Well this has been discussed a bit already here on wilders in two threads: https://www.wilderssecurity.com/showthread.php?t=136452&page=14 See post no.330 by noway https://www.wilderssecurity.com/showthread.php?t=171576&page=10&highlight=Anti-executable I did some testing with it and it has attracked me so much that I thought that it sure deserves a separate thread, especially about the failure of HIPS in this regard. I was a bit of testing with a driveby download site. Using InternetExplorer 6, XP SP2( not fully updated), I went to this link,( change hxxp to http): hxxp://18.104.22.168/ind.htm?src=250&surl=www.sloantreefarms.com&sport=80&suri=%2Findex%2Ehtml IE is somehow redirected and causes a series of drive by downloads( note that redirection is not consistant. Sometimes I have to try multiple times by emptying my browser cache and changing dial up ISP that is a proxy server). More details are here by Rmus: http://urs2.net/rsj/computing/tests/redirect/ What caused my concern is that a spoofed .gif file is downloaded and executed( it,s a doownloader) and then it caused to download and execute a series of malware exes. SSM Pro/ Free does neither prevents nor gives any indication of execution of this spoofed .gif( although the exes later downloaded are stopped infact). I tried ProSecurity free and NeovaGuard and they also failed. On the other hand Anti-Excutable stops execution of this file. I was thinking calssical anti-execution HIPS are supposed to stop such execution as well, but they failed here. More details by Rmus here: http://urs2.net/rsj/computing/tests/spoofexe/ http://urs2.net/rsj/computing/tests/winantivir/ What is your opinions about this?