HIPS Suggestion ?

Discussion in 'other anti-malware software' started by cupez80, Aug 7, 2007.

Thread Status:
Not open for further replies.
  1. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    What HIPS that equal or more powerfull than Kaspersky PDM ?
     
  2. ankupan

    ankupan Registered Member

    Joined:
    Oct 4, 2004
    Posts:
    436
  3. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    thank you :D
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    In my opinion, those HIPS using *similar* techniques as PDM, which are equal to or greater than PDM, are (in no particular order)...
    OnlineArmor
    System Security Monitor
    ProSecurity
    EQSec
     
  5. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    which one is better ?
     
  6. ankupan

    ankupan Registered Member

    Joined:
    Oct 4, 2004
    Posts:
    436
    HUMAN MIND (common sense) :D :D

     
  7. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    yeah thats true :D
     
  8. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Why choose? If one is good. two is better. three is best! Without going into 'philosophy' about layers it is plain common sense, you need a backup HIPS, and a backup for that backup and a backup for that backup for that backup. :D

    That's what many of how most experienced posters like Bellagamin and Easter do.
     
  9. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I like ProSecurity, but you gotta try 'em all and see which runs best on your machine..
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    The one u like and ur system likes!
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Lusher, that is not true in my case, plus it is pointedly insulting! With all your potentially helpful background, why turn into a trouble-maker?

    I use ONLY one HIPS on any given image, plus DSA (as a firewall).
     
  12. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    ill try them one by one :D
     
  13. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    Isn't DSA actually a HIPS so why do you need another APP too?
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    DSA is a hybrid security app, providing a combination of firewall & behavior blocker capabilities..

    As a firewall, DSA makes ports invisible to port scans and protects unauthorized entry the same as a dedicated firewall. DSA contains a layer-3 firewall using Stateful Packet Inspection (SPI) technology running in the background. DSA also provides protection for TCP, UDP, ICMP and and UDP Protocols.

    If the user already has a firewall installed, DSA will detect that fact and will NOT activate its own firewall capabilities.

    In addition to firewall capabilities, DSA has 3 behavior-blocker modules: System Anomalies, Email Anomalies, & Process Detection. Each of the 3 modules can be independently enabled or not enabled, at the user's option. DSA's Process Detection module basically duplicates protection offered by SSM, OA, & PS. DSA's two *anomaly* modules are non-duplicative.

    IMO -- when used & configured properly, DSA is a useful hybrid that plays nicely & can strengthen most any security set-up. I mainly use it as a firewall, but I do keep the System Anomalies module active, with sensitivity set to ignore all but very extreme deviations from norms established by DSA's training period.
     
    Last edited: Aug 8, 2007
  15. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    Your correct I tried it & it Works. DSA seems to act as a firewall. It makes a very compact setup .
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    bellgamin's recent DSA post has me installing it again. I always did like it and still do even though it comsumes more time to set the prompts then i like but i don't mind the trade off of extra time for more secure protection.

    I like to see them sharpen it even more though, it's quite a nice addition.
     
  17. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    A troublemaker for pointing out the truth?

    Hmm I don't why you are so angry when I point out you use two HIPS. It's true that DSA has some firewalling capability but it's main purpose is still that of what we call HIPS. After all the real firewall is private firewall....

    Moreover...

    Exactly. The fact that they are non-duplicative (for the sake of argument) does not mean they are not HIPS....

    You are essentially using HIPs functions of A and HIPS functions of B, and they don't overlap (or so you claim). Still sounds to me that you are using 2 HIPS!

    If I have 2 cars , each with different features, would I still have 2 cars? You betcha!

    So you do use two HIPS, I'm not sure why you want to deny that.

    You want to argue about how your use of 2 hips is okay because they are "non-duplicative" go ahead, that's another argument altogether.
    I mean I could run ProSecurity and Online Armor, and turn off features that are "duplicative" (I think some do that), so does that mean they are not using 2 HIPS?

    I'm not sure what makes DSA so special when you use it, it's not HIPS? Just because it has firewall functions doesn't make it not a HIPS...
     
  18. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The only things special about DSA is that its internal ruleset is locked and completely untweakable, it comes with a firewall that is almost as inconfigurable as its HIPS component and cannot be turned off, and it comes with two anomaly monitors that I've yet to see prove to be of any use against a piece of actual malware (I can imagine the email anomaly monitor to be theoretically effective against mass mailers though, but not at preventing them from infecting your system).

    DSA's simplicity is its own weakness. Locking the ruleset means it's already pre-configured for newbies, yet it means you cannot remedy some glaring omissions in the ruleset. Users only have a choice between entirely trusting or quarantining a program. One VERY annoying quirk about DSA is that if I want to block a program from connecting to the Internet, I have to quarantine it and cripple it from performing almost every other function - this wouldn't be so bad if the firewall part could be turned off. Last but not least, a firewall that filters only by application is an absolute nightmare for me. DSA is fine for newbies who don't like to configure their programs, but if you need to tweak its controls in any way, it just takes every possible opportunity to trip you up.
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I can't really answer to all that but as a researcher/user who has not only used 2 HIPS together without problem, but at one point in time 3! i prefer if it's possible for my HIPS (preferably only one), to cover the ENTIRE SSDT Table with it's hooks, unhookable.

    DSA, EQSecure, ProSecurity, likely others if i remember correctly cover a certain amount of positions with their security drivers in that table whereas i do know SSM hooks nearly all of those positions.

    Is that needed? Is only a choice few adequate? Someone tell me.
     
  20. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Until you can find an exploit that bypasses your security program, and if you're likely to be vulnerable to that exploit one way or another, yes, only a choice few is adequate.
     
  21. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Given a choice between a HIPS that hooks only some and one that hooks a lot more or even all?? , the choice seems obvious to me.
     
  22. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The problem is, what does it mean, or what implications are there?

    Unless you fully understand that, talks like these are merely obscure theory that intimidate people who don't understand them. On several forums I visit there were newbies who were concerned why their HIPS programs didn't stop ANI exploits, or that their antivirus software couldn't clean files in archives or had to reboot to delete trojans because they were running in memory at that time. Silly, and a waste of time.
     
    Last edited: Aug 8, 2007
  23. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    To all:

    Please keep the discussion centered on technical points, there are plenty of them out there if you choose to pursue them. If this thread continues along the current lines, it will be closed without further notice.

    Blue
     
  24. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    True, but a workaround is to use the program file from the Privatefirewall demo to tweak the DSA settings.

    Start the Windows firewall when you install and the firewall component won't be activated.

    Not true. Set "Require user approval for each alert and you can deny network access w/o blocking other actions.
     
  25. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Before we wander off too far in discussions of DSA, let me make clear that I replied to OP's request for HIPS suggestions by listing just the following four apps: OnlineArmor, System Security Monitor, ProSecurity, EQSec

    I recommended those four because they provide broad-scope coverage -- the so-called "classical HIPS." I did not include DSA in that list because it is a specialized/hybrid security app -- not broad-scope like those I recommended. I subsequently mentioned DSA only to respond to post #8.

    TWIMC, I presently use 3 separate image sets that include (respectively): (1) SSM + DSA, (2) ProSec + DSA, (3) OnlineArmor (has its own integral firewall). I have not personally used EQSec but included it in my list because of excellent reviews & tutorials provided here at Wilders by Kees & others.

    To repeat my earlier comment, I use DSA as a firewall. True, it is untweakable as such, except as noted by Espresso. If one wants DSA's protection to be more tweakable, then s/he should use non-free Private Firewall -- the proponent of DSA.

    As for me, I prefer to use DSA as set-&-forget firewall purely as a supplement to inbound control by my NAT router, & outbound control by ProSec & SSM, on their respective images.

    By the way, there are some interesting discussions in Wilder's "Other Firewalls" forum as to the necessity for having ANY full-featured software firewall when a router &/or full-scope HIPS is present. A few examples: Hither, Thither, Yon, & there, PLUS alternatives to a firewall, & SSM et al without a firewall, & lastly SSM w/o firewall rides again.

    As to DSA functioning as a firewall, please see Wilder's "Other Firewalls" forum threads at: here, & especially HERE -- in the latter, don't miss the comments by ciannicello (Chris Iannicello), Product Manager for Dynamic Security Agent.

    As to various aspects of the effectiveness of DSA as a firewall & other capabilities, see tests by Matousec & nicM.

    By the way -- some security "suites" (such as KIS) incorporate HIPS capabilities alongside SEVERAL other security modules. That doesn't render KIS as a "HIPS app" any more than is the case with DSA or Comodo or OnlineArmor or Safe'n'Secure or CoreForce, all of which have HIPS modules in conjuction with firewall modules &/or AV modules & (in OA's case) anti-spam & other various modules.

    Thus, (for example) using Comodo with (say) SSM does not constitute using multiple HIPS unless one neglects to disable Comodo's HIPS module. So also DSA & so also OA & so also others in similar category. And (for example) using OA AV+ with (say) DrWeb does not constitute using multiple AVs unless one neglects to disable OA's AV module.

    BOTTOM LINE- It is needful & helpful to occasionally call to attention the fact that using multiple firewalls, multiple AVs, or multiple HIPS can cause conflicts & instability. However, I believe this can & should be done without the use of sarcasm and personal insults, as was the case with earlier comments.
     
    Last edited: Aug 8, 2007
Loading...
Thread Status:
Not open for further replies.