Best Free HIPS

Discussion in 'other anti-malware software' started by YODA, Dec 25, 2007.

Thread Status:
Not open for further replies.
  1. YODA

    YODA Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    100
    Which HIPS(free) is the best?.......i'm currently using PG but it seems like its out of date compare to others, and i'm also using comodo 2.4 with kav webscan so we can rule out comodo 3 for me.
     
  2. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
  3. YODA

    YODA Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    100
    I have pg 3.150 full. Is OA or PS, the free versions better than the PG i have now? Or can i use the PG plus an additional HIPS in tandom to cover up the missing gaps, and if so which would compliment PG?
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Used as anti-executables (i.e. whitelisting a clean system and prompting for new/modified executables) PG and PG free are 100 % malware-proof. The more advanced features of PG (interprocess communication, driver loading prevention, etc) are somewhat out-of-date.
    OA free also offers a firewall, some interesting features (like "Run Safer") and most of the features of a classical HIPS (anti-executable, interprocess communication, etc)
    God forbid that. Never use more than one HIPS, even if they seem to like each other.

    If you're after a classical HIPS, you have some options:
    - Comodo 3: firewall with HIPS.
    - OA free: firewall with HIPS. The paid versions add even more features.
    - EQSecure. You can add a firewall.
    - PS free. You can add a firewall. The paid version adds even more features.
    - SSM free. You can add a firewall. The paid version adds even more features.
    - AppDefend (beta). You can add a firewall
     
  5. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    How about a limited user account and with a software execution policy. It might not be what some of you are thinking about, but it locks down a machine pretty tight.
     
  6. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Indeed it does when you runs from a restricted account, but when you´re in admin mode to make an update/install you maybe want to follow the installation process and that´s only possible if you have a program with an allow/deny function alt. compares before/after installation (InCtrl5, InstallWatch etc.)

    /C.
     
    Last edited: Dec 27, 2007
  7. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater

    Your point is well taken and others are of the same opinion. In fact it is only in the last few days that I have been made aware of the concept of using a HIPS as a detection device. Previously, I had used Sandboxie in this manner to see what files and directories were created and also the registry entries may be examined. I assume, of course, you have a recent image back up, are doing this in a VM, or are using some kind of roll back device like Returnil just in case the HIPS tells you something bad.

    Another thought here is just exactly what is the function of HIPS? I thought it is to prevent unauthorized system changes and/or program execution. Detection is a possibility, but the fact remains that when a HIPS sends out a warning it is pretty much generic. Legitimate software does a lot of stuff and writes to all sorts of sensitive areas and its installation will send up many HIPS alerts. Ultimately, it is up to the user to interpret the messages sent from the HIPS. Any time such a decision must be made there is the possibility of getting it wrong. Of course, the user made a decision that xyz.exe was safe to use in the first place and went ahead to install it in the administrative mode.

    Ultimately it is up to the user. HIPS gives the user another chance if he guessed wrong as to the safety of something he is installing.

    I consider any advantage HIPS may have over locking down via LUA with software execution policy to be theoretical, for the above reasons. Perhaps as smart behavior analysis programs like Threatfire evolve the equation will change. At least you can give a machine that has been locked down to your secretary, not give her the administrative password and you will not have that much to worry about.
     
Loading...
Thread Status:
Not open for further replies.