Testing HIPS

Discussion in 'other anti-trojan software' started by djg05, Jan 26, 2006.

Thread Status:
Not open for further replies.
  1. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    I have been looking at DefenceWall and Kerio with the HIPS function and cannot see what the diference is between the two as far as the user is concered.

    Is there a HIPS exploit available to test our current systems so we can make a judgement?
     
  2. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I haven't used Kerio specifically, but from what I understand it's a more typical HIPS type products, so the difference as far as the user goes is going to be in how the program is used (assuming all other things being equal). DW requires that you add programs to the untrusted list, and it then puts restrictions on those programs and any child processes, and does so without any alerts. Your standard HIPS type product is going to alert on any monitored action taken by any program at all.. You're right about the protection features being similar, it's just a matter of which approach you're more comfortable with :)
     
  3. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Thanks Notok

    That explains the approach they take, and I assume both approaches are effective, though I have not seen anything to one or the other. That I was wondering there was a benigh test to check the current protection. With DW there is a question of whether it is worth twice the current price of Kerio for just one aspect, though is really a personal choice.
     
  4. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    Download IceSword and install as untrusted into i.e. DW and see if it can break out of the box.

    Would that be a test?

    I have downloaded - but I am not computer-savvy enough to test - or rather - take care of the eventual consequences.

    Best Regards
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    Well I inadvertently gave one feature of Safe'n'Sec a thorough test. I was trying to reinstall one one of my non security programs and was getting an error message that the installer couldn't run. Tried an unbelievable number of things to correct it, and just flat couldn't get the installer to run. Then by accident I discovered that somehow the program was on SnS's untrusted list. I removed it and sure enough ran.

    This pointed out, that one you have to be careful using HIPS programs, but that in this case Safe'n'Sec sure was doing it's job. From this it becomes obvious there are ways to test your favorite HIPS.

    Pete
     
  6. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    A good HIPS prevents you from installing software even if you want to?

    Okay check! Good to know , Peter :D
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    Hi there DA

    Yea you have a point. But thing is once something is labeled untrusted by SnS you aren't getting it installed even if you want to. My only point was that this software does what it was designed to do. In essense this was one test that the program works.

    Pete
     
  8. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Download some of the leaktests from www.firewallleaktester.com A good HIPS should detect almost everyone of them because the more advanced leaktests try to do dll injection, process injection, etc.

    Alphalutra1
     
Thread Status:
Not open for further replies.