Firewall and HIPS

Discussion in 'other anti-malware software' started by TVH, Feb 21, 2008.

Thread Status:
Not open for further replies.
  1. TVH

    TVH Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    227
    What would be a better option:

    Using Online Armour free with HIPS enabled or using Look n Stop firewall and EqSecure HIPS?

    Am i right in thinking that EqSecure is a much more powerful HIPS than OA free?
     
  2. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi LooknStop is a darn good firewall and used it for several years. Doesn't seem to pass all the leaktests, but the worth of that is a moot point anyway, by all accounts.

    OA is also a darn good firewall plus in standard mode a very user friendly HIPS.

    I can't comment on EqSecure but there are some very, very good stand alone HIPS out there.

    Depends how much user interaction you can stomach or understand.

    OA is a fine 'out of the box' security application with the notion of being 'mom-friendly' at heart

    IMHO it would serve you well.

    Hope that helps :)
     
  3. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    Online Armor is very powerful and I got it to pass the GRC leaktest. The PC Flank test and the System Shutdown Simulator. It is very easy to use and i would rec over the others you stated.
     
  4. TVH

    TVH Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    227
    But it seems EqSecure is more feature rich than OA Free. Can anyone with experience of EqSecure post their views on it?
     
  5. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Hi,

    I have two rigs.
    One with KAV 7 and Online Armor, the other with KIS 7 and EQSecure. :D
    I can't decide for myself which is "better", nor for you.

    EQS offers much space for rules and varying settings.
    If you want it only as an anti-exe, no problem, disable everything else.
    If you want to observe the rearmost part of the registry or files which are vital only for you, it's very easy to implement rules therefore.

    OA is great out of the box, with it's easy to use HIPS and firewall.
    In my opinion the version 2.1.0.85 firewall is the fastest in OA history, I tested it with Steam games, UT3, µTorrent and eMule.
    OA HIPS is probably as "safe" as EQS, but yet not full featured in free edition.

    Possibly it will be choice: more configurable or more easy to use.

    Cheers
     
  6. pitzelberger

    pitzelberger Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    56
    Also Look n Stop is not free.
    But I am not sure what actually happens after the 30 days trial period expire?
     
  7. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    I know application control is no more after the 30 days.
    Not sure what else.
     
  8. Omnitech

    Omnitech Registered Member

    Joined:
    Feb 21, 2008
    Posts:
    27
    Once I tried OA free with EQSecure, they had a severe conflict!

    Then, I tried OA (free) with System Safety Monitor (free); no conflict at all.

    However, I kept only OA (free) = Firewall + HIPS instead of SSM (free) =HIPS.

    SSM (free) used to warn me about everything; even the innocent/safe programs.
    This was exhausting, as it required a lot rule-based settings.

    On the other hand, OA (free) offers a top-notch Firewall equipped with
    very powerful HIPS that warn me about the things that really/only need
    my attention-decision.
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    EQSecure has complex parent-child control plus File protection that lacks in OA.
    But configuring EQS can be a pain. OA has run safer option that lacks in EQS.

    Easy set up: OA
    Complex but more powerful setup: EQS
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Exactly as noted: OA is out-of-box simple enough but EQS so far as HIPS is far more flexible and configurable in spite of the effort needed to fine tune it to reach a formidable deflector shield protection that covers a very wide-range of items from file protections/scripts to registry etc.

    If you're in a hurry OA will do as your HIPS in it's free version, but if you want iron wall protection and more far reaching protection it stands to reason a PURE hips-only development maker will dish out plenty of other additional areas of interests.

    And since there are some really nice reliable sandbox & virtuals circulating these days, OA might be all one needs in a HIPS.

    EASTER
     
  11. TVH

    TVH Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    227
    Based on your comments im strongly considering the look n stop/Eqsecure comnbination. One final question: Is there a better free HIPS than EqSecure? Ive looked at Prosecurity free and SSM free and they both have some functions disabled.
     
  12. Omnitech

    Omnitech Registered Member

    Joined:
    Feb 21, 2008
    Posts:
    27
  13. TVH

    TVH Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    227
    Okay, my setup is now complete at last. I believe it is pretty much bulletproof :) Thanks guys - i opted for the LnS + EqSecure option.

    Does anyone know when the new EqSecure build is going to be released?
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    EQS is the best free HIPS followed by CFP Defence Plus.
     
  15. TVH

    TVH Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    227
    Lol i realised that finally. But does anyone know when a new build will come out?
     
  16. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    I guess nobody knows right now unless you speak Chinese.;)

    http://www.eqsecure.com/bbs/index.php
     
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    On an aside i'm, testing the combination of these together ATM. OA (free) + EQS + SandboxIE on SP2.
     
  18. Omnitech

    Omnitech Registered Member

    Joined:
    Feb 21, 2008
    Posts:
    27
    I thought that OA has been the best free HIPS:
    https://www.wilderssecurity.com/poll.php?do=showresults&pollid=436

    :)

    Dear aigle,

    -Why do you use CFP v.3 and ThreatFire?
    -Can't CFP v.3 offer enough protection by itself?

    If you use sandboxing (Sandboxie, GesWall etc.),
    I thought that CFP v.3 and OA are enough by themselves.
    Am I missing something? :doubt:
     
    Last edited: Feb 23, 2008
  19. Omnitech

    Omnitech Registered Member

    Joined:
    Feb 21, 2008
    Posts:
    27
    I used this combination about two months ago.
    OA (free) v.2.1.0.31 and Sandboxie 3.22 with EQS 3.41.
    OA (free) v.2.1.0.31 and EQS 3.41 had a conflict!

    The same happened with OA (free) v.2.1.0.31 and ThreatFire 3.0.14.

    I still haven't test the new OA (free) v.2.1.0.85 with
    -ThreatFire 3.0.14
    -EQS 3.41

    If you have some feedback, I will really appreciate it!:thumb:
     
  20. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    You're right I had conflict too and also with the new OA version 2.1.0.85. At least on my machine.:doubt:
     
  21. Omnitech

    Omnitech Registered Member

    Joined:
    Feb 21, 2008
    Posts:
    27
    I just tried OA free (2.1.0.85) and Sandboxie free (3.22)
    with ThreatFire 3.0.14.
    I run WinXP Pro SP2.
    There is a conflict between ThreatFire and Sandboxie.
    I got the unpleasant 'debug' window.
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    For clarification the test that you conducted as outlined in BOLD above is as you stated approximately 2 months past. I am testing the most recent (free) OA release with also that same combination as we speak.

    At this point i have no details or issues to bring to attention, YET. This is very early and i might add on a newly wiped & formatted drive with XP SP2.

    If there is anything whatsoever remotely of some concern i will at-once make my views known here, untill then and as stated, i yet to find issue with this combo. To further add to this experiement i intend to release malware attacks on this trio but without the assistance of sandboxed since that would instantly nullify any interactions expected to show up with alerts from the other two HIPS.
     
  23. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    I'm using latest OA Free Beta with Sandboxie and Shadow Defender. Superb compination and protection.
     
  24. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Let me say:

    Best free HIPS, easier to configure but less granular control and short of one protection module( NO File Protection) : OA free

    If u want more granular but complex control with all three modules( Application, registry and File Defence): EQS

    That,s just my opinion. I think EQS is less popular as it has no proper English forums. Also it,s more complex than OA. NOt so easy to configure like OA.
    CFP v 3 might be enough but TF gives an extra layer. Also it,s pretty silent and in the presence of TF I feel comfortable to switch off Defence+ during installations etc and also when I allow some popups in CFP D+ that seem legit but appear unexpectedly.
    Classical HIPS are easier to be defeated than Sandboxes. A sandbox is the strongest security against any software but it covers only limited applications in the system.
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Might be true, but OA (free) is noticably over useage draining down my system plus it's HIPS are not PURE hips but only a sub-set of a full HIPS in my opinion. I reluctantly have pulled it from the line up for Kerio 2.15 again with all other intact and performance is rapidly recovered again.

    It's probably OK for higher end systems with less formidable protections but it definitely is not for me. But thats just my results and opinion.
     
Loading...
Thread Status:
Not open for further replies.