HIPS with worst slow down of system

Discussion in 'polls' started by aigle, Mar 9, 2006.

?

In your experience, HIPS causing worst slow down of system is

Poll closed Nov 4, 2006.
  1. Prevx

    21 vote(s)
    43.8%
  2. AntiHook

    2 vote(s)
    4.2%
  3. Process Guard

    4 vote(s)
    8.3%
  4. Online Armor

    7 vote(s)
    14.6%
  5. ZA Pro with IDS/ ZA Antispyware with IDS

    8 vote(s)
    16.7%
  6. Tea Timer

    2 vote(s)
    4.2%
  7. System Safety Monitor

    2 vote(s)
    4.2%
  8. WinPatrol

    1 vote(s)
    2.1%
  9. Arovax Shield

    0 vote(s)
    0.0%
  10. CyberHawk

    1 vote(s)
    2.1%
Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Many of u, like me, may be in habit of running multiple HIPS(separately or in combination ) on ur system. I have recently run many HIPS on my notebook and I have felt that all these HIPS slowdown the system by a different amount. Some are so light and smart that you will not feel anything, some just make u feel that all ur system is just crawling instead of running.

    So I designed a pool just to know what is ur experience with various HIPS regarding the slow down in PC performance. I will happy to see ur response. If u have something to explain, pls fell free to write as well.
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Personally I have used following HIPS in different combinations, some for a short period of time and some still in use.

    PG free
    Norton Intenet Security( with its IDS)
    ZA Pro( with its IDS)
    AntiHook
    PrevxR1
    Arovax Shield
    CyberHawk
    WinPatrol free
    OnlineArmor

    Out of these, I found PrevxR1 affecting my system most badly, making it slow. 2nd to it( in making the system slow) was AntiHook and the worse combination was when I combined the two-- I found my PC like a paralyzed person acting in slow motion. Also I feel Jetico makes system a bit slow( it has application control but as it is basically a firewall, so did not included it in the pool).

    However I was not able to use Winpooch, System Safety Monitor, Neova beta, Tea Timer and Abtrusion Protector Personal9 some of these not even included in the pool), so no experience.
     
  3. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Prevx1 has had the biggest impact on my system and is a big pain in the you know where if you have opera, followed by the one in ZoneAlarm( actually, it was a beta so I guess it doesn't count, but the 22.5 second stutter before a program opened was VERY annoying).

    Antihook was very light, but wouldn't remember its fingerprinting settings :doubt: .

    Processguard was fine, but I haven't tried out the full version YET.

    Online Armor was pretty quick for the wide range of stuff it did.

    Coreforce had a weird way of configuring, so I didn't like it(firewall rules weren't flexible enough and configuring it was too weird). I also don't like community programs due to the fact you rely on someone else, not necessaryily as smart as you who configured a preset that isn't very tight. It also doesn't protect against process injection.

    Windows software based DEP is a real pain, and causes too many crashes, so I hacked the boot .ini file.

    System safety monitor was great, but I don't like the impedeing loom of it becoming payware.

    I haven't tried any others, may try tiny in a little while :D , if I do, I will tell you how that goes

    Just my opinion,

    Alphalutra1
     
  4. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Does WinPooch count? 'Cause that was a MAJOR resource hog when I tried it. I appreciate the fact that it's an open source project trying to do this. However, it's not really ready for use yet IMHO.

    That said, I have to deactivate Process Guard when I use cygwin shell scripting, because it makes it INCREDIBLY slow, most probably because it checks the hashes of the executables every time... in a 100-loops script where ten commands get executed repeatedly, it's quite a lot of hashes :) Process Guard does, indeed, seem more suited to Windows native executables than something like cygwin.
     
  5. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i would say prevx has caused the biggest slowdown of any HIPS, but its still light compared to KAV.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    AntiHook almost doubled the time of lauch of applications like IE(4.5 sec v 7.4sec average), Firefox( 4.8sec v 7 sec on average) etc. First time launch of these was even more prolonged( IE-- 5 sec v 23 sec, Firefox 11 sec v 21 sec) !!! I did use it with many others like NIS, PG free, OA, etc.

    I suspect some combinations may be especially worse that accounts for different observations by different users.
     
  7. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    I personally believe that combos can cause major problems and system slowups. One program is usually sufficient, and the overlap caused by multiple HIPS can cause considerable errors in my experience. Antihook in learning mode is a bit slow, but it picks up considerably after it. The only problem is that it questions even when you move your mouse or approach the computer :D .

    Alphalutra1
     
  8. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    I 2nd that, with Prevx installed and running, Opera browser cannot download any files from anywhere with the .exe extension, just .zip, .rar etc.
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    So don,t move ur mouse, and stay away from PC!! LOL
     
  10. EASTER.2010

    EASTER.2010 Guest

    CyberHawk plus System Safety Monitor plus LaunchMonitor seem to work fine together on XP Professional.

    Don't know if it qualifies as a HIP or not but by far the worse of any apps i tested that agonizingly slowed the system down for me was CoreForce.
     
  11. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Pretty smart actually, and it must be effective since it makes you want to not use the pc, so it won't get infected since it isn't turned on :D

    Alphalutra1
     
  12. EASTER.2010

    EASTER.2010 Guest

    Successful in my testings so far is this new and effective approach that works!

    No installed AV PERIOD! Using Online Virus Scans Only!

    With the arrival of HIPS like System Safety Monitor i find no need anymore to apply some Anti-Malware "resident" to watchguard. SSM covers a great deal more and then some of system calls.

    Kerio supplies the firewall surveillance.

    Backups are made to an alternate HD and then it's pulled and put up on a shelf, no plastic media to worry about corruption.
     
  13. herbalist

    herbalist Guest

    The only one I've tried is SSM. In it's present form, it doesn't slow my system at all. Some of the earlier versions were a big load on CPU, especially the registry modules. Now the system load is almost nothing.
    SSM has become payware now. $24.95 for a single lecense, lower prices in quantities of 5 or more. Until now, all the security software I used was freeware. SSM will be the exception for me. It's easily worth the price.
    Rick
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Infact each time I installed Winpooch, I was not able toi start it, as soon as I tried to start it, system was locked and I had to reboot each time. May be some incompatibility with some other applications on my system.
     
  15. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    You're not the only one. I could not use Winpooch on 3 comps.
    Mrk
     
  16. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I'm actually not getting any slowdowns with Prevx1, especially since the last release (the made some additional optimizations in the last release). The thing I notice, however, is that if you've got other apps that do the same things, or work in the same way, as Prevx1 then the redundancy can cause slowdowns.. and Prevx1 covers a lot of ground, so just about any other HIPS program is going to do this. When installed with only scanners and a firewall, I actually don't notice any difference in performace with or without Prevx1 installed.
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It,s surprising. I used all, Prevx beta, Prevx 1, and Prevx R1, and all showed some slowdown more or less.
     
  18. pojispear

    pojispear Registered Member

    Joined:
    Jan 12, 2006
    Posts:
    90
    i'm only running F Secure 2006 and BOClean right now, and system is noticeably slower, both opening programs and opening directories in windows but i do have everything set to Custom with real time scanning (not all files, only recommended + compressed) and all other functions on high security.

    i have an email question into F Secure support about this

    before: KAV 5, kerio 4.2.3, BOClean, ewido real-time and pretty fast
     
  19. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    It was never all that slow on my system when I ran it without any other generic protection (HIPS) programs running, but performance was something they invested some time in with the last release or two, and it shows... you might give it another try.
     
  20. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    SSM has a feature that makes "on-demand" scans more convenient if your AV scanner can be run from the command line. In SSM's Preferences/Options/Antivirus, specify the full path name of your virus scanner along with any other parameters needed. Once this is done, all further SSM "Application Activity" prompts will have the "Locate" link (under the icons) replaced with a "Scan" link (which will run a scan on the file in question).
     
  21. EASTER.2010

    EASTER.2010 Guest

    Indeed very nice feature, in fact SSM is absolutely loaded with very effective preventions/protections and immediately returns complete full control back to where it always belonged in the first place, to it's rightful owner.
    For my systems it ends a lot of the nonsense that some signature vendors create whether missing malware or causing issues. When you finally get your system all stablized vendors enjoy making new changes and then it's off on another chase to level matters out again. That to me is as bad as the endless cycle of malware itself, it's also bad enough having to discover and self-stabilize windows limitations without that harrassment from programs.
     
  22. PhiloVance

    PhiloVance Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    93
    Location:
    Bakersfield, CA
    OK, first what does HIPS stand for?
    Also SSM, while you're at it?

    Thanks.
     
  23. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618

    HIPS= Host Intrusion Prevention System
    SSM=System Safety Monitor
     
  24. EASTER.2010

    EASTER.2010 Guest

    Hmmm, didn't see the one which is give me personally the worse slow down of them all, named CoreForce. I still hold out some high hopes they'll one day perfect that program where it won't drag the entire system to a slow crawl.

    CyberHawk then SSM are the quickest rapid responders with my systems.
     
Thread Status:
Not open for further replies.