looking for a simple HIPS

Discussion in 'other anti-malware software' started by WSFuser, Mar 11, 2008.

Thread Status:
Not open for further replies.
  1. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Are there any HIPS comparable to ProcessGuard free? I dont need it to alert on everything, execution of applications would be enough.
     
  2. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    Most HIPS allow to disable features that you don't use.
     
  3. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Prosecurity free is pretty quite here. Only seams to alert me when something wants an internet connection that has not tried to do so yet.
    But looking at their tables of free vs paid free also offers "Load Applications"
     
  4. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Hey WSFuser,
    We know basically the same programs i guess, so i'll just share a few thoughts.
    I use SSM free when in XP. No modules or anything. Disconnect ui has few rivals, or none at all imo.

    I tried Abtrusion Protector recently, and it seems to have what AE is missing - easy to install programs. I had a problem last time i used it, but i think it wasn't AP fault.
    You don't have to turn it off, just right click the exe and choose Abtrusion... then select allow to execute and to install, or instead of the latter, enter install mode, choose a name for the package (all installed dlls, exes and so on fall in this group) and install. Only the program you selected is allowed to execute and install (besides your existing whitelist of course).
    You have a block list you can use.
    The problem is it has a few annoying bugs, and it's only locked when in limited account. SuRun didn't solve the problem, although i didn't try the latest.
    Overall i wouldn't use it daily, but i found its approach and flexibility great. It would just need maintenance - read updates.

    Now trying latest GSS :) , seems stable but not finished. You know how it works mostly.
     
  5. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi,

    I will advice you to use Online Armor in Standard mode, you can uninstall the firewall part during intall process.

    Regards,

    MaB
     
  6. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I'm also looking for a simple HIPS, but unfortunately this doesn't seem to exist. OA is anything but simple, even with the firewall disabled, and there is no HIPS with a reduced number of facilities.
    Unfortunately even if I disable the features of a HIPS, the hooking part still remains there, and I don't like that...
     
  7. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Im currently trialing SSM free since its seems simple enough compared to the full paid version. I also turned off the modules.

    I turned on learning mode briefly, and ran every app I normally run, then turned it off. Lets see how it goes.
     
  8. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    The easiest i can think of is prevx.
     
  9. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    For something paid I agree that Prevx is a very simple HIPS and a nice one. I like ThreatFire too, but there can be a few pop ups when installing new software. Still it's usually a very quiet Behavioral HIPS that ran quite well for me. I now use Mamutu that I got from Giveawayoftheday, and for 19.99 it's pretty nice. Mamutu has a 30 day trial, and I have no problem understanding or using it.
     
    Last edited: Mar 11, 2008
  10. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    I would use Prevx but I want to at least trial it first which isnt possible.
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    At install time, ProSecurity will learn your system's set-up & peculiarities so thoroughly that there are very few pop-ups thereafter. Naturally this isn't a good thing to allow UNLESS you are certain that your system is clean.

    Also, PS enables you to easily put it into install mode. You can readily go into install mode, even AFTER installing has started. Naturally this is a dangerous thing to do UNLESS you are certain that the program you are installing is clean.

    Threatfire is another good choice.
     
  12. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Did they dump the idea where you could use Prevx2 until it found malware and then a 30-day timer started? I did not see it mentioned on their site and it is difficult to get to the home version of Prevx2 :thumbd:.
     
  13. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    @innerpeace, yes they dumped that idea many months ago.
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    WSFUser,

    Try ThreatFire or DefenseWall fo rreally easy HIPS. You can also use the HIPS of SpywareTerminator (basic AE which scans yor harddisk fo rexisting aps).
     
  15. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    Its obvious that Threatfire would be one of the very simplest and most effective,but the more complicated,time wasting solutions are generally recommended.

    Why-I suppose because people like to tweak and deep down doubt that something with so few pop ups can be so effective.
     
  16. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Does TF now come with execution control?
    Last time i tried it, you know, it didn't.
    Why monitor behavior if i block anything from running.
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi WSFuser! Seems u want to avoid too many pop ups.

    OA is best for this purpose- like PG but much better than that.
    Other option is PS free but limited as compared to OA.
    BTW u can configure EQS to pop up only on execution and watever else u like, very configurable. Has a silent mode too.

    I wont choose SSM free, OA n EQS much better than that. If u really want to avoid pop ups TF is too good.
     
  18. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Maybe Ill reconsider OA once it has something similar to SSM's "Disconnect UI".

    But I do prefer SSM's GUI more anyways. Plus I can selectively disable any feature.
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Yep, I miss Disconnect UI in OA.
     
  20. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Defensewall. It simply restricts the privileges of anything running on your pc by making the files untrusted. While untrusted they are not permitted to access or write to critical area's of your pc. Only if you run the file as trusted will the file be able to behave normally. I didn't 'get it' to start with, but now I understand the concept, it's utterly brilliant! And very few popup's. That's very nice.

    Take for example running your web browser untrusted. Anything downloaded through the web browser is also untrusted and can't do any damage. If I had purposely downloaded a file, all I do is an on-demand virus scan(or on-line) of the file and confident it's clean I right click the file and run as trusted. DW also has a rollback feature which allows you to remove any files, folders and registry entries created after a selected point(you select the point you want to roll back to).

    Sorry if you knew this already but just trying to explain briefly how it works.

    muf
     
  21. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I'd choose a free classical HIPS and disable everything but the execution control. There's no better choice.
    We will miss the simple execution control of PG free.
     
Loading...
Thread Status:
Not open for further replies.