Overall Strategy

There's just too many security software out there and frankly it can get a bit confusing. I feel I can browse this forum for months and I'm trying to find a better way instead.

To be blunt, I'm looking to implement the strategy of "default: deny". Rather than keeping an eye out for bad software, I want to have a "white" list of software that I do allow full access and any software that isn't on the list should be denied from running.

Secondly, I need something that prevents these trusted program files from being modified by any rogue softwares.

Third, a software that tracks and monitors every new program that gets installed on my computer and allows me to add them easily to the whitelist.

That's the overall goal for my computer security setup. What particular software programs would meet my 3 goals the best?

 

This covers all three: http://www.faronics.com/html/AntiExec.asp

 

Anti-Executable fulfils your needs fully. On the downside, your strategy offers you no protection when you do need to introduce software from external sources onto your computer (i.e. software installation), where the best you can do is pray that the new software is indeed clean.

 

Faronics anti-executable is a good solution, its very secure in what it does and can be a little restrictive as a result. Anything not on its whitelist is automatically denied. When set to high security it can protect you against dll/driver installations and also gives you copy/delete protection. To add new programs you simply disable anti executable run the new programs then enable anti executable again. One solution to help protect you when installing new software is use an on demand scanner to check the software first.

If you are wanting a free solution then something like system safety monitor free or pro security free can be configured to meet your 3 goals.

 

My PC is secured by a default-deny security policy. The application whitelist is primarily enforced by System Safety Monitor, which is ideally suited for such a role.

This task is also handled by SSM. Other classic HIPS can perform this as well. The initial default-deny policy prevents malicious code that could modify system files from running in the first place. Apps like SSM also check the integrity of the executables and block/alert if they change.

Regarding the whitelist, your best option is to make your own. It should contain only those system files necessary for your normal usage and the executables of the software you use. Any whitelist or whitelisting software you obtain elsewhere will be much broader in what it allows.

For an install monitor, check out Inctrl5.

I'm short on time right now. Will try to give you more detailed info this evening.
Rick

 

SSM is okay and provides good RD+AD

But I personally feel it is quite lacking in FD unlike say PS or EQSecure.

 

As far as free HIPS go, EQSecure is the most powerful product available right now, which rivals and even exceeds the abilities of other paid products. SSM comes second, and the free version of ProSecurity is so crippled that it's good for enforcing application execution control, but not much besides.

 

EQSecure is nice, but I find it very hard to understand and use. It's quite different from the rest.

 

The basic principles and usage of all HIPS programs are essentially the same; the only thing that varies is how each program puts those principles into practice. Generally speaking, there's a set of application-specific rules, and a set of global rules which are consulted if no application-specific rules match a given event (the priority of which one is consulted first may vary). With that said, I don't see why EQSecure is necessarily more difficult to use than, say, SSM - EQSecure's Learning Mode even automatically makes rules for the file and registry defense modules.

 

It's probably me. I'm just stupid. It just keeps working differently from what i expect. Maybe I use SSM or PS too long.

 

You can create a separate thread with what problems you're having, and I'll see if I can help.

 

That's why I still have over a dozen different scanners AV, AS, AT etc.. as well as the online scanners, to scan any apps before I install them. While I know this isn't anywhere near the perfect solution, it does help. I don't see HIPS as the final answer or the scanners, but both combined, I feel my chances have increased to prevent malware from infiltrating my system.

 

I was going to suggest Abtrusion Protector as I think it will do all of what you want also, and it's free. However, I noticed that the web site is virtually barren, and not sure what's going on there anymore. You can however probably find it for download on other sites if you Google for it. It may be what you're looking for...