Hips or Firewall ?

For about 10 months now I have run quite happily without any Hips program, no real time av and no software Firewall. A few days ago I reloaded Sygate as a test and as a have a paid for version of Prosecurity I began to wonder if that might be better.

so 3 options:

(1) continue without Hips or software firewall
(2) Sygate or OA ?
(3) Prosecurity 1.4
(4) Firewall and Hips ?

any thoughts ?

 

PS is an excellent all round HIPS and the new long awaited update is coming up soon.

 

Is that 1.4 ? or something else ? do you also use a software firewall ? assuming that you have a hardware firewall

 

Hi,

What made you abandon PS? Some considerations might help the discussion. Where you only behind a hardware FW?

Regards Kees

 

It's here.
http://www.proactive-hips.com/
1.40 Final

 

go with comodo firewall it has HIPS and its very quiet, very powerfull and it humms like a bird. you will not be disappointed.

 

(1) about a year ago - it slowed me down and never stopped anything as there was nothing to stop

(2) yes 10 months of nothing but a Netgear + firefox

 

Nothing but a router? Is the windows firewall running?
As long as you've got a stripped down system, make a backup of it and take some baseline measurements. Time your bootup, browser launch, how fast web pages open, how long it takes to launch common apps and to navigate your file system. Record your free resources and free disk space. Then do the same when you try a firewall or HIPS. You'll know exactly how much each one you try slows you down in each category. If you make a backup before installing any of them, you'll have a clean point to restore to and won't have leftover files or registry entries bloating your system and possibly bogging down the next one you try.

As for which would be best, there's no straight answer. The one that's best is the one that's most compatible with you and your preferences, and gets along with your particular system.
Rick

 

No 10 months with nothing running real time. I've done what you suggest and clearly running nothing gives the best times for boot, reboot, load. Sygate has no measurable effect that I can measure. AVs - forget it - they just produce false positives and slow things down too much. I will give Prosecurity another try- its been over 10 months since last installed. will be interesting to see if it is
yet as light as Sygate. when OA is fixed ( icons not working) I will also give that a go. At this point I can not see much point in having both a software firewall and hips.

 

Evidently you are not a high-risk surfer. Your router gives superb incoming protection -- no firewall needed for that.

You didn't mention if you are running an antivirus. I assume that you are -- but if not, running the free versions of AVG or Avira would be a good idea.

As to a HIPS, ProSec is good but seems heavier than what you need for your level of risk. IMO, the free version of Threatfire would be quite enough (it's free). With TF + AV + Router, you would be very well protected, & have a very zippy computer, as well.

 

Thanks - If you think ProSec is heavy for me then although I will play over Christmas it will only be for fun.

I didn't mention antivirus because I don't run one real time - far too heavy.
I have probgrams that that open in 3 seconds which take 10 with an AV.
Using DeepFreeze 6 or Returnil I do periodically load one of about 6 AV programs and they either show nothing or false positives ( which I get checked each time) just to be sure. Yesterday Avira reported a Deepfreeze exe as a Trojan

Have never tried TF so will take a look. As to not being a high risk surfer I have to plead guilty - nothing to report since 1996 - perhaps some day

In my defence My mail company does remove bad stuff and spam - it is not possible to send a test virus to myself - it just gets removed. As to surfing
deepfreeze/Returnil help with Acronis as a fall back. Roboform for passwords etc

 

Hello,

You'll be hard pressed to find anything that beats good ole Siggye. Kerio 2.1.5 is also very light and sweet, but I prefer Siggye.

For those of ye of little faith, just open BT or eMule, Ctrl + A everything and start downloading. After two weeks of massive traffic and not a slightest problem, you'll be hooked. Then a bit of online FPS just for good measure. Absolute perfection.

I'd go with firewall.

HIPS is for people who like to be in control / OCD / love security prompts. I doubt you fall into this category.

Mrk

 

Long View,
Try GeSWall free, very light (no slowdowns) and zero pop-ups, just run Firefox. It may not work with Roboform, though.

 

bellgamin, I've always been quite confused about this. This is my router setup, do I even need a firewall? Thank You!
http://xs222.xs.to/xs222/07511/ScreenShot001.png

 

Lucas - I have just tried this - very disconcerting - absolutely no pop ups.
I tried this on a machine due for a re-install so perhaps it's not working ?

 

If Firefox has the "G" in the title bar, it's working
FAQ

 

Since you have a router, a HIPS with network access control makes a separate software firewall much less important.

 

Interim report

- "Sygate has no measurable effect that I can measure" Long View
For your wellness take Sygate and forget about the rest.

- "I will give Prosecurity another try... At this point I can not see much point in having both a software firewall and hips." Long View
In regard to your hardware setup, as Dogbiscuit said, Prosecurity makes perfect sense. Forget about the rest.

- "When OA is fixed ( icons not working) I will also give that a go." Long View
Concerning the international economy: buy Online Armor AV+ and forget about the money

Cheers

 

Based on your screenshot, you have a very good router. It will protect you against incoming stuff VERY well indeed.

A router doesn't protect against outgoing nasty stuff. Of course, there won't be any nasty stuff on your computer unless YOU force your router to let that nasty stuff in.

With a router such as yours, it's 99.9% useless to use a full-fledged software firewall simply to control outgoing stuff.

***Add a simple custom rule to ThreatFire & it will do a good job of controlling outgoing, plus it will protect your computer against a LOT more threats. Further, TF is light as a feather.

 

The terms "hardware" and "software" when applied to firewalls are somewhat deceptive. Hardware firewalls use firewall software. Software firewalls run on your PC hardware. The real difference is that "hardware" firewalls are separate from your operating system. They have their own minimal operating system in their hardware. Functionally, the main difference is that "hardware firewalls" are separate from the PCs OS and are not affected by its vulnerabilities. Hardware firewalls are not immune to being exploited, although they'll never have as many as Windows.

Theoretically, the type of attacks that could be successfully used to defeat "hardware firewalls" is more limited that what could be done to one that runs in Windows. Attacks that kill a firewall are worthless for infiltration as they'd also kill the internet connection, the opposite of what happens with a "software firewall". These would only be good for denial of service attacks, DOS.

The primary advantage of a software firewall over a hardware firewall is that a software firewall can control traffic on a per application basis whereas a hardware firewall only sees the entire PC. A software firewall can limit an updaters internet access to one specific IP, the vendors update server, while still allowing your browser to connect anywhere. Instant message programs, P2P apps, services like Call Wave, anything that acts as a server, these need to receive incoming traffic, often on a specific port, from a specific IP. With a software firewall, you can limit the inbound access to a specific IP, port, and for a specific protocol for each app individually. With a hardware firewall, you can limit the allowed IP(s), the port number, and the protocol allowed, but you can't specify what apps can use it. It's open to the whole PC.

When deciding if you need (or want) a software firewall in addition to hardware, you need to look at the apps you use. If any require you to make allowances to your router/firewall for incoming traffic, you should seriously consider one. If you don't use anything that needs incoming connections and are not concerned about controlling outbound traffic, the hardware firewall is sufficient. Some firewalls like Kerio 2.1.5 allow a manual start instead of autostarting with Windows. If yours is a situation where you need one only occasionally, a software firewall with a manual start is another option. Use it only when you need one.
Rick

 

Rick,

True should be named hardware with build in software firewall (but that is a long name). The case a software firewall comes in handy you described, is also applicable for a policy sandbox. The latter type programs are easier to use and provide with less knowledge a better protection in my opinion. So agree, but in those cases (behind a HW FW) I would choose a sandbox.

Regards