HIPS and Windows 7

Discussion in 'other anti-malware software' started by usnuli, Nov 3, 2009.

Thread Status:
Not open for further replies.
  1. usnuli

    usnuli Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    29
    Hello everyone!
    Is there any HIPS (both freeware and shareware) compatible with Windows 7? I'm interested primarily in HIPS, not the firewall itself.
    Thanks. :)
    P.S. Is the UAC W7 any good?
     
  2. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    Malware Defender -- Not Free but worth the money if you like a classic HIPS.
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    comodo internet security
    system Requirements:

    Windows XP (SP2) or Vista 32 bit or Windows 7.0 32 bit
    64 MB RAM / 70 MB hard disk space
    Windows XP (SP2) or Vista 64 bit Windows 7.0 64 bit
    64 MB RAM / 105 MB hard disk space
     
  4. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    HIPS without FW is not easy to find nowadays...

    I also use Malware Defender with Windows 7 and without problems.
    I only had two BS so far when playing with svchost rules, but that was my fault. :ouch:

    Malware Defender has a network protection, but this can be turned off or used with or without the Windows FW.
    I use it together with the Windows FW.
    Well, you never know.

    Cheers
     
  5. Robereyewhy

    Robereyewhy Registered Member

    Joined:
    Mar 4, 2007
    Posts:
    171
    Malware Defender is great. However, not available for any 64 bit OS.
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Comodo with D+ or threatFire are freewares.

    The lightest deny execution HIPS is PGS :)
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    :D you got it :argh: , but let's give sully credits for making it available on the non-pro or ultimate versions :thumb:
     
  8. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Since when is windows SPR the best HIPS at denying executables from running?

    what HIPS product has failed to prevent executables from running?
     
  9. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139


    and what about sandboxie in blocking the execution of malware is it faster or slower than SPR ?

    on a side note as long as malware is blocked from running is main thing, the time
    difference in products at intercepting would be less than a second so how can you test? with MD if I try to run something that hasn't been given permission to run it is blocked instantly.
     
  10. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    I really wouldn't worry about the speed. Unless the situation is that it's so slow that it actually bothers you - a delay that you can easily notice, a delay nearly a second long or even longer, which would to me at least be very annoying.

    Comparing SRP and some classic HIPS really isn't fair to either, considering that the HIPS product will do much more and doing more means taking more time to do it, obviously. SRP isn't HIPS in any way, it's just an execution blocker, and since it's a part of the OS, it shouldn't be a wonder that it's fast.

    The speed or lack thereof of blocking, however, does not matter at all as far as security is concerned. Malware can't do anything while it's "waiting to be blocked". It doesn't work that way: instead of waiting to be blocked, the malware isn't doing anything at all, because it's not running yet. It can't do anything before it runs. Instead, you could say that the system is waiting to hear from SRP or the HIPS whether it should run the malware or not. If the HIPS (or SRP) says no, then the malware never runs, and never gets to do anything, including waiting. That is, if the execution blocker product is really blocking, instead of terminating. If it's blocking, then that means intercepting the function calls used to create processes and load libraries. This means the malware never gets to execute. But, if it's about terminating, then the malware first runs and the security software that's polling for new running processes notices that and then tries to terminate it. The latter is a bad idea: you don't want the bad stuff to run in the first place.

    As for HIPS recommandations, I can't make any. I can say, though, that UAC isn't a HIPS in any way, and should not be relied upon to prevent nasty things from happening. If you want to prevent malware from messing with the system, then instead of relying on UAC to protect you while you're still logged in as an admin, create a limited user account and use that. There are things that the limited user account will not prevent - like infecting the account instead of the system and stealing data the account has access to - but it is a real security boundary, unlike UAC.
     
  11. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Winpatrol if you'll consider a lightweight HIPs.
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    what about smart uac?
     
  13. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Does SRP definitely work on W7 Pro?
    Thanks.
    Hugger
     
  14. usnuli

    usnuli Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    29
    Ah, this thread has become way too complicated for me! :D Yet, thank you. :) One more question - since some of you have suggest CIS, which other firewalls are W7 ready?

    edit - I have no intentions to start A vs B battle, so please just list the compatible firewalls. :)
    Thanks. :)
     
  15. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    FortKnox Personal Firewall
    Jetico Personal Firewall
    Look 'n' Stop Firewall (2.07)
    Malware Defender (32-bit only)
    Online Armor (32-bit only)
    Outpost Firewall Pro (beta support)
    PC Tools Firewall Plus
    Privatefirewall
    Rising Personal Firewall 2010
    ZoneAlarm Pro Firewall 2010

    Cheers
     
  16. usnuli

    usnuli Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    29
    Lovely! :) Thank you guys! :thumb:
     
  17. Mapson

    Mapson Registered Member

    Joined:
    Dec 29, 2005
    Posts:
    54
    If you're running Ultimate look at the built in Applocker
     
  18. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    Yes it works very well.
     
  19. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Thank you.
     
  20. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    I've been playing with the Applocker settings in 7 along with the advanced FW rules and I am impressed with its performance. Though it is not really a HIPS if you have Win7 Pro or Ultimate I would recommend playing with these before committing to a third party product. Applocker rules can be exported too.
     
  21. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    I thought that in 7 Pro that AppLocker rules were just that. Only a list of apps with no protection.
     
  22. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    Applocker is kinda like SRP on steroids. I for example, I have a folder on my desktop that I download stuff to, and nothing is allowed to run in this folder; scripts, installers, or exe's. This gives my downloads a "staging" area where they are scanned by my AV. However, I can set exceptions for publishers and hashes. I have done the same thing with my Program Data directory.
     
  23. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    Then you must have Ultimate. I thought from your reply that it was the Pro version.
     
  24. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    I believe the Applocker feature is the same on both.
     
  25. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I'm pretty sure that Spyware Terminator is Windows 7 compatible.
     
Loading...
Thread Status:
Not open for further replies.