XP64 HIPS Recommendations and Questions

Discussion in 'other anti-malware software' started by Devinco, Jan 1, 2009.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Happy New Year Wilders! :)

    What are the available HIPS that are 64bit and will work in Windows XP 64bit?
    Not just 32 bit running in compatibility mode, but a real 64 bit HIPS.
    What are your recommendations?

    Outpost firewall has a good HIPS built in and is 64 bit, but I would like to know what else is available in a stand alone HIPS.
    I would like a classical HIPS or another type that can be set to run as a classical HIPS.

    What happens if you run a 32 bit HIPS on XP64 in "32 bit compatibility mode"?
    Will the HIPS install and run?
    Will it provide only partial protection for the 32 bit programs that execute?

    Thank you.
     
    Last edited: Jan 1, 2009
  2. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    comodo firewall with D+ (HIPS) works on x64.
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi firzen771,

    D+ (DefensePlus from SoftSphere Technologies) is not a HIPS program.
    It is a program to protect from Buffer Overflow exploits if one has an older CPU that doesn't have D.E.P.
    There is an excellent thread here about the difference between DefenseWall and DefensePlus.

    DefenseWall is a HIPS, but I'm not sure if it is a true 64bit program. The program page linked to from above appears to be only 32bit.

    Does Comodo Firewall have a 64bit HIPS built in?

     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Devinco is incorrect.

    Firzen is correct. "D+" is the commonly used acronym for "Defense+", the "Proactive Security" (HIPS) component of Comodo Internet Security. And, yes -- it works fine with XP64.
     
  5. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thank you for the correction bellgamin!
    I got my acronyms mixed up. :D

    Apologies to you firzen771 I did not read your response thoroughly enough.
    comodo firewall with D+ (HIPS) works on x64.

    Thanks. I will check it out.

     
  6. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Are there any 64bit HIPS available that are stand alone?
     
  7. Arup

    Arup Guest

    The closest to HIPS for x64 and one that works reliably is MS's own Defender, turn on Spynet and its a very unobtrusive HIPS, one that works minus any impact or drama.
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    what about malware defender?
     
  9. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks Arup.

    At first look, Defender appears to be just a signature based anti-spyware. I would not have guessed it has a HIPS at all.
    I looked for more info on Windows Defender at MS, but couldn't find out...

    In Defender's level of protection does it protect Driver/Service installation, Physical Memory, block Global Hooks, and block Registry DLL injection?
    (Things that a typical HIPS like 32bit ProcessGuard and 32bit SSM protect against)

     
    Last edited: Jan 1, 2009
  10. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    WinDefender does have HIPS. Select Tools and click on Microsoft Spynet. It's default setting is basic but when you select 'Advanced' you have a basic HIPS.
     
  11. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    Another related thread of interest:

    https://www.wilderssecurity.com/showthread.php?t=218846
     
  12. 3xist

    3xist Guest

    You can disable the Firewall in Comodo Internet Security (Comodo Firewall is included stand a one) and you just have Defense+ HIPS.

    Switching to Proactive Security and say goodbye to malware.

    Cheers,
    Josh
     
  13. Arup

    Arup Guest

    It protects registry, system files and folder and unlike other x32 HIPS, it protects critical x64 folders whicht the x32 HIPS would have no access to.
     
  14. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks jmonge.

    I think Malware Defender is 32bit only.

     
  15. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks midway40,

    Defender looks promising although I must admit I am wary of a security product from MS.

     
  16. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
  17. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    3xist,

    Thank you.
    So if I wanted to keep Outpost as the firewall, I could add Comodo as a HIPS only.

     
  18. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks again Arup!

    So when a 32bit HIPS is installed on XP64 it might be possible for 64bit malware to operate in some manner.

    Defender is worth trying.

     
  19. Arup

    Arup Guest


    Not only that, access to x64 portions of registry, system folder, SysWow64 etc. would be blocked as well.
     
    Last edited by a moderator: Jan 2, 2009
  20. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Arup,

    Does Defender handle Child-Parent Permissions like SSM?
    Can I allow Program A through cmd.exe but block all other programs run through cmd.exe?
     
  21. Arup

    Arup Guest


    Although not close to SSM but its possible in Defender via the software explorer where all the programs in your system are listed. You can then selectively set permissions for each and every program individually. Furthermore Defender can be set to alert you of any changes made by known running programs so in case your program is hacked, you are informed.
     
  22. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Looks like I'll be trialing Defender and Comodo (separately) because they both look like good solutions!
    Then I can see how they compare to Outpost's Host Protection (64bit Built in HIPS).

    Thanks again Arup.
     
Loading...
Thread Status:
Not open for further replies.