Which HIPS?

Discussion in 'other anti-malware software' started by Ohmy, Aug 22, 2008.

Thread Status:
Not open for further replies.
  1. Ohmy

    Ohmy Guest

  2. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    I think if you want a HIPS that's non-intrusive you should get ThreatFire, PRSC, Mamuto or Prevx.
     
  3. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    If you want something simple and effective then defensewall is the way to go.
    System safety monitor is a great classical hips however the vista version is still in beta and has been for some time, i don't know when the final release will be. I'm also favoring online armor at the moment however their vista version is also still in beta.
     
  4. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Hi,

    I have tried Malware Defender from torchsoft.com with Vista SP1.
    It covers many areas and is neatly arranged at the same time.

    If you are looking for a full featured standalone HIPS (with application- file- and registry-protection) and full control, then SSM or Malware Defender might be a solution.
    Also Comodo 3 with its Defense+ HIPS, but it has a Firewall included.

    Alternatively there are some others, like for example already mentioned Online Armor 3 Beta (mainly application-protection and registry-startup-protection), which are not full featured, but also offer a great level of protection.
    With OA you can uninstall the Firewall part, if you like.

    Cheers
     
  5. Ohmy

    Ohmy Guest

    Thanks for your replies. :)
    I am already using DW on my other PC,
    and I am lookin for a *STANDALONE* HIPS, (since I don't like AV,AS,AT active) that provides good protection.

    Maybe when Vista version of SSM comes out, it will be the solution?

    EDITED:
    Nevermind. SSM seems too complicated to me.
    It looks like it needs a lot of configuration to make it work.
    Same goes to Malware Defender. :(
     
    Last edited by a moderator: Aug 22, 2008
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    SSM works fine with Vista.

    As for configuration -- simply put SSM into learning mode for a few days, & then "train it" by using your usual applications and doing your usual computer activites. SSM will watch, learn, and configure itself.

    After that, turn off learning mode. This should result in a tightly secure SSM and few alerts thereafter. Once SSM is trained, when you DO get an alert -- pay careful attention to it before deciding whether to allow, block, etc.

    There is a "pretty good" tutotial about SSM here at Wilders. The thread starts HERE but the good stuff doesn't begin until post #35 & thereafter.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    An alternative to SSM is Online Armor (OA). The Vista-capable version is now in beta, but it is VERY stable. The beta can be downloaded at HERE. Install it using the trial key given at the download site.

    If you want to be an "Official beta tester" then send a request via Forum Private Message to Mike Nash at OA's support forum. You can trial the beta without doing this, but it's nice to help out if you feel so inclined.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Before trialing ANY security app, it is a good idea to make an image of your system disk. Security apps are complex. Even the best of them can sometimes cause computer problems. Just a suggestion -- no offense if you already knew this. Good luck!
     
    Last edited: Aug 22, 2008
  7. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
  8. Ohmy

    Ohmy Guest

    I also heard that development of SSM is slow...?
     
  9. wat0114

    wat0114 Guest

    안녕하세요 Ohmy :)

    Yes, development of SSM has slowed in the last 6 months or so, but it is at present a very mature product offering tremendous security for those willing to learn how to take advantage of all it offers.
     
  10. Ohmy

    Ohmy Guest

    Nice Korean. ;)
    Does SSM provides decent protection?
     
  11. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    Would suggest Threatfire,which works effectively and simply with a minimum of configuration or popups.

    This is a behaviour blocker which defends a PC by examining and monitoring the actual behavior of files, background tasks, and processes in order to block and prevent any behavior consistent with that of malware such as viruses, worms, trojans, or rootkits.

    However it also employs a white list .

    Download here

    Read the review "editors choice" here

    Freeware and being actively developed by PC Tools.Now version 3.5
     
    Last edited: Aug 22, 2008
  12. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    I also think ThreatFire is a great choice, but I think the future is uncertain for it because Symantec bought PC Tools.
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Protection provided by SSM is very good. It is a "classical HIPS" that provides broad-spectrum protection. Those apps in the same HIPS category as SSM include but are not limited to: Comodo FWP (Defense+ module), Online Armor (OA), RealTime Defender (RTD), EQSecure (EQS), DriveSentry (DS), Safe'n'Secure.

    Threatfire (TF) is a behavior blocker under the aegis of PCTools, which has sold out to the borg (Symantec - see Note 1 below). Other behavior blockers include but are not limited to: Mabutu, & Primary Response SafeConnect (PRSC). Also, Prevx 2 is *mostly* in the behavior blocker category.

    AFAIK...
    1- Of the above, those with whitelists &/or "communities" are Comodo FWP, OA, DS, Mabutu, TF, & Prevx.

    2- Those with blacklists (AV components) are Comodo FWP, & OA (optional at added cost), DS, TF. NONE of those AV components is a full-fledged (real-time) antivirus. They are primarily look-up & on-demand. Ergo, those HIPS AV components will NOT (99.999% certainty) conflict with your real-time antivirus.

    3- Of the broad-scope HIPS: (a) SSM lacks file protection {reportedly will be added by end-of-summer 2008}, & (b) OA lacks file protection & full-scope registry protection.

    4- Of the above, those with firewall components (in addition to their HIPS components) are Comodo FWP & OA. The OA firewall can be uninstalled if desired. The firewall component of FWP is not easily gotten rid of.

    5- OA has the unique & powerful capability to specify & configure applications such that they will always "run safe" (limited user rights). OA can also be configured such that ANY unknown app will only run safe.

    More schtuff...
    For a comparison between HIPS (e.g. SSM) and behavior blockers (e.g. TF or Mamutu), go to...
    http://antivirus.about.com/od/antivirussoftwarereviews/a/hips_behavior.htm

    For a great discussion of behavior blockers, go to...
    http://www.securityfocus.com/infocus/1557

    If you're interested in learning more about security, & enjoy a bit of tweaking, you would probably like a classical.

    If you prefer your security apps to be more in the category of "set it & forget it", you would probably prefer a behavior blocker.

    WHICH HIPS (the topic of this thread)? I have used or trialed all of the above at one time or another, & they are all good. Best course of action is to try them (make an image first).

    The only one I would NOT recommend is Safe'n'Secure because it has no forum, & the speed of its e-mail support is slow-to-never.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE 1:
    Here is the long, sad list of Symantec's victims...
    http://en.wikipedia.org/wiki/List_of_Symantec_acquisitions

    How many of them are still existent? Aside from the Norton name -- basically: zero.
     
    Last edited: Aug 23, 2008
  14. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    Lets wait and see-even if some major unfavorable decision is made,the current available version,due to its nature- could still work efficiently for a long time :thumb:
     
  15. Ohmy

    Ohmy Guest

    I would love to learn to use classical HIPS.
    SSM looks fine, however...

    1. I think it's way too hard for me. (didn't know what to do after installing)
    2. Final version that is Vista compatible isn't out.
    3. Slow development, that makes me wonder if it is actually going to last long.
    4. I had massive pop ups when I first used SSM. (maybe problem with default setting?)
    Thanks!

    P.S would you rather recommend RTD or SSM?
     
  16. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    I thought TF doesn't have a whitelist?
    How can the OA firewall be uninstalled? I thought you could only disable it.

    Thanks
     
  17. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    I think OA is a great choice. You can whitelist your existing programs to reduce alerts and it has the limited user feature.
     
  18. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    In settings you will have that option:
     

    Attached Files:

  19. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    OK. Thanks. This is available for all versions (free and paid) right?
     
  20. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    You need to put system safety monitor into learning mode after you have installed it so it will automatically create rules for you. While its in learning mode you should go thru and run all the programs that you use and also do a few reboots. This makes it much easier to use and generates far less pop ups.
     
  21. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    I can't give you an answer on this question because i never had been using free version of Online Armor.
     
  22. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Great post Bellgamin! A good explanation on HIPS and their differences:thumb:


    @Ohmy:
    I would try EQS 3.41, with Alcyon's ruleset. VERY light, and good protection with few pop-ups. EQS can be tweaked a lot and if you are willing, you can learn a lot of how system works and get used to a HIPS.
    I think EQS is one of the best HIPS out there, because of it's flexibility.

    My other choice would be OA, beacause of the "run safer" option. Also OA's popups display good information.
     
  23. Ohmy

    Ohmy Guest

    Hi,
    I don't see the vista version of EQSo_O
     
  24. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    TF has a community, & its AI uses it as a partial factor in deciding whether a possible "bad behavior" is being done by a "white app". In other words, I think TF's *community database* is mainly used to reduce FPs.

    To uninstall OA's firewall - on OA's GUI, click "Options" then "Firewall" tab -- uninstall button is on right bottom corner of the ensuing menu. {as shown by Creer in post #18}

    In my post I said that ALL the HIPS listed are good. You should try them on for size.
     
    Last edited: Aug 23, 2008
  25. Ohmy

    Ohmy Guest

    Hi, thanks for you help.
    But which one is a all-round standalone HIPS?
    Like a HIPS as my only protection.
    SSM seems to be the solution,
    but the slow development makes me wonder if SSM
    is going to be sold to some random company,
    just like PCTools. :doubt:
    Thanks!
     
    Last edited by a moderator: Aug 24, 2008
Loading...
Thread Status:
Not open for further replies.