Multi layered security suggestions...

Discussion in 'other anti-malware software' started by henryg, Apr 2, 2014.

Thread Status:
Not open for further replies.
  1. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    293
    While running Outpost Firewall Pro, I've decided to add another layer of protection. Since Outpost has a HIPS, I'm trying not to overlap. I'm looking at: 1. SpyShelter (Not the Firewall version)
    2. AppGuard
    3. NoVirusThanks EXE Radar
    I need to know if I could run one or more of these three with my present firewall without overlap or conflicts. Thanks...
     
  2. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    I would combine non of those with Outpost because they all fall in the same range. AppGuard forbids actions by policy which Outpost would ask you to allow in the appearance of a pop-up. ERP is an anti-executable and the HIPS of Outpost should ask you anyway if unknown applications were trying to start, or shouldn't it? Spyshelter I don't know anything about, but isn't most of it HIPS as well?

    As to what to combine with a HIPS others may be able to help you out better, because I have never been on the interactive HIPS track and never will be.
     
  3. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    I don't know if AppGuard can have problems working with Outpost, but with CIS it works fine, but you could consider to use it: you can't add a second HIPS to Outpost, while AppGuard is a second different, effective protection layer. You only had to switch it in install mode to install new programs.
     
  4. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,913
    I would add AppGuard. It's nice restriction policies would be a good addition to Outpost HIPS. As for ERP and SpyShelter they seem to be just repetitive to what you already have.
     
  5. KaptainBug

    KaptainBug Registered Member

    Joined:
    Dec 26, 2013
    Posts:
    484
    Agree with Solarlynx.. ERP is redundant with HIPS, but AppGuard can provide memory read/write protection which will stop exploits as well.
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    don't forget that ERP also blocks drive by downloads and exploits also;)
     
  7. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    None. Seriously. Outpost Pro is AFAIK completely adequate for policy sandboxing and blocking executables. Adding more software that does the same thing will not help you at all.

    Personally I would look into how Outpost is configured. In particular you want an absolutely minimal level of interactivity, because each interactive query is an opportunity for you to goof up and get your OS infected.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    I wouldn't add much to Outpost with HIPS correctly configured. Maybe some light blacklisting... and don't forget to backup your personal data and update your system and software.

    hqsec
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    My personal setup always should contain the following:

    1 Anti Executable
    2 Behavior blocker
    3 Anti Exploit
    4 Firewall

    Outpost = 2 and 4

    So I would add: EMET and/or Malwarebytes Anti-Exploit plus EXE Radar Pro, to cover 1 and 3. :)
     
  10. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    @Rasheed187, not sure about behavior blocking, but IIRC Outpost Pro has a full HIPS as well.

    Good point re EMET, though; I can't really think of a reason not to use it.
     
  11. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    829
    Location:
    UK
    I run appguard alongside Outpost firewall v8.0 with no problems so far.
     
  12. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    1. Disable Outpost HIPS or set it to monitor executables only.
    2. Among the 3, I'll pick AppGuard. This will be your policy-based HIPS.
     
  13. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    293
    Many thanks for all your advice and input.... I really appreciate it.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    To clarify, perhaps not correct, but the way I see it: HIPS = behavior blocker :)

    Actually, if you think about it, all the things that I mentioned are HIPS.

    How would you classify EMET, isn´t it basically also a HIPS?
     
  15. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    A HIPS is a HIPS a BB is a BB (an intelligent HIPS)
    EMET is an exploit mitigation tool.
     
  16. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    HIPS = (crude) mandatory access control = limits the scope of damage once an exploit has occurred.

    EMET = exploit mitigation = prevents certain types of exploits from happening in the first place.

    BB = no idea. HIPS with automatic learning mode? Antivirus that relies only on heuristics? Marketing buzzword? The stupid acronyms could be taken to mean anything... :/
     
  17. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Not in their developers mind, but I think that BBs are so.
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Like I said before, all the things that I mentioned in post #9, are in facts HIPS, they are all trying to prevent the host from intrusion. Personally I don´t make a difference between BB and classic HIPS. ;)
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    so what thing ERP is going to intercept that's not done by Outpost?
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    AppGuard out of these or SBIE.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I didn´t know that Outpost had executable control? Can you white-list apps with it?

    But I bet it´s not that easy to manage as in EXE Radar. :)
     
  22. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Yeah you can whitelist apps. Though it has a long list of allowed digital signers, which IIRC cannot be turned off...

    And I suppose EMET could be called a HIPS if we're going to be pedantic, but the mechanism is completely different. A HIPS will protect you from things EMET won't, and vice versa.
     
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    it doesn't make any sense to use ERP with outpost. And with all due respect, if you don,t know about a software how can you make recommendations for any one.
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Well, that depends on the user.

    I would choose Exe Radar over any other anti-exe tool, simply because of the ease of use. :)

    I must admit, I didn´t test Outpost extensively. Also, the anti-exe feature in Outpost was already mentioned by several posters, my bad. :oops:

    There you have it, it´s not possible to disable the "allow digital signed apps" feature, reason enough to use another anti-exe solution IMO. :thumbd:
     
  25. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Do note the "IIRC" part though. :) That was with Outpost Free 6.51, back in 2008 or so... Things may have changed since.
     
Loading...
Thread Status:
Not open for further replies.