Do I need HIPS?

Discussion in 'other anti-malware software' started by ingem64, Aug 5, 2007.

Thread Status:
Not open for further replies.
  1. ingem64

    ingem64 Registered Member

    Joined:
    Oct 15, 2006
    Posts:
    36
    I have currently this security setup:

    - Router VIGOR with firewall
    - Windows XP firewall
    - AVAST Antivirus
    - SpyBot SD
    - SpywareBlaster
    - Firefox (NoScript, AdBlock)
    - Mc Afee SiteAdvisor

    Do I need some HIPS software along with AVAST? I am a novice. When I run HIPS, is some antispyware soft needed? What HIPS for meo_O

    o_O o_O o_O
     
  2. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Not really. If you use safe computing, meaning dont open unknown attachments or links in email, use noscript when browsing, dont use cracks or keygens and so on, there is no need in my opinion.

    I have used HIPS for years (admin account) at the same time as I used common sense and the result was that the HIPS i´ve used had nothing else to do than ask me a lot of confirmations for legit apps :) But to be fair it is only the first time they execute one has to confirm and after that they only react if something is changed.

    Personally I am exploring Limited user accounts right now so I can get rid of the HIPS for ever (hopefully) but until now I have used Prevx1 which I´ve been happy with since it is one of the few security software that don't bother me with all sorts of questions for legit apps. Prevx1 is so called community based intrusion software so you will need an active internet connection so Prevx1 can check the files against their database. I believe that Cyberhawk and Geswall a couple of other not so intrusive HIPS (it´s been a while since i tried them).

    If you want almost full control of what happens in your computer you can use software like Comodo Firewall, SSM, App and regdefend, prosecurity, there are more but those pops into my mind right now (and I have used). They are all very good at what they do but require a bit of knowledge of what to allow and not.

    Another approach is software like Defensewall, Geswall and Bufferzone, they use sandbox technology.
     
  3. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    From a less knowledgeable position, but slightly above "novice", I think sukarof
    has given good advice. HIPS programs can take a bit of learning what to allow or block.
    I see you've already asked about a firewall, and would agree with using Comodo (or similar) for outbound protection, depending on how important security is, but be aware there can be a lot of pop-ups with this firewall, as it learns your applications, and also after any program update.
    For inbound protection, the Windows firewall is good. (Tested at ShieldsUp, perfect stealth rating on several tests. As does Comodo's.)
    I also use Avast (home) and have found it very good. Pretty much trouble free. Configurable. Plenty of shields.
    You might want to consider an additional demand scanner, like Superantispyware, AVG AS, or Asquared, to cover the stuff that Spybot may miss. Be aware that they can have false positives at times, so best to investigate a file before quarantining it. And never delete; always quarantine.
     
  4. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I don't know. Some times I swear I believe I can survive with nothing but a router protecting inbound connections while surfing in admin mode, other times I get all paranoid, and snap on the best HIPS (AD+RD+FD) I can find plus AV,AT, and AK plus Personal firewall.

    Currently I'm more on the low side of things, but getting more paranoid by the minute and moving towards the other extreme.
     
  5. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    You can. It's perfectly possible as long as you don't use IE. :D
     
  6. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I think i will try eqsecure again. To see if it makes sense to me...

    Seems to me I keep expecting default deny (actually default prompt but you know what i mean), but EQsecure doesn't seem to do that.

    I looked at the tree chart thingie posted, and I get really scared off.

    The there is the whole hash check off by default. Yes i read the "solution" to try to block all .exe creation, but that's introduces several complications that do not occur with just a hash check.

    eqsecure is good don't get me wrong, but maybe i'm too used to playing with other hips that are basically suped up PG clones which tradtionally are weak in FD but strong in AD and okay in RD) but eqsecure might be developed independently??

    AD+RD+FD = HIPS!
     
  7. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
    Maybe I'm just tired right now, but Lusher what is FD short for?
     
  8. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The chart shows the level of control and precision with the rules can be written, but to sum it up, all it's saying that: Blacklist rules take top priority and cannot be overriden by other rules, Application Rules take second priority unless you explicitly specify that a particular rule has lower priority than Global Rules, and Global Rules take lowest priority.

    I'm not sure what you mean that EQSecure doesn't prompt by default. You could pose an example scenario, and I'll see if I can help you with it.
     
  9. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    AD = Application defense
    RD = Registry defense
    FD = File defense.
     
  10. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    No

    I have read that if you know enough to run HIPs properly then you don't need
    HIPs and if like me you don't know how to run HIPs properly then you are more than likely to end up causing problems.

    Router Firewall and Firefox - yes These are the 2 most important things - the rest will probably just slow you down and provide you with a number of time wasting false positives.

    like sukarof I'm currently seeing if I can live with a limited User account.
     
  11. wat0114

    wat0114 Guest

    Maybe.

    Try one out and experience the effect it has on you. You may like it and even find it addictive, or you will find it it irritating, nothing but a nuisance.

    Just like the “What is the best firewall” threads there is a surfeit of HIPS threads throughout this forum if you are looking for a recommendation. All you need to do is run a search and you will be presented with a billion hits.

    here is a HIPS Poll thread for starters, giving you an idea on what are the current favorites.
     
  12. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Only reason for a HIPS in that setup is if you're worried that something might somehow get past Avast and Firefox with NoScript. I wouldn't worry about it too much, but then again, it's a personal thing...
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    YES, you need a HIPS.

    Why? The answers:

    (1) 0day

    (2) layered protection

    (3) without a HIPS-to-tweak, you won't have anything to play with... except, of course, for THAaaaaT >>> :eek:
     
  14. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408

    Need ? No. I don't think they are needed.
    Wise to have ? Yes. I think so.
    It adds to the layered security setup.
    But one must be willing to learn how it works and how to deal with every popup.
    I've tried a few OA,SSM,GSS,PS.
    PS is looking like a keeper to me.
    My only bitch with PS at this time is the GUI.
    But I have read that it will change.

    Is AS software needed with hips?
    Yes,so is a firewall and an AV
    In my opinion.

    Some sort of restore/image software is wise to have also.
     
    Last edited: Aug 7, 2007
  15. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    I also consider myself in the "slightly above novice, but not much"
    category. With a bit of common sense, your set-up is fine. Is it
    enough? That depends on how much you want to learn. I did lots of
    playing around with HIPS/IDS/Behavior/Registry protect software over
    a three year period, and as a result, I became an expert at
    re-installing Windows, LOL. I did, however, finally find a combination
    that works for me.

    If you are totally unfamiliar with the power of such software,
    suggest you start your learning experience with something fairly
    safe from damaging your system, like WinPatrol or Spyware Terminator.
    Try the heavy stuff when you feel you are beyond the novice stage.
     
  16. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,213
    I basically agree that running a HIPS isn't really critical, particularly if you have a good Firewall and a top notch AV. For Years ProcessGuard hasn't done anything as Nod32 was always first to spring into action.

    For the first time I'm running without HIPS (I liked ProSecurity a lot, but do I need it?). The question still remains about running without HIPS: What program is going to protect the AV, FW, and the virtual mode against termination? It seems to me that only restoring an image could do the trick.

    Limited user account, I tried it and it's a real pain... Not for me.
     
    Last edited: Aug 8, 2007
  17. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Osaban

    I must be doing something wrong. I keep reading that Limited is a pain but after
    following instructions on this site ( and spending a couple of days tweaking) it works great for me. All the programs that I use installed without complaint.
    Some will, of course, not run from limited unless I "run as" but isn't that what the protection is all about. As I don't run any real time AV or HIPS or Anti-spyware I have less programs to update. Perfect disk defrags from limited as well as Admin so no problem there. Acouple of reg cleaners have to be "run as" but as I'm using Returnil to freeze C: again not much of a problem. Office programs, scanning, DVD programs, music all just work.

    So if something bad gets on then limited will probably stop it. In any event whatever gets on will be gone at reboot. I tend to reboot far more now that I have Returnil - go far a coffee and I reboot. Ultimately everything is protected by Acronis images.

    I still have a piad for version of Prosecurity but in the time I ran it nothing was ever found - in fact in 11 years of surfing I have yet to see a live virus or
    suffer from any malware - what I did suffer from was a layered approach made of of too many security programs each of which imperceptibly slowed down my machines. I became accustomed to programs taking several weeks to load :mad: ok I have one program which used to take 30 seconds to load - now takes 6 ---- now have a slow machine is what I call a pain.
     
  18. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    If you're an average joe user then i don't see the need for you to add hips to the mix. If you're eager try one and learn then by all means go ahead but if you practice safe surfing then you're fine as you are.
     
  19. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Running the various "security" programs does seem to be a trade off, it's amazing how snappy things are without them all. I have seen the difference myself. But.... right now my setup is Nod32 with Cyberhawk and Firefox. This seems pretty secure for my purposes, and I have not yet been "annoyed" with a popup of any kind. So that's nice. But I must admit that things aren't as snappy performance-wise. That's the price I pay at the moment... to me it just seems easier this way...
     
Loading...
Thread Status:
Not open for further replies.