64 Bit HIPS ?

Hi, I am currently looking for a full blown HIPS that supports 64 bit, so far I have only come across Ghost Security, which I am not a fan off to be honest.

After researching into HIPS applications I have found SSM, ProSecurity and Click'n'Safe, although none of the HIPS support 64 bit =(

Any recomendations would be nice?

Thanks.

 

Prevx2 supports x64

 

Thanks for the info =) Much appreciated

Although Prevx2 is a bulky application =(, plus it is not as powerfull as other HIPS mensioned above.

 

Putting Prevx 2.0 in expert mode will give you more HIPS functionality.

 

Thanks, i'll give it a try =)

 

You can try the Comodo Firewall Pro 3.0 Beta
http://download.comodo.com/cfp/download/setups/beta/CFP_Setup_3.0.9.229_XP_Vista_x64_BETA.exe

Keep in mind it's still under development but it is looking to be more powerful than most HIPS available out there right now...

The component of interest here is Proactive defence or Defense+

Here's a pic:

 

thanks looks good..

 

HIPS can't hook the kernel in x64. Not Comodo. Not Prevx. Not nobody. They gotta use API. Ergo, blatz - I will use WinXP until whenever, & then... something (ANYthing) besides Vista.

 

There are other legitimate ways to "hook" the kernel. You don't have to patch the service descriptor table. APIs don't necessarily mean userland and they don't necessarily mean you lose protection.

For example, Prevx 2.0 on 64-bit XP and 64-bit 2003 Server is fully functional.
Not all of it is implemented in the same way as on the 32-bit kernels but it is fully functional; much of the implementation is common to both 32- and 64-bit.

Prevx 2.0 on 64-bit Vista is 98% functional and the missing pieces we need for the other 2% are available in the upcoming Vista Service Pack 1.

 

Prevx 2.0 by no means covers the full range of potentially-*dangerous*-behaviors as do (for instance) SSM and ProSec. Which is not to say that Prevx is necessarily less protective. Prevx's community-based concept is fundamentally different from those of SSM, PS, et alia.

For those who have no objection to being tied to an online database, that's fine. It's just NOT my cup of tea. I much prefer stand-alone.

In my view, Vista x64 has (at this stage) thrown the baby out with the bath water. That is, in protecting the kernel from bad guys, Vista has equally blocked true HIPS-type protective efforts of good guys.

Vitali (SSM) & Jei (PS) both are still struggling to produce effective protection given the present status of Vista. I doubt that Prevx & Comodo have found some magical solution for providing full-blown "classical" HIPS-type of protection within the constraints of Vista's lock-out. Instead they have taken different and (in my opinion) lesser approaches.

 

There is an AppDefend beta which hooks the kernel fine in XP64 and 2003 x64. You just need to have a MS update removed which they released sometime after I did it which undid the particular method I was using.

It's possible. And when the next beta is out I will be working on what they modified so it will work even without removing their patch.

 

@Jason -- best of British luck to ye. Please keep us posted. If you lasso this dogey, I instantly become a *high probability customer*

 

I agree.

Comodo is very refreshing.

Seems not so according to Jasons remark below.

So what now?

One says it is possible another says it isn´t possible.. could someone clarify this whole story?!

Maybe we should open a new thread about the Vista kernel and what kind of possibilities we have.

 

Just goes to show --

There never was a horse that couldn't be rode.
There never was a cowboy that couldn't be throwed.

Jason found a "way in." No doubt the black hats will, too. Difference is, if the black hats get in, then their reward may run to 6 figures. Biiiig bucks! If Jason succeeds, then *maybe* some of us folks will spend 20 or 30 bucks for Jason's AppDefend.

Such being the case, I wonder who will work harder & longer to get into Vista's knickers -- the HIPS guys or the black hats?