HIPS or AV

Discussion in 'other anti-malware software' started by trjam, Jan 7, 2008.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Without comparing specific products, if you had to choose between a solid HIPS or a solid AV, which would you choose and why. I am hoping this thread may help to clarify some of the issues and/or myths of both for folks like me.
     
  2. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    A solid HIPS, of course.

    Sensible application of execution control alone can stop 99.999% of all malware out there. Using an AV, on the other hand, is always a gamble.
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    A solid AV for me. I dont feel protected with HIPS as they dont identify malware.
     
  4. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    A solid HIPS. As a matter of fact, i 've been thinking of a setup without resident scanner and using only on demand. The bad thing is that nowdays, most antivirus programs need background services running even when used on demand and i don't like that. I do have Dr. Web Cure it, but i would like more...

    Anyway, HIPS. You can always scan something before installing it (even use online scanners like jotti's). And HIPS can always make you suspicious. While if you rely on your AV and it fails, then you have no warning about the malware you just installed.
     
  5. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks:

    Your Solid HIPS is comprised of ......... ?

    I am still in search of such a creature .
     
  6. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    ProcessGuard would be more than enough for a default-deny policy.
     
  7. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK
    I havent decided yet. I would use both, but if i have to choose i would go with HIPS! Hips would make me feel safer.
     
  8. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,, Thanks.

    I just wish someone can take over what PG has left of and continue.
     
  9. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Personally i like SSM free. For the simple fact that if you uninstall programs, you can can momentarily go on and off learning mode and it will ask you to delete the "unused rules". This way you don't clutter your rule list with applications that no longer exist on your PC.
     
  10. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    HIPS... Of course I like to add some other programs but not AV.
     
  11. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Well I can't resist, but Online Armor AV+ is HIPS plus on-demand AV (Kaspersky Engine), best of both IMO, but most of you already know that.

    dja2k
     
  12. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    It depends on which type of environment I´m running in:

    If I´m running in a restricted account, I would choose an AV for some protection against keylogger classified malware.

    If I´m running in an admin mode I would choose HIPS for kernel level protection before malware can activate a process.

    /C.
     
    Last edited: Jan 7, 2008
  13. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    If I had to choose it would be HIPS but as I don't have to choose I choose to use neither.
     
  14. wat0114

    wat0114 Guest

    For me to choose one over the other, the HIPS gets the edge and it would be SSM Pro, but the free version is nice, too.
     
  15. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Interesting question.
    For me the answer is (by a slim margin) "a solid AV".
    Reason? I don't know enough about how to accurately interpret the information displayed in a HIPS alert to know I'm going to be safe every time. And I think a lot of folk are in this situation, though maybe not so many members of this forum. (How often do you read about users wanting a security solution that doesn't give them pop-ups?)
    Of course, since I have the option of running both, that's what I use. And have, as a result, learned a bit about the mysterious, shrouded, occult workings of the computer as a result.
    It's been so long since I encountered any real malware that I think I'd get quite a shock if the HIPS popped an alert for something genuinely harmful.
     
  16. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    yep,

    also Safe N Sec + AV includes Drweb.

    personally, i use prevx with the original drweb program and modules :)
     
  17. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    If I had to pick only one, then I think a HIPS would be it nowadays.... seems more likely that it would catch and stop anything bad....
     
  18. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Hi,

    I try to answer it this way:
    My everyday setup is KAV and OA.
    Currently I am testing KIS 7.0.1.321 Beta without any other security software.
    And I must admit that I feel kind of naked :oops:

    If I should decide, I would take a HIPS.

    Cheers
     
  19. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    In principle LUA/SRP will protect you from drive by downloads, so the only reason to have anything else is you are not sure of what you are putting on your machine intentionally. If all your software came from the sites of reputable publishers, that should cover everything.

    I suppose a HIPS will tell you all sorts of stuff when installing software, but not everyone will know the difference between malware and ordinary software from those warnings, if indeed the program will install without turning off HIPS or going into the install mode.
     
  20. baerzake

    baerzake Registered Member

    Joined:
    Aug 18, 2007
    Posts:
    44
    why not HIPS+AV? more than security.
     
  21. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I think if one is running a sandbox/virtualization program, HIPS is preferable mainly to stop executables. If you are running 'normally' (no sandbox) I would definitely use HIPS and AV.
     
  22. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Yep but who still uses Safe'N'Sec these days?

    dja2k
     
  23. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Hi all,

    I have recently updated the Cyber Self defense part of my web site...

    No hamster was harmed in the making of this article...
     
  24. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    I'd choose AV which includes HIPS :)
    If I could only choose an AV scanning engine or HIPS, I'd choose HIPS personally... far better against 0-day malware.

    If I shares a computer with someone less techy than me, I'd choose AV though... (more user-friendly).. non-techy users tend to allow all popups from HIPS
     
  25. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    lots of people, why?
     
Loading...
Thread Status:
Not open for further replies.