Is DSA a Classical HIPS?

I have read that SSM and ProSecurity are Classical HIPS, and ThreatFire is a Behavioral HIPS. Which one would Dynamic Security Agent be the closest to? I run Webroot Desktop Firewall with DSA enabled and on the web site it indicates some kind of detection as far as behavior changes, but I'm still not sure if it's an actual Classical HIPS in the sense that SSM or PS is. Thanks.

 

I would say DSA falls into the "Classic" HIPS category, and would not overlap with TF, so both should theoretically work well together... (if that is what this question is leading up to)

 

You picked up on that did ya 19monty64? LOL. I'm not sure if I will install TF as I feel I'm covered with WDF and Avira. But it's good to know that they are different in case I would. However I will install it once the delay when going to start and shutting down the PC is fixed and TF is able to be completely shut down and not start up after reboot. Just my quirks about it.

 

I uninstalled TF for just that same reason. After the re4mat I went with OA but started experiencing "buginess", so I gave TF another shot. To my surprise there was no slow-down in reboots, opening apps. or browsing at all. I also went back to AntiVir which had worked out their "new version bugs"...not trying to tempt you though (you know you wan-na)

 

Hi, folks:

A classical or non classical is not what has distinguished them from each other. I would echo one member's terminology; dumb or intelligent. Picture this: supposed that you are a CEO of a company, where you have 2 types of security chiefs available at your disposal. Which one would you prefer ? one would ask your disposition on every single event from as tiny as missing toilet papers to as major as data bank being hacked. or the other one just asks your immediate decision on major matter, and inform you of other minor in monthly report. I regard classical HIPS is the first type , and behaviour blocker is the second one, with a brain. Take care.

 

That's it in a nutshell. Very well put indeed.

 

Hey 19monty64. I liked OA Free and it ran fine, but Webroot Desktop Fireall is such good program that I can't see using OA Free instead of it. I am tempted more than you know however, to go ahead and add ThreatFire. From what I read in Perman's post it should be all right to use TF with DSA enabled, plus I have used WDF with a-squared Anti-Malware before.

 

I did test this combo for a short period of time without problems:

Nod32, Windows XP firewall, Cyberhawk(ThreatFire) and DSA.

 

Wordward,
I'm going to try out WDF and TF, with DSA disabled, this weekend. We can compare notes next week. I use TF and AntiVir with default settings and will do the same with WDF, as DSA is off by default. Nothing against DSA, I have used it within the last couple of months and already know of its capabilities.
On a side-note, TF does not (by default) block the Avira pop-up (nag-screen) when updating, can DSA do that Not that I would ever do such a thing, I'm just curious...

 

19monty64. I will be anxious to hear what you think of WDF, but go ahead and enable DSA while in learning mode. It doesn't really use anymore resources and if you leave Learning Mode on for a whole day and try and use all your regular programs including TF, there won't be many pop up screens. I also don't think there will be any conflicts as I have ran WDF with a-squared Anti-Malware's IDS and had no problems. I like TF for some reason more than a-squared, plus the trial is soon up on a-squared AM. Also if someone did want to block the notifier exe in Avira PE, I believe it could be done within the Process Monitor by double clicking on the process and selecting deny for everything. You'll see more of what I am talking about after you install it. Take care.

 

I would want both.

As long as we can find some way to distinguish between 2 products, we will have to run both (turn off duplicate functons of course). This is what we called the importance of having security layers.

 

So how much overlap would there be with DSA and ThreatFire? I have ran a-squared Anti-Malware with the IDS enabled along with Webroot Desktop Firewall with DSA enabled with no problems. However the trial is soon over with a-squared and was thinking maybe ThreatFire Free would be nice to add. As far as my AV, I have just gone back to using AVG again, ( I hope Hairy Coo doesn't see this. LOL.) however I have ran Avira and liked it alot.

 

If you are already done "training-mode" with DSA, so that it is silent again, there shouldn't be much noise from TF as it doesn't pop-up for normal activity (smart-HIPS). Never actually ran a 2nd HIPS with TF though...

 

The path to a solution is not what a CEO should focus on, they'll focus on whether the desired results were achieved and whether the manner employed was efficient (low cost, fast to market, or whatever the key criteria is).

It's the same here. Simplify folks, simplify. You want to implement a solution, not build a matryoshka. It doesn't have to be complicated, in fact, it's better that it's not.

Blue