What is your security setup these days?

Just trying out Forticlient Standard.

 

Very nice setup.

 

Why not have both?

 

Because HIPS is great and if used with some knowledge, can protect better than an AV can. Some people don't need AVs to have full protection my friend.

 

I would not say HIPS can protect better or anything. They need to be used together. I do not hips or av in my XP pc. I'd rather go with hips plus av or none at all. If you use the suites like any IS of most vendors you'll get them both together. Even some AVs come with built-in hips like Eset. And besides Hips and AV cover different parts of security and should be used if you believe in layered security approach. Like many Avs come with bb and if you use the traditional scanning of AV(on-access/on-demand doesn't matter) with it's bb and put hips into the mix you got a great security.

 

Thank you, djohn.

 

Agree unless a hips is checking in the cloud or heuristic etc its only great with a Deny everything rule,meaning the user allows nothing,but thats not pratical at all because there is always something we see and want to install and try it out.

 

Yes whitelisting plus blacklisting would be perfect solution.

But when using AV you must take into account benefits and dangers that using it brings to your system.
IMO, probability of AV saving my system is smaller than probability of the same AV making some mistake and harm my system. So using AV could even make my setup less secure.

 

This is why I like things like sanboxie or Shadow Defender because you can install it play with it and when your 99.999 percent sure its legit and clean and worth the drive space and only then it will be allowed out of the dog house and in the home .

 

Sorry I cannot agree. I can customized HIPS and have locked down defense. You can't do that with an AV. I would rather use a combination of Sandboxing/Virtualization and/or HIPS to protect my system than an using AV and HIPS. I'm don't want to turn this into your setup vs mines so I won't. If you comfortable using AV in your layer defense fine but it is useless in my setup therefore unnecessary.

Both software are excellent choices for use in a layered security approach IMO.

 

And what does AppGuard locked down mode do? Is that practical? No it isn't but people use it correct? And when you want to install what do you do? Being practical has nothing to do with measuring a security software ability. If it does then look in the mirror at your own setup.

 

I'm not turning this into your setup vs mine. You're saying Hips protects better than AV. I just wanted to make my point. Not that trying you to persuade to use a AV by saying my setup is better than yours. Actually if we look at it, you're the one saying your non-AV setup is better. LOL.

I'm do not agree Hips protect better than AV. Even if they did I would say using both protects better than Hips alone would.

Btw, I would use a combination of AV, HIPS, sandboxing and virtualization.

 

My point is my setup is better (for me) and in my opinion (notice this) HIPS protect better an AV. I've said what I needed and I'm done with this.

 

That is true for HIPS also. A wrong decision or a mistake could block, run files sandboxed or restricted unnecessarily or could even remove apps/processes when time is little and the need work needs to be done correctly. Thus causing enormous inconvenience and hassle. So using HIPS could also make your computing life more hassle.

I think using a layered approach with av, hips, sandboxing, etc is great. Each indiviual component of that approach may have it's cons and probs but the benefits of using them together are far greater.

 

I also think I've made my point clear. Let's move on.

 

Yes you are right.
Here is a difference:
With HIPS my bad decisions can make my computing life a hassle.
With AV someone else's bad decision can make my computing life a hassle.

But you are right. Layered security is the best approach. I just don't see much benefits in using AV and I'm more afraid of dangers it brings to my computing.

 

In any case both have a chance of causing a hassle. You could argue that because bad decisions are dependent of you solely in HIPS the chance and amount of hassle can be minimized. I would argue that the bad decision would need to made by a large number of other people in AV to make a hassle as lots of people work in developing an AV and maintaining it. The chance of a lot of people experts in their fields(in this case the same field) making a same mistake is very low thus the chance of bad decisions made by 'someone else' with AV is fairly low.

So we cannot dismiss any of AV and HIPS. I think it's better to use both.

 

I agree, we cannot dismiss either.

 

Yes basically I am lowering its protection to allow installation same as allowing from a Classical Hips like Malware Defender leaving my self wide open to infection.Under normal internet activity of not wanting anything to install LockDown is practical for me as its just denies excutables. MD in silent mode just blocks and denies like AppGuard does in lockdown.

I dont disagree a Hips is stronger then a AV but a classical type hips Alone Like MD dont concern its self with good or bad content AFAIK.So other layers are needed when installing new or unkown apps.Not that it has to be a resident AV/AM but Behavior or OD scanners or uploads to VT or jotti.

BTW I didn't say practical has anything to do with security did I,What I believe I said is that its not practical to not install anything.

 

Ah glad we agree on security security approach.

 

With AV, someone else's bad decision can make many people's computing life a hassle.

 

Sadly... I've actually been waiting to see if Microsoft itself would screw up with its own system files. No luck, so far... Let's wait and see, though. I mean, they did flag, and according to many users, removed Google Chrome... Tough competition, I suppose.

 

Yes, especially if they make the system unusable:

http://www.itprofessionalservices.net/McAfeeDAT5958.shtml

http://www.geek.com/articles/news/avg-update-identifies-windows-system-file-as-trojan-20081112/

http://www.h-online.com/security/news/item/Avira-AV-update-hangs-systems-Update-1575974.html

I wouldn't like to work in their support service at the time of these screwups