Whatever happened to 'classic HIPS'?

Discussion in 'other anti-malware software' started by Smiggy, Jan 7, 2012.

Thread Status:
Not open for further replies.
  1. Smiggy

    Smiggy Registered Member

    Joined:
    May 2, 2007
    Posts:
    209
    Location:
    The Angel Isle
    EQSecure was excellent, how come they've fallen by the wayside of late?
    I know Comodo still exists but hey, you ever set it up from scratch?

    BB's too, Cyberhawk/Threatfire, all but dead n buried.
    Is Mamutu still going?

    :)
     
  2. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Yes Mamutu is still around. Some more here: -http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm?page=0,6

    I liked AppDefend and RegDefend as classical HIPS, but they vanished with Ghost Security. Not enough sales of HIPS type products to the public to keep them going.
     
  3. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    They're still around, but as pointed out, they just don't "click" with the general public. There's a good reason for that as classical HIPS takes a lot of knowledge of the ins and outs of software, how software works, why it does or doesn't need to do something and more. To the average user, you might as well be teaching them the ins and outs of the Large Hadron Collider. Not to mention these programs get in the way more often than they actually protect against anything.
     
  4. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    Malware Defender, Spyware Terminator and perhaps Micropoint are still alive, ThreatFire will be probably renewed in this year...from new "gamer" we have SpyShelter - anti-logger with nice HIPS - and IS from Online Solution (OSSS)...and many new apps like "anti-exe".
     
  5. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    and VoodooShield.
     
  6. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    This is the reason, I think, for Comodo is developing his sandbox faster than Defense+.
     
  7. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    OA can be used more or less as a classical HIPS.
     
  8. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    The only Classical HIPS that are currently being developed (Up to what i know) is D+ and OA.

    Either of those can be used as a full blown Classical HIPS if you just take a few minutes to disable the cloud features, auto decision and so on. ;)
     
  9. tomazyk

    tomazyk Guest

    Malware Defender is great classic HIPS application. It protects everything I need and most complete HIPS I've ever tried. It is only 32 bit but on the other hand it is also free.
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Outpost & Private FWs include many of the checks & balances of a classic HIPS.
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Most people consider classic HIPS to be too annoying, too noisy, always in the way, etc. Classic HIPS appeal to a very small percentage of users, those who understand the finer points of how their systems work, how processes interact, and want control over those activities. Since they work at a kernel level, it takes a very good programmer to make them work without causing problems for the OS. Microsoft has been making it harder for them by restricting access to the system kernel. They claim it's to protect the OS kernel. I think they don't want users to have that much control over the OS. Either way, classic HIPS are suitable for a small percentage of users. Since they don't depend on updates to function, they're a one time sale, not repeating income like an AV. Most have failed for financial reasons, not because of poor products or bad coding. That said, some of us think they're the best security apps made for Windows. One of the earlier classic HIPS, System Safety Monitor is still my primary enforcement tool for a default-deny policy.
     
  12. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    SSM free or paid?...I read that free can be more useful in some certain situations.
     
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Depending on the purpose of the OS, I use both. For general purpose use in support of default-deny, I've found the free version to be more intuitive, easier to set up, and still very effective. For setups that aren't as restrictive as a full default-deny, the paid version offers finer control over the amount of influence one process can exert over another. It allows the user to allow/deny specific command line parameters for individual processes. It works well, but to me feels backwards for lack of a better description at the moment. The paid versions registry rules can seem very convoluted and the interface isn't easy to work with. The free version is far less detailed with the registry protection but very self explanatory and straight forward in comparison.
     
  14. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    @noone_particular
    Thansk for explanations :thumb:
    I thought about those posts...yours posts :)
    https://www.wilderssecurity.com/showthread.php?t=302118&highlight=SSM
    BTW...unfortunately I think SSM will be not useful for me...my computers have Win XP with SP3.
     
    Last edited: Jan 11, 2012
  15. David2041

    David2041 Registered Member

    Joined:
    Apr 24, 2010
    Posts:
    31
    And the new version 2.8.0.1 is released !
     
  16. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The free version of SSM is limited to XP-SP2. The paid version works on SP3. It was in beta in regards to the pre service pack versions of Vista but won't work on anything newer.
     
  17. tomazyk

    tomazyk Guest

    Thanks for info. I will try it right away. Do you know where can I find changelog?
     
  18. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    Download is slow as hell.
    Wouldn't it be nice if it was now 64-bit compatible (just dreaming) !
     
  19. David2041

    David2041 Registered Member

    Joined:
    Apr 24, 2010
    Posts:
    31
  20. tomazyk

    tomazyk Guest

    Thanx. Google translate solved the problem :) It looks like there were only some under the hood changes and no new features. Still, nice to know development hasn't stopped.
     
  21. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Translated changelog:

    English download of updated MD: -http://dl.360safe.com/md_setup_en.exe-

    Updates:
    Kernel block access to the COM interface.
    Kernel block access services manager.
    Intercept the process added to the JOB object.
    Intercepted by registering hotkeys to record keystrokes.
    Parameters to solve SSDT HOOK improper handling can cause blue screen problem.
    Notes displays an alert window to window above the rules.
    Solve the performance problems resulting from a large number of logs, a second log does not repeat the same show.
    Automatically merge contents of the log window and displays the count of the same log.
    Within two seconds after the bubble does not prompt display shows the new bubble.
    Fix some small bug.
     
  22. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    thanks bellgamin
     
  23. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Classical HIPS evolve to less intrusive HIPS
    - OA & D+ have extensive whitelists
    - have sandboxes based on signing (D+) or ability to run safer (policy containment) of unknown (OA)

    Newer intrusion protection programs evolve in the same way, like Spyshelter
    a) allow signed and/or microsoft programs
    b) also uses a build-in whitelist plus option to trust publishers (for other events also)
    c) run risky (internet facing software plus USB) as a restricted user (a very strong and low CPU policy containment, a bit stronger than OA's run safer).

    When you are on x32 the Spyshelter freebie is a good deal IMO (low CPU usage, low disk I/O)
     
    Last edited: Jan 12, 2012
  24. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    I tried to install new MD...it was fast and easy - like always :) I don't remember how it was in the past, but now it seems to me a little bit "heavy" - in real-time work two processes - first ca 15 MB RAM, second ca 63 MB (on XP SP3 32-bit).
    How in other computers?
     
  25. tomazyk

    tomazyk Guest

    On my computer it feels light. My RAM consumption is: 14MB and 1,5 MB on Win7 x86.
     
Loading...
Thread Status:
Not open for further replies.