depend on how the user uses the computer - or rather, how the user ends his or her computing session. If the user just lets the computer go to sleep, Windows will do much of its "housekeeping chores" (scans, updates, indexing, defragging HDs, etc.) while the user is away. But if the user completely shuts down the computer after each session, Windows (and its security) must play catch-up and it does this while the user is trying to perform other tasks.

Kinda sorta. True, "behavior" scanning is not part of the "on-demand" scan but that is because the real-time component is still running. So behavior scanning is still an on-going process.

You say "mainly" looks at dormant files - that is true in terms of the "amount of work" the on-demand scanner is required to do. Odds are, there are 100s of gigabytes or even terabytes of "dormant" files to scan - as opposed to open files and what's in RAM. I am just saying "mainly" here does not suggest dormant files are the "priority".

I note every file, even the dormant files were scanned the first time going in, every time they were opened and/or modified, and the last time a manual scan occurred. For that reason, I generally consider manual (or on-demand) scanning as something to do for peace of mind - not because they are really necessary.

 

Yes! Worse yet, those 2 AVs are very difficult to cleanly uninstall. I won't buy any new computer that has pre-installed 3rd party security apps.

 

That's definitely true. Antivirus performance can vary greatly from one computer to the next. There is one antivirus which is one of the lightest antiviruses and I find to have minimal system impact even on low end systems, but on occasion I see posts from people saying it made their computers run slower. I've seen an antivirus run fine on one computer, yet cause noticeable slowdowns on another with similar specs. Which is why the only way to know how an antivirus will perform on your computer, is to try it yourself.

 

Yes but my point was that someone like you who has been a forum member for some time, should have known that the topic starter is a more experienced user that has been using HIPS for years. So telling him that he doesn't need it, is pretty much pointless and almost sounds a bit condescending, eventhough perhaps you didn't mean it in this way. And besides that, the topic starter didn't ask if people need a HIPS or not.

No of course it's good to advice people, but what you don't seem to understand is that this discussion was never about whether you can stay save WITHOUT extra protection tools. Of course it's possible, and if you never encounter malware and never get tricked into running some exploit, then you might not even need any AV. For years I have actually stopped using AV (besides VirusTotal) and I even stopped patching Windows because of the problems that it caused, and still no malware infection. So I get your point and I somewhat agree with it. Many of the security problems on Windows are overblown.

Cool, but I don't think it's productive to simply say that people don't need tools like HIPS. It's more helpful to at least explain the pro's and cons and let people on this forum, who are clearly interested in computer security, make this decision based on useful information. And don't forget, there are plenty of people that might actually get targeted by hackers, perhaps because of their job. So not everyone has the same risk profile. And again, AV's might fail to protect against more sophisticated attacks. So I'm afraid that ''not being click happy and keeping systems up to date'', isn't always enough to protect against malware infections. Will we ever encounter these sophisticated attacks? We simply can't know, but better be safe than sorry.

 

Exactly my point. Actually, that's how I ended up on this forum in 2004, back then IE was targeted a lot, and I wasn't confident that AV's could block all malware, so I decided to learn more about HIPS like Process Guard, which was a very lightweight tool and could easily tackle exploits. So these tools are not only fun, but also useful. Especially because they bring something new to the table. Many of the features that standalone HIPS/behavior blockers offer, are not found in AV's. They simply add another layer without bogging down the system. With that I mean, they barely use any CPU time, RAM and don't cause any extra disk activity. At least the ones that I have used.

This is not directed to you, but guys let's not forget that this topic is about HIPS, not AV's. Although there are certain AV's with HIPS modules like Kaspersky and ESET, but that's not what you guys are discussing.

 

Thank you, Rasheed187 , only " experienced " may be it's more realistic . Anyway, we have to remember that using an HIPS for many here is also a fun, and that many about safety are happily paranoid about safety. How many times here we regretted all the HIPS discontinued and dead ?

 

Why must you so often degrade the thread by resorting to personal attacks when you don't get your way in a discussion?

Just because a poster is greatly experienced does not in any way mean they need something. Nor does it mean they are fully up to speed on current events or needs.

The true fact is, there are 100s of millions of users who have never installed a separate HIPS program and guess what? They still did not get infected. None of my systems have, nor have the 3 dozen systems I am responsible for. That may still be anecdotal but still pretty convincing for me.

I do not know anyone, nor have I heard of anyone who "stopped" getting infected after they installed a HIPS program!

And forum threads are NOT two-way, private conversations. They are open discussions for everyone to learn and share. This is something you, as a long time forum member should know.

Future readers need to know they do not "need" layers and layers of security programs to remain safe. So I tend to write my comments directed to all, not just a single poster.

And I think that is great. But will adding yet another dead-bolt to your front door increase your level of security by any significant degree?

Was it really wasted? How do you know a bad guy hasn't come up and wiggled your door knob, found it locked and so moved on?

 

Rasheed is a very constructive & helpful poster. The thread was degraded, yes, but not by Rasheed. He responded to OP's questions by offering positive suggestions. It was others whose extensive comments served to divert discussions away from HIPS to promoting Defender.

I think that most members of Wilders are well aware of Defender's availability and competency. Even so, the situation nowadays is that, every time anyone tries to inquire about 3rd party security apps, along comes the advocates of "you don't need anything but Defender." Those advocates then divert discussions away from original poster's comments to pontificating about Defender & flaunting their own personal expertise.

I hope that this forum continues to be open to discussing all facets of computer security and not just to "Defender is all you need."

 

Thanks for saying what needed to be said!

I think a more friendly alternative to HIPS might be SRP, either by group policy in paid Windows or by using a third party UI (like the free Hard_Configurator or the simplified Simple Windows Hardening which works with several third party AVs also). This was already mentioned on the first page but I'm repeating it. It can harden the operating system without compromising performance and doesn't cost extra. You can apply a profile and that's it. Nothing's bullet-proof but the merits are well-established.

HIPS for many (myself incl.) is just not user-friendly. For the experts, though, I totally respect it. I used to use Online Armor in Windows 8.1--now it's gone with the wind. And I wouldn't want anything to take its place cuz I'd no longer have the patience or the inclination to re-learn it.

 

Right. So you believe like Rasheed, that "most" members of Wilders think it is "fun" to use extra security tools and personal affronts against those who have a different opinion is totally acceptable. Got it. Okay. I stand corrected and will step out of the way. Have a good day.

 

I am FAR from being an expert. The HIPS nowadays are much more user-friendly than those in the days of System Safety Monitor & Malware Defender.

For example, the HIPS component in SpyShelter Free is designed to configure itself, based on user's activities & user's responses to alerts. Those alerts are easily understood, even by novices. Yes, alerts will be frequent for the first few days of HIPS usage, but will soon become much less frequent.

The HIPS in ESET & Kaspersky come pre-configured. Those apps enable advanced users to set additional/customized rules, but doing so is totally optional.

Concerning zero-day & other malware that cannot be detected by signature scanners alone......
=> Present day top-tier AVs all include Behavior Blockers (BB) so as to protect users from this type of malware.
=> HIPS & certain other security apps (examples: OSArmor, VoodooShield, ESET, Kaspersky, Emsisoft) can provide added layers of protection from this type of malware -- if user feels such added protection is warranted.