Discussion in 'other anti-malware software' started by Smiggy, Mar 10, 2017.
Yep , HIPS are good memories from a past age; we have better and more usable tools now.
My own past dedication to EQSecure 32bit Classical HIPS is a strong influence on how I choose my security apps for 64bit Windows, in this case 8.1
I tried all of today's current flavors of near HIPS from Comodo to SpyShelter etc. and they still leave me gasping for the old now abandoned ones like some of you.
Haven't tried Re-HIPS so no opinion on it but I am now trying Appguard and while it is no HIPS, looks like I found another pretty decent security app to keep bad things at bay and like HIPS, it does show a pop up alert box which for is always been a great feature and always will. I am not one of the Silent majority obviously. Noise is a valuable tool for some of us.
Easter if you really want pop ups you can get plenty from appguard. Kinda pointless though since what they tell you is you were protected. No decisions needed. Times they are a changing.
In my recent testings I can see that and will likely have to check the box to keep them closed however while learning it they show what we already know right? Appguard BLOCKED! xy and z etc.
In the meantime this Appguard to me is better or as good as any Software Restriction Policy app I seen in awhile.
But i still long for a solid HIPS one day no matter if things have changed a dozen times over. It was a great educational tool/experience too.
The "blocked" alerts are extremely important, because you know what created the alert and then you can pinpoint the potential issue (if any).
When using EQSecure that particular HIPS was not only a security apparatus but for some an important chief instrument in conducting malwares research since those ALERTS also were full of crucial data information on the identification, origin path, destination paths, etc. and basically trapping the intrusive file(s) long enough to Cut/Paste them to a confinement folder.
As such Classical HIPS served a dual purpose similar to what you can still do today with Shadow Defender but without getting your system hammered.
No not really. Pure behavior blockers will try to make decisions for you, and I want to rely on my own expertise.
Actually, I believe that SS Premium doesn't offer the firewall. I use SSFW, it has a basic firewall, not ad advanced as others.
You can find a list over here:
Speak for yourself. If you need behavioral monitoring you need HIPS, it's that simple.
I'm not touching that.
However a good BB in my opinion would be fantastic if a good one could be made with all the additionals needed to pick up on today's sneaker attack designs on x64 systems of any Windows platform
But why do you need behavioral monitoring. Isn't the objective to keep the machine, not spend all day monitoring
I'm sorry but that has been explained several times already, see link. The point is to monitor new apps that you run or install, and based on the alerts you decide whether the app is safe or not. So you don't spend "all day monitoring". Also, if you look at the newest enterprise solutions, it's all about behavioral monitoring combined with AI/Machine Learning.
If I might take a stab at this Pete.
I think we are comparing apples to oranges here and contrary to some rubs made between personal preferences for one or the other, or the solid positions taken on choices, at the end of the day doesn't it also boil down to "monitoring"?
No matter if you prefer or rely on a HIPS or not, or quick to dismiss them as obsolete, another main point of the discussion remains.
That happens to be that whether it's Appguard or another security app(s) layered perhaps, everyone's own preferred security solution MONITORS ACTIVITY too.
In that monitoring rests details that some find useful for different reasons or for those that prefer set & forget, they might not have any interest in them at all.
Once the rules are created the HIPS will alert you only on new and (or) unknown applications. I didn't receive alerts from 2 weeks from the HIPS module and I use my PC a lot.
This is a great Topic for discussion from my standpoint simply because with a good Classical HIPS once rules are established and set it's Tight! and the user can configure whether they want to keep seeing certain one's or not. Once that's done than afterwards if you do get an ALERT than you are in an idea position to take steps to identify and make even more granular adjustments (if needed) or simply click ALLOW/DENY either/or once or Whitelist/Blacklist whatever.
Speaking of today's choices, a very popular but imo rare 64 bit HIPS in SpyShelter have their own set of difficulties in dealing with threats identification.
I agree the Availability of a viable HIPS for 64 bit is still somewhat puzzling to me but not so much where concerns the big movers, AV's AS's etc.
At least from a geeks point-of-view there is nothing primitive about them at all. Quite to the contrary.
Even freelancers who had absolutely nothing much to gain than recognition and maybe some expertise used to fashion up a beta or two for release but of course that was 32 bit days. Then of course there were the more popular ones we still relish to this very day, Malware Defender, EQSecure, SystemSafetyMonitor, and on.
I can see it now though.
Should some developer have the absolute gall to dare to form up a viable 64 bit working model and drop in Wilder's Security Forum for testing I like to be the first to count the downloads and read the replies/opinions.
Kinda sounds like Emsisoft would be perfect for you.
In default setting, it only auto-blocks processes with known 'bad' reputation. Unknowns will get you an alert for you to decide what to do.
All the advantages of behavior monitoring without the unnecessary hassle of HIPS.
@Rasheed187 @Azure Phoenix
old mamutu would be perfect for Rasheed , you could make your own rules and it has a paranoid mode making it almost an HIPS ; the actual one is too simplified and automated ; one reason i ditched EAM too .
@EASTER the whole discussion is resumed to 2 points:
1- those who can't live without active monitoring: they need HIPS or BB , no other choices for them. Basically "let talk together, if i don't like you, i shot you"
2- those who don't need monitoring but just need auto-blocking: those uses SRP or anti-exes. Basically " shoot first, talk after"
2 point of views and needs, 2 kinds of products available. As all of you, surely guess , i'm the second type. Why monitor alien processes when i know i will block them anyway?
@Rasheed187 You may try Trustport. It has HIPS/BB but it is disabled by default. You can enable it in settings.
What better for example ? I never really liked pure BB, if you mean them. And I can use sandboxing or virtualization, but my first defense line is HIPS.
Yes, we had not time to try a new software that immediately appeared another newer. Personally I regret, after SSM , EqSecure and ProSecurity.
SRPs like Appguard; anti-exe like VS or ERP , etc...
I almost had forgotten, but Mamutu if allowed to also been a standalone app with a few improvements tossed in for good measure WAS for me a preferred choice working in tandem with HIPS.
Overlap? Mostly yes but it was always the first app to jump up and snatch an incoming file/reg signal before my HIPS picked it up after allowing passage.
And yes, in Paranoid Mode mostly but not always. Wasn't so bad for a pure BB if you ask me.
Online Armor + EAM was almost bulletproof.
All these apps I depended on most are now TOAST. I despise that it happened with a passion too.
I can't help but believe that most of them were forced out of the mainstream and not exactly from their own doing because of this or that.
Online Armor was the absolute best Firewall/Some HIPS Combo (on my boxes) and it literally picked up networked activity like I haven't seen since.
Yes, Emsisoft decided to take the simplicity road, can't blame them , they got more customers. i just regret they stopped developing it, but the cost/benefit ratio wasn't in OA's side.
I tried the old Mamutu and didn't even like it, it wasn't any better than SpyShelter or Comodo. I believe Comodo is currently the most robust HIPS, but it comes with a price, I always had weird problems with it, and it was being too aggressive with dumb alerts.
Thanks, but I'm already using SS. Unless Trustport offers protection against ransomware and process hollowing it wouldn't really be interesting to me, espcially because I prefer standalone HIPS.
Can't be compared. All HIPS offer AE, but in addition they also monitor app behavior. You either need it or you don't.
People forgot software is a business and has to make money. Tallemu was bleeding badly with Online Armor which is why they sold it. Same thing happened to Emsisoft. I won't be surprised if Spyshelter ends up in the same boat. The current solutions are the new reality. Wishing for the old days just won't work.