HIPS for Vista ???

Discussion in 'other anti-malware software' started by acr1965, Aug 31, 2008.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I have not been able to find a HIPS for Vista that will work for me and need a few suggestions. Mamutu conflicts with Ad Muncher and Threatfire conflicts with my life- well actually just my keyboard. But it has cost me more than a few gray hairs. DSA seems to still have problems with Vista as well.

    I have UAC enabled and it seems to be working well enough. So I am not real sure about using something like GeSwall or Defensewall.

    I am considering Primary Response SafeConnect (or Identity Protection) but have heard a few people getting bsod's with it. Besides that I am unsure of what to try. I have PC Tools firewall and it seems to be doing an ok job so I am not really wanting Comodo w/Defense+. I have used it before and it always ended up making my system hang at some point (has happened 3-4 times).

    So what is left? Does SSM free work with Vista? Also, does Rising Anti-Virus w/ HIPS work alright if the AV is completely disabled? Is there some way to completely disable the av? And has anyone tested the HIPS component? What about ProSecurity- whatever the name is now- is it still the same as the 1.43 version of PS that had Vista issues?

    Is OnlineArmor beta for Vista close to release in a final version?

    Any other ideas of what to try with Vista?

    The rest of my set up (besides PC Tools fw) is Nod32 (back with it now), SuperAntiSpyware, SpywareBlaster, Mailwasher for spam and a Netopia high speed modem with built in firewall.
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    ThreatFire Version Information
    Current Version: 3.5.0
    File Size: 19 MB
    Release Date: Monday, April 28, 2008
    Operating System: Designed for Windows® Vista™, XP, 2000 and 2003
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    sorry i didnt see that in the first part you mention having conflicy with threatfire.
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    did you try DefenseWall HIPS ?
     
  5. TVH

    TVH Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    227
    The host protection in outpost pro 2009 works very well on vista. And the firewall component of outpost is also fantastic.
     
  6. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello acr1965,

    Under Vista 32 SP1 with UAC disabled, I have been successfully using DefenseWall with ether Norton AntiBot(NAB) or Primary Response SafeConnect(PRSC) with no problems. As for Primary Response Identity Protection(PRIP), I have recently submitted a crash dump and log to Sana Security for analysis.

    Hope this helps.


    Peace & Gratitude,

    CogitoErgoSum
     
    Last edited: Aug 31, 2008
  7. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
  8. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Thanks for the info.
    Have you ran PRSC with UAC as opposed to Defensewall?
     
  9. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
  10. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello acr1965,

    My experience is primarily with running DefenseWall with or without NAB/PRSC and with UAC disabled on both Windows XP SP3 and Vista SP1. If I am not mistaken, Kees1958 has one computer running PRSC with UAC on Vista 64 with success.


    Peace & Gratitude,

    CogitoErgoSum
     
  11. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    I think you have enough protection as it is. NOD32 should pick up most spy/adware and Spyware Blaster should block most from being installed so running SAS in realtime (if you are) seems superfluous. If you're running LUA with UAC you shouldn't need a full blown HIPS with the PC Tools FW (which has good process protection HIPS features). Sandboxie for running questionable apps might be a good addition.

    Do you use Windows Mail? Isn't it's antispam feature adequate?
     
  12. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    I don't quite think so. NOD32 is really awful when dealing with spyware, I would use SAS on real time since it is compatible.
     
  13. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I use Mailwasher free with Outlook 2007.
     
  14. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Real-time Defender (PS 1.43) did not work for me with Vista SP1, but Malware Defender did.
    Some informations about Malware Defender:
    https://www.wilderssecurity.com/showthread.php?t=217522

    Online Armor 3 beta 162 seems to be pretty stable, there were not really more problems reported at OA Forums than after a final release.

    Cheers
     
  15. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    I'm going to agree with emperordarius. In the 4 months I've been running NOD32, 5 spyware/adware infections have gotten through. I added Windows Defender alongside NOD32 to hopefully catch any future malware.

    Even though you shouldn't have to add an AS when running NOD32, and regardless of what all the tests say, it appears you need to because it doesn't do a very good job stopping them in real life.
     
  16. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    For those who are interested,

    Primary Response Identity Protection(PRIP;$24.95) offers the exact same protection as Primary Response SafeConnect(PRSC;$34.95) except that it lacks the "monitored" list and ability to manually "allow" or "quarantine" an executable.

    For those of you who are interested in trialing or purchasing PRIP for Vista SP1, please contact Sana Security at (support[at]sanasecurity[dot]com) and request the registry fix for the "failure to start service" problem that I had originally experienced.


    Peace & Gratitude,

    CogitoErgoSum
     
  17. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    I am not sure, if its true or not. But for I learnt from a different forum, that in Vista , true HIPS capabilities is not possible.
    Since MS has still not provided APIs needed, so HIPS depend on user hooks. Which malware can bypass easily.

    Hence best invest in a HIPS, post VISTA sp2 ;)
     
  18. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Do you mean Vista 32 or 64 bit here?
     
  19. Smiggy

    Smiggy Registered Member

    Joined:
    May 2, 2007
    Posts:
    209
    Location:
    The Angel Isle
    In the meantime you can configure Windows Defender to work as a HIPS package.

    Change your membership from basic to advanced,
    This gives you additional options not avaible from the standard GUI.
    Then go into TOOLS and simply check the options:

    Enable real-time protection & choose if Windows Defender should notify you about:

    * Software that has not yet been classified for risks
    * Changes made to your computer by software that is permitted to run

    Voila, HIPS!
     
    Last edited: Sep 11, 2008
  20. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Well both !! See here in KL forum.

    Here the KL moderator, states that for Vista ( 32 & 64 bit). HIPS/Keylogger protection isn't possible due to MS.

    I am no expert, so I am not sure if this is true o_O
     
  21. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    You are wrong here. DefenseWall is full-featured at all the 32 bit Windows versions, including keylogging protection. As about 64-bit one- just search for 'PatchGuard' term, this will gives you some food to think as it is the real problem for HIPS.
     
  22. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    I know, about the Patch Guard issues and the release of MS APIs after Vista SP1.
    But when KL forum moderator, said its not possible for Vista (32-bit). Since MS was not supporting, I was shocked too :eek:

    So DefenseWall doesn't use user-mode hooks ? Or does it use some other method, to achieve the same ?
    (PS: I am not stating anything against DW or anyother HIPS. Just wanted to know if the explanation stated in KL Forums was correct )
     
  23. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    I have no idea about KL forum's moderator's expert level, I can say only for my software. DW supports 32-bit Vista the way it work with all the other 32-bit Windows versions. No user-mode hooks are used, all the defense is pure kernel-level.
     
  24. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Thanks, Ilya :thumb:
    And might I say what a damn good software you have made.
     
  25. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Vista 32
     
Loading...
Thread Status:
Not open for further replies.