Looking For a Set/Forget Rulebased HIPS:

Discussion in 'other anti-malware software' started by apathy, Jun 23, 2008.

Thread Status:
Not open for further replies.
  1. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I have had enough of Comodo D+. I also tried out Threatfire and it was just as annoying as D+. I am looking at something like EQsecure, so that I can give certain apps certain rights and everything else is solid and secure. I bought Defensewall a few minutes ago and probably will be Faronics AE very soon.

    I am looking for a security setup that doesn't nag all that often but keeps the bugs from biting. Know what I mean? I am sure EASTER can help with this one.
     
  2. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    I'm happy DefenseWall user too and it's very powerful alone so there's no reason to add anything if you don't like. But but... because you don't want to use Comodo D+ any more I'm offering to you Online Armor Free/Paid. With it you can drop Comodo totally because OA firewall is superb as like it HIPS.
     
  3. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    Thats the combo I'm using - Online Armor (paid) & DefenseWall :thumb:
     
  4. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    How is ThreatFire annoying? It's practically totally silent.
     
  5. chris1341

    chris1341 Guest

    Not really sure there is such a thing as set and forget HIPs. Not sure there should be either. Anyway, I too found Comodo tiresome and replaced it with on-line armour (paid). You can select 'trusted' programmes at install to cut down on alerts and set your programmes to 'run safer' with limited permissions as well as protecting them from hijack or termination. It's a good firewall too.
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I use nothing but a Firewall, Anti-Executable and DefenseWall in a frozen system. Maybe I will add ThreatFire without scanner if that is possible.
    AE has a detection rate of 100% and is the only security software, I do understand completely. Keep also in mind that most dangerous softwares have to be executables to be good in their evil job.
    All the rest is too vague, unpredictable, not safe to use or unuserfriendly.
     
    Last edited: Jun 23, 2008
  7. nanana1

    nanana1 Frequent Poster

    Joined:
    Jun 22, 2007
    Posts:
    947
    One possibility might be Rudra anti-virus which does not need any update.
     
  8. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Very interesting.
    http://www.efytimes.com/efytimes/fullnews.asp?edid=8801&magid=
     
  10. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Perhaps the level was set too high? The only things annoying about Threatfire were the warnings about "Unknown", in which it wouldn't give me ANY idea what had happened, just that it blocked it (though they were never in the blocked list). I HATED that, it was useless, I couldn't Google the problem because it didn't give me anything to Google. I also didn't like the slowdowns and stalling the system it liked to do fairly often.
     
  11. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I think my problem with TF is that I ran it along side Comodo FW with D+.
    So as soon as I saw an alert from D+, TF showed one too and it became annoying. I am debating switching from Comodo to OnlineArmor but Comodo has been good to me as I haven't had any malware/adware/spware on my machine in a very loooong time. Although with FDISR, I could rollback the damage ;).

    Thanks for all the help guys

    ErikAlbert, you mentioned a 'frozen system' did you freeze your snapshot in FDISR and update when needed?
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I wonder if u were using TF above default security level or you were using custom rules.

    TF will never pop up like this so often. It is pretty silent.
     
  13. mfenech

    mfenech Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    46
    Since you mentioned it, would the HIPS in OA and TF cover too much of the same area, making one of them redundant?
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    As I know OA n TF have confilcts, so u must not use them together.

    Both are different, OA is classical HIPS and TF is behav blocker. U can choose one or even both( provided no conflicts, slow downs etc).
     
  15. mfenech

    mfenech Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    46
    That clears it up. Thanks.
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Actually OA for adbanced users, it will give plain pop ups and will pop up frquently until u have made most of ur rules.

    TF on the other hand is pretty silent. It will pop up only when it finds a possible malicious/ suspicious action. Very few pop ups. It will not bother u. It,s good for relatively beginners.
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Freezing the snapshot is correct, but I don't update/re-freeze the snapshot, at least not the way you think.
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I was just as sick of Comodo D+ and TF turned me off the first week of it's inception, and ever time i would try it left me grumbling for the good old days of CyberHawk!!
    So after asking around myself and not finding any solutions to compliment my Superior Prone protection of EQS 4.0 (beta) (Alcyon Rulesets), what did i do? I scramble thru tons of my old hard drives and was fortunate enough to find at least 6 early versions of CyberHawk!
    After testing the one that did best, especially on Dll Injections, which in reality System Safety Monitor and EQS can both do that "BUT" require human intervention to Terminate the source injector, i found CyberHawk "didn't" need me for that since it Terminates them at the same time all by itself without my having to spend an extra click. That saves me time.

    In conclusion, a "Lite" HIPS i would recommend has to be EQS. I've had it too with those time-consuming Combos that previous firewall makers have turned integrating HIPS= Pop Up City routines into their firewalls.
     
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    AFAIK, OA is not quite a *full-fledged counterpart* to D+. D+ includes configurable modules for (a) protecting files, and for (b) protecting ALL registry hives. OA presently lacks both of those important HIPS capabilities.
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Do yourself proud and your security with EQS. It's the "Litest" HIPS bar none, and it will offer your systerm superior MAXIMUM PROTECTION! You can even LOCK OUT 100% either folder or files in the black List settings then test all your common HIPS test against it.

    So what about the pop ups here and there, their there to make new rules that stick and never bother you again.

    AFAIK, EQS is a set-and-forget HIPS once you add Alcyon's Rulesets to it.

    EASTER
     
  21. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Easter, I've heard all kinds of good stuff about EQS from you, and I gotta tell you, as dumb as I am with HIPS stuff, I can't help but be tempted by it. For a guy like me who basically surfs the net, plays games once in a while, and does P2P (I do try to be careful with it though), just how hard is it for someone who knows their way around a computer pretty well, but just has never figured out quite all the "dll injection" type of jargon that a HIPS will often spout off, to learn their way around such a program as this?
     
    Last edited: Jul 11, 2008
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Links please (yet again) for (1) EQS & (2) Alcyon's latest & greatest.

    P.S.-- While we're on the subject of set/forget -- what's your favorite single-malt? ;)
     
  23. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I think http://drop.io/eqsecure is the place Bellgamin, though Easter and Alcyon know for sure.
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    It's a crying shame ProSecurity threw in the towel just when they finally got it working to perfection IMO. That decision i will never understand, if nothing else they should give away 1.43 as freeware since the new owners will no doubt make changes and who's to say for the better or worse.

    BUT! EQS doesn't change or leave a user grappling for a "lite" but extremely modern HIPS that allows the user to set his or hers own course of how much monitoring they are willing to accept in exchange for absolute security as per goes HIPS.

    EQS for all purposes is the Ultimate in system protections, nothing can get past it (that i know) once you LOCK in your ban list, and that concludes any more attempts present or future from issuing malicious command orders to your good machine.

    It's "lite" on the system but a bear trap for any intrusion attempts. I couple EQS with Cyberhawk (never TF), and it works like a charm and not only alerts but immediately terminates the offending source file on-the-spot like a Terminator. And it doesn't make mistakes or FP's like is been discovered by TF.

    Sometimes older is MUCH better in security. I continue to see this time and time again.

    EASTER
     
  25. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Hi Easter, in your opinion, would EQS with the ruleset be fine on it's own, or is it betetr suited with another whitelisting application? The reason I ask is because if I use EQS, I prefer to keep things free, and, even more important, "lite". Right now I use SandboxIE and Returnil to keep things "virtual", but having a well-rounded, strong, yet simple for every day use HIPS is becoming a necessity it seems.
     
Loading...
Thread Status:
Not open for further replies.