Standalone freeware HIPS?

My security software in PC with XP SP3 is:

1. Avast antivirus Home
2. Windows Defender
3. Windows firewall

Do I need something else?
I think, some HIPS?

Do you recommend some standalone freeware HIPS application?
Thank you.

 

There aren't many standalone HIPS left, let alone free ones...

- EQ Secure 3.41 is probably the only fully featured free HIPS out there.
- Process Guard Free is free, but provides simple execution and modification/termination process protection.
- System Safety Monitor was given as farewell gift for free when it shut down, i am not sure if you can still get a free license from Vitaly.

- EQ Secure 4 if you speak chinese.

At the end it all depends on your personal taste and on whether you are high risk user or not.

- You may be fine with what you have now.
- If you understand and like EQSecure, then it's the safest solution.
- If you want a simpler HIPS, PG Free may be a good solution, but not as secure.
- You could use something like Threatfire.
- You could add Sandboxie.
- A combination of the above.

 

I will suggest to remove Windows Defender.

After that you can add one of these:

ThreatFire( if u don,t like pop ups)
OA free
CFP - both of these if u like pop ups

You can add a sandbox also.

 

You can turn Windows Defender into a HIPS package by simply changing your membership of spynet.

------------------

Make sure you join Spynet with an "Advanced" Membership.
This opts you into some options not avaible from the standard user interface.

You will literally get "full-blown" HIPS Protection, Simply check the options:

Enable real-time protection &

Choose if Windows Defender should notify you about:

* Software that has not yet been classified for risks
* Changes made to your computer by software that is permitted to run

Job done!

No need to install anything else on your PC.

------------------

EQS is fantastic but if you're not up to speed with granular HIPS it will probably drive you round the bend initially with it's popups.

Alcyon's has some rulesets that makes it fully bulletproof.
Search for his name on this forum and his website, plus links for the prog and his rulesets, are in his signature strip.

 

For novice users: Threatfire, for medium level users: Comodo Firewall with Defense+ HIPS , for advanced users: EQSecure

 

Make an effort to use a limited account, and if you use XP Pro, configure gpedit.msc.
http://www.mechbgon.com/srp/

 

The only problem I had with Windows Defender in advanced mode, is when testing a few programs, WD would alert on say a system change, but if I selected to deny that change, on most occasions the change could not be denied.

Maybe its improved. It's good with the alerts, but see if you can 'rollback'/deny a system change.

ThreatFire shouldn't give novice users, who are just browsing the net, any alerts. Would be my pick.

 

Meanwhile, back at the topic...

The only freeware HIPS that I know of are...

A- Classicals (more or less)

1-Online Armor-free

2-Dynamic Security Agent

3-Drive Sentry

4-Real-Time Defender (send me a PM -- subject "RTD" -- for a link to the download site.)

5-Defense Plus (D+) component of Comodo Internet Security

B-Behavior Blockers (more or less)

1-Threatfire

 

As others have stated, Threatfire is a good choice if you don't want pop ups.

You should also add a sandbox, you could use Sandboxie, GesWall or DefenseWall.

 

Ingem, look please: https://www.wilderssecurity.com/showthread.php?t=233528

Thank you, PRO

 

In that HIPS thread, PRO recommended Startup Monoitor & Tiny Watcher, neither of which is a HIPS. Hmmmm
~~~~~~~~~~~~~~~~~~~~~~
I complied with several PM requests for a link to Real-time Defender (RTD). I hope you folks like it.

RTD used to be called ProSecurity (PS). Comodo hired Jei, the proponent of PS. Jei sold the code for PS to someone. The new owner then changed the name of the latest version of PS to RTD & put it on the web as a free download - - which is the target of the link I have given to those who PM a request.

I hope that whoever is RTD's proponent will eventually begin updating RTD. However, PS was so far ahead of its time that RTD is still a superb addition to anyone's security wall. By the way: in addition to the full array of classical HIPS capabilities, RTD also provides network protection both in & out. A grrreat freebie!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here are 2 more classical HIPS that I just remembered....

6- Antihook 2.6 (AH). I have never tried AH myself, but a search will give you several Wilders threads that discuss it.

7-ProcessGuard. Another I haven't tried. A "cult favorite".

 

Like Aigle said: remove windows defender and install latest ThreatFire. Easiest thing to do, make sure to create a restore point before TF quantaines something (somewhere in the settings).

Cheers

 

I would go for DefenseWall paid or GeSWall free

 

Yes Bellgamin: StartupMonitor, Tiny Watcher and System Shield - they are now sufficient for me. That's what I meant.

 

Another program that could be considered to have certain HIPS functionality would be Arovax Shield.

http://www.arovaxshield.com/

 

Tiny Watcher is a good "file integrity checker" - - I recommend that you always use TW's deep scan. It is much more effective than TW's default scan. Your other 2 apps are largely a waste of time. In any event NONE of these are HIPS so you & I are both OT & should be shot.

 

Agree both are off-topic for HIPS, but hardly what I would call a waste of time. One could argue the other way where a HIPS with all of it's configuring required (usually) would be a waste of time.

I guess it depends which time zone you live in or if you like pie vs cake.

Sul.

 

Bellgamin, not be afraid, I am with you, Sully understands us and it is a victory!

Thank you Sully; righty - I prefer the cake, You've noticed.

Kingdom for 2608 Kb!

 

Thanks for that bit of info, Smiggy. I wasn't aware of it and I have since opted for advanced SpyNet membership and the two notifications options. Previously I had been wary of sending info to MS, but I'm willing to try it for awhile in order to see how WD performs.