I need a good, free HIPS

Discussion in 'other anti-malware software' started by jetfighter, Nov 5, 2007.

Thread Status:
Not open for further replies.
  1. jetfighter

    jetfighter Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    1
    hi, i am new to this forum. it's good to know that there are so many experienced people here that i can learn from. does anybody know of a good free hips that i can use? i am using windows xp on a system that is capable of running most things. the most important features to me are the blocking of rootkits and keyloggers. aside from that, all i ask is the ability to disable specific parts of the program to make it less noisy. for example, suppose i wanted to allow the execution of any program. if i uncheck a box somewhere then all programs will execute without asking. if i'm missing something important like access to physical memory or preventing the reading of other processes etc etc, i'm taking suggestions, but please know that i am still inexperienced and learning so excuse my ignorance because you may know a lot more than me :D. i've actually tried a few hips myself but my experiences are out of date and limited. here are some of the ones i've tried:

    antihook 2.6: very noisy and caused lots of problems with windows.

    processguard free: this free version did not protect from driver loading which i think is one way rootkits can get onto a system. besides i think diamondcs has ceased development of their products now?

    SSM free (latest version): this one does not block driver installation. i tested this by installing hardware drivers and they were not blocked. besides the free version is always based on obsolete versions of the commercial product. this might prove to be its achilles's heel against some new attack.

    prevx: i don't even think this is a behavioral blocking based hips. it just seems to detect what the community knows to be malware. true more settings are available in advanced modes but i'm not particularly fond of this one, at least as a primary HIPs.

    eqsecure: it is very hard to get support with this one because the site is in chinese, though its features do seem promising. if only more english documentation was available.

    winpooch: this one does not seem to stop drivers.

    i may have tried more, but i can't seem to recall any at the moment. so there you have it..any completely free hips or even a commercial one that has a free version would work for me, as long as it's got the right features. any suggestions?
     
  2. baerzake

    baerzake Registered Member

    Joined:
    Aug 18, 2007
    Posts:
    44
    COMODO V3:-*
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    ProSecurity
     
  4. RedZero

    RedZero Registered Member

    Joined:
    Oct 22, 2007
    Posts:
    34
    When testing, what method did you use to install these drivers?

    Just remember that most of the time a rogue application will need to execute in order to install drivers.

    Also, Winpooch can be configured to monitor almost anything, even driver installs. It may not protect itself very well, but it adds an excellent layer of security when configured correctly.

    Did you take a look at: http://wiki.castlecops.com/Lists_of_freeware_behavior_blockers
     
  5. zhanwest

    zhanwest Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    42
    Neoava Guard
    a different HIPS with its own features
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    HI,

    Give ThreatFire a try, combine this with returnil or safespace personal for dodgy browsing and you have adequate protecton.

    Regards
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
  8. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Another recommendation of DSA here.
    It's just as Bellgamin says it is.
     
  9. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    If you want a quite HIPS you might consider a policy based HIPS.
    GeSWall and DefenseWall are both excellent. IMO.
    DefenceWall is paid only but GeSWall has a paid and a free version.
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Welcome to Wilder's jetfighter :)

    I think your views are pretty much on target. I recently migrated ALL of my systems to "free" EQSecure 3.41 for a single HIPS shield. It's full-featured, very light-weight and surprisingly strong w/ file protections/registry(drivers)/program. It's as tight a HIPS as i seen since SSM first came out IMO.

    What surprises me most is that it doesn't hook 200+ entries in the SSDT table like SSM but protects very well in most respects & even better in my experience since changing over to it.

    I agree it's lacking in ENGLISH support docs and would benefit users with a help file even if in brief, but with that limitation (temporarily?) it's one well worth accepting in exchange for EQS's protection as i see it.

    Best of Luck in your Decision.
     
  11. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    How about Online Armor Free!

    dja2k
     
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I'll tell you another preventitive feature that EQSecure offers that SSM always wasted keystrokes and effort for a user to correct.

    I'm often multi-tasking like most of you, if you accidently click on a wrong program which you didn't intend to open and you selected NO in SSM, a lotta times you had to open up the program settings (application rules) and reset the rule for that program back to open or at the very least on the next program you always had to tick the radio button back.

    In EQS, it's Very Forgiving and even helps a user in mistakes like that. When you click a program unintentionally you simply press "Block" on it's alert box and click OK to the ensuing Windows box, and go right on to what you wanted to do in the first place. The other program mistakingly open remains available without a user either having to reset it's permissions again or re-tick the radio button in the alert rule settings unlike SSM.

    I can't count the times i done this before and still do but for EQS it's no problem at all.
     
  13. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
  14. Arup

    Arup Guest

    Pro Security, one of the best rounded HIPS.
     
  15. faenil

    faenil Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    88
    Online armor all the way ^^
     
  16. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Couldn't put it better myself! ;)

    dja2k
     
  17. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    Just curious if Online Armor Free has the same HIPS protection as the Full Version does? I thought I read that Mike Nash said it did.
     
  18. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi,

    OA free as the same HIPS protection level as OA paid

    MaB
     
  19. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    Thanks.
     
  20. Jeleal

    Jeleal Former Poster

    Joined:
    Nov 2, 2007
    Posts:
    14
    I have been trialing the Webroot Firewall and it has the HIPS program Dynamic Security Agent in it, and I had previously been using Online Armor Free. I liked the simple and easy use of OA Free and although Webroot isn't that difficult to use, it does seem to be more advanced. Since I don't really need anything like that. I was thinking of going back to OA Free, and was wondering how good of a HIPS protection it provides.
     
  21. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Hey dja2k

    I see although your an OnLine Armor team member you've listed ProSecurity alongside OLA AV+.

    What benefit do you see in supplementing OLA with ProSec?
     
  22. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    In my opinion from using both OA and WDF, they both let you use as advanced or as simply as you want. WDF's HIPS protection is off by default but it does have a learning-mode. OA's HIPS are on by default but may inquire as to the unknown apps. Both are very user-friendly. Both developers post here. Both would be rated as very secure. So really, it boils down to which works better on your pc, and which you feel more comfortable with. You can't fail with either one IMHO. I've tested both and it's a tough decision. They are both "tops" in the FW/HIPS market, free and pay. The difference may be what their "pay-versions" offer, if you're so inclined...
     
  23. tlu

    tlu Guest

    One of the best and completely free HIPS is using a limited user account :-*
     
  24. sunking

    sunking Registered Member

    Joined:
    Nov 16, 2007
    Posts:
    13
    I wouldn't say it has the same protection, since according to their own comparison it doesn't support detection of certain keylogging mechanisms (kernel, other?), while the full version does.
    http://tallemu.com/comparisons.html
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    EQSecurity 3.4 is tight a HIPS as you want. It covers file protections/registry associations/program rights etc. It's very light but M I G H T Y ! in it's capability to prevent intrusions of most any sort. A good, free HIPS and then some.
     
Loading...
Thread Status:
Not open for further replies.