Definitions differ, but most would say HIPS is the broader concept.
HIPS can use behavior blocking, sandboxing etc.
But the way it is used in forums like this, it seems that many would not count antivirus type products as HIPS.
But according to Gartner, anything that runs on the host machine (as opposed to on the servers) that protects your system is HIPS (look at what HIPS means and it make senses), so they would say antiviruses and personal firewalls are HIPS as well.
According to them there are 9 different styles of HIPS,
I would also point out the term “behavior blocking” or “behavior blockers” is also under dispute.
“I still believe that identifying malicious software by comprehensive analysis of all behaviors is a better solution than just watching for isolated actions. When I tested ThreatFire 3 and Norton Anti-Bot, they did a great job of blocking real-world malware using this type of holistic analysis. And because they look at the program as a whole, they don’t flag valid programs that happen to use some of the same techniques. But CFP’s implementation of single-action behavior blocking is among the best I’ve seen, especially the option to switch into Installation mode.”
Some (most from the AV world) would say “single action behavior blocking” would not count as behavior blocking/ behavior blockers at all. To them only threatfire type technology that tries to decide by itself whether a series of behavior (plus other heuristic rules) is malicious count as behavior blockers. The major of comodo defense+ would be called “system firewall”
Others disagree saying that there are two types of behavior blockers, “smart” or “dumb”. Expert based behavior blocker versus policy based behavior blocker…
It’s all semantics really, as long as you understand what is being discussed.
This isnt so much as a question but a comment. Melih, I really enjoy what you are doing here! I mean you guys take the time out of your busy schedules, to be so tight with the members on your forum! I am not aware of any company that does this keep it up
For all intelligent users out there, or, should I say, users that know at least a lil bit about their machine and how it works, I recommend using a HIPS that warns about every single thingie.
For all others, I recommend so called “intelligent” Hips and “heuristic” proggies.
whatever they are. I am not here for advertising, am I?
I have a new anti-virus program and it apparently conflicts with McAlfee, which has been on my computer for quite a while, but I don’t use. I have been instructed to delete McAlfee, but when I try to do this, the computer freezes up. I have tried to do this (1) through control panel/program remove, and (2)by clicking the button in the message that tells me to remove it, but get a message “cannot go to that site,” which I thought only referred to internet site, not things on your computer itself.
HELP!! I KNOW I’M MOST PROBABLY DOING SOMETHING WRONG BUT WHENEVER I GO INTO “HIPS APPLICATION CONTROL” THEN MANAGE MANAGE ALLOW/BLOCK LIST, ALIST OF FILES IS LOADED ALL MARKED “BLOCKED” BUT BEFORE THE LIST CAN COMPLETE, AND WAY BEFORE I CAN ACTUALLY READ IT THE WHOLE PAGE DISAPPEARS!! I’VE NO CHANCE TO EITHER SEE WHICH FILES THEY ARE OR EVEN CONTEMPLATE WHICH TO SUBMIT OR NOT!
Please start a new topic in HIPS (Host Intrusion Prevention Systems) and also write what HIPS software you are using.
And please don’t write with capital letters all the time.
the proxy in NOD32 is not a protection in itself, it’s just there to allow anti-virus scanning of visited web pages in memory (or in a protected cache depending on the mode you choose; caching might be more convenient for video streaming) before they reach your browser. There’s no side effect if you disable it :SMLR just it’s better to scan web files that way than when it’s too late, on the disk.
ive heard that if you change the option so it doenst act as a proxy then when you boot up each time NOD32 will report a warning to turn on the option as its quite important as you mentioned above. Is this true?
and im running comodo firewall so no worries there.
I don’t run NOD32. I only tried it. but I run Avast that has a very similar feature. So I have no idea about that NOD32 warning. Don’t deactivate the proxy, CFP doesn’t replace it and doesn’t do the same job at all. For instance you might be prompted by Def+ to allow a download, you will click yes, now what? say your download is infected, you’ll be happy that your NOD32 proxy has intercepted it before it got saved to hard disk, ok? Hope that clarifies it a bit more for you now.
ps the NOD32 warning is just warning, what matters is that you understand what the proxy does.
