Which HIPS?

Hi

But I don't think that's really a whitelist? It just seems to be good AI and using the community, not a set list of apps which are allowed.

Thanks

 

from the TF FAQ-

Presumably some or all of the list may be initially proposed by the community.

On a daily basis,the whitelist is updated for users and kept in the users database-its real.

 

Since you insist on pinning me down to name a specific HIPS, here goes...

If you seek (1) a good classical HIPS, PLUS (2) a HIPS that is backed by a strong company (not a 1-man show), PLUS (3) A HIPS that has attained maturity & stability, PLUS (4) a HIPS that has an active support forum with a large & friendly community of users, then I see only two main choices:

Online Armor
OR
Comodo PFW

I am a major major fan of HIPS. However, I still am a strong believer in using layered protection, minimally consisting of HIPS + SPI-capable router + sandbox.

 

Thanks! I never saw it before.

 

Hello Ohmy,

I've been attacked by the malware monsters since the late 90's, but didn't get serious about security until the last two or three years.
I tend to like things on the simpler side, so a strong out of the box protection with set it and forget it is high on my list.
I have used Zone Alarm and Nortan AV, but have given up when they became attacked by malware writers.
When I discovered Online Armour, it did remind me a little of ZA, there was a familiarity.
I have used OA and it is awsome. The alerts provide good info to make descisions about issues. It fits in the category OOTBP/SIAFI. And for those who want more control it offers that too.
Recently reinstalled my OS and found something even simpler than OA, Drive Sentry. It is truly OOTBP.
I am currently using DS and Threat Fire together (as long as I can). No problems with compatability. Over at the DS thread it says you can use DS with OA.

So, Drive Sentry, Online Armour (Hips & FW) and Threat Fire are good simple solutions.
EASTER likes to swim with the malwares intentionally and seems fairly assured in EQSecured and it's abilities. Maybe see what he says about it. He has an EQSecured thread going.

Have fun,

Searching

 

I've been using Norton Antibot on Vista x64, and it's pretty damn easy. In fact, other than my firewall asking if it should let it update, I haven't noticed it at all in about 4 months now.

 

Thanks All!
I am still having a hard time choosing which one to use.
Anyways,
Many thanks again to you all.

Regards Ohmy.

 

did you try the best pound per pound(DefenseWall hips)

 

also DriveSentry has hips capabilities and it is very fast

 

I believe it's a good policy to use a dedicated software HIPS different from the firewall or the antivirus programs. So the multi-layered defense is more ..multi, because a malware have to pass two softwares produced from two different Houses.

 

dont forget that there are prgrams that we use here that are a one man show
and they are very well respeted here at wilders and not because of that but the good and hard work of the development of the software.

 

As you can see in my previous post,
I am already using it on my other laptop.

 

cool it is a must have

 

The topic of this thread is HIPS.

Standing in a garage doesn't make someone into an automobile. By the same token, calling a sandbox a HIPS does not make that sandbox into a HIPS.

DW is a superb security application, and fully deserves its many advocates. Some folks refer to DW as a HIPS. HOWEVER -- it seems to me that DW is NOT a full-scope HIPS but is, instead, primarily sandbox-based. If I am wrong in this viewpoint, someone please correct me -- and by "correct me" I do NOT mean fan-boy rants but actual information based on the capability list given below.

MY QUESTION- Does DW provide all or most of the following capabilities of a full-scope HIPS?

 

ofcorse defensewall is not a hips it is better than any hips/antivirus/antispyware out there.
note:it is kind of hips/policy base sandbox for what i know

 

This is an off-topic fan-boy comment which adds little to what I thought was a serious discussion of HIPS.

DW is a superb security app but (IMO) this kind of comment does not help its reputation. Hopefully Ilya will come to provide factual comments, as I requested.

 

fan boy are you the wiseone anyway that knows everything?

 

EQSecure v4 will support Vista. If you're not security-illiterate and using xp, this hips is easy to understand and extremely powerful.

 

Hello bellgamin,

I will do my best to address your questions regarding DefenseWall(DW) until Ilya chimes in.

To the best of my knowledge and understanding, the latest version of DW(v2.45) does not have process execution control, network control(will be available in a future version) and does not protect against buffer overflows.

Provided that the process and/or application in question is run as "untrusted", with the exception of the three features mentioned above, DW offers protection coverage against all of the rest of the items in the list. The major difference is that DW, based upon it's internal ruleset(policy restrictions) and by default will block changes silently with little or no popup notifications. FYI, the relatively few popup notifications that one will see are mostly related to resource isolation and keylogger intrusion attemps. Keep in mind that DW's sandbox implementation primarily consists of policy restrictions.

Hope this helps.


Peace & Gratitude,

CogitoErgoSum

 

I am currently running Online Armor 2 (30-day trial).

If i uninstall the firewall from OA, then install Comodo Firewall Pro 3.

Will there be any conflicts?
Should I run Comodo's Defense+ system, or not?

 

@Cog - Thanks. Good explanation.

@Storm- OA includes a HIPS. Defense+ is a HIPS. Thus there is possibility of conflicts. Also, there will definitely be a lot of duplication of protection.

 

Which HIPS provides all that?

 

Several HIPS cover all those factors, and more. They include but are not limited to...

Comodo's FWP (Defense+ is the HIPS. It lacks network control since that is provided by FWP's firewall component)

Real-time Defender

EQSecure

System Safety Monitor (but lacks file protection. That coverage is due by end of this summer)

 

No doubt. Users who are in the know about EQS and have applied various RuleSets see it's very clear just how extremely reliable, "lite" but STRONG this HIPS really is.

In fact, all the buzz going on about LUA/SRP and that? Windows SRP i found is not perfect and does have issues, but on a better note you can use EQS as a total LOCKDOWN SRP with much better results without experiencing any M$ issues that could cost a user a failed entry or elevation of rights.

Not to mention Folder Guard (New). This ruleset is the icing on the cake for me. Rounds out everything else nicely, and completely configurable to taste.

EASTER

 

I will be happy to try EQS 4 if it is vista compatible.