With FirstDefense and Anti-Ex, is HIPs even needed?

Discussion in 'other anti-malware software' started by Acadia, Dec 4, 2007.

Thread Status:
Not open for further replies.
  1. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    I have been using FirstDefense for over three years now, and recently discovered Anti-Executable. I was going to start playing around with a HIPS program or two, when I suddenly asked myself is it was even necessary. IF PROPERLY USED wouldn't the combo of FirstDefense with daily rebooting thru the Freeze feature and Anti-EX protect you from everything that a HIPS program possibly could?

    Thanks for all replies,
    Acadia
     
  2. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    AE doesn't cover everything so there are certain hips features one might consider necessary. It really all depends upon your preferences which i certainly don't know.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    In theory yes. If your system doesn't change much, then I would say yes. But AE has it''s flaws also, in that you have no control over what happens nor can you see it.
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Don't forget executable scripts. They are just as deadly and in some ways more stealth and can render a system toast if not properly monitored. I use EQSecure to watch over those script/file associations and it stops them cold in their tracks.

    Now with that being said, AE doesn't cover scripting as far as i know and even FREEZE storage snapshot would be vulnerable if a script virus were to release some file infector virus, provided you're one of those who don't run any AV's at all

    Just something worth taking in consideration. And as another side note of interest, it's my experience that SandboxIE would prove immensely valuable as a choice go-between sandbox to keep either of those from actually doing serious harm.
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hello, Easter,

    Can you explain how EQ watches over script/file associations? Does it monitor web-based scripts?

    Thanks,

    rich
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    FILE PROTECT/SYSTEM PROTECT

    %WinDir%\*.vbs/*.reg/ etc.

    Also under REGISTRY PROTECT/GLOBAL RULES/FILE TYPE ASSOCIATION
    (add registry)
    HKEY_CLASSES_ROOT\.vbs

    For a brief template example. Absolutely no associations get to fire without an ALERT first. With EQS you can fine tune the way their handled, but i always use EQS to ALERT the moment any of these potentially dangerous script associations try to launch.

    They are suspended indefinitely untill you verify they are good or not.
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Thanks, Easter!

    ----
    rich
     
  8. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    thanks, fellows, might have to check out this SandboxIE thingy. ;)

    Acadia
     
Loading...
Thread Status:
Not open for further replies.