Since discovering the virtues of learning mode in various HIPS, I've come to appreciate the capabilities of such software a bit more. However, even with learning mode, HIPS often strike me as having a serious flaw... They rely too much on user input. Click the wrong button -> bam, infected. So, what HIPS software out there can be configured to ignore user input? i.e. Normal behavior: You're browsing somewhere in Firefox, and something tries to hijack your browser to run an evil payload. The HIPS asks if you want to proceed, and you click "Yes" without thinking. Much wailing and gnashing of teeth follows. Default deny: Something tries to run an evil payload through your browser, and the HIPS immediately denies it, then gives you a popup notification about the denial. This way, the only way you could get infected is if you went to the hostile site while in learning mode. --- Failing that... What HIPS incur some sort of delay when allowing an event? e.g. - Requiring the user to click through an extra popup - Having a countdown before the event can be allowed - Requiring a selection from a drop-down menu, or a check box to be clicked - Making the "Allow" button smaller and less visible than the "Deny" one I know this sounds simple and probably stupid, but I suspect it's A Good Thing.