Ultimate Aussie HIPS Showdown

Discussion in 'other anti-malware software' started by toploader, Nov 19, 2005.

Thread Status:
Not open for further replies.
  1. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    Never before in the history of homo sap have we had it so good - we are totally spoiled for choice in the HIPS department and it's the Aussies who are making the running with three stonkingly good products.

    First off the blocks was DiamondCS with Process Guard - then the Excellent Online Armor from Tall Emu made its debut and has been improving rapidly to become a genuine contender. And now we have Appdefend from Ghost Security. This already looks like it's going to be a class act and together with Regdefend could be an unbeatable combo. But the game is far from over with new versions of Process Guard and OA under development.

    Pesonally i'm not sure which one to choose they are all very good.
    The ability to detect malware hidden in trusted apps is for me very important. if one were to download a game or music software and to unwittingly let loose a kernel mode keylogger or rootkit hidden inside then i would hope that my HIPS program would alert me that suspicious activity has been detected.

    The ability to detect the new class of Rootkits and keylogger trojans are for me de rigeur in any HIPS program worth it's salt. i would also want the HIPS to be able to alert to programs trying to phone home.

    How about you? which of these HIPS solutions appeals to you most and for what reasons? and what do you expect from a HIPS proggie to make it worth your while shelling out your hard earned cash?
     
  2. controler

    controler Guest

    Well for one if you read the latest articles on rootkit development, you notice they lean towards virtual memory. That brings the question as to which programs cover that?


    controler
     
  3. xmen

    xmen Guest

    That shadow walker crap? LOL.
     
  4. xmen

    xmen Guest

    If you trust the wrong app, you are basically dead, whatever you run.
    Trusting the app means you will give it permissions for whatever popups, so appdefend,processguard,onlinearmor whatever will not save your bacon.

    You download a game, that wants do x, otherwise it won't run. If you "trust" it, you will allow x, gameover.

    Heck if you truly trust x, you will even ignore your antivirus/antitrojan, and assume it's a Falsepositive. But that's less likely to happen. I mean most people will take warning will their antivirus more seriously, then a generic warning for good reason.

    Well then you don't want PG or appdefend (at least not yet). Online Armor maybe, but we will have to wait until 1.2


    Get a personal firewall.

    I don't know whether people expect too much of their "HIPS" program.
    It's fashionable to say antiviruses are not the answer, but people expect HIPS to be as reliable as their antiviruses, and for their HIPS to magically detect malware without signatures.

    In actual fact, what they get (currently at least) is a software that passes the buck to the user, alerting on ambigious events that might or might not be dangerous, leaving it to the user to decide.

    The flaw with this theory is that the user is often ill equiped to decide, particularly when they already think the game they download is "trusted" making the whole point of the exercise moot.
     
  5. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    One very off-topic post removed.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Oneline Armor vs Appdefend. Tough choice, but I took an easy solution. BOTH.:D They coexist together and redundancy is a bad philosophy. Cheap compared to the price of cleaning up a mistake.

    Oh and I am also licensed for ProcessGuard.
     
  7. xmen

    xmen Guest

    Do you imply from this statement that you don't use ProcessGuard now, I.E that you merely have the license.

    Personally that is very surprising to me.
     
  8. Mikkey

    Mikkey Guest

    What would be more surprising is if he uses Online Armor, Appdefend AND ProcessGuard. Now that would be quite ridiculous and obsessive overredundancy. At least three pop-ups for anything new introduced into a system. And if you were installing something then chances are you'd have at least 10 pop-ups just to authorise it - Installation file, installer, application, startup etc. With three HIPS you could be talking 15 pop-ups when trying to install a new app. Redundancy in the extreme!

    M.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Just curious Why?
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Hi Mikkey

    You ever clean a badly infected machine. I've helped do it twice. Do you think every program is perfect, or that you might never make a mistake clilcking on something?

    Since my computer is my livelyhood, I'd rather click 20 popups, and do triple backups(which i do), then have to go thru what I saw when I saw those infected machines.

    Might not be for everyone, but works for me.

    Pete
     
  11. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost

    Why not mentioning the latest Prevx1 beta its a nice addittion to the above listed HIPS. Or not?

    :rolleyes:
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Not applicable to this thread. This is about Aussie products. Prevx1 is from United Kingdom.
     
  13. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Uuups, you are right!
    How could I miss this "SMALL" :eek: detail on the country of origin?
    No idea....
    :doubt:
    Fax
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Hi Fax

    So easy. When I posted, I almost started talking about some other stuff myself, but since it's non aussie I didn't. Sometimes these threads just wonder all over.

    Pete
     
  15. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    i like appdefend's "application firewall" concept - if a naughty naughty little spy trojan should somehow evade detection it's still got to phone home to be of any use.

    appdefend + firewall gives 2 chances to detect suspicious outgoing connections. of course if the trojan is hiding in a trusted application that uses the internet then it could still slip thru....

    for xp, ghostwall and chx-I firewall users - appdefend adds an outbound firewall.

    just be very careful what you trust - be suspicious of everything that wants to connect to the net. (good reason to buy port explorer as well) ;)
     
  16. xmen

    xmen Guest

    Apparantly you don't know Peter. :)

    I bet he's running more than just Online Armor and Appdefend (plus standard firewall maybe virus scanners). I believe in the past he has run Online Armor+Safe n Sec+ ProcessGuard +Regdefend (and Prevx Pro I think) all at the same time.

    Good redundancy.

    I'm hugely surprised currently if he runs only Appdefend and Online Armor (plus standard firewall,scanners). As he said, he only mentioned Appdefend and Online Armor, because they are aussie products.

    Well, You are wrong, Peter runs at least 4 HIPS I believe.
     
  17. xmen

    xmen Guest

    It's amazing with all your HIPS running at the same time, you can get infected twice. :) Just kidding, I know it wasn't yours.

    And yes, I have helped cleaned badly infected machines. More than twice in fact. I hope you don't get to help the third time....

    Oh well, it's your computer. I for one think it's ridiculous to click 20 popups in reaction to one normal click just to be safe, espically when you have backups but it's your right to spend 20-50% of your time each day dealing with popups.

    You say computer is your 'livelyhood' do you mean you run your business online or do you mean you work for a living testing security programs?
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Hey xmem, drop the attitude.

    1st. I don't click 20 popups a day. I might click 4 or 5 on an install, and then things are quiet.

    2nd. As to my businesses, no they aren't on line, they are totally unrelated to computers, I just use the computer to manage them.
     
  19. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Ladies and Gentlemen, let's leave the personal swipes and keep with the original topic.

    Blackspear.
     
  20. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    online armor's installation tracking looks useful - has anyone tried this feature of OA?
     
  21. xmen

    xmen Guest

    o_O

    Ah. That explains why you need so much security and reducancy. The rest of us don't use our computers for work/business. ;) ~snip~ removed unnessary comment ~ Blackspear
     
    Last edited by a moderator: Nov 23, 2005
  22. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    Yup and it does a good job of cleaning up too.
     
  23. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    xmen, you have been asked politely. Please adhere.

    Blackspear
     
  24. StevieO

    StevieO Guest

    Here's one i think you missed.

    InfoProcess is an Australian company that specialises in high-quality consulting services for Windows and .NET. Services include development of Host Intrusion Prevention Systems (HIPS) for Windows, low-level Windows NT/2K/XP/2003 drivers as well as complex BizTalk 2004 Orchestrations, .NET Enterprises, ASP.NET, and XML Web Services.AntiHook 2.5

    AntiHook® - The ultimate Host Intrusion Prevention System for protection against Malicious Software

    Finally a complete bullet-proof solution for the detection and prevention of malicious software on your Microsoft® Windows® PC's.

    AntiHook is a unique desktop-based Host Intrusion Prevention (HIP) product. AntiHook dynamically protects your privacy, operating system and applications from malicious software, such as Spyware, Rootkits, Keyloggers, Code Injection, and Trojans.


    StevieO
     
  25. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    hi StevieO, i didn't realise AntiHook was Aussie thanks for adding it to the list.

    it makes the task of choosing a HIP Aussie just that much harder.

    Process Guard is a mature product with a big following that seems to do the business at kernel level being effective against rootkits and keyloggers.

    Appdefend promises to be a great proggie and will integrate with Regdefend and Ghostwall to produce a very strong suite of defenceware.

    Online Armor has a number of features covering a variety of areas and is getting better and better with great support.

    AntiHook is one i'm not so familiar with so perhaps someone who uses it would extol it's virtues? my current understanding is that the home version will remain free which is a big plus and i think ver 2.5 is now out?
     
Loading...
Thread Status:
Not open for further replies.