Hips or Firewall ?

Discussion in 'other anti-malware software' started by Long View, Dec 16, 2007.

Thread Status:
Not open for further replies.
  1. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    For about 10 months now I have run quite happily without any Hips program, no real time av and no software Firewall. A few days ago I reloaded Sygate as a test and as a have a paid for version of Prosecurity I began to wonder if that might be better.

    so 3 options:

    (1) continue without Hips or software firewall
    (2) Sygate or OA ?
    (3) Prosecurity 1.4
    (4) Firewall and Hips ?

    any thoughts ?
     
  2. Arup

    Arup Guest

    PS is an excellent all round HIPS and the new long awaited update is coming up soon.
     
  3. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Is that 1.4 ? or something else ? do you also use a software firewall ? assuming that you have a hardware firewall
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    What made you abandon PS? Some considerations might help the discussion. Where you only behind a hardware FW?

    Regards Kees
     
  5. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    It's here.
    http://www.proactive-hips.com/
    1.40 Final
     
  6. 2good

    2good Guest

    go with comodo firewall it has HIPS and its very quiet, very powerfull and it humms like a bird. you will not be disappointed.
     
  7. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    (1) about a year ago - it slowed me down and never stopped anything as there was nothing to stop

    (2) yes 10 months of nothing but a Netgear + firefox
     
  8. herbalist

    herbalist Guest

    Nothing but a router? Is the windows firewall running?
    As long as you've got a stripped down system, make a backup of it and take some baseline measurements. Time your bootup, browser launch, how fast web pages open, how long it takes to launch common apps and to navigate your file system. Record your free resources and free disk space. Then do the same when you try a firewall or HIPS. You'll know exactly how much each one you try slows you down in each category. If you make a backup before installing any of them, you'll have a clean point to restore to and won't have leftover files or registry entries bloating your system and possibly bogging down the next one you try.

    As for which would be best, there's no straight answer. The one that's best is the one that's most compatible with you and your preferences, and gets along with your particular system.
    Rick
     
  9. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    No 10 months with nothing running real time. I've done what you suggest and clearly running nothing gives the best times for boot, reboot, load. Sygate has no measurable effect that I can measure. AVs - forget it - they just produce false positives and slow things down too much. I will give Prosecurity another try- its been over 10 months since last installed. will be interesting to see if it is
    yet as light as Sygate. when OA is fixed ( icons not working) I will also give that a go. At this point I can not see much point in having both a software firewall and hips.
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Evidently you are not a high-risk surfer. Your router gives superb incoming protection -- no firewall needed for that.

    You didn't mention if you are running an antivirus. I assume that you are -- but if not, running the free versions of AVG or Avira would be a good idea.

    As to a HIPS, ProSec is good but seems heavier than what you need for your level of risk. IMO, the free version of Threatfire would be quite enough (it's free). With TF + AV + Router, you would be very well protected, & have a very zippy computer, as well.
     
  11. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country

    Thanks - If you think ProSec is heavy for me then although I will play over Christmas it will only be for fun.

    I didn't mention antivirus because I don't run one real time - far too heavy.
    I have probgrams that that open in 3 seconds which take 10 with an AV.
    Using DeepFreeze 6 or Returnil I do periodically load one of about 6 AV programs and they either show nothing or false positives ( which I get checked each time) just to be sure. Yesterday Avira reported a Deepfreeze exe as a Trojan

    Have never tried TF so will take a look. As to not being a high risk surfer I have to plead guilty - nothing to report since 1996 - perhaps some day :'(

    In my defence My mail company does remove bad stuff and spam - it is not possible to send a test virus to myself - it just gets removed. As to surfing
    deepfreeze/Returnil help with Acronis as a fall back. Roboform for passwords etc
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    You'll be hard pressed to find anything that beats good ole Siggye. Kerio 2.1.5 is also very light and sweet, but I prefer Siggye.

    For those of ye of little faith, just open BT or eMule, Ctrl + A everything and start downloading. After two weeks of massive traffic and not a slightest problem, you'll be hooked. Then a bit of online FPS just for good measure. Absolute perfection.

    I'd go with firewall.

    HIPS is for people who like to be in control / OCD / love security prompts. I doubt you fall into this category.

    Mrk
     
  13. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Long View,
    Try GeSWall free, very light (no slowdowns) and zero pop-ups, just run Firefox. It may not work with Roboform, though.
     
  14. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    bellgamin, I've always been quite confused about this. This is my router setup, do I even need a firewall? Thank You!
    http://xs222.xs.to/xs222/07511/ScreenShot001.png
     
  15. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Lucas - I have just tried this - very disconcerting - absolutely no pop ups.
    I tried this on a machine due for a re-install so perhaps it's not working ?
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    If Firefox has the "G" in the title bar, it's working ;)
    FAQ
     
  17. Dogbiscuit

    Dogbiscuit Guest

    Since you have a router, a HIPS with network access control makes a separate software firewall much less important.
     
  18. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Interim report ;)

    - "Sygate has no measurable effect that I can measure" Long View
    For your wellness take Sygate and forget about the rest.

    - "I will give Prosecurity another try... At this point I can not see much point in having both a software firewall and hips." Long View
    In regard to your hardware setup, as Dogbiscuit said, Prosecurity makes perfect sense. Forget about the rest.

    - "When OA is fixed ( icons not working) I will also give that a go." Long View
    Concerning the international economy: buy Online Armor AV+ and forget about the money :D

    Cheers
     
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Based on your screenshot, you have a very good router. It will protect you against incoming stuff VERY well indeed.

    A router doesn't protect against outgoing nasty stuff. Of course, there won't be any nasty stuff on your computer unless YOU force your router to let that nasty stuff in.

    With a router such as yours, it's 99.9% useless to use a full-fledged software firewall simply to control outgoing stuff.

    ***Add a simple custom rule to ThreatFire & it will do a good job of controlling outgoing, plus it will protect your computer against a LOT more threats. Further, TF is light as a feather.
     
  20. herbalist

    herbalist Guest

    The terms "hardware" and "software" when applied to firewalls are somewhat deceptive. Hardware firewalls use firewall software. Software firewalls run on your PC hardware. The real difference is that "hardware" firewalls are separate from your operating system. They have their own minimal operating system in their hardware. Functionally, the main difference is that "hardware firewalls" are separate from the PCs OS and are not affected by its vulnerabilities. Hardware firewalls are not immune to being exploited, although they'll never have as many as Windows.

    Theoretically, the type of attacks that could be successfully used to defeat "hardware firewalls" is more limited that what could be done to one that runs in Windows. Attacks that kill a firewall are worthless for infiltration as they'd also kill the internet connection, the opposite of what happens with a "software firewall". These would only be good for denial of service attacks, DOS.

    The primary advantage of a software firewall over a hardware firewall is that a software firewall can control traffic on a per application basis whereas a hardware firewall only sees the entire PC. A software firewall can limit an updaters internet access to one specific IP, the vendors update server, while still allowing your browser to connect anywhere. Instant message programs, P2P apps, services like Call Wave, anything that acts as a server, these need to receive incoming traffic, often on a specific port, from a specific IP. With a software firewall, you can limit the inbound access to a specific IP, port, and for a specific protocol for each app individually. With a hardware firewall, you can limit the allowed IP(s), the port number, and the protocol allowed, but you can't specify what apps can use it. It's open to the whole PC.

    When deciding if you need (or want) a software firewall in addition to hardware, you need to look at the apps you use. If any require you to make allowances to your router/firewall for incoming traffic, you should seriously consider one. If you don't use anything that needs incoming connections and are not concerned about controlling outbound traffic, the hardware firewall is sufficient. Some firewalls like Kerio 2.1.5 allow a manual start instead of autostarting with Windows. If yours is a situation where you need one only occasionally, a software firewall with a manual start is another option. Use it only when you need one.
    Rick
     
  21. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Rick,

    True should be named hardware with build in software firewall (but that is a long name). The case a software firewall comes in handy you described, is also applicable for a policy sandbox. The latter type programs are easier to use and provide with less knowledge a better protection in my opinion. So agree, but in those cases (behind a HW FW) I would choose a sandbox.

    Regards
     
Loading...
Thread Status:
Not open for further replies.