HIPS

Discussion in 'other anti-malware software' started by TVH, Sep 27, 2007.

Thread Status:
Not open for further replies.
  1. TVH

    TVH Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    227
    Can someone recommend from their experiences the best HIPS program (paid or free). Im trying to choose between Prosecurity, SSM, Online Armour and Defencewall
     
  2. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    If you take the time to check the Forum, you will find many, many threads on this subject.

    As for myself I am using DefenseWall and SSM. Both have their use and I think they complete each other. SSM is a little bit difficult to configure, but it's a formidable piece of Software. Others may have different opinion. I guess you have to try for yourself what's best for your needs and especially for your machine.
     
  3. TVH

    TVH Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    227
    Ive now narrowed it down to Prosecurity and SSM only. Any recommendations?
     
  4. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Per Antarctica:
    MHO: Both are excellent at what they do. I find PS a tad more user friendly / less intimidating.
    For HIPs comparison as they relate to leaktests, look here: http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php
    For an overall HIPs comparison, look here:
    http://wiki.castlecops.com/HIPS/IDP_programs/services
    Not to muddy the waters, but you may want also to look at others such as Neova Guard, Dynamic Security Agent, (both free) and others.
     
  5. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Just prior to any decision, you may want to explore this one:
    EQSecure 3.41 freeware. One member here has comment that it is as good, and perhaps as strong as the other two on your short list. Those two are paid wares. These three, I believe are very noisy in the beginning(learning mode). I probably would have EQSecure installed, if not due to plenty of popups. Take care.
     
  6. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I would go with OA, but I personally feel that if I want HIPS, all I need to do is turn around and look at my wife.;)
     
  7. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    You do know how to ask for trouble.
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I like ProSecurity myself... never did like SSM that much, it seemed a little buggy at times and more annoying in general. But then again, I am not a big HIPS user, so all this is mostly based on 1st impressions....
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I've experienced excellent results since transitioning over to EQSecure 3.3/3.4, and even though i still retain a SSM Pro license & i still run it on some snapshots, i find EQ is taken the limelight and captured my attention with it's HIPS.

    You can also SandboxIE in another virtualization app like Returnil & Power Shadow with about any reliable HIPS, and if you happen to use FD-ISR, you're really behind some quite formidable walls.
     
  10. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    And to further muddy it, you can also look at Online Armor, Comodo Firewall 3 which includes powerful HIP functionality via Defense+ module (freeware, beta).
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I recommend SSM & ProSecurity. Con mucho gusto.
     
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    From the looks of things, like these ongoing requests & inquiries in favor of Host Intrusion Protectors, i venture to say that there still exists a need for MORE developments from new source vendors, even the most small.

    With AV's at a somewhat disadvantage really between keeping their respective competing AV's at their best overall levels for detections with stable performance, and with this HIPS technology still somewhere in infancy but maturing, theres room for new introductions from new makers of these behavioral blockers IMHO.

    It certainly by pure numbers is to all of our advantage that new ones do emerge, granted if they can come out of the gates stable, reliable, and accurate enough.

    Virtualization also has it's place as do AV's and AS scanners. In like manner HIPS is a welcome and so far very efficient means in this ongoing battle to thwart forced intrusions onto our systems.
     
  13. baerzake

    baerzake Registered Member

    Joined:
    Aug 18, 2007
    Posts:
    44
    of course defensewall.

    DefenseWall is an HIPS program, working on the « white-list » principle : It reduces the rights of the programs and executable files running outside of the trusted zone. The idea is to set the programs which are vectors of infections (browsers, e-mail, P2P, Instant messengers and IRC clients, script engines, etc) as “untrusted”, meaning that everything getting through the computer from theses programs will be enclosed inside the untrusted zone.


    The protection works in a “no popups” mode. In other words, the protection is automated, because the ‘untrusted attribute is set for everything which is coming through ‘untrusted programs, on the parent process mode : processes, scripts, and registry activity. And the ‘untrusted attribute is “contagious” : when an ‘untrusted process launches another process already present on the system (ie. cmd.exe) , this process is made ‘untrusted too. Then very little user input is needed to run the program.
     
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    WELCOME TO WILDER'S COMMUNITY FORUM baerzake

    Excellent point and i might add equally reliable security program too.

    Thanks
     
  15. baerzake

    baerzake Registered Member

    Joined:
    Aug 18, 2007
    Posts:
    44
    thank you.

    DW is policy restriction and virtualisation. I think it's the best way to balance safe and ease of use.
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Very well said and clear, thanks for this input. Please stay and enjoy the World's Best collection of security membership & staff ever in one place. Theres much in the way of constructive resources to draw from here as well as safety. LoL
     
  17. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    An oldie but goodie is also DynamicSecurityAgent, with an adjustable sensitivity threshold. If you want less pop-ups you just raise the %. Adjustable training priod too. I originally didn't like this app. 'til I read the thread on it, and understood it better. (Also figured how to stealth my router, thanx guys!) *****:thumb: :thumb:
     
Loading...
Thread Status:
Not open for further replies.