Which HIPS or "alert" software can meet my criteria?

Discussion in 'other anti-malware software' started by paulescobar, Jul 7, 2013.

Thread Status:
Not open for further replies.
  1. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,361
    OA comes closest to being a classical HIPS. The OP's choices are limited these days. Most security companies build HIPS/BB modules into their security products and it just costs too much money to develop and maintain a stand-alone HIPS/BB. That is the reality of today's anti-malware landscape. :thumb:
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,737
    Location:
    The Netherlands
    Can you give me some examples? What did it miss? :shifty:

    I totally forgot about Comodo btw.

    I´m also looking for a classical HIPS on Win 8 64 bit, but I do recall having a very bad experience with Comodo on Win XP, way too many alerts, it drove me nuts. o_O
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,862
    Location:
    U.S.A. (South)
    With all Comodo's resources or assets they still lack that prize of a raw talent who is so sharp as to produce for them a superior quality HIPS module that won't weigh heavy on normal end user's systems operation.

    Fanboy audiences will never advance a quality program but in their forums they relish it with lunacy IMO.

    After years of trying to warm up to Comodo i eventually had to dismiss it. Expert coding is just never realized and that's reflected time and again with each release
    It serves well enough for many simply because there is no alternatives for them.
     
  4. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Hmmmm...you want HIPS but not many popups.
    Put Comodo HIPS to Clean PC mode.
    It allows everything already installed and warns only about new stuff.
     
    Last edited: Jul 16, 2013
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,606
    Location:
    USA
    Looks like you may have found a bug. If you have to report this then please report!
     
  6. guest

    guest Guest

    Well, I wonder if Comodo HIPS is so bad why is still the best one available? and it's free. I mean if it's so easy to make a better HIPS why there is no alternative?
    Comodo HIPS is heavy?...
    if you are not being ironic, I really don't understand your point.
     
  7. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,064
    Location:
    Europe, UE citizen

    Have you serious security lacks to report ?
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,862
    Location:
    U.S.A. (South)
    That's just the way it's been and nothing is changed on this end since. As mentioned i quit even trying it anymore and instead have opted for more efficiency thru liteness and stability which now even includes a formidable resident antivirus.

    Not to mention avoiding Comodo's always present conflicts.
     
  9. guest

    guest Guest

    Yes, yes Comodo is evil...
     
  10. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Hahahahaha
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,862
    Location:
    U.S.A. (South)

    No, they just choose not to trim the fat and let plaque build up over time that their sleek GUI just can't make up for. lol
     
  12. guest

    guest Guest

    They were intelligent enough to survive in the market thanks to that, not like all the HIPS that you love that now are abandonware, because there was not market for them.

    Oh yes the ugly interface... sorry but the rest of the world doesn't lose time looking at the interface, they use the computer for other things.
    You just need to spend 5 minutes to configure it and then you will only see the popups if any, yes but of course the interface is a deal breaker for you because you have it all the day open.
     
  13. NoHolyGrail

    NoHolyGrail Registered Member

    Joined:
    Nov 14, 2005
    Posts:
    46
    OP, do you still plan to test AppGuard? And did you report the Online Armor bug as Cutting_Edgetech suggests?
     
  14. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    I know that Qihoo has great detection and very lite, how do you find the Qihoo HIPS? Is strong enough to rely on it as the main protection?
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,862
    Location:
    U.S.A. (South)
    Love has nothing whatsoever to do with knowing for certainty from real world experience what works best and what suffers from severe limitations.
    Abandonware is a matter of many possibilities and not always merely because of "not market for them".
    Yes the interface is trashy and full of puke which is a clear indication of an incomplete design, which adds another concern for incomplete flimsy inner workings also.

    5 minutes to configure is an absolute joke and hilarious proving it's limited capabilities but go ahead and take a chance on ruining your work when some unwanted surprise interrupts your normal routine courtesy your blindly depended on so called HIPS.
     
  16. guest

    guest Guest

    I can't follow a conversation where is so obvious that you aren't right. Please inform yourself and then comeback.
     
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,862
    Location:
    U.S.A. (South)
    And i cannot follow up or even engage in any meaningful manner to contributing to a conversation where you completely dismiss the obvious. You indeed may wish to comeback and retry when you decide to reassess and accept the irrefutable facts as a logical base for your argument.
     
  18. davidjschenk

    davidjschenk Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    37
    Okay...

    I hope I'm not thread-jacking here, but I have some questions and ambitions that seem similar to the OP's. So here's my situation...

    I am only today upgrading from a very old box I built in 2003 with Windows XP Pro. What just arrived is a new prefab system with Windows 7 Home 64-bit. Grand. But I have one unhappy issue: my old 32-bit full version of ProcessGuard (sucked to see DCS go under) undoubtedly will not "play nice" with the new 64-bit architecture, right? So what I'm looking for is a 64-bit program to serve as a replacement. I especially want to have full control over which background processes are allowed to run and under which conditions and with what permissions (all the way down to the DLLs). It is vital that the software aggressively block any attempted installs of rootkits, as I absolutely loathe those things (die, Sony--just die, please). Are there any stable, reliable programs that will do what I want?

    It seems like many people on here are suggesting AppGuard will do it, but I've been out of the security software loop for so long now, I just don't know whom to trust or where to turn. Will AppGuard do what I'm looking for? If so, what others will? I prefer to get a handle on all my options and fully research them before choosing--uninstalling and reinstalling all sorts of software is not my idea of a fun thing to do on the weekends.

    One thing I explicitly do NOT want: any bundled software. If I'm getting a HIPS or an anti-exe (still not fully clear on the difference between the two, I confess), that's all I want from the vendor. I'll find my own darned AV and firewall software, thank you.

    So have the aficionados around here any suggestions? If this is too much of a thread-jack, I apologize in advance and will happily just start a new thread--just lemme know.

    Yours,

    David
     
  19. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    No, it won't (see posts #24 and #25 above).
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,862
    Location:
    U.S.A. (South)
    Hi David

    It almost makes you want to keep using.XP, (dunno about 32bit windows 7).
    Since x64 bit almost ALL our best security apps have been mothballed if not totally dumped. I miss Process Guard every bit as much as EQSysecure HIPS, in fact the two run very well on XP 32 bit and even with Threatfire as my overkill protection.

    I think it remains for us to see if after a time some solo developer might master a ProcessGuard clone for x64 bit machines because they are currently sorely missing.
     
  21. davidjschenk

    davidjschenk Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    37
    Hi Pete,

    Thanks much to both you and Easter; it is largely as I feared (*sigh*). Well, right now I'm looking at the possibility of combining AppGuard and VoodooShield, per the suggestion you made for another member. I guess that's the best I can do right now.

    Man, you said it, Easter! I bitterly miss ProcessGuard now. The ability to manually control rundll was, just by itself, a Godsend.

    Anyway, thanks again, guys. I'll go back to lurking and digging around for what I might use as "second best." If I find anything that really measures up, I'll be sure to de-lurk and report back.

    Yours,

    David
     
  22. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    AppGuard will protect as well as a classical HIPS: it just operates differently that's all. Before I started using AppGuard in 2009, I was using Comodo Defense+, which worked well. I dropped Defense+ soon after I started to use AppGuard because I couldn't see any significant advantage to using both and I wanted to simplify my setup.

    Although AppGuard is based on policy restriction, and is not a pure anti-executable, it does have strong anti-execution features in respect to user space. It also has a number of other features that a pure anti-executable doesn't have: MemoryGuard protection to prevent code injection, MBR protection, protection for key areas of the registry, activeX restriction, Privacy Mode protection for private folders, etc.

    AppGuard also has strong protection against drive-by downloads. All user space executables are either prevented from running or run guarded. Vulnerable system space executables (e.g. browsers) are explicitly guarded. Guarded applications are not allowed to write to system space. Although system space executables are not prevented from running, the inability of guarded applications to write to system space renders this unnecessary.

    VoodooShield is much less sophisticated than AppGuard. It is a pure anti-executable based on whitelisting. It is conceptually simpler than AppGuard and probably easier for novice users to grasp and operate, which appears to be one of its main objectives. The main strength of VoodooShield appears to be the ability to stop drive-by downloads via the browser, something that AppGuard also does.

    The only advantage I can see to using VoodooShield in conjunction with AppGuard is the ability to control what is allowed to launch from system space, something that isn't possible with AppGuard. As I've said though, given the way AppGuard works, there is no real advantage to this, but some people like to have the extra control and there's nothing wrong with that. One caveat though: By default, VoodooShield also allows launches from system space so it would be necessary to change this in order to gain any advantage from combining it with AppGuard. Used in its default configuration, VoodooShield wouldn't be adding anything extra.

    Only you can decide whether the additional annual subscription cost of VoodooShield is worth it if you have already made the decision to go with AppGuard.

    EDIT: If you want an anti-executable to accompany AppGuard as belt-and-braces protection, it might be worth also considering NVT ERP. As you come from a classical HIPS background, you might find NVT ERP more to your liking and it may also work out cheaper than VoodooShield. Peter2150 uses this combination.
     
    Last edited: Jul 29, 2013
  23. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,064
    Location:
    Europe, UE citizen
    These are some of the advantages to use an HIPS both AppGuard: preventing and informing all new activities and monitoring and checking all happens or changes in the system.
     
  24. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,281
    Location:
    UK
    Agreed but VoodooShield isn't a classical HIPS and it doesn't have full monitoring/logging capabilities. It seems to be more aimed at ordinary users who don't require that level of monitoring and control over what the system is doing, and has been designed to be very simple to use with that aim in mind.
     
    Last edited: Jul 29, 2013
  25. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,064
    Location:
    Europe, UE citizen
    Sure, I referred in general to your claim " the ability to control what is allowed to launch from system space, something that isn't possible with AppGuard ".
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.