Firewall with HIPS? Or Without?

Discussion in 'other firewalls' started by bellgamin, May 24, 2014.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I'm sticking with XP so I want good security apps. Presently my 2 *main* realtime security apps are (1) AppGuard, (2) EXE Radar Pro. (I won't bother to list my on-demand stuff).

    So my question is this: should I use a FW with HIPS (such as Private FW), or without (such as my old favorite, Kerio)?
     
  2. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    499
    Hi bellgamin,

    IMO you don't need to run HIPS with anti executables unless you are providing safepass for unkown files.
     
  3. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    My thoughts too.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    It all depends on what YOU want.

    If you don´t want to be alerted about possible malicious behavior, then you don´t need HIPS.
    Personally I´m too paranoid to run without a HIPS. :)
     
  5. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    Remember XPs firewall is pants so i would still want some sort of firewall even if you turn off the hips section.
    I used to run kerio v4 and also v2 on other XP installs.

    Currently i run outpost pro with hips along side driver radar from NVT and appguard no conflicts even if there is a perceived over lap.
    With no realtime protection the security setup is quite light weight. ( I use scheduled scans).
    For my current xp setup see sig.
     
  6. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    441
    Location:
    The Outer Limits
    In my humble but very opinionated opinion, I dont think you need a HIPS but a good free firewall for outbound monitoring is required.

    So my vote goes to the venerable Sygate firewall. I know it`s out of date, but so is XP and nothing will get out(or in) without you allowing it.
     
  7. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,274
    While there is no modular installation, in Sunbelt's firewall you can turn off their tiny-HIPS from a command line.
    You can use behavior section or turn it off - it's identical to what you've seen in SSM regarding parent-child. Works great.
    Rules are identical to Kerio. Great local host watching. Logs are very detailed.
    The GUI for rules is nice in that you can turn off/on logging without the need to click the edit-rule screen.
    I like IP groups (possible LANs, routers, gateways, DNS servers, time servers ...) something I always missed in Kerio.
    For the past 5-6 years it's very stable on my XP even if Avast's webshield runs real time (though HIPS must be disabled for Avast to install without BSOD).
    Stable with SSM as well. And Malwarebytes which I don't use real-time because it's too big.
    The one I use is v.4.7.4.0, free of course.
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    @ all: Very helpful comments.
    @ Rasheed: Which HIPS do you use? (Glad to see that you are "hanging in there" despite your health issues.)
    @ Behold Eck: Why Sygate versus Kerio?
    @ trott3r: For your XP security wall, I suggest you consider adding Tiny Watcher file integrity checker. (I use it on-demand only.)
    @ act8192: You're still using SSM -- System Safety Monitor? Why?
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    @ bellgamin

    Yeah, I´m planning to stay at Wilders Security for as long as possible. :D About my health issue, I think I can keep things under control, but you never know for sure, know what I mean?

    On topic: I´m still using SSM and Neoava Guard on Win XP, I have been using them for 8 years. On Win 8 I had to choose between SpyShelter and Comodo Firewall, but I didn´t really like both of them, they are not very user friendly IMO.
     
  10. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK

    The HIPS in outpost will tell me when something is going to change.
    Winpatrol monitors startup areas.
    The driver radar will notify on new drivers and hitman pro EWS shows up anything that is unknown to hitman pros servers.

    I dont think it adds enough to warrant installing.
    Thanks for the suggestion nevertheless
     
  11. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    It looks like you don't need to add HIPS to your present setup.

    I know member Rmus has been happily using Kerio for years.
     
  12. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    The last version of Neoava that I can find is 1.0 Beta 2. Is that the one you are using or is there a later version? Also, what does it do that SSM does not do?
     
  13. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
    Quote !
     
  14. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
    Do you use them together ? No conflicts ? :thumbd:
     
  15. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    441
    Location:
    The Outer Limits
    I`ve no experiance with Kerio but I just thoght that Sygates out bound control would compliment your setup.

    There is that splash screen at start up but that`s hardly an issue ?
     
  16. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,274
    Sygate has problems with local host.
     
  17. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,274
    SSM - yes System safety monitor.
    Well, I use it because ... who knows. Inertia. Learning, forever, more gory details. More familiar than, for instance, Outpost's Hips. On a Pentium3 tiny computer (392meg) Kerio+SSM seem to do pretty well. On a bigger P4, 1gig, I have the luxury of a bigger Kerio-based firewall, and SSM still works fine, though I don't use it all the time and use avast on and off. All the required figuring out is not an easy thing for me. But the idea of having to learn some paid and newer one's GUI isn't that pleasant.
    So, bellgamin, why do you find the newer ones superior? Or those bundled with a firewall?
     
  18. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    441
    Location:
    The Outer Limits
    What problems ?
     
  19. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,274
    @Behold Eck,
    It has to do with the requirement to deny applications use of the localhost proxy ports (such as those in Avast, Avira, NOD, many others...), for applications which should not go out to the web, and to permit the ones that should be allowed. Sygate would permit everything out through the proxy even if you have outbound block rule, because it no longer goes through Sygate but through the proxying service of AV or mail washers, etc. Kerio does the job very well.
    Few old links:
    https://www.wilderssecurity.com/threads/sygate-5-1-loopback-issue.25319/
    http://www.dslreports.com/forum/r5934999-Proxy-Rules-for-Sygate
    and here - search for "Outbound Loopback"
    https://www.wilderssecurity.com/threads/customizing-firewall-rules-system-wide-rules.4413/
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    In days of yore, I quickly learned the Online Armor FW + HIPS. I never quite mastered SSM. Also HIPS + FW seems a logical under-one-roof combination to me. As to "superior" -- I knoweth not. Online Armor did very well on leak tests. SSM was never tested AFAIK.

    My favorite HIPS + FW combo was Online Armor (OA), while it still was maintained by Tall Emu. AFAIK since Emsisoft took over OA, it is no longer available as a stand-alone HIPS + FW. If it WERE available stand-alone, I would buy it right away. I might not use it - - - the majority advice seems to favor "no HIPS needed" with what I am now running. As for a plain FW, I am now using Kerio.

    Uh... might as well ask: Is OA anywhere available as a stand-alone? An older version, perhaps?
     
    Last edited: May 26, 2014
  21. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,697
    Location:
    Zagreb, Croatia
  22. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    OA is my favourite firewall+HIPS and after enabling RunSafer mode for some vulnerable apps (internet browser, pdf readers, image browser, media players, ofiice apps, notepad, tec.) and participation in OASIS (earlier)/AMN (presently) was actually enough, strong and practical security setup for me. Unfortunately present versions are more heavy and need more resources what is not fine for weaker machines and makes them much less convinient.
    On XP from about two years I constantly use Kerio 2.1.5 Free earlier with SSM (what was very nice combo for me...but not necessary for my wife :)), then - instead SSM - was GeSWall but it was changed to ERP and that's my current setup.
     
  23. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    @ siketa - Ouch! $39 for 1 year is a bit expensive. I found a free version at Softpedia - might give it a trial one of these days.

    @ Ichito - I have SSM 2.0.8 in my archives. Is that the same version you are running?
     
  24. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    535
    Location:
    UK
    bellgamin, unless I'm mistaken I recall you as being something of an authority on Private Firewall ...If not my apologies but whoever it was, was a compendium of knowledge on it...I learned an awful lot about its use from him.
     
  25. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    @
    I have in my archive probably SSM v. 2.4xx from that Polish page (because SSM has Polish translation :))
    http://www.megapliki.pl/plik-2421-system-safety-monitor-2.4.0.622-beta.html
    but you can get it form Fileforum
    http://fileforum.betanews.com/detail/System-Safety-Monitor/1049832672/1
    This is full version and need veeeery long key serial which I got right here on Wilders.
     
    Last edited: May 26, 2014
Loading...
Thread Status:
Not open for further replies.