Which HIPS?

Just giving it a run on XP3-its running OK,wonder what the problem is in your case?

Yes -the alerts do seem to have been reduced.

Also didnt notice any memory leak.

 

Yes, tuning capabilities are quite limited with sandboxes, no doubts.

I mean that it's not enough to hook SSDT, it also need to operate properly all the potential threat vectors inside those hooks.

Exactly.

 

Rising's HIPS has a smart attack origin - target approach, which makes it easier to configure and generates less pop-ups. Unfortunately some bits in the target approach protections do generate a warning, but do not prevent the malware I have no doubt they will improve on this. And yes you can use the HIPS seperately.

Yes and YEs

 

Several HIPS seem to be vulnerable against full usermode(R3) unhooking, I noticed this with comodo firewall latest release. In one second all keylogger protection is lost, bad. So daily diagnostics check is a must this feature at least balances the vulnerability. But a better way would be a auto-diagnostic of the HIP. I suggest a guard function for all hips that uses ring3 hooks to create a unhook watchdog this way you can defeat attacks from tools like shark.

 

I don't think this thread has gone a very long way in trying to answer the question:

Which HIPS?

Sorry, not meant as a denigration to the many fine comments on this thread.

However, anybody else still brave enough and try a simple answer that a mere mortal could decipher?

Remember, we are all not 24/7 security professionals. Our real life is elsewhere, but we would appreciate a recommendation from those who know, even if it's less than perfect - because we all know perfection is just a persistent illusion.

 

Espaecially when you implement most user suggestions in the default set up, then there is no sense /reason to tweak/tune DefenseWall (even for me )

 

Well,the following have been mentioned in this thread:

SSM-the HIPS from OA-Comodo-Threatfire-Mamatu-EQSecure-DSA-DW.

I tend to favor basic simplicity combined with effectiveness,but others like the technical aspects of designs which allow more setting control-to each his own!!

 

I just finished reading 3 or 4 pages of this thread. Busy week at work and a lot to catch up with here in Wilders.

I really don't have much to add to what has already been said in this topic, but I wanted to say THANKS to many posters here, specially bellgamin and Kees for a VERY GOOD read. I'm glad the discussion in this thread went that way, allowing us who have less knowledge to learn a lot!

BTW, I kinda miss the boot-to-restore posts... I wonder where Erik could be.

 

Geswall.
Easy to use.
No set up.
Quiet.
Effective.

When used with Threatfire, Avira, hardware firewall and software firewall I believe you would be safe.
Hugger

 

Comodo like the name says comfortable. BTW no updates for 3 months now critical.

 

All of the applications mentioned in Hairy Coo's helpful summary (post #82) are excellent.

Are you seeking ONE specific recommendation for everyday users? If so, -- for exceptionally good protection in a well-supported, easy-to-use HIPS, I recommend OnlineArmor (OA), the non-free version. Be aware that OA includes a firewall as well as a HIPS.

If you want something even simpler to use than OA (but offering somewhat less user control) then the protection provided by Defense Wall is truly outstanding. DW is equally as well supported as is OA. Unlike OA, DW does not include a firewall.

 

Thanks for all the additional clarifications, guys! A very useful thread for me and I'm sure for others as well.