What do you think is the best HIPS?

system · May 27, 2008, 9:51am

Most off us are fairly familar with Host Intrusion Protection Systems.

OTHER then CFP’s HIPS (Defence+), Would would be the best Alternative??

Your opinions are greatly appreciated.

Josh

salmonela · May 27, 2008, 12:43pm

EQSecure, Netchina S3 HIPS - free…

You can find it here - http://wiki.castlecops.com/Lists_of_freeware_behavior_blockers
and here - http://wiki.castlecops.com/HIPS/IDP_programs/services

system · May 27, 2008, 5:31pm

Are you referring to HIPS in general, or so called ‘classical’ HIPS, like PG and SSM?

system · May 29, 2008, 11:02am

Any kind off HIPS/Behavior Blockers.

Josh

system · May 29, 2008, 2:44pm

If freeware only, then:

Sandboxes - SandboxIE, GesWall

‘classical’ : (they’re behavior blockers, but they warn you of everything monitored, like a tripwire)
-SSM free (logical, highly configurable, almost unique feature - disconnect ui),
-EQSecure

Behavior blockers - ThreatFire, DriveSentry (?) .

Execution control only - Abtrusion Protector (good ideas behind it, in a LUA the user can do squat, it’s good for that, lock down). No longer developed, few bugs, nothing major afaik.

Script Blockers :
-Script Defender (basic but extensions are configurable),
-Script Sentry (some flaws, but it provides a basic analysis of the script, and can block embedded scripts in .doc’s etc.)
Either one uses no resources, but they’re also not being developed.
WormGuard is also good like SS, it’s payware but i don’t know if the trial expires
NOTE: don’t buy WormGuard, DiamondCS (the company behind it) seems either dead, or non responsive. You will lose your money, and win no license. Avoid it.

Rollback - Returnil

Hope i didn’t miss any.

system · May 30, 2008, 12:46am

Freeware/Payware!

Dont matter…

Josh

system · May 30, 2008, 3:49pm

Payed, same as above (some have paid versions which are much better), and include DefenseWall, Anti-Executable, Prevx (not freakin CSI), ProSecurity.
Few more, all different.

Blas · May 30, 2008, 6:02pm

!ot!

(:TNG)
!ot!

Melih · May 30, 2008, 6:04pm

oops… sorry… didn’t see that… I will delete that post…

thanks
Melih

system · May 31, 2008, 6:57am

Let’s keep on topic please…

Josh plays with the padlock

Josh

MorphOS_REBOL · June 11, 2008, 9:13pm

Maybe Antihook, if it weren’t depending on .NET framework. If you HAVE to use .NET framework anyway, you might give it a try, combined with AnalogX scriptdefender. If not, stay away from it.

(:WIN)

The REBOL

But why this thread?

triple · June 11, 2008, 10:56pm

HI!

There is also spyware terminator hips, but I don’t think it is a good one.

MorphOS_REBOL · June 11, 2008, 11:27pm

Never tried, so I can’t tell, Darth Vader (:WIN)

Gaming4JC · July 16, 2008, 2:26am

Host Intrusion Prevention as in Network security?
Snort, PortSentry, some other misc.

For local protection such as Defense+, there’s also good’ol TeaTimer that comes with SpyBot S&D.

triple · July 16, 2008, 6:15pm

I think the HIPS of the Comodo Firewall is one of the best in the paid and free market!!! Has anyone compared the speed and the reaction time of defense + and a paid hips app??? I think defense + beats them all! it is incredible fast! Also its protectiveness is worth an A+ and the impact on the system is almost 0% percent! (ok, maybe I am exaggerating a little bit…) anyway it’s combination of protectiveness and speed is lethal for paid competitors I guess… This is just what I think, I have not done a real test, but I hope I am right… (:WIN)

Rafel · July 16, 2008, 6:26pm

I use:
-D+, for me the best HIPS i never used, and i used a lot. No impact resources, easy configure and FREE!!
-Returnil free, when i want test a program (i only test safe programs)
-Geswall free edition if i need execute isolated an aplication.

system · July 17, 2008, 6:36am

I really don’t know why I started this topic lol

D+ all the way.

ailef · August 3, 2008, 5:23pm

i talked with a kaspersky team member, and i talked about Defense+ that was actually the best solution to protect your system.
the man said kaspersky 8.0 had this kind of protection, like it was so great, he thought it was as good as D+ in his mind, ok he’s here to make business and will not tell that D+ is far better and can be called a real HIPS.
so kav hips is what? u start some app, the great AV tells u to wait as it’s analyzing the new app u launched.
wow, what a great protection, u don’t know anything about the file, then kasper says it’s ok and u got to trust it, and this kind of analyse is enough comparing to D+?
lol
i told him i was safer with comodo FW 3.0 than kav as i find undetected malware every week,
he told me hey there’s KIS, wow KIS? who saw the FW they released on this new prooduct?
it’s ■■■■, the 7.0 kis FW was far better, just choose to create rules (all the rest with no rule got no access), or answering alerts to get what system services are needed,
svchost.exe is still in trusted zone so anything can use it with no alert, ok delete it, but now the FW chooses where to put the app: 4 levels : safe, less safe, be carefull, and blocked apps
then u got some symbols that looks like nothing, some other window with services allowed or blocked, then connected process, the FW look is ■■■■, u understand nothing, u choose nothing, and the HIPS is nothing, u just wait for a little windows to allow the app, that’s what they call the HIPS.

i wonder if concurrents look at other security tools and test them.
a freeware was able to save my sytem like 4 or 5 times as kav perfect scanner detected nothing.

actually with the situation of the internet and the explosion of malwares with packers joking with AVs,
what will i do without Defense+?
even if i’m not safe 100%, D+ is the solution u cannot not using, and i use it for months but i found D+ new setting, with the help of posters in here, so the potential of this software is terrible,
people that says it’s bad app don’t see the reality of the security today, they’re marks,
your AV is uptodate? oh cool, u’re dead man, but u don’t know, like most of people, he trust a good av uptodate detecting no prob, who can blame him? i used to trust my av.
now i wonder why i bought a new licence, it’s useless.
when they’ll understand that comodo security approach with this FW and this D+ is so logical, how can u protect a system using an AV.
with just KAV 8.0, i can say my both machines would be contaminated.
no AV can see the future, reading articles on packers to bypass AVs as i told friends to get kaspersky cause i was using it for long time and was the best AV… now i can tell AVs are ■■■■, they explain u how to make undetectable file in 10 min…
but on virustotal.com when i find some file undetected by kav, there’s always like 6 scanners detecting something when it’s some new package,
once i sent a file to virustotal and i got like 20 scanners that detect a malware except kasper, i send the file, they say no malware…today i sent one that is known as unsafe file but they replied, no malware…
i think on 5 files they replied 3 times no prob,
so what do u propose to replace D+ actually?
i don’t care about things i read that we’re fanatics and blinds and def,
what i see is that the logic is this solution, so why to be logic is to be a fanatic…
what i win by saying this is the actual solution?
fan, fan of what, even when i was young i never was fan of anything.
so for a piece of code… maybe they think all people are youngs and react this way.

they don’t understand, i was for OA at the beginning, i bought it, i fighted with melhi about OA and comodo as i thought i was right, then when u join the testing group and u test OA then comodo,
oulaaaa, ok OA is not at the same level, so at this moment a fanatic would stay with OA continue to say OA is the best as all tests i made is a total logic and i understood why melhi was talking this way about comodo,
it’s the best security product at the moment, and people telling it’s ■■■■ just don’t live in the reality,
the prob is maybe what we think about others products,
i can say yes there are other FWs as good as comodo but it’s a lie,
some are not bad but comodo is THE leader far,
is it my fault if people that got the idea to code this FW had the exact vision of the situation and release the best answer to face all those security probs? nope, i don’t think this code is due to hasard.
u need to know so many infos and follow the mlaware evolution for years and think about the project that will be the solution, especially when u see what users got as alternative, so u release that, and give that for free is crazy,
when u see the work done, the security level, the quality for a freeware, seriously, all sharewares are a joke cause of the price, what can u do when a freeware is better than all the rest?
1 : drop the price
2 : contacting comodo FW coders and dream about the fact they will join some concurrent team
3 : pray for comodo to stop developping FW
4 : accept the situation
5 : become a comodo member
6 : put a link on their site for comodo
7 : no need to say we’re the best, it’s old new
8 : they should pay matousec site to test the last comodo
9 : and accept again that we take the lead

(i say we lol, but i didnt code anything, i’m just some poster, to say we is a fanatic attitude?lol)

for me OA is the best HIPS !!!

salmonela · August 3, 2008, 8:32pm

Please ailef see screenshots for KIS 2009 HIPS: (:NRD)

[attachment deleted by admin]

salmonela · August 3, 2008, 8:53pm

Also should be said that inherit option is great, logic of it is simple, if “untrusted” process starts trusted process, originally trusted process becomes then untrusted (you will be prompted for actions which it make)
CPF is better at COM interface (addable/editable) and Firewall is better in CFP3 (KIS will not prompt you if app. tries to send ICMP code/request)

Logs and application analysis in KIS 2009 are simply the best (see sample)

[attachment deleted by admin]