Although I have addressed it in various threads I have never receoved an answer that I can understand. Firewalls such as LooknStop are called pure firewalls evidently. I take that to mean no HIPS. Online Armor on the other hand is a HIPS firewall. I have used both without problems or slowdowns as far as I can determine. So why would not one always go with a HIPS firewall if it did not cause problems with his system. Would not the HIPS firewall add to overall security? Thanks. Regards, Jerry
It does, but it can also mean that the user has to be prepared to take more time configure the HIPS program, and in many cases it can mean dealing with decisions regarding what application is allowed to do what, something the average user might not be capable of or interested in doing. If I installed a HIPS on my mom's computer and it asked her if application X was allowed to load the MSICPL.sys driver, would she be able to determine if it should or shouldn't be allowed to do so?
Useability is one of the greatest concerns with HIPS firewalls. A lot of people don't want to answer 2-3 prompts for a program to run. Some other folks already have a resident BB or HIPS and only need a firewall. Its all a matter of configuring a setup that works for you.
Also, some folks prefer separate apps -- a pure FW (Look'n'Stop for example) plus a classic HIPS (Malware Defender for example). Other possibilities include: 1- Pure FW plus *Specialized Security App* (SpyShelter, for example -- a powerful antikeylogger plus pretty good system protection along the lines of a specialized HIPS) 2- Pure FW plus Behavior Blocker (Mamutu for example) 3- Pure FW plus antiexec-type app (PE Guard for example) 4- Pure FW plus isolationist-type app (App Guard for example) ~~~~~~~~~~~~~~~~~~~~~~~~~ Which of the above combos is best... + for a skilled computer geek who loves to tinker? + for my maiden aunt who has NO idea about computer security? + for a fairly skilled computer user who wants good security but without a whole bunch of bother? +For use in a classroom or kiosk situation? I have perfect knowledge of all the necessary information (provided, of course, that no one asks me any questions.)
I think a lot of people would rather use separate stand alone apps like was said above. I also know that there are some, even if they are few, that do not believe in HIPS components, or do not need them due to their location or setup, whether they are on a laptop and travel around a lot, etc. And of course the majority of people just install what they are told to install and do not question it much at all.