Looking for a free specific HIPS

Discussion in 'other anti-malware software' started by sTickfigure, May 22, 2009.

Thread Status:
Not open for further replies.
  1. sTickfigure

    sTickfigure Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    12
    i want to begin by saying that if i could, i would be using eqsecure version 3.41, but it is no longer available on their site. i am having problems downloading version 4, and even if i could, i don't know if it's in english or not (i can't read chinese)

    with that being said, i am looking only for 3 specific features in a hips. i disable all other features if possible. these 3 features are, in eqsecure, called:

    load driver
    install global hook
    install service or driver

    can anybody please recommend a free hips that has these features? i don't need any other features. in fact, extra features are undesirable. i only need a hips that can block the loading of drivers and hooks. please help!
     
  2. bman412

    bman412 Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    261
    Process Guard free does all those three. Oh hold on, it was the paid version that does those, my bad.
     
  3. zen_usuario

    zen_usuario Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    153
    You can install Rising Antivirus 2009 Free Edition choosing only the "Rising main application" module and the "Smart Active Defense", leaving unchecked the rest.
    The interest for you is under the "System Reinforcement" label, all configurable HIPS, for free.
     
  4. bman412

    bman412 Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    261
    Hmmm this thread got me thinking lol...

    How about Outpost Firewall free's Host Protection module? Here's a screenie from another thread at the firewall section

    http://i44.tinypic.com/2sal24g.png
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i tried this one and it's hips engine is very nice one indeed and the comodo antiirus with D+ also is cool and unique;)
     
  6. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    It is still available in Alcyon's signature. http://drop.io/eqsecure
    While there you can get his rule set as well.

    Edit: It's not listed in his signature anymore.
     
    Last edited: May 22, 2009
  7. sTickfigure

    sTickfigure Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    12
    who is alcyon? is he/she a trustworthy source?

    thanks for the suggestions so far by the way. i'm going to check out rising antivirus free edition and maybe comodo's defense plus too. i believe i disabled defense plus once because it asked me too many questions and i only really need the 3 features above, but i may reconsider if i can't get eqsecure back :(
     
    Last edited: May 22, 2009
  8. zen_usuario

    zen_usuario Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    153
    Alcyon is a well known here developer of some rulesets for EQSecure3.41.
    See this thread: https://www.wilderssecurity.com/showthread.php?t=193905
    I've downloaded some rulesets from his own page without problems, and for me he is trusted.

    Rising HIPS, System Reinforcement (with the Rising Antivirus installation), are not selected to "higher" by default installation, so it's easy to configure it after without massive prompts.
    You can check just the modules you want from the first installation, or after a "complete" installation you can add/remove modules easyly. Nice "granular" user configurable conception.

    With Defense+ from COMODO's, If I remember well, is mandatory to enable some "learning mode" (I'm thinking PC Clean mode) for the first boot after installation. It is enabled by default installation mode for the first reboot.
    After, you should configure it for protect only you want, and after this you get the prompts for your enabled protections only. (I'm thinking is a little bit hard than with RISING).
     
  9. zen_usuario

    zen_usuario Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    153
    Another nice contender, can be a bit not updated because discontinued, but I'm thinking very good and nice for your specific pourpouses, would be System Safety Monitor Free Edition. If I remember well it has all you want, with a very nice graphic interface and prompts for started/installed services and drivers and more. ;)
     
  10. zen_usuario

    zen_usuario Registered Member

    Joined:
    Dec 7, 2008
    Posts:
    153
    Version 4 itsn't officially english translated, only chinese available.
    But some people here worked arround and provided some partial (near to full) translations.
    See this thread: https://www.wilderssecurity.com/showthread.php?t=227359
     
  11. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
  12. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    @sTickfigure

    I found a link to the EQSecure 3.41 while searching google for "eqsyssecuresetup". And it has been tested clean by AV people to boot.
     
  13. sTickfigure

    sTickfigure Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    12
    wait a sec, i thought i saw eqsecure on alcyon's page yesterday. where did it go? and searching, could you give me a link to their page please? i tried googling with no results.
     
    Last edited: May 26, 2009
  14. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    Another free alternative HIPS is the nagware Appdefend from Ghost Security. link>> http://www.ghostsecurity.com/appdefend/
    After the supposed end of the free trial period, it still remains as full version. It's just that the ghost pop up will keep on nagging but you still have the full capability of a strong configurable HIPS. Has coverage on NTCreateSymbolicLinkObject, which hackers can make use of for a targeted attack. Combine it with another free HIPS like Eqsecure for more coverage and with drop my rights you can have perfect score with the comodo leaktest suites.
     
  15. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
  16. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hmmm ... Security - Ghost! But [noparse](I look in my notes from December, 200:cool::[/noparse] 22 SSDT (API hooks) is very real ! And Shadow SDT: ghostsec.sys. And processes: gss.exe, gssupdater.exe ... and low level keyboard hook ... Black, black, black (GMER, KX-Ray).

    'Unlucky George the Gost ...'

    I pity him ...


    P:thumb:

    ... and look on: https://www.wilderssecurity.com/showthread.php?t=234333&highlight=appdefend ghost

    ... and: https://www.wilderssecurity.com/showthread.php?t=228017&highlight=appdefend ghost

    Hmmm.
     
  17. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    ha ha. the nagging ghost only appears once for every reboot. so not really that annoying for a nagware.
    as for the support, you're on your own. that's where imaging and restoring from a previous clean image comes into play.

    Sorry, scratch the nagging ghost if you are looking for something that will guard the loading of the driver/s, go for the free eqsecure because appdefend doesn't do that.
    It is useful for combos for the extreme paranoid like adding eqsecure to fill up those SSDT hooks but not as useful as standalone like eqsecure. Though to the security conscious and aware who practice layered defense, the ghost alone as standalone HIPs could suffice.

    As for the kernel hook for NTCreateSymbolicLinkObject which appdefend has, this can be used for the targeted attack by a very well motivated hacker to bypass most HIPS and buffer overflow protections as explained here...
    http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-tsyrklevich.pdf
    quote:NTCreateSymbolicLinkObject can be used to create symbolic links in kernel namespace...
     
    Last edited: May 29, 2009
  18. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    Best free "traditional" hips are:

    - eqsecure - no network protection but excellent rulesets around here

    - real time defender ex pro-security - network protection but abandoned development, but extremely effective and light.

    - system safety monitor - abandoned development, used to be shareware but now its abandoned, developer provided a key for the last version, which is pretty powerful.

    All these are kick a$$ hips and with the addition of free sandboxie can provide a killer (free) security setting.

    I strongly recommend 1 out of above 3.
     
Loading...
Thread Status:
Not open for further replies.