Antivirus vs Classical HIPS

Discussion in 'polls' started by Fuzzfas, Jan 25, 2009.

?

If you had to choose 1, which would you run for safety?

  1. Antivirus, it's the safest solution.

    32 vote(s)
    30.8%
  2. Classical HIPS, it's the safest solution.

    62 vote(s)
    59.6%
  3. Antivirus, because i don't understand classical HIPS.

    15 vote(s)
    14.4%
Multiple votes are allowed.
Thread Status:
Not open for further replies.
  1. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Assuming you would have to choose between running only antivirus or classical HIPS (D+, online armour's hips, Malware defender, SSM and the likes) , which would you prefer as the safest solution?
     
  2. Minimax2000

    Minimax2000 Registered Member

    Joined:
    Jun 11, 2006
    Posts:
    204
    Location:
    Switzerland
    As an educated software developer classical HIPS for me all the way with default deny strategy. :)
     
  3. O.Alexander

    O.Alexander Guest

    I don't really understand classical HIPS, however,
    I bet it is better than AVs if you know how to use it, IMO.
     
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Hips with out a doubt.
     
  5. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    One more vote for HIPS here.
     
  6. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    501
    I was a classic HIPS fan myself.Still use outpost firewall 2009 sometimes.
    Now If i ware to choose i'll use AV.Main reason:software updates.
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi:

    I voted for AV because my FW which you could have included in your poll has the HIPS as an "add on":D
     
  8. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Gotta go with HIPS.
     
  9. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe

    The same for me.
     
  10. cet

    cet Registered Member

    Joined:
    Sep 3, 2006
    Posts:
    867
    Location:
    Turkey/İzmir
    Same for me too.
     
  11. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    The two actually complement each other, but still need the classical HIPS. The AV stops malware from getting into your computer; the classical HIPS stops it from getting out/executing if the AV misses it. And there will always be some the AV misses that get dumped on you via the HIPS anyway. Now add a behavior analysis tool to fix your mistakes, and ... :)
     
  12. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    and...a sandbox.
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Absolutely no comparison whatsoever.

    HIPS is better equipped and preprogrammed to intercept file/executable interactions signalling to Windows for whatever, entry, activation, modifications, etc. and foregoes any mega-blacklist to "TRY" to identify the latest malicious invaders.

    AV's try as they may still have an uphill climb although many have finally taken the page from HIPS themselves to better shore up their apps.

    EASTER
     
  14. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
    I voted HIPS. :thumb:
     
  15. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    My AV has HIPS as well... ;)
     
  16. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    HIPS with a default-deny policy. No AV. Been that way since 2006.
     
  17. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,215
    I have had ProcessGuard in its heydays, Comodo not long ago, and it is true, theoretically they should alert you of anything that wants to run without relying on signatures. In practice, IMO, they are only a hassle unless you enjoy analyzing processes in your computer.

    With Vista I have Avira + UAC (As effective I dare say as AntiExecutable from Faronics) + Shadow Defender, no more dilemmas about what should run or not.
     
  18. TrojanHunter

    TrojanHunter Registered Member

    Joined:
    Jul 8, 2007
    Posts:
    151
    Location:
    United Kingdom
    I can use HIPS...I just choose not to. I don't like using my computer and being bombarded with Allow and deny messages on everything, Good or Bad. Take Defence + for example it tells me everything is suspicious, so while it does have the potential to stop more malware...A system that relies solely on user discretion isn't a very intelligent solution IMO.

    I think the future will still include Anti-virus, but Behavioural blockers and Sandboxing will become more common alongside AV IMO. Sandboxie is a great application and user friendly too.

    Threatfire is reviewed here in this video and blocks all of the Malware:
    http://uk.youtube.com/watch?v=0bo3oPErZxo&feature=channel_page
     
    Last edited: Jan 27, 2009
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I found and routinely run together ProcessGuard 3.50 + SandboxIE 3.33 + Mamutu with EQSecure 4.0 Beta 3 with OUTSTANDING SATISFACTION!

    PG still has enough stability AND ability to interact reasonably well enough 4 me.



    easter
     
  20. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    PG is a golden oldie! Probably it won't get near 340/340 in latest comodo's leak test, but it's still good for a good portion of malware out there. I only have the free version and even that is still useful. If not for anything else, you can be sure no exe will run automatically and that you can protect your other security programs from manipulation and termination. Maybe i should run it for a while in a more "light" hips setup. Comodo is great but always, after a while, i do get tired when i install new applications.

    Only one thing i don't understand. Why run both PG and EQ Secure? Does PG cover an area that the other doesn't? Or is it simply for the pleasure of running PG? (which is fine for me, i do that too sometimes).
     
  21. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Antivirus vs Classical HIPS?

    Absolutely it is a HIPS.
    At least in my case.
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I download immensely a lot of customizations like shell32 AVI's, wallpapers, IE Throbbers, flash animations, FLV classic TV Videos and EQS goes absolutely beserk over my ambitions, so i temporarily disable EQS briefly and rely soley on PG + Mamutu for those times. LOL

    EASTER
     
  23. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    That's a very interesting approach actually! I too get annoyed sometimes from the excessive "zeal" of some HIPS. Although i don't think i would run 2 hips, i completely understand your reasoning and it's actually a very clever approach for a HIPS lover.

    I am using SSM right now, but it's very pop up- happy if something wasn't learnt already. An alternative i think i will try, will be Threatfire + PG Free.
     
  24. progress

    progress Guest

    Antivirus, because i don't understand classical HIPS and too many popups are annoying :gack:
     
  25. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    HIPs default-deny is surely the safest, but severely restricts utility of your machine.
    People need to DL and use programs.
    Refusing xyz.exe from running will assure you remain secure, but what if you need to run said executable to be productive?
    Few users have the savy to determine the threat when prompted to allow / deny dirmngr.exe (or whatever).
    The safety / threat of xyz.exe has to be verified. Hence the rationale for AVs.
    Poor analogy:
    I could lock my door and never let anybody enter, thus assuring my safety.
    OR, my AV/AT could inform me that the person knocking is a Somali pirate, or just the next door neighbor bringing me cookies.

    MHO: HIPs = safer, but not practical for mainstream users (which most of us are not).
     
Thread Status:
Not open for further replies.