Standalone “HIPS” vs. Firewall “HIPS” : Any Difference?

First of all, "Happy Thanksgiving!!"

Is there much, if any, difference in performance between “HIPS” types of security software (i.e. DefenseWall, Threatfire, DriveSentry, WinPatrol) and the HIPS included in Outpost Free, Online Armor Free, and Comodo Firewall?

I was considering DefenseWall, but I already have Host Protection in Outpost Free set at Maximum. Would I gain anything from DefenseWall, or one of the others, if Host Protection is doing what it is supposed to do?

 

the thing with DefenSeWall is way diferent aproach than the competitors including a policy base sandbox and a strong sandbox firewall wich will alert for untrusted intruders with defensewall all software introduce as untrusted can not hurt your system and with the use of the rollback feature you can get rid of any malware/traces that are in your system with this hips you dont need to identify any kind of malware avery thing is consider untrusted utill you decide is trusted untrusted processes can not hurt your system or steal your data,to be honest they are diferent but for me i will go with defensewall it is a policy base sandbox,hips and firewall and outpost is a firewall with hips

 

i dont consider my self and advance user but for me the rollback is very easy stuff i have DW for long time and playing with the rollback and never had any trouble


if you dont like or can not use the rollback feature then use Ccleaner


also dont forget that if you introduce malware in it is criple and can not hurt your system at all or if you feel been attack just press the stop attack bottom end of story

 

With regards to the rollback feature.
I have always had Defensewall set to automatically remove items from rollback list since i first started using DW and have never come across any problem by doing so.
I know a lot of other people use DW this way as well.

 

Outpost free is a good app. Yes there is a big difference in the types of HIPS. Get DW its worth every penny and you'll have one more thing to be thankful for. DW will soon have a firewall, which Ilya claims is like no fw we've used before. There is virtually no learning curve to DW either.

Happy Thanksgiving to all in this forum who celebrate it!

 

I am using both Outpost Firewall Pro and DefenseWall. They compliment each other and work together smoothly. Outpost Host Protection is similar to a classic HIPS program that prompts you to allow/block anything new or that has changed on your computer. DW is a policy-based sandbox that isolates anything that is untrusted (browsers, E-mail programs, etc.) or anything that is downloaded through these untrusted programs. Since they work in different ways they don't duplicate each other. Happy Thanksgiving.

 

"HIPS is for losers"

...

Use one - not more!
Outpost HIPS is very good - but a bit annoying sometimes and missing feature(s)
Online Armor HIPS is better, but the whole suite (OA premium) is not as good as Outpost FW.

DefenseWall Firewall - the comment about revolution makes me lol.
The is nothing to improve while working on the OSI modell
Maybe the handling might easier - but that would mean less control.
i have seen/used so many firewalls in the past - each has its advantage and disadvantage.
And tha is the only point to decide - use that one which fits your needs.
Same for HIPS...

For win7 i decided 30 days trial for LooknStop - pure firewall with 3megs.
No HIPS, nothing - only eset av. HIPS blows me - i cant work with that thing
when developing while bothering with silly questions over and over again.

Advantage of separated security programs - you can upgrade each "component".
Advantage of a suite - all in one - and well conditioned to each other.

at least there not really need for hips i would say. HIPS is another word for
limited user rights - start the day with that windows account.
but most users dont or wont know about - why? settung up windows is such
easy theses days - including the system restore point since winxp.

think about your security concept and drop unsecure components.
any additional security software you dont really know is potential dangerous.

 

The updating programs issue is kinda the deal killer for me as far as using sandbox programs go. I have probably over 100 different programs on my computer that need to check for updates regularly. I like the DefenseWall concept though. I just wish there was a way to have programs as untrusted (internet facing apps like media players, internet browsers, etc) except for their update components which I wish could be set as trusted. And only allow the untrusted apps to be modified by their "trusted" updater component, nothing else without my consent. I guess that is more akin to a HIPS than a sandbox approach. Except where DW has both. And the good thing about the sandbox part is if anything else gets downloaded it is not allowed to execute and brick a system if it's malware.

Is there some way to have DW or any other security program do this?

 

difference for me is i dont like software firewall's nor do i have ANY need for them on my Desktop, Windows FW does what it does fine.

 

Why do you say this? Care to explain?

 

maybe paranoid but not losers hips is the feature of antimalware by the way,look at some antivirus companies implementing this now in their suites

 

hisp can "detect" malware on its behaviour - but if you dont know
how that behave - what and when to decide if its malware or not?
and yes - the sentence is offending - with purpose.

Just my experience - i had or have both
(from outpost 3.51 to OAv3/4 and back to Outpost latest)
1st is old - too old (from 2006). The issue with OA you can read in the OA-Forum,
and it is not solved with v4 here. so i switched. but Outpost latest,
hips bothers - so i decided to go with LnS on Win7. i will see if it works
well with the latest issues i had (specific online game, last reason for drop).

nevertheless OA is a nice piece of work - it covers the most common needs,
like Outpost. The issue with DW are external xp-themes - not possible to use.
Comodo did same so i dropped both.

bit off - i read matousec - its a nice orientation but not the golden egg.

Outpost integrated av, comodo did same - eset av added a firewall, DW ads a firewall.
i'm not a really good friend of those suites - only one of that component
is good, the other sucks - see Outpost AV, see Comodo AV, see Eset Firewall.
Even OA++ the a2 part is not really ok - missing some basic features (read forum pls).
Kaspersky IS both parts have pretty nice issues which arent solved over
several major builds.

 

No, HIPS is for advanced users that can make an informed decision.

Nice to see you have a sense of humor.
I for one will install v3 and give the FW a shot when Ilya releases it.

Good advice. Everyone's preference/need's may be different.

Gotta agree with you there. If you don't understand and don't know how to use a particular security program it could and probability would prove to do more harm then good.

 

How to reproduce it?

 

Well a happy belated turkey day to you too.

I would say yes,but those you listed are different types of HIPS.(policy based/classical/behavior blocker) Winpatrol is more like a system monitor.

Probably not much. Maybe compatibility issues, running DW and Outpost here at one time slowed my box down to a crawl. So OP got the boot.

 

Re: Standalone “HIPS” vs. Firewall “HIPS” : Any Difference?

HIPS user is an user that knows what he install, launch, run or download; an user that knows understand the alerts of the HIPS and what they means or, if he doesn't understands a detected process or activity, he block it and he analyze and search about it. This is to use an HIPS and it is because HIPS do very well they work.

 

absolutely... but - in that cases - is hips really needed for that user?
or only for those who share their computer with less experienced users?

erm Ilya - pls dont ask (again)... (dont worry about it or me)
there are enough options to change to...

 

Yes to both questions. For me, classic HIPS has replaced the AV and prevents other users from altering my system. Not everything that tries to execute on a PC asks the user first, aka a drive by. Without something to intercept those processes, a user wouldn't know something new executed. By intercepting non-whitelisted processes, HIPS can prevent code that exploits legitimate applications from gaining control over the rest of the system or from downloading and executing something worse. IMO, HIPS especially classic HIPS are better able to enforce a default-deny policy than Windows built in tools for several reasons. HIPS can control how processes interact on an individual basis, not just which ones can and can't execute. HIPS also gives more control over Windows executables. In the hands of a knowledgeable user, HIPS can secure Windows better than most any other option.

 

Brummelchen, you are either a sarcastic or angry dude! ha.

If Ilya is asking a question to your statement, share the respect, spend two minutes explaining it.

 

neither nor - just facts here. is not my purpose to be unpolite but if i need to
discuss issues i would join his forum - where same issue never really was solved.
i'm just experienced enough to solve many problems for my own but if both
programs fail (DW and Comodo have/had same issue) and the 5 another around
have not i wont spend more time then necessary.
and hints/tips like uninstall the other security software etc is not my goal.
either support can reproduce the issue and can present a solution or they
admit they have no clue - but the answers were not satisfying.
(im speaking in general - it concerns in special DW, Comodo and OA)
maybe you have NOW an idea why i write that indifferent.

and that is the point of my view that experienced users dont really need a HIPS.
they are conscious what and where they click.

i had a similar discussion about WOT last evening. WOT shows red about a
specific rapidshare link - but nothing about another which have same content.
User would click the last on that information - but there is absolut no information
about content - if bad or good - user trust that WOT and download.
the reason for download that is awsome - but if you dont trust it - why start
the search in general and stop before the download?

thinking about the root of issue would prevent useless work and decisions
on questionable signs.

so at least i replaced hips in the smaller form of sandboxie and in big with a
virtual machine. The rest of my system is trusted and secure - i can work
without a firewall or av (although that is installed). i can rely on it.
(i'm the only one working on this computer - no share)

 

Re: Standalone “HIPS” vs. Firewall “HIPS” : Any Difference?

Did you never hear something about rootkits, obfsuscuted processes and complex trojans ? Without an HIPS which experienced user can detect them ?

 

also trojans likes to connect to the net so he will need outbound protection

 

very interesting tutorial

http://www.youtube.com/watch?v=fisc4v8Ph3s

 

blacknight - dont pick the rosines for your cite - read
and understand the whole answer from me - or drop it

crap video - even the intro is whole crap
Firewalls dont need an update nor signatures.
then the poor choice of mcafee and symantec
no need to discuss it that level

 

This thread has more arrogance and attitude than anything else. The only losers here are the ones who need to call someone else a loser.