Can HIPS programs protect me from this?

Discussion in 'other anti-malware software' started by Gargoyle, Sep 3, 2009.

Thread Status:
Not open for further replies.
  1. Gargoyle

    Gargoyle Registered Member

    Joined:
    Jun 2, 2007
    Posts:
    67
    I download all kinds of software from the internet. Can a HIPS program still protect me after I have allowed softwares to be installed and they has install their drivers too?
     
  2. _kronos_

    _kronos_ Registered Member

    Joined:
    Dec 8, 2008
    Posts:
    126
    Hi!

    A pure hips can't do it..But a sandbox yes (if you installed the new softwares into the sandbox):D
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    yes indeed but you will have to follow the program and then apply couple of block rules to it.withing malware defender i can be able to block already application from ever loading to run;)
     
  4. Gargoyle

    Gargoyle Registered Member

    Joined:
    Jun 2, 2007
    Posts:
    67
    Well I want the softwares to run and all. I just don't know if the softwares are malicious or not. I'm wondering if at that stage, after installation, can HIPS still protect me if they do indeed turn out to be malware?
     
  5. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139

    I'm not sure about installing drivers. If you let things install drivers they can have a lot of control over your computer.
     
  6. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    if u allow certain software to be installed you almost in its hands , since u allow it to install, and the HIPS engine trust its process and drivers ....

    cheers
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    This is correct - after something is allowed to enter kernel mode on a 32bit OS, it can do literally whatever it wants: no software protection can fully protect against an already loaded driver.

    You'll want to configure your protection to warn or block new driver loading so that you'll have a manageable scope to work with :)
     
  8. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    If you're unsure about the safety of any programs you wish to run then installing within Sandboxie is a wise precaution.
     
  9. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Yes but the OP said he wants to install software with drivers to also be installed. and you can't install drivers from with in sandboxie.

    the best thing to do would be to install and test the software on a backed up OS image, before installing it on your real OS
     
  10. JohnnyDollar

    JohnnyDollar Guest

    What about Returnil?
     
  11. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    No upon reboot the installed driver would disappear.
     
  12. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    He should be able to do this using RollBack Rx.
    Take a snapshot, install the software including drivers, reboot if required and if it all goes bad just roll back without saving the current snapshot.
     
Loading...
Thread Status:
Not open for further replies.