HIPS Programs.

Discussion in 'other anti-malware software' started by Badcompany, Jul 28, 2007.

Thread Status:
Not open for further replies.
  1. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    Hello Forum,
    Do you really need a HIPS program,If so, which one of these is the easiest to set-up and maintain. SSM - Dynamic Security Agent - Prosecurity. I have my AV- FW-SAS Pro. and Boclean.Is this not enough?
    Badcompany.
     
    Last edited: Jul 28, 2007
  2. jm0307

    jm0307 Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    77
    Hello Badcompany,

    I am not qualified to answer your question, but I can point you to a recent thread in which I had asked a similar question.


    http://www.wilderssecurity.com/showthread.php?t=172990&highlight=HIPS+novice


    Best wishes
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    I dont think theyre necessary, but for easy-to-use Id suggest Prevx2, Cyberhawk, or Online Armor.
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I'm currently running without one and don't think they're absolutely necessary either, however, I would say that if you're worried about something getting past your AV or otherwise slipping past your other security software, then it doesn't hurt to run one. I like ProSecurity Free myself...
     
  5. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I think they are quite critical in some situations.
     
  6. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Your security is not waterproof so HIPS is a must if you worry 2 much.

    PS and OA all the way!
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Yes, you do need a HIPS program. Other security programs (such as antiviruses, antitrojans, etc) depend on blacklists -- which are descriptive patterns of the bad stuff that is PRESENTLY known-to-exst. If a NEW bad stuff comes around, the blacklist won't recognize it, and will NOT block it.

    HIPS do not use blacklists in order to recognize bad stuff. Instead, they will notify you if a certain process has never been seen before, or if a process is trying to do suspicious things, or if a process is trying to get into a sensitive area.

    At a department store (for example) ---

    1- A blacklist-based antivirus is like giving a security guard a description of Freddie-the hand, a well-known shoplifter who has been arrested many times -- 6' tall, blonde hair, pasty-green skin, walks with a limp, hunched-back, etc.

    But along comes light-fingered Louie, who has never been caught.

    2- A HIPS is like a roving security guard who follows Louie wherever he goes. That guard will notice and react to any suspicious behavior on Louie's part, SUCH AS: (a) loitering near the jewelry counter, OR (b) entering a fitting room with 2 suits, & exiting with only one suit -- and so forth.

    HIPS will almost always spot a "0day" nasty like Louie. A blacklist-based application will seldom do so.

    IMO, you need a HIPS that is (1) easy to use AND (2) good at its job AND (3) offers friendly/effective/fast tech support AND (4) is stringently maintained in an up-to-date status AND (5) is rock-steady stable.

    My short list of HIPS that best meet all 5 of these vital criteria:

    Online Armor

    Prevx

    DefenseWall

    Dynamic Security Agent
     
  8. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    Hello All,
    Thanks for all your replies, much appreciated.And the story from bellgamin,makes things easy to understand, always an interesting poster. Going to try Prosecurity first, have read good things on this program and then DSA.
    Badcompany. :thumb:
     
  9. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I wonder why Bellgamin doesn't list ProSecurity.
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    PS not listed because it falls short on criteria 3,4,&5.
     
  11. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, Bellgamin: Thanks for your informative inputs. I am running Prevx2 along with McAfee Desktop FW 8.5, BlackIce and Avast home. Would you suggest to add another one such as DSA(freeware) from your short list to my defense lineups? Your advice is much appreciated.
     
  12. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    Pro-Security installed, very easy to install and configure. No difference in the speed of my Pc looking good. Disabled two boxes in Comodo: Monitor DLL's and Monitor inter-process memory.This was suggested in the Pro-security forum.
    Badcompany. :thumb:
     
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Yep, PS is a good choice, I think you will like it... :)
     
  14. Arup

    Arup Guest

    As per all the tests so far, PS outshines all and this program has the least amount of system impact in terms of slow down etc. Considering all that, its a well rounded program with no surprises, does what its supposed to without any issues.
     
  15. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Are you using the free or paid version of PS? If you are using the paid PS, are those components of Comodo supposed to be disabled in the free version as well?

    thanks
     
  16. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    I'm using the full Trail version, but i think it applies to the free version as well.
    here is the link for the forum. http://www.proactive-hips.com/forum
    Badcompany.
     
  17. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    When these questions arise, I am always amazed that I do not know a single person who has HIPS, yet they never get infected. I count myself in that group. Most use only AVG free, and some use Norton because it came on the system.

    Until I become convinced by infection, I will continue to resist installing all the various HIPS, sandboxes, and who knows what all on my computer.

    So from one who is not especially knowledgeable, but has remained clean since my first computer in 1999, my answer is "No" you do not need a HIPS program.

    However, if you are determined, and it runs well on your system then go for it.

    Best,
    Jerry
     
  18. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    After tring OA,SSM,GSS,Prevx and PG, i'm now trialing Pro Security.
    So far so good.Very stable and no conflic's with my other software's. :D
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Aside from users/members who might routinely or even occasionally practice unsafe surfing for research or other purposes, for some like myself, HIPS is opened up areas of interest normally not too much discussed before, except in circles of security/malware/rootkit programmers and others very well learned of Windows internals system makeup.

    HIPS more extensively interrogates system calls and monitors areas such as SSDT Table and such in order to cover the likelihood of kernel-mode invaders who design to exploit deeper with stealth into the Windows core system.

    I agree to a point if you practice safe surfing with the security programs mentioned, you're relatively safe from the severest of exposures to extreme forms of malware, but keep in mind, malwares such as rootkits continue to evolve and improve in an effort to bypass security protections.

    At any rate another matter to consider which is wise would also to have a plan at the ready such as a good imaging + rollback program. It's not always malware that can threaten PC stability, but simple legitimate software programs and even the Windows system itself is less than perfect, and can suddenly within a matter of time be it update or otherwise without warning can disrupt/interrupt your system thus preventing it booting up.

    Just a little something else to consider. ;)
     
  20. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    I've been a fan of SSM for about a year now. It serves me well. I run it on my main box & laptop.
    Since the slowdown in development of SSM and my licenses nearly up, I decided to look for an alternative. I bought an "all you can eat" license for Pro-Security.

    I installed it on my wife's machine and on my NAS box. The NAS is a Dell Deminsion 8200 connected 24/7 downloading movies, music... via P2P. Everything D/L's to an ext HDD. It also serves as my scanner repository so I can distribute scans to any box in the building.

    In any case, PS is working well w/ zero impact on system. Installed 1.40beta version.

    ...screamer
     
  21. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Ah the bogeyman of rootkits and evolving malware...

    The point is if safe surfing and practices suffices to keep one safe it will do so, regardless of the power of rootkits. After all the rootkits don't have any magical ability to get on. No matter how malware evolves it still gets on your computer in a few standard ways - security exploit, misconfiguration of your system or you are tricked into running them (social engineering). Evolution of malware has made them harder to detect and remove, but they still get on your computer in the same old fundamental ways.

    Of course, if one can't guarantee that malware can't get in, rootkits make detection a little more difficult, but that's another story.

    The main thing I would worry about now is the increasing use of zero day exploits. Who has the time to keep up with updating all the various security updates? I don't just mean windows, office, but also Quicktime, Flash, Java,
    IM clients, email clients, browsers, pdf readers etc etc, and again this might be paranoid, but you might think you have the latest version, but some older version might be hiding in some corner...

    And don't believe the hype that HIPS will definitely protect you... It might it might not.

    That is why i appreciate the things Secunia is doing with their online scan and now their PSI beta.

    If you rely on your security software to save your butt, whether it's some old fashioned antivirus or the most advanced HIPS promoted by the guys here, you will get nailed, it's just a matter of time.

    Don't believe all the hype... Get the basics right.
     
  22. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    To be fair HIPS today like SSM or PS are more like a nasty but dumb guard at the door who will keep asking questions on pretty much every action by pretty much every customer.

    Lousie (or any customer) walks into the door, the guard will stop him, then ask the storeowner, do you want to let him in?

    If the owner say yes, Lousie comes in and tries to walk to the back of the store to get something, again the guard will stop him first and ask the owner if he is allowed to do that.

    Lousie then tries to take a loaf of bread off the shelf, again he is stopped.

    Then he tries to walk to the cashier to pay, again he is stopped..

    Then he tries to reach for his wallet to pay, again he is stopped..

    So on so forth...

    There are smarter guards of course, but they are way less effective (there's a reason why cyberhawk and Sana's safeconnect and even prexv do so poorly, i bet no one was surprised they sucked at NicM's test.)

    (1) is the killer. (1) and (2) pretty much is a big tradeoff. (5) is also a problem. Even SSM which has the most history and one would expect to be most stable has ocassional problems, which is expected when you muck around with undocumented APIs.

    (3) is hard too since many are one-man outfits like SSM and PS. Here perhaps Online Armor and Prevx has the edge.
     
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Indeed, and exactly why it is most prudent and useful to keep a set of backup plans at the ready ALWAYS. This can be rollback + imaging apps in combo or one or another depending on which preference best suits for emergency and complete clean restore.

    Theres nothing more reliable OR responsible then keeping exact backup copies of your entire system just for such occurances.
     
  24. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Pro security is the easiest for me, i let the wizard auto scan my system drive and after that theres only minimal pop ups to deal with.
     
  25. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Yes ProSecurity is easy to use -- IF & ONLY IF you blindly accept what Prosecurity's install wizard does, and you never try to actually USE Prosecurity's GUI in order to modify one of its pre-set application rules.

    To get a feel for this fact, simply try using the GUI for Prosecurity's applications module in order to fine-tune the rule for a given process. For example, just TRY & set a "block" rule for wgatray.exe. I'm not saying that you won't be able to eventually get it done. What I AM saying is -- find out for yourself how slow & unstable Prosecurity's GUI really is.

    Even the PSDeveloper recognizes this critical flaw.

    I am not an enemy of Prosecurity. In fact, I am a fan because I actually ENJOY the complexibility & configurability of so-called "classic HIPS". I am fully persuaded that Prosecurity is *most likely to succeed* in eventually becoming the very best in that category.

    However -- until Prosecurity has brought its GUI up-to-speed (literally!), I will not include it on my short list of HIPS that I recommend to others. My list is my list. Your list may differ. Fine -- that's why there's more than 1 flavor of ice cream.:D
     
Loading...
Thread Status:
Not open for further replies.