Antivirus vs Classical HIPS

Assuming you would have to choose between running only antivirus or classical HIPS (D+, online armour's hips, Malware defender, SSM and the likes) , which would you prefer as the safest solution?

 

As an educated software developer classical HIPS for me all the way with default deny strategy.

 

I don't really understand classical HIPS, however,
I bet it is better than AVs if you know how to use it, IMO.

 

Hips with out a doubt.

 

One more vote for HIPS here.

 

I was a classic HIPS fan myself.Still use outpost firewall 2009 sometimes.
Now If i ware to choose i'll use AV.Main reason:software updates.

 

Hi:

I voted for AV because my FW which you could have included in your poll has the HIPS as an "add on"

 

Gotta go with HIPS.

 

The same for me.

 

Same for me too.

 

The two actually complement each other, but still need the classical HIPS. The AV stops malware from getting into your computer; the classical HIPS stops it from getting out/executing if the AV misses it. And there will always be some the AV misses that get dumped on you via the HIPS anyway. Now add a behavior analysis tool to fix your mistakes, and ...

 

and...a sandbox.

 

Absolutely no comparison whatsoever.

HIPS is better equipped and preprogrammed to intercept file/executable interactions signalling to Windows for whatever, entry, activation, modifications, etc. and foregoes any mega-blacklist to "TRY" to identify the latest malicious invaders.

AV's try as they may still have an uphill climb although many have finally taken the page from HIPS themselves to better shore up their apps.

EASTER

 

I voted HIPS.

 

My AV has HIPS as well...

 

HIPS with a default-deny policy. No AV. Been that way since 2006.

 

I have had ProcessGuard in its heydays, Comodo not long ago, and it is true, theoretically they should alert you of anything that wants to run without relying on signatures. In practice, IMO, they are only a hassle unless you enjoy analyzing processes in your computer.

With Vista I have Avira + UAC (As effective I dare say as AntiExecutable from Faronics) + Shadow Defender, no more dilemmas about what should run or not.

 

I can use HIPS...I just choose not to. I don't like using my computer and being bombarded with Allow and deny messages on everything, Good or Bad. Take Defence + for example it tells me everything is suspicious, so while it does have the potential to stop more malware...A system that relies solely on user discretion isn't a very intelligent solution IMO.

I think the future will still include Anti-virus, but Behavioural blockers and Sandboxing will become more common alongside AV IMO. Sandboxie is a great application and user friendly too.

Threatfire is reviewed here in this video and blocks all of the Malware:
http://uk.youtube.com/watch?v=0bo3oPErZxo&feature=channel_page

 

I found and routinely run together ProcessGuard 3.50 + SandboxIE 3.33 + Mamutu with EQSecure 4.0 Beta 3 with OUTSTANDING SATISFACTION!

PG still has enough stability AND ability to interact reasonably well enough 4 me.



easter

 

PG is a golden oldie! Probably it won't get near 340/340 in latest comodo's leak test, but it's still good for a good portion of malware out there. I only have the free version and even that is still useful. If not for anything else, you can be sure no exe will run automatically and that you can protect your other security programs from manipulation and termination. Maybe i should run it for a while in a more "light" hips setup. Comodo is great but always, after a while, i do get tired when i install new applications.

Only one thing i don't understand. Why run both PG and EQ Secure? Does PG cover an area that the other doesn't? Or is it simply for the pleasure of running PG? (which is fine for me, i do that too sometimes).

 

Antivirus vs Classical HIPS?

Absolutely it is a HIPS.
At least in my case.

 

I download immensely a lot of customizations like shell32 AVI's, wallpapers, IE Throbbers, flash animations, FLV classic TV Videos and EQS goes absolutely beserk over my ambitions, so i temporarily disable EQS briefly and rely soley on PG + Mamutu for those times. LOL

EASTER

 

That's a very interesting approach actually! I too get annoyed sometimes from the excessive "zeal" of some HIPS. Although i don't think i would run 2 hips, i completely understand your reasoning and it's actually a very clever approach for a HIPS lover.

I am using SSM right now, but it's very pop up- happy if something wasn't learnt already. An alternative i think i will try, will be Threatfire + PG Free.

 

Antivirus, because i don't understand classical HIPS and too many popups are annoying

 

HIPs default-deny is surely the safest, but severely restricts utility of your machine.
People need to DL and use programs.
Refusing xyz.exe from running will assure you remain secure, but what if you need to run said executable to be productive?
Few users have the savy to determine the threat when prompted to allow / deny dirmngr.exe (or whatever).
The safety / threat of xyz.exe has to be verified. Hence the rationale for AVs.
Poor analogy:
I could lock my door and never let anybody enter, thus assuring my safety.
OR, my AV/AT could inform me that the person knocking is a Somali pirate, or just the next door neighbor bringing me cookies.

MHO: HIPs = safer, but not practical for mainstream users (which most of us are not).