Which HIPS do you use? -Updated--4/18/09

Discussion in 'polls' started by DriveSentry User, Apr 18, 2009.

?

Which HIPS do you use? -Updated--4/18/09

  1. DriveSentry

    14.3%
  2. DefenseWall

    28.6%
  3. Geswall

    0 vote(s)
    0.0%
  4. Other (Please List)

    57.1%
Thread Status:
Not open for further replies.
  1. DriveSentry User

    DriveSentry User Registered Member

    Joined:
    Apr 18, 2009
    Posts:
    11
    HIPS= host-based intrusion prevention system.
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    EQSecure 4. beta3 + ProcessGuard 3.5 if you want to call it a HIPS! Which it does exhibit enough HIPS like qualities maybe to fall into the category at some level.

    EQS is my bread & butter! Alcyon's Rules raised the effectiveness of it 90 % IMO

    EASTER
     
  3. DriveSentry User

    DriveSentry User Registered Member

    Joined:
    Apr 18, 2009
    Posts:
    11
  4. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Right now that wich is in my sig but DS support needs to come on here more often
     
  5. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I'm staying with SSM, both versions. SSM was debugged long ago. As long as it's used on the operating systems it was designed for, it'll provide more than adequate protection. IMO, it's still one of the best.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Why such a poor list of HIPS?
     
  7. DriveSentry User

    DriveSentry User Registered Member

    Joined:
    Apr 18, 2009
    Posts:
    11
    Well, I listed those 3 because they are standalone HIPS w/no antivirus and all three are great HIPS.
     
    Last edited: Apr 18, 2009
  8. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    That is a very incomplete list with a lot of good options missing.
     
  9. DriveSentry User

    DriveSentry User Registered Member

    Joined:
    Apr 18, 2009
    Posts:
    11
    Alright, delete this poll and someone will make a different one w/ more HIPS. That is fine by me. ;)
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Just one question if you don't mind, i am one that won't hesitate an iota to run dual HIPS and in fact if PG & EQS can be considered somewhat similar in that respect, my question falls like this.

    I would have NO PROBLEM running Drive Sentry, but is it fairly consistent with being compatible with most other HIPS too?

    Curious.

    EASTER
     
  11. DriveSentry User

    DriveSentry User Registered Member

    Joined:
    Apr 18, 2009
    Posts:
    11
    I haven't tested it,but according to this it is. (2nd post)

    http://forum.drivesentry.com/viewtopic.php?f=5&t=165
     
  12. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    DriveSentry is marketed as "next generation AntiVirus protection". It appears to be both a HIPS and an antivirus, using a combination of whitelisting, blacklisting, and community feedback.

    I may be wrong about this but I assume the reason DriveSentry doesn't conflict with other antivirus programs is that the HIPS gets applied first and that checking using the signature database only comes into play when a process tries to write to an area of the file system or registry protected by DriveSentry.
     
  13. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Defensewall all the way for me here.
     
  14. DriveSentry User

    DriveSentry User Registered Member

    Joined:
    Apr 18, 2009
    Posts:
    11
    This can help you.
    http://forum.drivesentry.com/viewtopic.php?f=6&t=8

    And yes DriveSentry(HIPS)-(Non-signatured based) is the next generation anti virus. And what I mean when I say "standalone" is with no actual anti virus...the kind used currently these days. For example: Comodo w/HIPS or KIS w/HIPS. etc

    All that DriveSentry does is it monitors drive traffic and prevents anything untrusted to do anything to your computer. (Without signatures) It's like a Hard Drive Firewall!!:D
     
  15. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    That's a good question.

    I'm running DriveSentry alongside PC Tools Firewall Plus (with ESV turned on), ThreatFire, Prevx 3.0 (paid), and Returnil Premium without any problems or conflicts, so it doesn't appear to have any inherent difficulties in getting along with other programs. I also had AntiVir Personal running as well but I've now removed AntiVir for the moment because I didn't really want two antivirus programs running together, even though they didn't appear to be conflicting.

    I don't recall reading negative postings regarding DriveSentry compatibility with other programs, so it's likely that DriveSentry does work alongside most HIPS quite happily. The only way to find out for sure of course is to try it for yourself and see if it works for you.
     
  16. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Thank you for your reply; this is getting to be an interesting discussion.

    My understanding of the term "next generation antivirus" is that DriveSentry includes whitelisting in addition to blacklisting. I am aware that DriveSentry can be viewed as a hard drive firewall. The question is whether or not it does anything more than that in real-time, and there are suggestions that it does.

    For example, post #52 by Katie in the following thread: https://www.wilderssecurity.com/showthread.php?t=209764&page=3&highlight=drivesentry

    And post #117 in the same thread: [https://www.wilderssecurity.com/showthread.php?t=209764&page=5&highlight=drivesentry

    If DriveSentry does not work the way Katie describes, it is difficult to see why it would be of any value to have a trickle feed of signature updates; or what use the Tri-Security protection of: whitelisting, blacklisting, and community advice would be, if it is not adding to the real-time protection.

    Also, the recommended advice when installing DriveSentry is to uninstall any other antivirus programs to eliminate any possibility of a conflict. Again this should not be necessary if DriveSentry is solely a HIPS program.

    The final thing that suggests to me that DriveSentry is positioned as an antivirus, as well as a HIPS, is that DriveSentry have gone to the trouble of obtaining WestCoast Labs Checkmark certification.

    I must confess to not fully understanding how DriveSentry works, but I have assumed that it is more than just a HIPS and does incorporate some kind of signature-based checking in real-time, triggered on behaviour. If you are correct that DriveSentry performs no functions in real-time other than monitoring of disk writes then I will be reinstalling AntiVir for additional protection.
     
  17. DriveSentry User

    DriveSentry User Registered Member

    Joined:
    Apr 18, 2009
    Posts:
    11
    It is real time..even if the malware is already installed, DriveSentry will detect it when it attempts to write to your system and cause damage. I have tested DS myself by going to..

    http://www.malwaredomainlist.com/update.php

    What I use is DriveSentry as a HIPS and my firewall router,which does more than enough to protect me. I don't need an anti virus because I am really careful on the internet and watch what I download.

    Also in their next DriveSentry version there is going to be a network firewall!:thumb:
     
  18. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Thanks for your reply.

    Yes, I know that DriveSentry works to detect malware in real-time but when you say: -
    I'm not sure whether you agree that DriveSentry should be classified as an antivirus program or not.

    If DriveSentry combines HIPS with real-time signature-based scanning using whitelisting and blacklisting, as stated by Katie, the official DriveSentry representative here at Wilders, then it is best described as a hybrid HIPS/antivirus, not a pure HIPS. Calling DriveSentry "next generation AntiVirus" summarises it perfectly for me.

    Looking forwards to the network firewall in the next version. :thumb:

    Regards
     
  19. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    I have PG, SSM, EQS, Malware Defender and Netchina floating around on different snap-shots, also OA and Outpost licenses.
     
  20. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    As pointed out above, this poll is not really a good one since it is so limited in product choices. Also, we already have a number of discussion threads for DriveSentry in other forum sections. Those are a better place for posts discussing the capabilities, effectiveness and future of the DriveSentry product.
     
Loading...
Thread Status:
Not open for further replies.