Recommendation for a simple HIPS?

Discussion in 'other anti-malware software' started by tilkov, Jul 1, 2009.

Thread Status:
Not open for further replies.
  1. tilkov

    tilkov Registered Member

    Joined:
    Aug 22, 2006
    Posts:
    7
    Location:
    Jambol, Bulgaria
    Hi,

    I use Kerio 2.1.5 as my firewall and need an suggestion for equivalently simple and lightweight HIPS to complete my "suite", preferably free. Until now i have used Sandboxie for that, but the process of getting downloaded files out of the sandbox is increasingly boring me.
    My security model is simple: allow only executables i have predefined, everything else is blocked. This computer is used by my mother too, so i need a "silent" mode, just like in Kerio (block all not explicitly allowed without notifying, but keep log). I don't need kernel/driver/registry protection, as it will be irrelevent with only whitelisted apps running.

    Thanks in advance.
     
  2. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    You could try a behavioural blocker such as Prevx or ThreatFire.
     
  3. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,620
    Location:
    Canada
    There is also System Safety Monitor Free Edition.
     
  4. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    Almost all hips are lightweight.

    A very good free choice is Real Time Defender, including network protection, which you may don't need since you have kerio, so you can disable it.
     
  5. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    SSM is being abandoned from further development and the developer gave away a key to unlock the paid version. You can try it and if you are happy drop pm for the key.

    That would be my 2nd choice for free hips after RTD
     
  6. _kronos_

    _kronos_ Registered Member

    Joined:
    Dec 8, 2008
    Posts:
    126
    tilkov asked for a silent hips to lock the applications that are not "whitelisted" by him..

    1. You can try Malware Defender that has a Silent Mode, but it is not free.
    2. Otherwise just try EQSecure 3.41, create your rules throught Learning Mode, and after set the popups time value to -1..
    I think it would be possible;)

    I don't know if RTD or SSM has a sort of Silent Mode.

    Regards,
    kronos
     
  7. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    if ur looking for a simple HIPS, ive heard EQS 4.2 wuld fit the role perfectly.
     
  8. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    You can try Returnil's Anti-Execute module.
    There are two settings.
    - Block activation of all programs not on the White List
    - Deny all if there are no rules

    Returnil is primarily a virtualization app, but I if you don't need this part - just ignore it.
    The Anti-Execute is easy to configure, but it's not a full featured HIPS. You can just block programs and driver loading.

    Cheers
     
  9. tilkov

    tilkov Registered Member

    Joined:
    Aug 22, 2006
    Posts:
    7
    Location:
    Jambol, Bulgaria
    SSM is the right tool for the job. It's got very advanced rules and silent mode. Thanks a lot!
     
  10. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    There is a (quite hidden) tool available for free in windows which by default allow executables from program and windows folders and denies any other executable. It is called SRP.

    A member of this forum (Sully) has even created a free security tool called Pretty Good Security (PGS) which allows you to configure precisely SRP.

    If your level of expertise is good enough, or if simply you are used to Hips, you might consider trying it:

    https://www.wilderssecurity.com/showthread.php?t=244265

    http://mrwoojoo.com/PGS/PGS_index.htm
     
  11. Returnil's Anti-Execute module allows something similar, and also notifies you when something tries to load a driver.

    For full (and currently maintained) HIPS...

    Threatfire: lightweight, behavior based, allows custom rules and rather paranoid settings if you want. In my experience though, it makes my computer very slow when used in combination with PCTools Antivirus; if you want to use it with an antivirus it might be better to use Avast.

    PCTools Firewall: yes, it has decent HIPS functionality, though nothing to protect from keyloggers (I guess they leave that to Threatfire).

    COMODO: Defense+ is very comprehensive. I will say, though, that some people are a bit weary of anything from COMODO Group, due to very unethical behavior by that company (selling SSL certificates to known malware makers). I figured that was a once-off screwup at first, but since they continue to do it...

    Online Armor: No Advanced Mode in the free version and keylogger protection is stripped out, so it's kind of crippled, but the HIPS is still there and very good. The paid version seems to offer some of the best protection available.

    Edit: Threatfire looks like the best option to me in this case, because it can be easily set up to be silent.
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    hi Gullible Jones how can you make threatfire silent?i have no idea how and that was the reason why i run/stay away of it:) thanks in advance:thumb:
     
  13. Set it to quarantine anything suspicious by default (in Settings).

    (DO NOT DO THIS with a sensitivity setting of 5, or it will quarantine just about everything! Even 4 is probably pushing it.)
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    thanks alot :thumb: very value info i didnt know:thumb:
     
  15. Makav3l1

    Makav3l1 Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    241
    Threatfire is probably the best program for your requirements.
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    thank you makav
     
  17. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Be sure to also set TF to creat a restore point before doing so and add other security software to the trusted list, otherwise you are asking for troubles.
     
  18. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I second that thought!

    Effective, light, and it won't mess with the system stability. ;)
     
Loading...
Thread Status:
Not open for further replies.