for ages, i have been looking for something that seems to be so simple, yet eludes me. i'm looking for a hips. there are plenty out there, but none that are able to meet these simple criteria: 1. it must be actively developed. 2. it must be able to stop rootkits by preventing the loading of drivers. 3. it must allow me to turn off certain features in the hips like prompting me when i execute every single file, or the loading of dlls. (in other words, turn off behavior filtering for all applications, even ones for which there are no rules yet, instead of just specific applications) 4. it must not SEVERELY lag my computer. 5. it must not have a whitelist i cannot control 6. it must be reasonably good at stopping keyloggers. 7. it must be able to distinguish between system processes and untrusted processes when filtering behavior. aren't these criteria reasonable and simple? i basically just want a hips that can stop keyloggers, rootkits, and works! here is why all of the top programs listed at matousec don't work for me : online armor violates #3. i have to answer huge numbers of prompts because i have to give permission for every type of behavior or at least set behavior for every individual program. kaspersky violates #5. it has a whitelist that i have no control over, according to a moderator at kaspersky's forums. proof? try zemana's anti keylogger test with kaspersky on. kaspersky won't even alert you to its presence. comodo fails #2 and possibly #5. comodo creates "custom policy" rules that i never allowed for all programs for which there is no rule at startup. furthermore, it fails to detect the loading of many drivers that even eq secure 3.41 can detect. i had to severely tweak the registry protection component of comodo. i don't know if protecting specific parts of the registry can stop driver loading, but it sure doesn't save me the trouble of clicking on millions of popups. those areas of the registry are so broad that even legitimate applications have plenty of reason to access. so, the only question left is, should i just allow all applications to access the registry? or should i waste most of my life just answering popups? legitimate applications like services.exe don't even know if they're being called by legitimate installers or rogue installers, do they? outpost fails #4. it uses nearly 300 kb/sec of I/O. this constant and pointless access to my hard drive both wears it down faster and slows down everything to a crawl. jetico fails most of the keylogger tests. malwaredefender violates #7. according to notes at the bottom of the matousec report, it passes the kernel2 test by claiming that services.exe is the source process. thus, it fails to distinguish between trusted and untrusted processes. privatefirewall fails #3 miserably. there is absolutely no ability to disable specific filters for all applications as opposed to just specific applications. pc tools firewall violates #4 and #6. it not only freezes my computer whenever i right click on an icon, but fails most of the keylogger tests. netchina: has anybody managed to get the pdf file for netchina? i couldn't get it to open, so i don't know the results at all. i can't even install zonealarm pro, but if i could, it's an inadequate hips. it failed nearly half of the keylogger tests (#6) and just about every kernel test (#2). lavasoft personal firewall: fails all but one keylogger test (#6). norton internet security: fails all the kernel tests (#2). webroot desktop firewall: fails 4 out of 6 keylogger tests (#6). (the firewalls below this one received a rating below that of "poor", according to matousec. ) threatfire fails #3 and gives me absolutely no control over applications in general. furthermore, unless i agree to share my settings with everyone else, my automatic updates are disabled. the alternative is to pay money. eset smart security was not meant to be a hips. it's just a scanner and an inbound/outbound firewall. ===== there are other hips i have tried. process guard is obsolete and no longer being developed. eq secure 3.41 is obsolete and no longer being developed. the same is true for ssm. i grow weary of this game. all i want is to enjoy a computer safely. yet, i cannot even protect myself against the biggest threats to privacy that exist on the internet. what is spyware that pops up ads when your keystrokes could be recorded without your knowledge by a kernel level keylogger hidden by a rootkit? what is a virus that destroys some data i already backed up next to a hidden process that remains forever hidden? nothing! i have become completely disillusioned with computers. does anybody else feel this way? i've just about lost all hope. i used to use a combination of snoopfree and eq secure, but snoopfree is no longer being developed and doesn't protect users from kernel mode keyloggers anyways. hook based keyloggers are hardly the only threat these days.