HIPS for Vista ???

I have not been able to find a HIPS for Vista that will work for me and need a few suggestions. Mamutu conflicts with Ad Muncher and Threatfire conflicts with my life- well actually just my keyboard. But it has cost me more than a few gray hairs. DSA seems to still have problems with Vista as well.

I have UAC enabled and it seems to be working well enough. So I am not real sure about using something like GeSwall or Defensewall.

I am considering Primary Response SafeConnect (or Identity Protection) but have heard a few people getting bsod's with it. Besides that I am unsure of what to try. I have PC Tools firewall and it seems to be doing an ok job so I am not really wanting Comodo w/Defense+. I have used it before and it always ended up making my system hang at some point (has happened 3-4 times).

So what is left? Does SSM free work with Vista? Also, does Rising Anti-Virus w/ HIPS work alright if the AV is completely disabled? Is there some way to completely disable the av? And has anyone tested the HIPS component? What about ProSecurity- whatever the name is now- is it still the same as the 1.43 version of PS that had Vista issues?

Is OnlineArmor beta for Vista close to release in a final version?

Any other ideas of what to try with Vista?

The rest of my set up (besides PC Tools fw) is Nod32 (back with it now), SuperAntiSpyware, SpywareBlaster, Mailwasher for spam and a Netopia high speed modem with built in firewall.

 

ThreatFire Version Information
Current Version: 3.5.0
File Size: 19 MB
Release Date: Monday, April 28, 2008
Operating System: Designed for Windows® Vista™, XP, 2000 and 2003

 

sorry i didnt see that in the first part you mention having conflicy with threatfire.

 

did you try DefenseWall HIPS ?

 

The host protection in outpost pro 2009 works very well on vista. And the firewall component of outpost is also fantastic.

 

Hello acr1965,

Under Vista 32 SP1 with UAC disabled, I have been successfully using DefenseWall with ether Norton AntiBot(NAB) or Primary Response SafeConnect(PRSC) with no problems. As for Primary Response Identity Protection(PRIP), I have recently submitted a crash dump and log to Sana Security for analysis.

Hope this helps.


Peace & Gratitude,

CogitoErgoSum

 

Maybe WinPatrol PLUS:

http://www.winpatrol.com/whyplus.html?index

 

Thanks for the info.
Have you ran PRSC with UAC as opposed to Defensewall?

 

Will give it a look. Thanks.

 

Hello acr1965,

My experience is primarily with running DefenseWall with or without NAB/PRSC and with UAC disabled on both Windows XP SP3 and Vista SP1. If I am not mistaken, Kees1958 has one computer running PRSC with UAC on Vista 64 with success.


Peace & Gratitude,

CogitoErgoSum

 

I think you have enough protection as it is. NOD32 should pick up most spy/adware and Spyware Blaster should block most from being installed so running SAS in realtime (if you are) seems superfluous. If you're running LUA with UAC you shouldn't need a full blown HIPS with the PC Tools FW (which has good process protection HIPS features). Sandboxie for running questionable apps might be a good addition.

Do you use Windows Mail? Isn't it's antispam feature adequate?

 

I don't quite think so. NOD32 is really awful when dealing with spyware, I would use SAS on real time since it is compatible.

 

I use Mailwasher free with Outlook 2007.

 

Real-time Defender (PS 1.43) did not work for me with Vista SP1, but Malware Defender did.
Some informations about Malware Defender:
https://www.wilderssecurity.com/showthread.php?t=217522

Online Armor 3 beta 162 seems to be pretty stable, there were not really more problems reported at OA Forums than after a final release.

Cheers

 

I'm going to agree with emperordarius. In the 4 months I've been running NOD32, 5 spyware/adware infections have gotten through. I added Windows Defender alongside NOD32 to hopefully catch any future malware.

Even though you shouldn't have to add an AS when running NOD32, and regardless of what all the tests say, it appears you need to because it doesn't do a very good job stopping them in real life.

 

For those who are interested,

Primary Response Identity Protection(PRIP;$24.95) offers the exact same protection as Primary Response SafeConnect(PRSC;$34.95) except that it lacks the "monitored" list and ability to manually "allow" or "quarantine" an executable.

For those of you who are interested in trialing or purchasing PRIP for Vista SP1, please contact Sana Security at (support[at]sanasecurity[dot]com) and request the registry fix for the "failure to start service" problem that I had originally experienced.


Peace & Gratitude,

CogitoErgoSum

 

I am not sure, if its true or not. But for I learnt from a different forum, that in Vista , true HIPS capabilities is not possible.
Since MS has still not provided APIs needed, so HIPS depend on user hooks. Which malware can bypass easily.

Hence best invest in a HIPS, post VISTA sp2

 

Do you mean Vista 32 or 64 bit here?

 

In the meantime you can configure Windows Defender to work as a HIPS package.

Change your membership from basic to advanced,
This gives you additional options not avaible from the standard GUI.
Then go into TOOLS and simply check the options:

Enable real-time protection & choose if Windows Defender should notify you about:

* Software that has not yet been classified for risks
* Changes made to your computer by software that is permitted to run

Voila, HIPS!

 

Well both !! See here in KL forum.

Here the KL moderator, states that for Vista ( 32 & 64 bit). HIPS/Keylogger protection isn't possible due to MS.

I am no expert, so I am not sure if this is true

 

You are wrong here. DefenseWall is full-featured at all the 32 bit Windows versions, including keylogging protection. As about 64-bit one- just search for 'PatchGuard' term, this will gives you some food to think as it is the real problem for HIPS.

 

I know, about the Patch Guard issues and the release of MS APIs after Vista SP1.
But when KL forum moderator, said its not possible for Vista (32-bit). Since MS was not supporting, I was shocked too

So DefenseWall doesn't use user-mode hooks ? Or does it use some other method, to achieve the same ?
(PS: I am not stating anything against DW or anyother HIPS. Just wanted to know if the explanation stated in KL Forums was correct )

 

I have no idea about KL forum's moderator's expert level, I can say only for my software. DW supports 32-bit Vista the way it work with all the other 32-bit Windows versions. No user-mode hooks are used, all the defense is pure kernel-level.

 

Thanks, Ilya
And might I say what a damn good software you have made.

 

Vista 32