If you ditch HIPS, what would you use?

Discussion in 'other anti-malware software' started by dja2k, Aug 12, 2006.

Thread Status:
Not open for further replies.
  1. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    It seems that some HIPS programs are conflicting or might conflict with other essential programs like your traditional Antivirus and Firewall. It seems that Antivirus and Firewall developers are starting to use HIPS into their own products. What will that leave for the original HIPS development. So, if it came down to the removal of HIPS (lets just say) what would you use? Would you change your current setup? Would you go back to the conbination of a Antivirus+Firewall+Antispyware+Anti-Trojan software? Are definations still a better choice than user interactive software like HIPS and\or would you really let companies make the decision of what is good and bad for you? What are your thoughts?

    dja2k
     
    Last edited: Aug 12, 2006
  2. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Personally I have no problem with my HIPS and backup utilities.
    Anyway, I would use AV, advanced FW and Firefox. Occasionally I would use a on demand antispyware to see if the bad guys learnt how to go past noscript.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Hi dja2k

    What HIPS are you using. I run OA, SSM, and Ghost Security, along with KAV 6.0 beta's. I have had Prevx1 in the mix, but have taken it off. This all runs fine with ATI, Ghost 2003, IFW/IFD, Drive SNapshot and FD-ISR. Only conflicts I had was a minor one with Process Guard, so I removed it.

    Note, I do disable KAV when doing anything with FDISR, and since IFD has become my primary imaging program, there are no conflicts.

    Pete
     
  4. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    Ditto...

    ...screamer
     
  5. herbalist

    herbalist Guest

    While I haven't had any problems with SSM conflicting with anything I use and don't see one good reason to remove it, for the sake of discussion, I'll assume I have such a conflict. Removing the other conflicting item would be high on my list of solutions if I could find a replacement. I'd also consider changing how I use the other app. With Acronis for example, instead of installing it and keeping its resident processes, make the recovery CD and remove the app itself. I didn't re-install Acronis the last time I reformatted, choosing to use the CD instead. While it doesn't back up my system on a schedule anymore, it works fine manually, which is how I use it now.
    If I had to remove SSM, I'd go back to what I used before, most of which I still use. Kerio 2.1.5 and Proxomitron would be the core of my security. I would also use a resident AV again. These kept me completely clean for a long time. Other than that, nothing would change, other than the fact I'd be a bit more careful than I am.
    For the most part, if a HIPS application is conflicting with something else, it's likely to be because the apps are trying to hook the same places or trying to do the same tasks. This isn't the fault of the HIPS software. It's probably the fault of the user, stacking one security app on top of another without regard to what each one does or needs. It's standard advice to tell people not to use 2 firewalls because of potential conflicts. This applies even more to HIPS and other forms of application firewalls, especially those that hook the kernel. One is sufficient. Using two gains very little if anything and probably causes more harm than good. Users need to learn not to install software or security suites that overlap in function, especially those that hook the kernel and core system components. If there was ever an argument for single purpose security apps, this is it.
    Regarding:
    After spending a couple years volunteering at an adware removers forum and watching what went on with dropped detections, I will never let anyone tell me what is or isn't acceptable. I'll make my own choices, and topping the criteria is a few simple facts. If I didn't directly choose to install it, it's undesirable. If I wasn't asked, it gets removed. If it updates without asking, I don't want it. I don't want whitelists or blacklists and I will not tolerate any app or company that tries to add one to anything I use.
    I don't know how much NoScript has changed from the last time I tried it, but it used to come with a white list that it wanted to put back whenever I removed it. That behavior is not acceptable to me. Beyond that, there's no point in my using NoScript when Proxomitron does everything NoScript does and much more, and covers more than just the browser it's tied to.
    Rick
     
    Last edited by a moderator: Aug 12, 2006
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    A recovery program that can be conflicted by any program is fragile. Too fragile.

    A fragile recovery program is an oxymoron.

    "fragile" + "recovery" = :blink: o_O :gack: :blink: :rolleyes: o_O :gack:

    If you drop good protection in favor of a fragile recovery program -- good for you. I'm sure your recovery program WILL be needed!:D

    IMO - use Image for DOS, which operates outside of Windows. NO Windows program will be conflicted. No, not one.

    Windows-based recovery programs are accidents waiting to happen.
     
  7. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Sorry guys, I mislead the thread opening post. Read it again, I changed it.

    I am not just talking about recovery\backup programs conflicts, taling about HIPS in general. I am just wondering what you would do without HIPS? HIPS is sorta taking over don't you think?

    dja2k
     
  8. herbalist

    herbalist Guest

    Only at the better security forums. The average user still thinks of a body part when it's mentioned. HIPS deserves to be recognized and discussed as it does with windows what's been needed all along. It puts an end to the "everything can run and do anything it wants" problem, which is where the rest of the problems originate.
    Rick
     
  9. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i might consider switching to KAV 6 or Outpost Firewall, but overall, i can live without HIPS.
     
  10. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: I concur your suggestion. I use KAV6 and outpost together, and feel very safe. KAV6's proactive defense and outpost's extensive protection let me convinced that HIPS is not a must have. I have tried OA,SSM and others, end results are either BSOD or internet slowdown.
     
  11. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I would say as well that the majority of average users will indeed not use HIPS products. HIPS are probably suited and targeted to the market of advanced to expert computer users. I have fixed a share of computers on my part, friends and family, and they complain about the popups in the firewalls. Can't imagine what they would say if I installed a HIPS program. I wonder if they will click "NO" to everything just for being scared of clicking "YES" . :rolleyes:

    I think the deeper the protection goes with HIPS type programs, the more they get away from the average user from using that product.

    dja2k
     
  12. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    I agree. I have tried to "sell" the idea of HIPS to some of my friends who more or less regulary gets infected (and they dont like Firefox). They also think even a regular firewall is already too much and complicated :)
    I personally use HIPS mostly to educate my self on what is happening in my computer. It is by using HIPS I have learned how hard it is to get infected if you use even little common sence. But without it I would have been more or less paranoid reading all the alerts IT media and some times the tabloids yells about.
    HIPS have given me knowledge to put it simple. And knowledge is power :)
     
  13. herbalist

    herbalist Guest

    HIPS does have a ways to go before it's anywhere near ready for the average user. There's only so much that can be done with a learning mode. I've only installed HIPS on a PC for one user, then configured it for them.
    All too familiar. A year or so ago, I serviced a PC for a neighbor. Their main complaint was unending popups. When I started cleaning the PC, I found a keylogger that had just gotten in and got access to his checking account. He used the PC to pay his bills. We barely contacted the bank in time. Even after an incident like that, he thought a firewall was too much hassle.

    A thought for those who may be inclined to do so. The way malware is getting nastier and security apps are getting more complicated and deeper into the operating system than ever before, security is becoming more user unfriendly in spite of some very good attempts with the software. There's a wide open market for offering a security service, remote administration. If you've established the level of trust needed with your clients, you could install the best security apps on their machines and take care of the configuring from your PC. I'm getting some very positive feedback from clients on this. Initially, it might be a hassle configuring apps like HIPS and rule based firewalls remotely, but still beats removing some of the new malware from a PC you have little control over.
    Rick
     
  14. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I'm not an advanced user, but I know what I want: When I decided to get PG a year ago I had only in mind something that could protect my security applications from termination and PG was the answer. Then the rootkit business started to scare the hell out of people hence whether you like it or not HIPS is a product developed for sophisticated malware.

    I run my sytem for a couple of days without PG because of a conflict... I just felt naked even though I have enough security without it.

    About the popups, that only happens when you install it and I agree you've got to have some basic knowledge to configure it. But once it's done I very rarely get an alert from PG (at this stage an alert should be taken seriously, and if you don't know what's going on you can always deny to be on the safe side).

    I agree with Herbalist a HIPS is still a body part for most people!
     
Loading...
Thread Status:
Not open for further replies.