Hips question and recommendations

Discussion in 'other anti-malware software' started by Ashanta, Jul 28, 2009.

Thread Status:
Not open for further replies.
  1. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    Hi to all forum users,


    I'd like to install a strong HIPS figure to prevent from PC attacks with low ressource and not to be annoyied with many pop-up windows.

    I was thinking about Process Guard, Real-Time Defender (old Pro Security), Anti-hook, Mamutu, Deep System Explorer

    Anybody has any good or bad experiences with any of them ?

    Any others suggestion ?


    These are my running programs:

    Eset Nod32 v2.7 (old version but with the updated signatures)
    Outpost Pro Firewall v 6.5.5
    Prevx 3.0.1.65 free version
    Sandboxie 3.38 (not yet configured)
    Shadow Defender
    Malwarebytes Antimalware (paid version)
    Super Antispyware 4.26
    Zemana Antilogger
    Hostman with updated hosts file
     
  2. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,121
    Location:
    Pennsylvania.
    Spyware Terminator is pretty darn good. :D
     
  3. Retadpuss

    Retadpuss Suspended Member

    Joined:
    Apr 4, 2009
    Posts:
    226
    Hi, Processguard is a dead application (DiamondCS) - not developed in years. Deep system Explorer is something cobbled together by some suspect and rebranded DiamondCS. All the reports I hear about DiamondCS as it is now are bad and you usually dont get a license when you pay them!

    Couldnt comment about the others you mention in any great depth. Not a fan of Mamutu.

    I have tried several HIPS and I have stuck with Zemana Antilogger. Light, only ever alerts on a real threat and is bullet proof.

    Puss

    EDIT - I see from your signature that you are already using Zemana. This is a HIPS! You do not need another!
     
  4. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    ....
    o_O

    Okay, first of all, no. SpywareTerminator can't even begin to come close to the functionality of a HIPS program. I wouldn't even use it for what it was meant for, stopping spyware. Pop-up windows with HIPS is all about configuration really. My personal issue with them aside, I honestly think if you want a full-fledged HIPS that can be made very quiet yet offer extremely strong protection and tweaking ability, Comodo ranks up there with the best of them. If you'd like something still very strong but find yourself looking at classical HIPS messages with a confused look on your face, look into some of the policy-based programs such as Defensewall.

    With those, you don't really see a lot of pop-ups or actions, they basically handle themselves, making for a pretty simple, nearly trouble free experience. However, again, if you're looking for a full fledged HIPS, which you seem to be, I've got to give Comodo its due. As for your other programs you listed, hopefully someone with more experience with them can help out.

    Edit: As far as Zemana, I thought this was merely an anti keylogger/screen capture program, not a HIPS?
     
  5. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi,

    I wouldn't go with Process Guard and Real-time defender since there are no more develop or improved against new threats. But for having each of them at some point in time there were and still great program...

    Now, I prefer to go with Malware Defender 2.3.2 (http://www.torchsoft.com/en/md_information.html ) wich is in the same line of protection than PG and RTD but being actively develop and upgraded... ;)
     
  6. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    501
    WHY?
    You use outpost Firewall PRO.It has built in HIPS.Also Zemana has HIPS capabilities.
    If u are using all that in your signature you already have a army of security products on your PC.
    If u like to try ,use security products(most of us are security software junkies :D )and have only one PC,than use virtual BOX,and /image back up program and test different configurations on different images.
     
  7. thathagat

    thathagat Guest

    well i assume your outpost is free version so as puss said zemana is reasonably good and you can try private firewall which has become free and has DSA ...see here...http://www.privacyware.com/personal_firewall.html
     
  8. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi Dw426,

    I don't consider Defensewall as a "classical" HIPS but more like an hybrid between sandboxe and HIPS (for is rules). In fact, I found Defensewall and Geswall fantastic especially because they don't throw a lot of message if any at all and they are also simple to use with great support if any problems or questions...
     
  9. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I know it isn't a classical :) Just figured I'd toss that idea out there in case the OP wanted pretty strong protection but didn't want to fool with a ton of alerts from a standard HIPS app that hasn't been "toned down" so to speak.
     
  10. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe

    The premise is wrong. A real and " strong " HIPS must alert with pop up. Pop are not banners or advertising, pop up tell you what are happening in your system and help you to check and to set up it. Things are so. Real HIPS are so.
     
  11. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    I had Spyware Terminator, one year ago, but I was annoying with all pop-up windows. It's not so effective detecting malwares.

    DefenceWall, always asking question about trusted and untrusted programs. If you choose an untrusted program as trust program, and this program is a malware but you don't know, you would be infected for running. In this case, no protection at all. Of course, the users choice was the guilt.
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    MalWare Defender is one of the best pound per pound antimalware solution avaliable today;)
     
  13. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    More HIPS? You allready have 4 on your system (see bold programs)
     
  14. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    There lies your problem with ANY of these types of programs, if it relies on a user, something bad can happen. However, even with programs that let you sit back and watch it do all the work, something can be missed completely, mis-identified and so on. There is no bullet-proof, perfect solution and there never will be. If you use a HIPS, you're going to have to do some learning if you haven't already, and honestly, it isn't that hard. No matter what all is said about pop-ups, a well-configured HIPS, whether configured by you or configured out of the box, will leave you alone 9 times out of 10 unless it's something that really needs your attention.

    Edit: They're right, you're already decently covered. Do you not like the behavior of the other programs? One reason you may be getting a ton of pop-ups is you have 4 programs doing the same job.
     
  15. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Process Guard is still thought of quite highly by some, and you can still DL it.

    I've been running Threatfire & Dynamic Security Agent & OA free along with AntiVir, on XP very successfully for a couple of years. I recently included Prevx into the mix, and they all seem to enjoy living together.

    Right now typing this my CPU is 97% free, and other resources are nothing to worry about either.
     
  16. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec

    Well, it seems like you have somewhat 4 HIPS running together + an antivirus... Ain't that going overboard:eek:
     
  17. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Atomas31

    Haha, maybe. I didn't put them all in at once though, just kept on trying out different Apps. I always try and see if things will work together, because some think they won't. Maybe a number of combinations won't, but these do, for me anyway.

    There is some overlap in alerts, but people might be surprised to learn that often one App or the other will alert to many things the others don't. I've lost count on the amount of times this proved very useful.

    Of course depending on how the options are set makes a difference to the amount of alerts you receive. All my Apps except Prevx are set on max, but unless i'm doing something unusual the're relatively quiet most of the time.

    I often DL Malware and sometimes run it, so need it all really.
     
  18. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    I'm using Real Time Defender and like it alot as well as ThreatFire. I trialed Anti Hook 3.0 about seven months before the two previously mentioned and really wanted to purchase that but they refused to sell it to me. Their reply was that a new version was expected out in February of this year which has come and gone. For me, Anti Hook 2.6 was very similar to Neoava Guard. Both were excellent at performing BSOD. I'm sure both work well for others and their setup but not mine for whatever reason. I've tried and liked Process Guard and Online Armour.
     
  19. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    you are sure not to be a bit paranoid?
    serious question...!
    what are you doing on you computer?
    obviously surfing on strange sites?
    using conscious malicious software?

    first - whats not there cannot be corrupted or attacked
    no rights - no damage -> restricted user profile

    Sandboxie -> (not yet configured) <-- big ouch

    >> Eset Nod32 v2.7

    Using on WinXP - not that kind of problem - under Vista or higher=bigger problem

    I would reduce that list to:
    Eset (Upgrade recommended)
    Outpost (disabled av due Eset)
    Shadow Defender

    MBAM is ok for manual scan - or PrevX - or a² - or...
    NOTE: MBAM beside NOD32 is slowing really down - they block each other.

    Sandboxie is fine when configured well - although the default settings
    offer some good protection.

    BTW you dont need to click or start any - just remind "do i really need it?"
     
  20. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Programs, and trusted sites, are also the top of the security problem iceberg. No one behaviour or on the cloud software can recognize and detect all the kind of malwares, intrusions, iniected codes in web pages, zero days attacks, vulnerability in Windows, MS Office, JavaVM, Adobe.......Do you know all kind of malwares and rootkits ? Do yo remember Conficker or Gromozon changing techniques ?....
     
  21. wat0114

    wat0114 Guest

    In spite of overlap considerations, or trying to prove more than one HIPS can be run simultaneously, I would not run more than one HIPS, with the only possible exception being Sandboxie (maybe Defensewall?? - perhaps someone can comment) run with a classical HIPS. My choices would be in no particular order:

    • Sandboxie (though this more of a program-isolation product)
    • Malware Defender (run in learning mode for a day or two across all user accounts)
    • Outpost Firewall/Security Suite

    I would run any type of setup under a limited account.

    One other very lean, yet I feel powerful setup, would be Sandboxie under a limited account with SRP (your O/S-built-in simple and effective HIPS) enabled. Just my thoughts.
     
  22. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    659
    Location:
    Europe
    Before installing Sandboxie, Shadow Defender, Zemana and Prevx (free version), I get infected more or less 3 times a year. I noticed that Malwarebytes, Eset Nod and SuperAntispyware real time protection don't give enough protection against all kind of malware. So, that's the main reason, I recently installed Zemana, SB, SD and Prevx. With Prevx, I get a lot of false alarms.

    I even plan to change my old Eset Nod 32 v2.70 for Avira Antivir Premium, from which I heard so many positives things here and from malware comparative websites.

    I forgot to mention that I'm under Vista 32 bits as Admin (of course, I need a user policy to keep safe my computer, for example, with SRP, DefenceWall,...SRP is to strict policy, for me)

    I'm looking for a strong HIPS, blocking rootkits and other malicious drivers from installing, protecting physical memory from modification, blocking hooks and code injections, protecting against User imitation attacks and Windows file protection attacks. That's why I was thinking about programs like Real-Time Defender (old Pro Security), Anti-hook, Mamutu, Deep System Explorer, Process Guard (the new version) or others similar software.

    I'm not paranoiad, I don't want to be annoyed by malware from Internet website or from P2P programs.

    I know that I need to learn more about security, that's the reason I'm here, to learn from yours experiencies.


    I don't want a virtual software like virtualbox, vmware and other virtualization programs.
     
    Last edited: Jul 28, 2009
  23. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    The point about different alerts in diffferent apps is very interesting .

    I found that when I started looking at something I thought was pretty straightforward , windows auto-start settings , that different Apps had different lists of these !

    So I was getting a bit worried that malware would slip into one path that my main app didn't cover.

    In the end ,decided to just treat this as an unimportant oddity , and try and stick with one app which I use to control most of my startup list.
     
  24. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Okay, here's my humble opinion and setup that has kept me malware free for the last 2 years at LEAST.

    1. Firefox with Noscript and AdblockPlus extensions. (I've added a few extensions, but those two alone will cover you VERY well).

    2. Avast Antivirus, free version with Webshield and P2P Shield set to High, all others set to Normal.

    3. Sandboxie (I have paid but the free version is just as good).

    4. MalwareBytes Antimalware, free on-demand version for quick scans after a surfing session.

    That's it, no real time blockers, anti-this and that, nothing. I scan every file I download before I open/execute it, but other than that, no other security measures, apps to get in the way or use resources. If you just use your head (and make others that use your system use theirs), back up your data and just put a few simple roadblocks in place like I have listed above, there's honestly not really anything out there that's going to bite you as far as malware.

    As far as your learning about security, this is a GREAT place to learn. Allow me to get you started with my first rule of security: You don't need a lot of security to be secure. Drive-by downloads are pretty much turned into funny jokes with the above list. The rest of your security needs can easily be taken care of by using the best security app on the market, your own brain. Keep it simple, otherwise you will run into the frustrations we see here every day like conflicts, too much resource usage, you name it, it can be caused by running too many security apps.

    Light and secure is the name of the game :)

    Edit: By the way, the code injections, hooks, all that is often part of normal program installs/operations. Keep that in mind when you start answering HIPS prompts. The other attacks you worry about are all taken care of by following my previous suggestions/advice.
     
  25. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    as i thought... must be some reason for that overkill.

    Run your p2p-software within sandboxie - and dont think about it.
    and use the right p2p software - not the one with big holes...
    That and more is reason to run p2p in a restricted area - in extreme cases
    use a virtual machine with nothing else in.

    the problem you dont realize - you grab the **** - if you want or not.
    and all what you do is using another doorkeeper which can be knocked off.

    >> I even plan to change my old Eset Nod 32 v2.70 for Avira Antivir Premium

    if you like fake messages on your p2p like pain in the ass?
    Both are really good - but cause to that i decided again for eset.
    (not only that - but i need to check some software again and again...)

    i guess i'm outta here...
     
Loading...
Thread Status:
Not open for further replies.