A list/review of some free HIPS apps:
Free Intrusion Prevention and Detection Utility for Home Use (HIPS)
Are these types of programs compatible with antivirus and firewall use, in the sense that you're not supposed to use 2 firewalls or 2 antivirus programs together?
Before looking at the page, I thought I was going to see a list of programs that just function as a HIPS monitor, but they seem to do several things, one of which is HIPS. Are there programs that do HIPS and only that?
I already use Winpatrol. With Avast 5.0, a firewall, and Winpatrol, am I effectively protected against HIPS?
You don't want to be protected against HIPS.
The first article does not distinguish between classic HIPS of which the ORIGINAL HIPS program ...the father of all of them belongs... and behavioral blocking programs. The two types of HIPS are VERY different and many experienced users would argue that behavior blocking programs are so different that they should not be classified as HIPS. Classic HIPS is the strongest defense a computer user can have BUT it requires a high learning curve to use properly although the original HIPS ProcessGuard is reasonably easy to learn to use but Classic HIPS that have followed it like System Safety Monitor, Malware Defender, and the HIPS in Online Armor are more complex and more difficult to learn. Behavioral blocking is much easier to use but does not give the user the control that a classic HIPS does and is not nearly as good either IMO. Behavioral blocking is really NOT HIPS. ONLY CLASSIC HIPS belong under the definition of HIPS. Behavior blocking is too different. Here's a better article to explain HIPS vs Behavior Blocking:
http://antivirus.about.com/od/antivirussoftwarereviews/a/hips_behavior.htmEven though I far prefer a classic HIPS, I generally don't recommend that to others with the exception of the original one ProcessGuard. It is no longer being developed and works only on XP. I usually recommend behavioral HIPS because most computer users do not want to attempt the learning curve needed to properly use a classic HIPS and a behavioral HIPS is good for those users which are the majority of computer users. However, if you have the time and are willing to learn a classic HIPS you will need NOTHING else to protect you not even an AV. (You never need worry about rootkits either). You have to be completely confident though in your ability to correctly, every time, direct the HIPS in the action it should take when you get a popup. With the exception of ProcessGuard, these popups can get extremely complex and make no sense to the average computer user (or to me sometimes).
Yes, there are programs that only do classic HIPS, or behavior blocking, and nothing else such as ProcessGuard (you can still install the free version if you are on XP but there is no support. You would have only the archived DiamondCS ProcessGuard forums at Wilders Security site to help you or users like myself). There is Malware Defender which is actively being developed and works on Vista and Win 7 (no free version though). It is very complex like System Safety Monitor (another classic HIPS which has a free version) and even I with many years of using ProcessGuard full version find both MD and SSM to be difficult to learn. If you want to try a classic HIPS, I would recommend trying Online Armor which has an excellent classic HIPS built in. I think it is only in the paid version but you can do a 30 day free trial (it could be in the free version but sort of hidden as I didn't see it in the free version). Classic HIPS generally need NO updating (unless bugs are found in them) so I can use ProcessGuard on XP and have outstanding protection even though it has not been actively developed since December 2006. Online Armor works on XP, Vista (I have it on Vista) and on Win 7. Unfortunately, it does not yet work on 64 bit OSes and since almost all new computers are being sold with 64bit Win 7, everyone is anxious for Tallemu to make Online Armor compatible with 64bit.
Behavior blocking programs need active development. (Read the article I linked to understand the difference between behavior blocking and HIPS). Threatfire is a behavior blocking program. Spybot's Tea Timer is another one. There are several others like Defense Wall which is very easy to use. The developers insist on calling it an HIPS but it is not. It is a combination of sandbox and behavior blocking and has a firewall too. A lot of people like it. I disliked it but I thought it was going to be a classic HIPS and it isn't so I was disappointed.
Behavior shield that Avast 5 has is for zero day protection and is NOT a classic HIPS. It is a specific type of behavior blocker for zero day malware so you can still use a BROADER based behavior blocker along with Avast behavior shield.
You can certainly use a classic HIPS along with an antivirus program. I've used several different antivirus programs with ProcessGuard since I got it end of 2004 I think it was when it was the groundbreaking application and first of its type. Currently, I have Avast 5 (free version) and Online Armor working together just fine on Vista Ultimate 32 bit. Online Armour has a firewall which I am not using. In fact, the only part of Online Armour I am using is the HIPS. You would need to NOT use any antivirus that might be a part of a program like Online Armor that has a classic HIPS because you don't want to run two realtime antivirus scanners as they will conflict with each other and actually give LESS protection because of conflicts. So, you would need to turn off any antivirus in a program that you were using for HIPS. With behavior blockers like Threatfire, etc those generally don't have antivirus programs, or firewalls, included so they can be used without turning parts of them off with an antivirus program. Some antivirus programs do not get along with some behavior blockers so make sure you try one that is compatible with Avast. Avira, for instance, will be stating in version 10 during installation that Spybot's Teatimer should be uninstalled. They don't get along.
Spyware Terminator doesn't even know what an HIPS is. They are using the definition of a zero day blocker and calling that a classic HIPS. I'd stay away from them. WinPatrol (free version) I also have on Vista. It is quite good for what it does, but it is too limited in the sense of the ones I have mentioned here as full comprehensive HIPS programs. I have not used MJS Registry Watcher. It appears very useful but again not comprehensive although far better than Spyware Terminator. It would be easier to learn to use than a full classic HIPS and along with Avast would be a good combination if the user doesn't want to mess with learning a classic HIPS. You could use a behavior blocker along with MJS Registry Watcher and Avast.
I can't find my links right now, but if you go to Wilders Security forums and search for Classic HIPS you will find a lot of good threads.
