Standalone “HIPS” vs. Firewall “HIPS” : Any Difference?

Discussion in 'other anti-malware software' started by chinook9, Nov 26, 2009.

Thread Status:
Not open for further replies.
  1. chinook9

    chinook9 Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    439
    First of all, "Happy Thanksgiving!!"

    Is there much, if any, difference in performance between “HIPS” types of security software (i.e. DefenseWall, Threatfire, DriveSentry, WinPatrol) and the HIPS included in Outpost Free, Online Armor Free, and Comodo Firewall?

    I was considering DefenseWall, but I already have Host Protection in Outpost Free set at Maximum. Would I gain anything from DefenseWall, or one of the others, if Host Protection is doing what it is supposed to do?
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    the thing with DefenSeWall is way diferent aproach than the competitors including a policy base sandbox and a strong sandbox firewall wich will alert for untrusted intruders:thumb: with defensewall all software introduce as untrusted can not hurt your system and with the use of the rollback feature you can get rid of any malware/traces that are in your system:thumb: with this hips you dont need to identify any kind of malware avery thing is consider untrusted utill you decide is trusted:) untrusted processes can not hurt your system or steal your data,to be honest they are diferent but for me i will go with defensewall:D it is a policy base sandbox,hips and firewall;) and outpost is a firewall with hips
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i dont consider my self and advance user but for me the rollback is very easy stuff:thumb: i have DW for long time and playing with the rollback and never had any trouble;)


    if you dont like or can not use the rollback feature then use Ccleaner:D


    also dont forget that if you introduce malware in it is criple and can not hurt your system at all or if you feel been attack just press the stop attack bottom end of story:thumb:
     
  4. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    722
    Location:
    Cumbria, England
    With regards to the rollback feature.
    I have always had Defensewall set to automatically remove items from rollback list since i first started using DW and have never come across any problem by doing so.
    I know a lot of other people use DW this way as well.
     
  5. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    Outpost free is a good app. Yes there is a big difference in the types of HIPS. Get DW its worth every penny and you'll have one more thing to be thankful for. DW will soon have a firewall, which Ilya claims is like no fw we've used before. There is virtually no learning curve to DW either.

    Happy Thanksgiving to all in this forum who celebrate it!
     
  6. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    I am using both Outpost Firewall Pro and DefenseWall. They compliment each other and work together smoothly. Outpost Host Protection is similar to a classic HIPS program that prompts you to allow/block anything new or that has changed on your computer. DW is a policy-based sandbox that isolates anything that is untrusted (browsers, E-mail programs, etc.) or anything that is downloaded through these untrusted programs. Since they work in different ways they don't duplicate each other. Happy Thanksgiving.
     
  7. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    "HIPS is for losers"

    ...

    Use one - not more!
    Outpost HIPS is very good - but a bit annoying sometimes and missing feature(s)
    Online Armor HIPS is better, but the whole suite (OA premium) is not as good as Outpost FW.

    DefenseWall Firewall - the comment about revolution makes me lol.
    The is nothing to improve while working on the OSI modell
    Maybe the handling might easier - but that would mean less control.
    i have seen/used so many firewalls in the past - each has its advantage and disadvantage.
    And tha is the only point to decide - use that one which fits your needs.
    Same for HIPS...

    For win7 i decided 30 days trial for LooknStop - pure firewall with 3megs.
    No HIPS, nothing - only eset av. HIPS blows me - i cant work with that thing
    when developing while bothering with silly questions over and over again.

    Advantage of separated security programs - you can upgrade each "component".
    Advantage of a suite - all in one - and well conditioned to each other.

    at least there not really need for hips i would say. HIPS is another word for
    limited user rights - start the day with that windows account.
    but most users dont or wont know about - why? settung up windows is such
    easy theses days - including the system restore point since winxp.

    think about your security concept and drop unsecure components.
    any additional security software you dont really know is potential dangerous.
     
  8. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    The updating programs issue is kinda the deal killer for me as far as using sandbox programs go. I have probably over 100 different programs on my computer that need to check for updates regularly. I like the DefenseWall concept though. I just wish there was a way to have programs as untrusted (internet facing apps like media players, internet browsers, etc) except for their update components which I wish could be set as trusted. And only allow the untrusted apps to be modified by their "trusted" updater component, nothing else without my consent. I guess that is more akin to a HIPS than a sandbox approach. Except where DW has both. And the good thing about the sandbox part is if anything else gets downloaded it is not allowed to execute and brick a system if it's malware.

    Is there some way to have DW or any other security program do this?
     
  9. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    difference for me is i dont like software firewall's nor do i have ANY need for them on my Desktop, Windows FW does what it does fine.
     
  10. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Why do you say this? Care to explain?
     
  11. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    maybe paranoid but not losers:D hips is the feature of antimalware by the way,look at some antivirus companies implementing this now in their suites:)
     
  12. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    hisp can "detect" malware on its behaviour - but if you dont know
    how that behave - what and when to decide if its malware or not?
    and yes - the sentence is offending - with purpose.
    Just my experience - i had or have both
    (from outpost 3.51 to OAv3/4 and back to Outpost latest)
    1st is old - too old (from 2006). The issue with OA you can read in the OA-Forum,
    and it is not solved with v4 here. so i switched. but Outpost latest,
    hips bothers - so i decided to go with LnS on Win7. i will see if it works
    well with the latest issues i had (specific online game, last reason for drop).

    nevertheless OA is a nice piece of work - it covers the most common needs,
    like Outpost. The issue with DW are external xp-themes - not possible to use.
    Comodo did same so i dropped both.

    bit off - i read matousec - its a nice orientation but not the golden egg.
    Outpost integrated av, comodo did same - eset av added a firewall, DW ads a firewall.
    i'm not a really good friend of those suites - only one of that component
    is good, the other sucks - see Outpost AV, see Comodo AV, see Eset Firewall.
    Even OA++ the a2 part is not really ok - missing some basic features (read forum pls).
    Kaspersky IS both parts have pretty nice issues which arent solved over
    several major builds.
     
  13. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    No, HIPS is for advanced users that can make an informed decision.

    Nice to see you have a sense of humor.
    I for one will install v3 and give the FW a shot when Ilya releases it.

    Good advice. Everyone's preference/need's may be different.

    Gotta agree with you there. If you don't understand and don't know how to use a particular security program it could and probability would prove to do more harm then good.
     
    Last edited: Nov 27, 2009
  14. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    How to reproduce it?
     
  15. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Well a happy belated turkey day to you too.

    I would say yes,but those you listed are different types of HIPS.(policy based/classical/behavior blocker) Winpatrol is more like a system monitor.


    Probably not much. Maybe compatibility issues, running DW and Outpost here at one time slowed my box down to a crawl. So OP got the boot.
     
  16. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
    Re: Standalone “HIPS” vs. Firewall “HIPS” : Any Difference?

    HIPS user is an user that knows what he install, launch, run or download; an user that knows understand the alerts of the HIPS and what they means or, if he doesn't understands a detected process or activity, he block it and he analyze and search about it. This is to use an HIPS and it is because HIPS do very well they work.
     
  17. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    absolutely... but - in that cases - is hips really needed for that user?
    or only for those who share their computer with less experienced users?

    erm Ilya - pls dont ask (again)... (dont worry about it or me)
    there are enough options to change to...
     
  18. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Yes to both questions. For me, classic HIPS has replaced the AV and prevents other users from altering my system. Not everything that tries to execute on a PC asks the user first, aka a drive by. Without something to intercept those processes, a user wouldn't know something new executed. By intercepting non-whitelisted processes, HIPS can prevent code that exploits legitimate applications from gaining control over the rest of the system or from downloading and executing something worse. IMO, HIPS especially classic HIPS are better able to enforce a default-deny policy than Windows built in tools for several reasons. HIPS can control how processes interact on an individual basis, not just which ones can and can't execute. HIPS also gives more control over Windows executables. In the hands of a knowledgeable user, HIPS can secure Windows better than most any other option.
     
  19. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Brummelchen, you are either a sarcastic or angry dude! ;) :p ha.

    If Ilya is asking a question to your statement, share the respect, spend two minutes explaining it. :D
     
  20. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    neither nor - just facts here. is not my purpose to be unpolite but if i need to
    discuss issues i would join his forum - where same issue never really was solved.
    i'm just experienced enough to solve many problems for my own but if both
    programs fail (DW and Comodo have/had same issue) and the 5 another around
    have not i wont spend more time then necessary.
    and hints/tips like uninstall the other security software etc is not my goal.
    either support can reproduce the issue and can present a solution or they
    admit they have no clue - but the answers were not satisfying.
    (im speaking in general - it concerns in special DW, Comodo and OA)
    maybe you have NOW an idea why i write that indifferent.


    and that is the point of my view that experienced users dont really need a HIPS.
    they are conscious what and where they click.

    i had a similar discussion about WOT last evening. WOT shows red about a
    specific rapidshare link - but nothing about another which have same content.
    User would click the last on that information - but there is absolut no information
    about content - if bad or good - user trust that WOT and download.
    the reason for download that is awsome - but if you dont trust it - why start
    the search in general and stop before the download?

    thinking about the root of issue would prevent useless work and decisions
    on questionable signs.

    so at least i replaced hips in the smaller form of sandboxie and in big with a
    virtual machine. The rest of my system is trusted and secure - i can work
    without a firewall or av (although that is installed). i can rely on it.
    (i'm the only one working on this computer - no share)
     
    Last edited: Nov 28, 2009
  21. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
    Re: Standalone “HIPS” vs. Firewall “HIPS” : Any Difference?

    Did you never hear something about rootkits, obfsuscuted processes and complex trojans ? Without an HIPS which experienced user can detect them ?
     
  22. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    also trojans likes to connect to the net so he will need outbound protection:)
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
  24. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    blacknight - dont pick the rosines for your cite - read
    and understand the whole answer from me - or drop it :thumbd:


    crap video - even the intro is whole crap
    Firewalls dont need an update nor signatures.
    then the poor choice of mcafee and symantec
    no need to discuss it that level :rolleyes:
     
  25. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    This thread has more arrogance and attitude than anything else. The only losers here are the ones who need to call someone else a loser.
     
Loading...
Thread Status:
Not open for further replies.