Is DSA a Classical HIPS?

Discussion in 'other anti-malware software' started by Wordward, Nov 9, 2007.

Thread Status:
Not open for further replies.
  1. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    I have read that SSM and ProSecurity are Classical HIPS, and ThreatFire is a Behavioral HIPS. Which one would Dynamic Security Agent be the closest to? I run Webroot Desktop Firewall with DSA enabled and on the web site it indicates some kind of detection as far as behavior changes, but I'm still not sure if it's an actual Classical HIPS in the sense that SSM or PS is. Thanks.
     
  2. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I would say DSA falls into the "Classic" HIPS category, and would not overlap with TF, so both should theoretically work well together... (if that is what this question is leading up to) :D
     
  3. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    You picked up on that did ya 19monty64? LOL. I'm not sure if I will install TF as I feel I'm covered with WDF and Avira. But it's good to know that they are different in case I would. However I will install it once the delay when going to start and shutting down the PC is fixed and TF is able to be completely shut down and not start up after reboot. Just my quirks about it.
     
  4. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I uninstalled TF for just that same reason. After the re4mat I went with OA but started experiencing "buginess", so I gave TF another shot. To my surprise there was no slow-down in reboots, opening apps. or browsing at all. I also went back to AntiVir which had worked out their "new version bugs"...not trying to tempt you though :rolleyes: (you know you wan-na)
     
  5. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks:

    A classical or non classical is not what has distinguished them from each other. I would echo one member's terminology; dumb or intelligent. Picture this: supposed that you are a CEO of a company, where you have 2 types of security chiefs available at your disposal. Which one would you prefer ? one would ask your disposition on every single event from as tiny as missing toilet papers to as major as data bank being hacked. or the other one just asks your immediate decision on major matter, and inform you of other minor in monthly report. I regard classical HIPS is the first type , and behaviour blocker is the second one, with a brain. Take care.
     
  6. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    That's it in a nutshell. Very well put indeed.
     
  7. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    Hey 19monty64. I liked OA Free and it ran fine, but Webroot Desktop Fireall is such good program that I can't see using OA Free instead of it. I am tempted more than you know however, to go ahead and add ThreatFire. From what I read in Perman's post it should be all right to use TF with DSA enabled, plus I have used WDF with a-squared Anti-Malware before.
     
    Last edited: Nov 9, 2007
  8. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
    I did test this combo for a short period of time without problems:

    Nod32, Windows XP firewall, Cyberhawk(ThreatFire) and DSA.
     
  9. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Wordward,
    I'm going to try out WDF and TF, with DSA disabled, this weekend. We can compare notes next week. I use TF and AntiVir with default settings and will do the same with WDF, as DSA is off by default. Nothing against DSA, I have used it within the last couple of months and already know of its capabilities.
    On a side-note, TF does not (by default) block the Avira pop-up (nag-screen) when updating, can DSA do thato_O Not that I would ever do such a thing, I'm just curious...
     
  10. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    19monty64. I will be anxious to hear what you think of WDF, but go ahead and enable DSA while in learning mode. It doesn't really use anymore resources and if you leave Learning Mode on for a whole day and try and use all your regular programs including TF, there won't be many pop up screens. I also don't think there will be any conflicts as I have ran WDF with a-squared Anti-Malware's IDS and had no problems. I like TF for some reason more than a-squared, plus the trial is soon up on a-squared AM. Also if someone did want to block the notifier exe in Avira PE, I believe it could be done within the Process Monitor by double clicking on the process and selecting deny for everything. You'll see more of what I am talking about after you install it. Take care.
     
  11. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I would want both.

    As long as we can find some way to distinguish between 2 products, we will have to run both (turn off duplicate functons of course). This is what we called the importance of having security layers.
     
  12. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    So how much overlap would there be with DSA and ThreatFire? I have ran a-squared Anti-Malware with the IDS enabled along with Webroot Desktop Firewall with DSA enabled with no problems. However the trial is soon over with a-squared and was thinking maybe ThreatFire Free would be nice to add. As far as my AV, I have just gone back to using AVG again, ( I hope Hairy Coo doesn't see this. LOL.) however I have ran Avira and liked it alot.
     
  13. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    If you are already done "training-mode" with DSA, so that it is silent again, there shouldn't be much noise from TF as it doesn't pop-up for normal activity (smart-HIPS). Never actually ran a 2nd HIPS with TF though...
     
  14. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    The path to a solution is not what a CEO should focus on, they'll focus on whether the desired results were achieved and whether the manner employed was efficient (low cost, fast to market, or whatever the key criteria is).

    It's the same here. Simplify folks, simplify. You want to implement a solution, not build a matryoshka. It doesn't have to be complicated, in fact, it's better that it's not.

    Blue
     
Loading...
Thread Status:
Not open for further replies.