WinPatrol: HIPS or Not?

Discussion in 'other anti-malware software' started by Birdman, Jul 21, 2006.

Thread Status:
Not open for further replies.
  1. Birdman

    Birdman Registered Member

    Joined:
    Nov 24, 2003
    Posts:
    571
    I've been using WinPatrol Plus for a while now and I find that it compliments my AV and Firewall very nicely.

    I've tried other "safety" programs like Online Armor, Process Guard, Prevx and System Safety Monitor...but I've found that they all slowed my system and internet speed down.

    Is WinPatrol (Plus version) considered a HIPS program?

    Thx
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i consider it one. it doesnt provide program control but it does monitor several areas of windows like file types, startup entries, and teh HOSTS file.
     
  3. spindoctor

    spindoctor Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    83
    I could be wrong, but I would tend to think that many of the experts around here wouldn't consider it to be a full blown HIPS and that it is often too slow for most of the die hard HIPS users around here who want the best possible protection available.

    That's not to say WP isn't good enough, at least not in my opinion. For most average users WP is probably good enough. I find WP to be a nice addition to any set up whether it's run realtime or not. I wouldn't mind if it was a bit faster at catching changes though, maybe in a future version BillP will consider that.
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    No program control = boney HIPS :cool:

    Muscular HIPS = Online Armor, System Safety Monitor, PREVX, etc
     
  5. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,299
    Location:
    South Wales, UK
    No slow down with ProcessGuard here! Are you using the latest version?;)
     
  6. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651

    Hi Belgaming, having no program control doesn't always mean boney/bogus imho, cause the "program control" you and me are talking about .. (and for the same amount of money and AFAIK everybody else here at Wilders) is mostly so called Kernel Driven Application Control, whether this is integrated into a firewall (like Tiny2005, Outpost, .. .. ) or stand alone like Process Guard, SSM, GSS, .. ..
    .. It has been proven that such programs (kernel driven * at least proper coded behaviour blockers, system analysers,...) are "better performers, offers greater protection" against self protection, process manipulation, termination, ... they can intercept certain activities/behaviours that such programs like Winpatrol, Spyware Stopper, simply cannot do.

    **** So far my thoughts on Kernel driven software and usermode software that is not hooked ****

    * BUT IMHO * If you have too much of that kernelmode software (doing their analysing as deep as ring0 , this can can seriously interphere with eachother and since this all happens in ring0 (or as closest ..) the bad results can be in my case (and reading many posts here and on other places, seems like I'm not the only one with incompatability issues with Kernel Software) many BSOD's, corrupt critical windows files, lockouts, and bad installs mostly ending and resulting in a reformat (thank god for FD-ISR and Vmware :D and since using Vmware togheter with FD-ISR .. those problems are history ..
    btw : the older version of Tiny Firewall (the latest ones are very stable) with the older beta versions of SSM, even appdefend and my Nvidia Driver caused a mess :ouch: ) .. to much kernel apps ...

    And that is one of the biggest advantages of Winpatrol, the fact that it is installed in usermode, means that interpherence problems will probably not exist, at least with not so drastic results :)
    It offers a broad aspect of security but the only thing I do not like that very much is Scotty (the litte dog guard * which is quite original :thumb: ) that it scans the background for changes in all those area's every 5 or 10 (it used to be 10 secs) seconds (in fact mostly checking for changes in the registry .. but eveyr 5/10 secs ..you can understand that any malware can do a lot of bad things in 5 or 10 seconds !! I hope that this will change in the near future so that it can scan every 2 secondes or so ..

    *puppy* *WOEF* *puppy*
     

    Attached Files:

  7. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    SSM can deal with Child/Parent dependencies, so maybe you could say:-

    SSM = Childbearing HIPS :D :D :D
     
  8. Astronomy

    Astronomy Registered Member

    Joined:
    Dec 21, 2005
    Posts:
    29
    WinPatrol is not a good HIPS,Because it reported after the harm had occured.
     
  9. nights

    nights Registered Member

    Joined:
    Mar 17, 2006
    Posts:
    9
    WinPatrol is a IDS (Intrusion Detection System)
     
Loading...
Thread Status:
Not open for further replies.