Light Weight HIPS for 64 bit OS

Okay so I've been lurking around for quite awhile on this forum. I have searched at least 10 times for HIPS. So far I've found these programs:
-OA
-OP
-Privatewall
-Spyshelter
-Zemana (i might have misspelled this one lol)
-WinPatrol
-PatrioNG

PW froze my system the moment I installed it.
No a real fan of Comodo after their time machine made my system unbootable

Not looking for a FW.

Now I found that none of these are 64 bit (I haven't tested WinPatrol and PatriotNG). Some claim that they are "compatible" with 64 bit for example OA. Others claim that they "are" 64 (Spyshelter) but when I installed, all of them went into Program 86 folder.....

I am looking for preferable a light weight HIPS software as an addition to my window 7 firewall. Here are my requirements:
- full 64 bit app
- im okay with paying one time fee even up to $50
- no yearly subscription
- lightweight and not as heavy as OA which bloated my system

 

Comodo FW D+ fits your criteria.
It runs lighter on my systems than OA ever did.

 

Are any security programs true 64-bit? I thought they couldn't because of PatchGuard. And I would say all are pretty good, except Zemana isn't a one-time fee, and is more an anti-logger. Never heard of PatrioNG. The rest are good.

 

Privatewall + Norton DNS/Back up dns Comodo/OpenDNS. Can't go wrong

 

Private Firewall has bricked a few x64 machines recently. I don't have a link, but it's on this forum.

 

PW froze my system the moment I installed it.
No a real fan of Comodo after their time machine made my system unbootable

I don't mind paying for sotware but I am not looking for a yearly basis subscribtion. I want to own, not rent.... just a personal bias.

Here my set up:

Rollback Rx
MSE
TinyWall blocking outgoing traffic
Malwarebytes Antimalware

Any suggestions? I think HIPS would fit in well for added extra security.

 

Well have you atleast tried their firewall? Its a lot more bug-free than the other software.

 

AppGuard then, $20 for 3 licenses. I'm not sure it's yearly or life time. Otherwise Malwarebytes have lifetime subscriptions, I know it isn't HIPS but it's still worth the coin. DefenseWall is another option if you have 32Bit OS.

Do you have a strong router? That could be the missing link.

 

Not really looking for a FW. I already got TinyWall and Im evaluating WFC. They do exactly what I want them to do - block all outgoing traffic except for apps selected by me. Much easier than going through endless menus of FW configuration in 3rd party software. Half the staff I don't understand either so I don't want to mess with it.
Also on the side, Im running AMD fusion with 1.5 GHZ single core. So Im not looking to bug down my system with OA.

I've installed AppGuard right now. What is up with the 16 bit icon Lol the icon is a joke but the app seems very powerful. Still, the app installed into Program Files 86 folder, Im looking for apps designed for 64.

 

Good info to include in your original post.

 

Been running OA on 64 bit for months, no problems at all.

 

+1 for AppGuard, although it's not quite like a HIPS; much quieter lol.

The license is lifetime except for major version changes, such as version 3.x to 4.x, but that doesn't appear to happen often.

 

I think you'd be better off using a standard user account and AppLocker if your Windows edition supports it.

 

I couldnt find 64 bit version of applocker

 

I think there isn't a standalone HIPS for 64 bit...i find such beahvioral blocker like ThreatFire or Mamutu, but HIPS only as a part/module in firewalls (earlier mentioned) or anty-loggers e.g. SpyShelter, Zemana or StormShield...we have also monitors with sandbox like BufferZone or SysWatch.
All apps for 64 bit are paid except BZ and TF and SysWatch.

 

thanks for the info. im still gonna check out the apps you mentioned. StromShield got a some pretty bad reviews here at wilders so I dont think it's worth it.
if i can't find a stand alone 64 bit HIPS, then Im willing to compromise for 64bit FW with HIPS. Again, I won't do subscription based model so either free or one time payment. and OA while 64 bit compatible wasn't designed from ground up for 64 bit models.

 

@mattbiernat

A great HIPS for x64 is AppGuard, it is one time payment for lifetime usage of the main version you are buying (so 3.00 through 3.99 for version 4.01 you would have to pay again).

How is it intended to use?
It is not a system wide HIPS, but a HIPS directed to the threatgate programs and area's (like USB, Internet). The idea behind it is that by looking only at the threatgates, you prevent them entering (not having to fight against all threatvectors possibly started by all the executables living on your harddrive).

How does it compare against traditional HIPS
For starters it uses way less CPU cycles, so it has minimal effect. When performance or light is important to you, it is a positive feature of AppGuard

When tested in broad HIPS test against well known HIPS/FW like OA, Comodo, Outpost, SPyshelter it will loose miseraly. When you would at the results one would ask, why pay for a program which protects at so little area's?

Any malware researcher / security enthousiast could tell you (with sufficient knowledge provided that is), that AppGuard in daily use will be as strong as any other HIPS, may be even stronger because it imposes deny execute on vulnarable area's and a smart paranoid memory protection (not matched by most other HIPS).

So what is the secret on AppGuard?
It provides stronger than average HIPS protection on the first entrypoints of malware infection. So it stop intrudors dead at the gates of your premises.

It will allways deny access to "Admin space", meaning Windows and Program Files directory and HKLM hive of the registry (sort of same area's UAC protects, but without exceptions and pop-ups and you can tell with programs to apply to).
c)=> It will prevent "shoot in the foot errors" and social engineering tricks directed to evading UAC protection, downloaded through regular functions in user space, asking to allow them into "admin space"

It will apply a deny execute of USB and data directories. Depending on the settings for all, or a subset of the programs monitored programs)
b)=> It will prevent drive by infections and execution of sneaky droppers downloaded in 'user space'. Drive by's / droppers are activated by exploits/in memory infections. When I recall correctly AppGuard also protects the run registry keys in HKCU.

It will apply a very thorough and rigid memory protection on selected programs (a subset of the programs monitored, selected by you)
a)=> This will prevent malware from breaking out from 'execution space" and harming you in the first place

Levels of infection
a) Execution space
Most programs allow scripts or process data formats which also contain code. Exploits misuse this "execution" space to change the process flow (e.g. starting a program downloaded elsewhere in user space).

b) User space
This is the second level of intrusion. Your malware has been dropped somewhere everyone has access to. Now it only needs to be started and manage somehow to survive reboot (gain access to admin space for automatic start with Windows)

c) Admin space
When malware manages to break through this level, you are in deep troubles, your are owned by the malware. When it has managed through admin space it can set itself to start automatically with Windows (driver/service/etc there are way more options than Run key in registry). Now it can extend its business to being a bot, encrypt your data, send your keystrokes to someone to misuse your credit card/bank account etc

How can I check whether this really works?
You need to have access to real life exploits, try visiting bad websites, execute code cracks from USB, etc. Downside of this type of professional software is that it is hard to test by amatures like us.

Hope this helps

 

Go for OA. It's one of the best HIPS and FW I've ever seen.

 

Wow, fantastic description. When I first debated whether to use AppGuard, I tested it on a VM with Malware Domains List and everything was blocked since they couldn't execute.

 

Did you already test all of the programs you listed?

 

yes I have tested these programs:

1) OA - I've installed this one along with MBAM. Runs pretty good so far with exceptions of few slow really bad slow downs here and there. I still wish there was something more lightweight. So far however on this forum, OA has the best reputation along with Comodo.
2) Privatewall - Froze on initial set up and I had to reboot the computer. Also lol, the cartoon like icon bothers me. I was things to integrate smoothly UI wise and speed wise as well.
3) Zemana, Mamuntu and other subscription services I don't even bother. I am never going to support subscription based computing in any form.
4) WinPatrol seems like a really light weight HIPS. Is it HIPS thou? From what I read on this forum it offer minimal security.
5) TinyWall recently gave me trouble loggin in at school so I dumped that one
6) Appguard - is really solid, like someone in here said before, however the problem is that it is silent. I need to know what program wants to access what so I can decide if the program is safe or not. Traditional HIPS allow me to do it better than Appguard, although from what I read they are not as safe. But usability over safety is sometimes more important.

So my current set up that I am testing:
1) MSE
2) UAC maxed out (is it needed when I have HIPS)
3) OA
4) MBAM
5) WinPatrol (repetitive to OA HIPS? and UAC?)
6) Rollback Rx

I am still looking for a more lite weight FW+HIPS solution and something that would be specifically 64 bit. Of course nothing subscription based. I've checked out Outpost FW but it seems to have pretty bad reviews for their 64 bit version. Also its options menus seem to be quite chaotic and drive me nuts.

Other programs that I've tested from what people suggested in here were either 32 bit or had subscription based membership so I did not include them.

 

Don't get hung up that a 64 bit program has a 32 bit GUI. From what I've seen here previously, and my memory isn't the greatest, is saves PC resources.

In my opinion Appguard offers the most protection with the least amount of fuss. Like most of us here you'll try them all before you find what works for you.

Side note: looks like Stormshield Personal has been pulled.

 

UAC still helps, unless your HIPS can manage user rights.

 

I see AppGuard's silence as a plus, as it is much more user-friendly and without the annoying popups, plus their is no guesswork involved on whether to allow something or not.

But that's just my opinion