Ultimate Aussie HIPS Showdown

Never before in the history of homo sap have we had it so good - we are totally spoiled for choice in the HIPS department and it's the Aussies who are making the running with three stonkingly good products.

First off the blocks was DiamondCS with Process Guard - then the Excellent Online Armor from Tall Emu made its debut and has been improving rapidly to become a genuine contender. And now we have Appdefend from Ghost Security. This already looks like it's going to be a class act and together with Regdefend could be an unbeatable combo. But the game is far from over with new versions of Process Guard and OA under development.

Pesonally i'm not sure which one to choose they are all very good.
The ability to detect malware hidden in trusted apps is for me very important. if one were to download a game or music software and to unwittingly let loose a kernel mode keylogger or rootkit hidden inside then i would hope that my HIPS program would alert me that suspicious activity has been detected.

The ability to detect the new class of Rootkits and keylogger trojans are for me de rigeur in any HIPS program worth it's salt. i would also want the HIPS to be able to alert to programs trying to phone home.

How about you? which of these HIPS solutions appeals to you most and for what reasons? and what do you expect from a HIPS proggie to make it worth your while shelling out your hard earned cash?

 

Well for one if you read the latest articles on rootkit development, you notice they lean towards virtual memory. That brings the question as to which programs cover that?


controler

 

That shadow walker crap? LOL.

 

If you trust the wrong app, you are basically dead, whatever you run.
Trusting the app means you will give it permissions for whatever popups, so appdefend,processguard,onlinearmor whatever will not save your bacon.

You download a game, that wants do x, otherwise it won't run. If you "trust" it, you will allow x, gameover.

Heck if you truly trust x, you will even ignore your antivirus/antitrojan, and assume it's a Falsepositive. But that's less likely to happen. I mean most people will take warning will their antivirus more seriously, then a generic warning for good reason.

Well then you don't want PG or appdefend (at least not yet). Online Armor maybe, but we will have to wait until 1.2

Get a personal firewall.

I don't know whether people expect too much of their "HIPS" program.
It's fashionable to say antiviruses are not the answer, but people expect HIPS to be as reliable as their antiviruses, and for their HIPS to magically detect malware without signatures.

In actual fact, what they get (currently at least) is a software that passes the buck to the user, alerting on ambigious events that might or might not be dangerous, leaving it to the user to decide.

The flaw with this theory is that the user is often ill equiped to decide, particularly when they already think the game they download is "trusted" making the whole point of the exercise moot.

 

One very off-topic post removed.

 

Do you imply from this statement that you don't use ProcessGuard now, I.E that you merely have the license.

Personally that is very surprising to me.

 

What would be more surprising is if he uses Online Armor, Appdefend AND ProcessGuard. Now that would be quite ridiculous and obsessive overredundancy. At least three pop-ups for anything new introduced into a system. And if you were installing something then chances are you'd have at least 10 pop-ups just to authorise it - Installation file, installer, application, startup etc. With three HIPS you could be talking 15 pop-ups when trying to install a new app. Redundancy in the extreme!

M.

 

Why not mentioning the latest Prevx1 beta its a nice addittion to the above listed HIPS. Or not?

 

Uuups, you are right!
How could I miss this "SMALL" detail on the country of origin?
No idea....

Fax

 

i like appdefend's "application firewall" concept - if a naughty naughty little spy trojan should somehow evade detection it's still got to phone home to be of any use.

appdefend + firewall gives 2 chances to detect suspicious outgoing connections. of course if the trojan is hiding in a trusted application that uses the internet then it could still slip thru....

for xp, ghostwall and chx-I firewall users - appdefend adds an outbound firewall.

just be very careful what you trust - be suspicious of everything that wants to connect to the net. (good reason to buy port explorer as well)

 

Apparantly you don't know Peter.

I bet he's running more than just Online Armor and Appdefend (plus standard firewall maybe virus scanners). I believe in the past he has run Online Armor+Safe n Sec+ ProcessGuard +Regdefend (and Prevx Pro I think) all at the same time.

Good redundancy.

I'm hugely surprised currently if he runs only Appdefend and Online Armor (plus standard firewall,scanners). As he said, he only mentioned Appdefend and Online Armor, because they are aussie products.

Well, You are wrong, Peter runs at least 4 HIPS I believe.

 

It's amazing with all your HIPS running at the same time, you can get infected twice. Just kidding, I know it wasn't yours.

And yes, I have helped cleaned badly infected machines. More than twice in fact. I hope you don't get to help the third time....

Oh well, it's your computer. I for one think it's ridiculous to click 20 popups in reaction to one normal click just to be safe, espically when you have backups but it's your right to spend 20-50% of your time each day dealing with popups.

You say computer is your 'livelyhood' do you mean you run your business online or do you mean you work for a living testing security programs?

 

Ladies and Gentlemen, let's leave the personal swipes and keep with the original topic.

Blackspear.

 

online armor's installation tracking looks useful - has anyone tried this feature of OA?

 

Ah. That explains why you need so much security and reducancy. The rest of us don't use our computers for work/business. ~snip~ removed unnessary comment ~ Blackspear

 

Yup and it does a good job of cleaning up too.

 

xmen, you have been asked politely. Please adhere.

Blackspear

 

Here's one i think you missed.

InfoProcess is an Australian company that specialises in high-quality consulting services for Windows and .NET. Services include development of Host Intrusion Prevention Systems (HIPS) for Windows, low-level Windows NT/2K/XP/2003 drivers as well as complex BizTalk 2004 Orchestrations, .NET Enterprises, ASP.NET, and XML Web Services.AntiHook 2.5

AntiHook® - The ultimate Host Intrusion Prevention System for protection against Malicious Software

Finally a complete bullet-proof solution for the detection and prevention of malicious software on your Microsoft® Windows® PC's.

AntiHook is a unique desktop-based Host Intrusion Prevention (HIP) product. AntiHook dynamically protects your privacy, operating system and applications from malicious software, such as Spyware, Rootkits, Keyloggers, Code Injection, and Trojans.


StevieO

 

hi StevieO, i didn't realise AntiHook was Aussie thanks for adding it to the list.

it makes the task of choosing a HIP Aussie just that much harder.

Process Guard is a mature product with a big following that seems to do the business at kernel level being effective against rootkits and keyloggers.

Appdefend promises to be a great proggie and will integrate with Regdefend and Ghostwall to produce a very strong suite of defenceware.

Online Armor has a number of features covering a variety of areas and is getting better and better with great support.

AntiHook is one i'm not so familiar with so perhaps someone who uses it would extol it's virtues? my current understanding is that the home version will remain free which is a big plus and i think ver 2.5 is now out?