Unsure of which HIPS to use....

I would like to try a HIPS. The 3 that I have read about are..... Prevx1,Cyberhawk and Online Armour.
The discriptions all kinda sound the same. I share the comp. with my wife,so I don't want anything that is too intrusive.(the less warnings the better)
Am I missing much if I just use the free versions? I think I read that you don't pay for Prevx
untill you get infected. That doesn't make sense to me.....I pay for the program if it fails?

Thanx in advance for any and all comments

 

I recomend you Cyberhawk, because prevx1 requires a lot of RAM

Perhaps read this can help you: http://www.av-comparatives.org/seiten/ergebnisse/HIPS-BB-SB.pdf
Safe'n'Sec also is a good option

 

Take a look at ProSecurity http://www.proactive-hips.com/

It may only be because I'm used to it now but I have found it to be more user friendly that say SSM and yet by watching what it is doing I feel that I am learning at the same time. Free and paid for versions available. I paid for the Home license.

 

system security monitor for advance user....

cyberhawk for novice like me...

so i have a combo of cyberhawk and defensewall...

 

Everyone has their personal preferences born out of needs and working styles. Try all 3 as they are rather different products.

No, you should read this as you don't need to acquire a license until the program actually has something to do.

Think of it this way - it's on an indefinite trial until something is flagged, then the normal, fully functional, 32 day trial starts (malware detected and Prevx can remove it). After the trial ends, and if you don't purchase a license, it goes into a detect only mode. If you want Prevx to remove any malware found, you will need to purchase a license (you could also do things manually). Licenses can be the typical 1 year in length or you can buy reduced length 1 month or 3 month coverage for reduced cost (it's at a higher rate, but lower net cash outlay). It's actually a fairly innovative and equitable licensing structure. The reason someone might opt for a standard license is working convenience and ongoing coverage. See here.

Blue

 

Hi Daddymo3

As regards the 3 you mentioned I have all of them on 2 different machines.

On the one I use for work, I have Cyberhawk and in 3 months not a single alert. It is eerily quiet. I prefer more info on what is being protected etc than the scant info that CH provides. Some here seem very happy with it and it's levels of protection so who am I are to argue

Prevx in ABC mode is also very quiet and user friendly and I like this product. As regards pricing, I guess the model is - install, malware check, oops you're infected, clean up for you and then start to pay for further clean up if required in future. I started clean and have, other than a FP, remained so therefore costing me nothing to date.

I am a beta tester for Online Armor plus Firewall so some may see me as biased, but this has the makings of a great product. Many here use OA in it's current state and are very happy with it. I am not techie and OA is designed to be very user-friendly and in standard mode should prevent a lot of pop-ups and has some very good features.

Support from both OA and Prevx is in my opinion outstanding. Asked a question once at CH and got a prompt reply.

SSM is (as I'm sure PrcSecurity is ) an excellent product but was proving too difficult for me and whilst in the hands of the right people will probably provide the most security, for those less knowledgable it can prove to present more headaches than it prevents.

I'd suggest trialling OA, Prevx and CH to see which suits you and your wife best.

Hope this helps.

 

LOL - as always, Blue explains it better

 

perhaps you can use vmware and have a look at them all in the virtual envornment so you dont clutter up your pc or screw it up due to testing.?

 

Vote for Prevx here. OA had too many unresolved conflicts on my machine.

 

someone new to hips i would suggest they try them all. "One mans bread is another mans poisen".

I prefer ProSecurity but ssm is not too bad i think also.

 

If I use a HIPS,then do I disable the resident protection of my AS?

 

I am using now PS, and finally I prefer it against others.

I am runnig Cyberhawk and PS(FREE version) without problems

 

AS ? antispyware ? I would suggest yes, only use it ondemand, you want to run as little as possible memory resident. Have as many on demand things as you like.

 

I am currently using Prevx1 and Cyberhawk runinng side by side.

 

Both ssm and ps are great, they both have learning modes so intrusive pop ups are reduced. Prosecurity now has a setup wizard which scans your computer before running to setup its default rules which is really helpful.

 

If its causing you performance problems or something then yes. Otherwise i'd keep it activated.

 

Two HIPS at the same time? Why? If they both basically do the same thing.........

 

Cyberhawk's newest version 2.0 "AND" System Safety Monitor right here in tandom working flawlessly together.

I examine myriads of malware/keyloggers/rootkits etc. I find that similarily where users use more than one on-demand AS scanners to pick up detections maybe the other had missed, running at least this pair of HIPS-Signal Interceptors, makes for interesting results.

You can use any RKD program that displays the nt/os SSDT table and discover for yourself just what "instruction/code commands" that each HIPS program "hooks" into. Safemon.sys (SSM Driver) hooks aplenty inside this table whereas CyberHawk (NxSysMon.sys) positions itself into critical lines of instruction also such as NtCreateKey, NtSetValueKey and others.

Myself don't in reality need 2 HIPS but since they do well in combo with each other and do not sacrifice resources, impact, or clash to make issues, allow them to safely co-exist and compliment each other nicely.

 

I here good things of cyberhawk but have not tried it.

I am using Prevx in very pleased and very few pop ups in abc mode!

Excellent program and runs light on both my laptop and home compuer (1800 Athlon XP chip 512 ram so quite old!!

Cheers

Jlo

 

Hi EASTER.2010,

I was afraid that using two HIPS, as using two firewalls were a bad choice.

I have been googling for jetico personal firewall and I am very impressed by what it can do and have found that it has a relatively large user base who love it and have written tutorials on how to use it:

• Tutoriel Jetico Personal Firewall
• Jetico : le tutoriel
• GUIDA per principianti a Jetico Personal Firewall ver. 1.x
• [Guida] Guida alla configurazione di Jetico Firewall - Parte 1
• Manual Jetico Firewall (needs some work to pull it out from archive.org)
• Mi aiutate a configurare al meglio Jetico firewall, non c'ho capito praticamente
• Jetico making me crazy

As jetico and ssm are two HIPS programs, I was afraid that they could clash if used together. Do you know (or everybody else) if jetico and ssm can co-exist nicely?

 

I've also heard good things about Jetico but why would anyone want to run a firewall and a HIPS ? is there some gap that is not covered ? If the HIPS is any good is there still a need for a Software Firewall ?

My conclusion so far has been that a hardware firewall and HIPS is a preferable combination. If I'm wrong then I'm sure someone will explain why.

 

Some people choose Jetico for its performance and filtering abilities. Some people disable the "Process Attack Table" and use another HIPS such as SSM or PS.

 

I don't mind running a firewall and hips as long as performance is not affected. I run PS and LnS on my 1ghz vaio with no problems. Also, current hips are not as configurable and don't offer as much network control as a dedicated firewall.

 

Hi Long View,

afaik with hardware firewalls you can not control neither the loopback (very important, if you use proxomitron) nor wich applications connect to the web.

 

which is why I wrote "and" Hips. The Hips takes care of which applications connect to the web. Not sure about loopback ?