Using more than one HIPS program

Discussion in 'other anti-malware software' started by Siamese Dream, May 22, 2013.

Thread Status:
Not open for further replies.
  1. Siamese Dream

    Siamese Dream Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    52
    Location:
    USA
    I have one on my firewall and get the impression that you shouldn't overrun your security with multiple products of the same kind. Is that the general recommendation with HIPS?
     
  2. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    I am always concerned about potential conflicts between the different security software. Therefore, if my firewall has HIPS (which it does) I wouldn't install an AV with an active HIPS component unless it could be turned off. That said, I read comments here from members who were testing Baidu AV, that has HIPS which can be turned off. They said that it didn't conflict with the HIPS of Comodo. Baidu was designed to work along side other security programs, but not all security programs are tolerant of others. Don't know if that helps. :)
     
    Last edited: May 23, 2013
  3. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    There are a few issues when running multiple HIPS:

    1. Performance. Running a HIPS will slow your computer, even though you don't see it, because the HIPS needs to make some checks when certain actions are triggered, and the code that does the checks will take time. If the HIPS is well coded, then this delay will be insignificant. However, when running more than one HIPS software, you will experience further slowing down, and in some cases you will even be able to perceive it when working on your computer.
    2. Compatibility. Again, if both HIPS are well written, you will be able to run them together without any conflicts. But as we don't live in a perfect world, and code is not perfect, most likely there will be conflicts between them. Even worse, if the HIPS code is based on hooking kernel methods, sometimes by using undocumented API, the probability of conflict increases.

    So, while in theory you can run more than one HIPS, in practice it is not recommended. If you still want to do it, make sure the two programs really get along by thorough testing.
     
  4. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    I would say that, yes, it is a general recommendation. However, if you don't want the all-in-one security suite approach, it is getting harder to find products that don't have some level of HIPS built in. For example, I'm currently using Spyshelter because of the very strong x64 HIPS it possesses compared to some others. However, both my firewall and AV have HIPS. I have bypassed the HIPS on the firewall and tried the AV both with and without the HIPS enabled. I haven't noticed any issues or slowdowns so far, but I still wish I could do custom installs and remove the excessive HIPS components completely.
     
  5. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Generally speaking, there's very little to be gained by having more than one HIPS containing product installed. Even if one is disabled, chances are its driver is still loaded. That alone can potentially cause conflicts. Another factor to consider is the auto-updating of apps containing HIPS components. I ran into that problem a few years back when an AV added an anti-rootkit module to their product. The original version got along fine with a classic HIPS. The first update to the module caused BSODs on every unit that I maintained on which both were installed.

    If you want to experiment with such a setup, make certain that you have a known good full system backup or image that's not stored on the same PC. I'd also advise disabling auto-updating of both products if possible. Depending on whether the active HIPS uses digital signatures or file hashes, all kinds of interactions are possible with product updates, especially when executables and DLLs are involved.
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    very true
     
Loading...
Thread Status:
Not open for further replies.