WinPatrol: HIPS or Not?

Discussion in 'other anti-malware software' started by Birdman, Jul 21, 2006.

Thread Status:
Not open for further replies.
  1. Birdman

    Birdman Registered Member

    Nov 24, 2003
    I've been using WinPatrol Plus for a while now and I find that it compliments my AV and Firewall very nicely.

    I've tried other "safety" programs like Online Armor, Process Guard, Prevx and System Safety Monitor...but I've found that they all slowed my system and internet speed down.

    Is WinPatrol (Plus version) considered a HIPS program?

  2. WSFuser

    WSFuser Registered Member

    Oct 7, 2004
    i consider it one. it doesnt provide program control but it does monitor several areas of windows like file types, startup entries, and teh HOSTS file.
  3. spindoctor

    spindoctor Registered Member

    Feb 28, 2006
    I could be wrong, but I would tend to think that many of the experts around here wouldn't consider it to be a full blown HIPS and that it is often too slow for most of the die hard HIPS users around here who want the best possible protection available.

    That's not to say WP isn't good enough, at least not in my opinion. For most average users WP is probably good enough. I find WP to be a nice addition to any set up whether it's run realtime or not. I wouldn't mind if it was a bit faster at catching changes though, maybe in a future version BillP will consider that.
  4. bellgamin

    bellgamin Very Frequent Poster

    Aug 1, 2002
    No program control = boney HIPS :cool:

    Muscular HIPS = Online Armor, System Safety Monitor, PREVX, etc
  5. Baldrick

    Baldrick Registered Member

    May 11, 2002
    South Wales, UK
    No slow down with ProcessGuard here! Are you using the latest version?;)
  6. Infinity

    Infinity Registered Member

    May 31, 2004

    Hi Belgaming, having no program control doesn't always mean boney/bogus imho, cause the "program control" you and me are talking about .. (and for the same amount of money and AFAIK everybody else here at Wilders) is mostly so called Kernel Driven Application Control, whether this is integrated into a firewall (like Tiny2005, Outpost, .. .. ) or stand alone like Process Guard, SSM, GSS, .. ..
    .. It has been proven that such programs (kernel driven * at least proper coded behaviour blockers, system analysers,...) are "better performers, offers greater protection" against self protection, process manipulation, termination, ... they can intercept certain activities/behaviours that such programs like Winpatrol, Spyware Stopper, simply cannot do.

    **** So far my thoughts on Kernel driven software and usermode software that is not hooked ****

    * BUT IMHO * If you have too much of that kernelmode software (doing their analysing as deep as ring0 , this can can seriously interphere with eachother and since this all happens in ring0 (or as closest ..) the bad results can be in my case (and reading many posts here and on other places, seems like I'm not the only one with incompatability issues with Kernel Software) many BSOD's, corrupt critical windows files, lockouts, and bad installs mostly ending and resulting in a reformat (thank god for FD-ISR and Vmware :D and since using Vmware togheter with FD-ISR .. those problems are history ..
    btw : the older version of Tiny Firewall (the latest ones are very stable) with the older beta versions of SSM, even appdefend and my Nvidia Driver caused a mess :ouch: ) .. to much kernel apps ...

    And that is one of the biggest advantages of Winpatrol, the fact that it is installed in usermode, means that interpherence problems will probably not exist, at least with not so drastic results :)
    It offers a broad aspect of security but the only thing I do not like that very much is Scotty (the litte dog guard * which is quite original :thumb: ) that it scans the background for changes in all those area's every 5 or 10 (it used to be 10 secs) seconds (in fact mostly checking for changes in the registry .. but eveyr 5/10 secs can understand that any malware can do a lot of bad things in 5 or 10 seconds !! I hope that this will change in the near future so that it can scan every 2 secondes or so ..

    *puppy* *WOEF* *puppy*

    Attached Files:

  7. TopperID

    TopperID Registered Member

    Oct 1, 2004
    SSM can deal with Child/Parent dependencies, so maybe you could say:-

    SSM = Childbearing HIPS :D :D :D
  8. Astronomy

    Astronomy Registered Member

    Dec 21, 2005
    WinPatrol is not a good HIPS,Because it reported after the harm had occured.
  9. nights

    nights Registered Member

    Mar 17, 2006
    WinPatrol is a IDS (Intrusion Detection System)
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.