Firewall with HIPS?

Discussion in 'other firewalls' started by bellgamin, May 30, 2018.

  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    Spyshelter monitors a lot more than Eset HIPS, and it is more user friendly. I always use Eset HIPS in Smart Mode. I found that Automatic Mode, and Smart Mode are the only modes that does not cause problems on my machine. Automatic Mode does not offer much protection AFAIK without building your own rule base so I use Smart Mode. I'm not really sure how much protection Smart Mode offers either. I have never answered a single HIPS prompt when operating in Smart Mode, but I have never been infected either. I have found that you have to spend a lot of time configuring Eset HIPS for it to provide good Security. The other Modes never worked for me because Learning Mode was unable to learn my System's baseline behavior no matter how long I ran my machine in Learning Mode. I received endless prompts or endless blocks when trying to use the other Modes.
     
    Last edited: Jun 12, 2018
  2. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,378
    Location:
    Hawaii
    Okay, I have installed ZoneAlarm Free Firewall. It includes a HIPS so... time will tell how good it is.

    ZAFW's cpu usage is nicely low for a FW. On the other hand, its RAM usage could be a tad heavy for those systems with ≤2gb Ram. It can be configured -- not a lot but sufficient for all but an obsessive tweakaholic.

    It puts the mark of Zorro in one's system tray. I like it! Hasta la vista, mi compadres. :-*
     
  3. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Nice, you captured in essence strength and weaknesses of ZA :thumb:
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,774
    Location:
    The Netherlands
    Can you perhaps post pics of the HIPS? And which type of behavior is it monitoring, and can you make rules per process?

    What exactly does the HIPS in Eset monitor, I could only find this:

    https://support.eset.com/kb3755/?locale=en_US&viewlocale=en_US
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,399
    Location:
    U.S.A.
    In Automatic or SMART mode, you will probably never see an alert from the Eset HIPS. In these modes, it is primarily used for self-protection purposes and as a "behavior trigger mechanism" to detect other malicious activity such as ransomware activity for example.

    One needs to create user rules to actually see any alerts from the HIPS.

    What Eset directly monitors with its default HIPS rules has always been a closely guarded secret. These rules are stored in a .bin file and are undecipherable to anyone other that Eset developers.
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,378
    Location:
    Hawaii
    I dropped ZoneAlarm (ZA). Reason: I learned that ZA runs other .exe stuff beside the firewall, such as their anti-ransomeware thing. Also, ZA's HIPS component is pretty limited. So I am back with good old PrivateFW (PFW). Its HIPS is still very powerful & its other capabilities (over & above a straight-laced FW) are quite unique AFAIK. These are accessed on the GUI by File>Settings>Advanced Tab.

    I'm done with trialing FWs for a while. Messing with FWs is a dicey business at best. Somewhere along the line of installing then uninstalling several different FWs, I managed to lock myself out of any & all internet connections. After I tried getting things fixed for over an hour, I gave up & restored an image. Then I went straight back to old faithful PFW.
     
  7. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,973
    Location:
    Poland - Cracow
    @bellgamin
    Did you try Outpost in last free version? Its HIPS can be quite smart and sensitive.
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,378
    Location:
    Hawaii
    No, I didn't try it. I shall, though. Thanks for the tip!
     
  9. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,986
    Location:
    Location Unknown
    In my experience, the only firewalls that I feel safe using that have HIPS included with them are Comodo and SpyShelter firewall. SSF offers a more granular HIPS, but comodo offers the better firewall. Either way, pair either with SBIE or Shadows Defender and you're good to go.
     
  10. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,638
    When talking pure FW/HIPS there's Comodo and there's the rest.
     
  11. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,973
    Location:
    Poland - Cracow
    Realy...what about OA, Outpost, PCTools, Jetico, Privatefirewall?...what about SpyShelter FW? Comodo is "pure"??...it was pure...years ago.
    --------------
    edit:
    OK @bellgamin next idea...why not to try such combo: SpyShelter Free and e.g. Simplewal? SS Free can be quite good protection with HIPS abilities - in advanced rules window it allow to make general rules like:
    "Allow" - all others boxes are greyed (inactive)
    "Custom" - all others can be set separately
    "Deny" - inactive also

    180620142227_4.jpg

    Some actions aren't monitored (red line - actions in paide versions)

    180620142653_5.jpg

    Some features are also unavalible - they can be important but aren't essential.
     
    Last edited: Jun 20, 2018
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,774
    Location:
    The Netherlands
    OK, sounds more like a behavior blocker than a HIPS to me and this is not what Bellgamin looks for if I understood correctly.
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,378
    Location:
    Hawaii
    Okay, I tried ComodoFW a good long while. It has waaay too many configuration choices for me... due to my limited experience with full-scope firewalls. IMO, a user skilled enough to fully & correctly configure this amazing FW is so skilled that he or she should turn "Pro" (IT, etc) -- if not a Pro already.

    It's back to Zone Alarm for me -- designed by geniuses for use by neophytes.
     
  14. guest

    guest Guest

    yes Comodo was made for geeks and tweakers, Average Joe will never get its full potential.
    I was a big fan since v3-4 until i crossed a stupid 10+ years old unfixed bug that delete all my settings out-of-the-blue...
     
  15. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,378
    Location:
    Hawaii
    Yes indeed!

    (Per your signature, you're testing ReHIPS. Is it also too complex for an Average Joe?)
     
  16. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    419
    Location:
    Milan, Italia
    Have you tried TinyWall? I am a casual user and love it - very simple to use. Check with imaude. He has used it for testing. Don't know what his opinion of it is. You can download here:
    https://fdossena.com/?p=w10debotnet/index_1803.frag or directly from dev's site and if you get a Package Installer error you may change your system time to 2016-03-11. Check the TW thread.
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,378
    Location:
    Hawaii
    Thanks for the suggestion. However, I want a FW that also includes a Behavior Blocker or HIPS.
     
  18. guest

    guest Guest

    in fact, the name is a bit misleading for the geeks, it is a HIPS by definition (the very broad definition) but geeks may take it as HIPS like Spyshelter or Comodo; it is more a Sandbox coupled with Application Control (closer to an anti-exe). If you know Geswall, ReHIPS is the closest thing to it.
    and yes it may be a bit complex at the beginning until you get how it works, but definitely easier than Comodo.

    Sometimes new potential users come and ask "what is ReHIPS? what can it do?". Let's take a brief overview of ReHIPS features and find out what it can do. Basically ReHIPS provides the following:

    1. Process control. When a process is started, inspection takes place, whether parent process is allowed to start processes, whether process being started is allowed to start, file hashes and digital signatures are checked, command lines can be inspected, etc. This provides fine-grained control over all starting and running processes.

    2. Sandboxing. Any untrusted process can be executed in a sandbox (executed from a separate restricted ReHIPS-user), so it won't affect the system or other processes (non-isolated or isolated in other isolated environments). Isolated processes can have their own desktop, access to network and other system resources including file system objects and registry can be filtered.

    3. Some AntiSpy stuff like disabling camera and microphone. This one is quite simple and straight-forward, but some people really like it.

    4. Centralized control. It's possible to create and customize a pack of rules exactly to fit your needs and manage computers remotely or groups of computers via Active Directory. This is utilized in ReHIPS Corporate Edition, so if you plan to use ReHIPS at home, you probably won't need it.

    5. Additional protection echelons. They're implemented as plugins and provide additional protection like control over common startup points or reaction to uncommon events like strange new users being added. But this is also in ReHIPS Corporate Edition, custom builds for your ultimate and precise protection, so if you plan to use ReHIPS at home, you probably won't need it.



    Besides these major features ReHIPS:

    -is based on well documented certified safe and secure Windows built-in security subsystems, hence ReHIPS provides unprecedented protection, ensures system stability and integrity and doesn't increase attack surface;

    -is compatible with all current Windows versions from Windows Vista SP1 to Windows 10 and doesn't require frequent updates;

    -supports 32-bit and 64-bit Windows versions;

    -protects from zero-day attacks, exploits and malware including previously unknown threats;

    -is completely autonomous and doesn't require Internet access;

    -includes initial database of rules which includes more than 400 applications, the database is regulary updated;

    -includes our unique DeployHelper technology which helps to install software straight into isolated environment.
     
  19. Smiggy

    Smiggy Registered Member

    Joined:
    May 2, 2007
    Posts:
    237
    Location:
    The Angel Isle
    I've used ReHIPS for a year now without any installed AV, WD disabled and found it works great. Was all set to renew my license and noticed its cost has now blown up out of all proportion.
    £50 GBP!
    I paid less than £10 a year ago.
    Goodbye!
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,770
    Location:
    U.S.A. (South)
    This thread brings back warm memories of Kerio on XP and especially OnlineArmor as well. Sad that Kerio got pulled into the Viper AV orbit but so goes those relic standalones which once shined like a new dime.

    Only one I am aware of that's often spoke highly of in some circles is been SpyShelter among others.
     
  21. Socio

    Socio Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    356
    I have been testing it out, the app control module works great and it has a top notch keystroke encryption module built it which is like icing on and already powerful cake, I have not seen another FW that offers everything spy shelter does.

    It is a little expensive but looks like a keeper in my lineup.
     
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,378
    Location:
    Hawaii
    My main firewall is in my modem. I tweaked it so it's pretty strong. Some folks never tweak their modem's FW. For shame!

    As for a software FW, I'm still partial to Private FW. It's HIPS is still reasonably effective (& certainly better than no HIPS at all). Its application whitelisting works just fine. Its System Anomaly capability monitors each process as to its "normal" usage of each CPU core, & pops an alert whenever the cpu usage by any process goes outside of user-specified boundaries. And I love the little cop in my system tray.

    If I ever get paranoid enough to want a full-on contemporary FW/HIPS, I'll give SpyShelter & Comodo each a trial. It's too bad that the Windows internal FW is so popular. This FW forum has become rather boring if one isn't interest in front-ends instead of stand-alones. Me, I still prefer to avoid any security product that is produced by the same company that left security holes in its OS for hackers to penetrate.

    Consider this: It appears that stand-alone (3rd party) firewalls are a dying breed. If the M$ FW eventually has zero competition, will M$ continue to work hard & spend $$ on improving its FW? I doubt it. Instead, I think that history will repeat itself. Namely -- remember what happened when M$'s Internet Explorer succeeded in killing off all other browsers except for poor little Opera & splinter-browser K-meleon? What happened was this -- after the competition was gone, M$ pretty much CEASED spending $$ on tweaking Internet Explorer. As a result, IE fell behind the bad guys so badly that it became a porous, primary target of attack. I believe that, without any incentive to spend $$ on competing with other FWs, M$ will repeat its track record with IE when it comes to its FW and to its AV.
     
    Last edited: Feb 24, 2019
  23. guest

    guest Guest

    3rd party software Firewalls for home users are things from the past, no serious modern attackers will waste time and resources attempting to get in a home user system by guessing the IP, doing an inbound attack via portscan, etc...It is faster by just sending a weaponized email to a unaware victim or give a link to a fake site with script.
    So an "Hardware" FW (already present in the router) + Windows FW is more than enough for Average Joes. They don't need to bother with 3rd party FW they can't even handle.
    and not saying most 3rd party FW are just using WFP so not so much of an innovation...

    Since the most common weapons (apart ransomware) are RAT/Keyloggers, which need to call home, one must prevent those to enter the system in the first place by covering the attack vectors.
    FWs are the last defense, not the main one, if a malware is caught by the FW, means your security strategy just failed, and you can reformat your system right away.
     
  24. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,973
    Location:
    Poland - Cracow
    Last but not least :) I think if one is used to working with FW and he/she still can see some advantages of it so will be using FW no matter if it's orphaned kind of security apps or not. And perhaps even "on the desert" will try to find something among apps what would be functional firewall or in the worst case only the replacement.
     
  25. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    686
    Location:
    Island of Woman
    eset smart secuirty premium has hips and firewall, comodo free and zone alarm free 2
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.