Ultimate Aussie HIPS Showdown

Hi Toploader,

One thing that is often missed in these comparisons is that Online Armor also works on Windows 98.

Of course, we're also testing a Kernel-mode version of OA right now, plus a few other interesting bits and pieces that I would like to have out before Christmas, if that proves to be possible.

At the moment, we're working on OA 1.2 (Kernel Mode OA), and I am working on the design of the OA 2.0 GUI. Even OA 2.0 will retain this windows 98 compatibility as it's something our customers have asked us to do.


Mike

 

Mike,

Any chance you can put into OA something that tells us it's demo or registered version. I noticed when i demo'd it that i couldn't tell how long i had left, and now i've registered it i don't know how long until my registration has left until it runs out. It doesn't even say it's a registered copy anywhere. It probably seems picky but us users like to see it tell us it's registered and how long we have until we need to renew.

muf

 

Hey Muf,

This will be in the OA 2.0 GUI - which will be released before your rego runs out anyway


Cheers

Mike

 

there are a number of factors to be taken into account when choosing a HIPS

how good is the product at dealing with a wide variety of malware? - from rootkits and keyloggers to rogue diallers, browser hijackers and worms etc

all software manufacturers like to claim their product is the bees knees and will detect and stop all known bugs. but i would like to see manufacturers being honest and open about what their product can't do rather than what it can do.

how user friendly is the software can it be used by a novice or does one need to be an expert to use it? my current understanding is that Process Guard is an "experts" product whereas Online Armor is simple enough for a newbie to use. Not sure where Appdefend and Antihook belong?

how good is the product support? how quickly are bugs fixed, how well is the customer treated? is he just another mug punter or a valued and well respected customer? my own purely subjective viewpoint here is that Online Armour provides the best support - judging by what i've read on these forums - ghost security seems to take support seriously as well - you dear reader may well have a different view and i am more than happy to hear it.

so which HIPS is your choice? PG OA AD or AH?

 

I agree with what you`ve said. I use OA and I guess no one can dispute they`re up to 110% on customer service. The only other I use of the above mentioned is PG. If I`ve had a problem(and off hand I can only think of two) I sent an email and they were looked after right away or at least within a 24 hr period. So for me that`s good service also.

 

thanks for the feedback bj69, i'm taking a long hard look at the current HIPS situation before i commit to choosing one.

all the products in this thread are evolving at different rates and in different ways. for me the test of any commercial product is whether it is good enough to replace my current free setup. not only good enough but better enough to make me consider that the difference makes it worth paying for the privilige of installing it.

my subjective opinion at the moment is that appdefend+regdefend is making the running. a HIPS that can protect the registry, block malware from installing and offer an additional "application firewall" to block anything trying to communicate out of the machine is very strong competition.

and it's competition that improves the breed - so i'm looking forward to watching these products slug it out for the podium.

 

*cough* All? *cough*

I think I have been honest about what OA does, and does not do/support.


*grin* Just letting you know I'm lurking and reading the discussion with interest.


Mike

 

With all due respect here , Mike is VERY precise in what he says . Has been since day one as I can atest . Very accurate in his descriptions .

 

i'm more than happy for all software authors to post their thoughts about their products here. this thread is open to all, indeed i positively encourage software developers to state just how good (or bad) they think their software is (and why) - warts and all - and how it can be improved. that's the whole point of this thread - to find out who has the best HIPS - with the help of developer input and user feedback. when i read about the latest malware i want to feel confident that the HIPS can deal with it - the question is how do i know? - to a large degree i have to take the security software on trust and hope the programmer knows his job better then the trojan writer.

as a potential customer it can be very difficult to know just how good a product is. all software sites list the positives of their products but none list the negatives. by reading forums like this the customer learns what is not said in the advertising blurb.

btw i totally agree that Mike is very honest in his dealings and is creating what looks like a formidable piece of software.

over the past few months i've tried a variety of trial commercial software and on more than one occasion the software proved unstable/unusable. even though we are told a product has been thoroughly beta tested i've seen many instances of customers complaining their software won't even start. in fact i'm using such (free) software now. the version i am currently using is very stable and does the job. the new version was supposedly beta tested but wouldn't work at all when installed. the author has withdrawn it for further testing/debugging. i have no complaints because the software is free, if i had paid for it then i would be somewhat miffed. anyone can write software that is bug ridden. if cars were tested and sold the same way software often is - driving on the roads would be a very exciting (but fraught) experience.

 

As with ANY software , beta or not , there can be problems . My goodness . AV software uses updates . Why ? So they can work
Liken it to constantly working to make any software better as time goes by . With the amount of software available today , too many apps are being used in conjunction with each other . Why do you think there are beta tests ? To find out how differing software work with the tested software . And making adjustments as needed . Of course , some software is released a bit too soon and have their OWN bugs . But , many are problems in compatablity with other software .

 

i should point out that one of the reasons i've chosen to focus on Aussie software is because i rate it quite highly - i just want to learn more about it. i can't afford to buy all of them (and i don't want to run multiple kernel based applications) so somewhere along the line i have to make an informed decision.

i can afford to wait as i'm happy with my free setup so the longer i leave it the more mature (and hopefully potent) these products will become.

 

writing software is a complex business - but at the end of the day if i part with money i expect something that will work and has been properly tested. i don't want to hear why it doesn't work i just want it to work. e.g if i buy a dvd player i expect it to work i don't expect to have to take it back for upgrades i don't expect to be given a list of excuses as to why it doesn't work properly - it's not my problem - i'm paying for a finished product. if the end product is free then it's a different story but if i'm paying money - it better work

those who are willing to accept less are a software developers dream come true
once you hand over money to a software author you are at his mercy he calls the shots. he will tell you he's overworked, undermanned, that he is unappreciated, that it's not easy writing such brilliant software for such whining complainers blah de blah de blah.

there's an old capitalist maxim - the customer is king - it's surprising just how many customers don't realise that - it's not quite so surprising that vendors feel uneasy about that particular maxim.

 

Agreed . Totally

 

The thing is that you can't definitively point at any one product as the best. Each has their own set of protection, and does it well. For some people Online Armor may be the best solution there is because it's style of protection suits their situation best. Others may find stronger protection from PG with the rest of their setup and circumstance. Others may find a sandbox/virtualization type of program to be the best. Each offers strong protection, but they all approach it differently. With HIPS programs it is pretty important that you know what it does, and when to allow or deny, becuase HIPS programs ultimately put the decision making in your hands, rather than definitively declaring something as malware. You may find that easier with Online Armor, or you may find that better with a DCS or GS app, it's really up to you and your skill/comfort level with each type of app... it's not like anti-virus programs where they basically do the same thing, and can be tested in the same way. It's like asking; "Which is best, a pickup truck or a van?" All things being equal, they will both get the job of hauling done, they are just differently suited for different types of people.

As long as you're respectful about it, most programmers will work with you anyway. If you want to get involved, though, just do some beta testing

Just remember that there are plenty of alternatives out there, that some of the paid alternatives are very inexpensive, and that the freeware authors generally have to have full time day job to make their rent (all of which differ from your analogy). I've seen too many people that make a lot of noise with a tone that demands that they deserve something better from the [freeware] developer.. especially in public forums, and without having tried to work with the developer first. I've also seen too many freeware developers burn out because of that kind of treatment. With that in mind, however, I do agree.. you can also build some good relationships with developers along the way

 

If you're involved in beta testing, then there are a couple of benefits:

• You get to see the new stuff before everyone else
• The developer will probably make sure the new stuff works on your system
• If the new stuff does things you don't like, you may be able to get it changed
• Some developers give free or discounted licences to their beta testers

Of course each developer is different, and you have to have a certain amount of time to devote to testing things - as well as a level of patience and a good backup

Mike

 

Why choose? Use both.

Run PG type programs. And virtulization type programs for particularly suspicious programs.

 

Hey Mike when is the next beta test? Todays update went smooth.

 

Better yet if you beta-test several different programs, you can report conflicts if any!

 

Yes Peter, I agree, everyone should beta-test half a dozen unstable betas at the same time.

it's thanks to you that people like me can run several HIPS at the same time.

I wish more beta-tesers were like you, instead of the cautious ones who test only one beta at the time.

 

I'm hoping for next week - but I've had that hope for 3 weeks now

We're getting a few wrinkles out of the driver - please bear with us. I'm really hopeful that some testing will resume by the end of next week.


Mike

 

At this temporal point in the history of the universe i feel i should explain what i mean by the "best" HIPS.

The perfect hips would offer 100% detection and prevention of malware now and in the future and do it all for 0$ and 0cents. The perfect HIPS would be more intelligent than the user thus obviating the need to ask him/her what to do. The perfect hips would require no support it would be a self maintaining self propagating self learning virtual organism.

As far as i know the perfect hips has not been invented yet and i consider it unlikely that it ever will be (though there is a statisical probabilty that such a future could unfold - albeit a very small probability) because we live in a universe where entropy is king and consequently everything is tending towards chaos (automated customer service answering systems are a good example of this)

so given that none of the 4 hips in this thread are likely to be 100% the question is which one is the best? - i.e which one offers the best bang for your buck?

which has the best detection and prevention of suspicious behaviour? - hooking/logging/autostarting etc
can it detect even the most sophisticated stealthware? - hidden files, hidden registry entries etc.
which has the best support? - now and in 10 years time.
which is the cheapest?
which is the least buggy and most compatible with your other proggies?

only one product passes the 0$ test and that is antihook. so why isn't everyone running antihook? why are people shelling out their hard earned cash on the others when there is a free hips going begging? could it be because antihook is not the best at detection/prevention? or is it regarded as too unstable? or do people simply ignore it without trying it because they assume that something for free cannot possibly be any good?

so i ask again - what hips do you run and why?
thank you

 

What constitutes suspicious behaviour? No, seriously what does? I mean if a program tries to install itself 'behind your back' while you are surfing the net then that constitutes suspicious behaviour. But when you download an application and run the installer then that is also installing itself. So what's the difference? One you initiated, the other you didn't. But how does a HIPS application know that it's one you initiated, or one that's doing it on the sly? They don't! So they all ask you question's when something new is being installed. So if you are browsing the net and your HIPS pops up saying "A new program unknown to me is being run - program iamarootkit.exe - Do you wish to run this file?" Well of course that warns you. But is it really HIPS? Really it should be saying "A new program unknown to me attempted to run - program iamarootkit.exe - This was not initiated by the user and has been terminated."

Really though, if i double click an exe on my desktop then i shouldn't be prompted by my HIPS. I initiated it, so there should be a way that the HIPS knows i did that and just lets it go. If another application launched the exe or it was launched from a website then yeah i expect the HIPS to question it. Using my method, if a user opens an exe file in an e-mail and they initiated it then you wouldn't get a pop-up asking to allow or not. This could be high risk. But then if they are naive enough to open an attachment in an e-mail without thinking about it then they are just as likely to allow it when questioned by a HIPS program.

HIPS programs should be predominantly transparent. But they are not. At the moment i honestly don't believe there are true HIPS programs available. We all end up clicking this, clicking that, saying yes, saying no. That's not HIPS, that's application control.

muf