Light Weight HIPS for 64 bit OS

Discussion in 'other anti-malware software' started by mattbiernat, Aug 17, 2012.

Thread Status:
Not open for further replies.
  1. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    Okay so I've been lurking around for quite awhile on this forum. I have searched at least 10 times for HIPS. So far I've found these programs:
    -OA
    -OP
    -Privatewall
    -Spyshelter
    -Zemana (i might have misspelled this one lol)
    -WinPatrol
    -PatrioNG

    PW froze my system the moment I installed it.
    No a real fan of Comodo after their time machine made my system unbootable

    Not looking for a FW.

    Now I found that none of these are 64 bit (I haven't tested WinPatrol and PatriotNG). Some claim that they are "compatible" with 64 bit for example OA. Others claim that they "are" 64 (Spyshelter) but when I installed, all of them went into Program 86 folder.....

    I am looking for preferable a light weight HIPS software as an addition to my window 7 firewall. Here are my requirements:
    - full 64 bit app
    - im okay with paying one time fee even up to $50
    - no yearly subscription
    - lightweight and not as heavy as OA which bloated my system
     
    Last edited: Aug 17, 2012
  2. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Comodo FW D+ fits your criteria.
    It runs lighter on my systems than OA ever did.
     
  3. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Are any security programs true 64-bit? I thought they couldn't because of PatchGuard. And I would say all are pretty good, except Zemana isn't a one-time fee, and is more an anti-logger. Never heard of PatrioNG. The rest are good.
     
  4. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,424
    Privatewall + Norton DNS/Back up dns Comodo/OpenDNS. Can't go wrong
     
  5. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA
    Private Firewall has bricked a few x64 machines recently. I don't have a link, but it's on this forum.
     
  6. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    PW froze my system the moment I installed it.
    No a real fan of Comodo after their time machine made my system unbootable

    I don't mind paying for sotware but I am not looking for a yearly basis subscribtion. I want to own, not rent.... just a personal bias.

    Here my set up:

    Rollback Rx
    MSE
    TinyWall blocking outgoing traffic
    Malwarebytes Antimalware

    Any suggestions? I think HIPS would fit in well for added extra security.
     
  7. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Well have you atleast tried their firewall? Its a lot more bug-free than the other software.
     
  8. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,424
    AppGuard then, $20 for 3 licenses. I'm not sure it's yearly or life time. Otherwise Malwarebytes have lifetime subscriptions, I know it isn't HIPS but it's still worth the coin. DefenseWall is another option if you have 32Bit OS.

    Do you have a strong router? That could be the missing link.
     
  9. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    Not really looking for a FW. I already got TinyWall and Im evaluating WFC. They do exactly what I want them to do - block all outgoing traffic except for apps selected by me. Much easier than going through endless menus of FW configuration in 3rd party software. Half the staff I don't understand either so I don't want to mess with it.
    Also on the side, Im running AMD fusion with 1.5 GHZ single core. So Im not looking to bug down my system with OA.

    I've installed AppGuard right now. What is up with the 16 bit icono_O Lol the icon is a joke but the app seems very powerful. Still, the app installed into Program Files 86 folder, Im looking for apps designed for 64.
     
    Last edited: Aug 17, 2012
  10. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Good info to include in your original post.
     
  11. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    424
    Location:
    Canada
    Been running OA on 64 bit for months, no problems at all.
     
  12. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    +1 for AppGuard, although it's not quite like a HIPS; much quieter lol.

    The license is lifetime except for major version changes, such as version 3.x to 4.x, but that doesn't appear to happen often.
     
  13. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    267
    Location:
    Philippines
    I think you'd be better off using a standard user account and AppLocker if your Windows edition supports it.
     
  14. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,288
    Location:
    England
    Same here.
     
  15. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    I couldnt find 64 bit version of applocker
     
  16. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    I think there isn't a standalone HIPS for 64 bit...i find such beahvioral blocker like ThreatFire or Mamutu, but HIPS only as a part/module in firewalls (earlier mentioned) or anty-loggers e.g. SpyShelter, Zemana or StormShield...we have also monitors with sandbox like BufferZone or SysWatch.
    All apps for 64 bit are paid except BZ and TF and SysWatch.
     
    Last edited: Aug 18, 2012
  17. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    thanks for the info. im still gonna check out the apps you mentioned. StromShield got a some pretty bad reviews here at wilders so I dont think it's worth it.
    if i can't find a stand alone 64 bit HIPS, then Im willing to compromise for 64bit FW with HIPS. Again, I won't do subscription based model so either free or one time payment. and OA while 64 bit compatible wasn't designed from ground up for 64 bit models.
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    @mattbiernat

    A great HIPS for x64 is AppGuard, it is one time payment for lifetime usage of the main version you are buying (so 3.00 through 3.99 for version 4.01 you would have to pay again).

    How is it intended to use?
    It is not a system wide HIPS, but a HIPS directed to the threatgate programs and area's (like USB, Internet). The idea behind it is that by looking only at the threatgates, you prevent them entering (not having to fight against all threatvectors possibly started by all the executables living on your harddrive).

    How does it compare against traditional HIPS
    For starters it uses way less CPU cycles, so it has minimal effect. When performance or light is important to you, it is a positive feature of AppGuard

    When tested in broad HIPS test against well known HIPS/FW like OA, Comodo, Outpost, SPyshelter it will loose miseraly. When you would at the results one would ask, why pay for a program which protects at so little area's?

    Any malware researcher / security enthousiast could tell you (with sufficient knowledge provided that is), that AppGuard in daily use will be as strong as any other HIPS, may be even stronger because it imposes deny execute on vulnarable area's and a smart paranoid memory protection (not matched by most other HIPS).

    So what is the secret on AppGuard?
    It provides stronger than average HIPS protection on the first entrypoints of malware infection. So it stop intrudors dead at the gates of your premises.

    It will allways deny access to "Admin space", meaning Windows and Program Files directory and HKLM hive of the registry (sort of same area's UAC protects, but without exceptions and pop-ups and you can tell with programs to apply to).
    c)=> It will prevent "shoot in the foot errors" and social engineering tricks directed to evading UAC protection, downloaded through regular functions in user space, asking to allow them into "admin space"

    It will apply a deny execute of USB and data directories. Depending on the settings for all, or a subset of the programs monitored programs)
    b)=> It will prevent drive by infections and execution of sneaky droppers downloaded in 'user space'. Drive by's / droppers are activated by exploits/in memory infections. When I recall correctly AppGuard also protects the run registry keys in HKCU.

    It will apply a very thorough and rigid memory protection on selected programs (a subset of the programs monitored, selected by you)
    a)=> This will prevent malware from breaking out from 'execution space" and harming you in the first place

    Levels of infection
    a) Execution space
    Most programs allow scripts or process data formats which also contain code. Exploits misuse this "execution" space to change the process flow (e.g. starting a program downloaded elsewhere in user space).

    b) User space
    This is the second level of intrusion. Your malware has been dropped somewhere everyone has access to. Now it only needs to be started and manage somehow to survive reboot (gain access to admin space for automatic start with Windows)

    c) Admin space
    When malware manages to break through this level, you are in deep troubles, your are owned by the malware. When it has managed through admin space it can set itself to start automatically with Windows (driver/service/etc there are way more options than Run key in registry). Now it can extend its business to being a bot, encrypt your data, send your keystrokes to someone to misuse your credit card/bank account etc

    How can I check whether this really works?
    You need to have access to real life exploits, try visiting bad websites, execute code cracks from USB, etc. Downside of this type of professional software is that it is hard to test by amatures like us.

    Hope this helps :D
     
    Last edited: Aug 19, 2012
  19. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Go for OA. It's one of the best HIPS and FW I've ever seen. :D
     
  20. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Wow, fantastic description. When I first debated whether to use AppGuard, I tested it on a VM with Malware Domains List and everything was blocked since they couldn't execute.
     
  21. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Did you already test all of the programs you listed? :rolleyes:
     
  22. mattbiernat

    mattbiernat Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    179
    Location:
    U.S.
    yes I have tested these programs:

    1) OA - I've installed this one along with MBAM. Runs pretty good so far with exceptions of few slow really bad slow downs here and there. I still wish there was something more lightweight. So far however on this forum, OA has the best reputation along with Comodo.
    2) Privatewall - Froze on initial set up and I had to reboot the computer. Also lol, the cartoon like icon bothers me. I was things to integrate smoothly UI wise and speed wise as well.
    3) Zemana, Mamuntu and other subscription services I don't even bother. I am never going to support subscription based computing in any form.
    4) WinPatrol seems like a really light weight HIPS. Is it HIPS thou? From what I read on this forum it offer minimal security.
    5) TinyWall recently gave me trouble loggin in at school so I dumped that one
    6) Appguard - is really solid, like someone in here said before, however the problem is that it is silent. I need to know what program wants to access what so I can decide if the program is safe or not. Traditional HIPS allow me to do it better than Appguard, although from what I read they are not as safe. But usability over safety is sometimes more important.

    So my current set up that I am testing:
    1) MSE
    2) UAC maxed out (is it needed when I have HIPSo_O)
    3) OA
    4) MBAM
    5) WinPatrol (repetitive to OA HIPS? and UAC?)
    6) Rollback Rx

    I am still looking for a more lite weight FW+HIPS solution and something that would be specifically 64 bit. Of course nothing subscription based. I've checked out Outpost FW but it seems to have pretty bad reviews for their 64 bit version. Also its options menus seem to be quite chaotic and drive me nuts.

    Other programs that I've tested from what people suggested in here were either 32 bit or had subscription based membership so I did not include them.
     
    Last edited: Aug 19, 2012
  23. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
    Don't get hung up that a 64 bit program has a 32 bit GUI. From what I've seen here previously, and my memory isn't the greatest, is saves PC resources.

    In my opinion Appguard offers the most protection with the least amount of fuss. Like most of us here you'll try them all before you find what works for you.

    Side note: looks like Stormshield Personal has been pulled.
     
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    UAC still helps, unless your HIPS can manage user rights.
     
  25. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    I see AppGuard's silence as a plus, as it is much more user-friendly and without the annoying popups, plus their is no guesswork involved on whether to allow something or not.

    But that's just my opinion ;)
     
Loading...
Thread Status:
Not open for further replies.