Host Intrusion Prevention System

[Dieselman]

Yes Asyn..................All for you.  

[Asyn]

Yes Asyn..................All for you.  

If so, please see: Reply #23
asyn

[Dieselman]

Nothing wrong with running a hips with avasts behaviour blocker as you can see in my sig and i have no issues at all.
If your such the self confessed expert Dieselman with your huge 10 years of experience how come you have'nt learnt how to hide your email ? and you also dont supply any information about your own system setup in a signature for us all to admire and be wow'd.

My email...I could careless about it. As far as my set up...Goes like this:

Windows 7 64 bit
2Wire Gateway w/NAT
Avast 6.0.144 with High settings
Windows 7 Firewall W/Advanced Security
Emet 2.0 for hardening
OpenDNS
MBAM,HMP for on demand scanning
Firefox 4.0 w/ABP,Browser Protect,BP
A complete and up to date system image created by Paragon

BTW..................Thats not my real email. Its a disposable account.

[firzen771]

surprising i have to agree with DieselMan. you might not experience a conflict, but you will be much more prone to a conflict when operating 2 security software with a similar function since both are hooking the same areas of the system, and ther is a chance during a detection that problems could arise, such as BSOD's sometimes.

just like when running more than 1 AV, u might not experience a problem right away, but eventually and under the right circumstances its much more possible.

you people are taking the same stance that oil drillers seem to take, you dont notice any immediate downsides so you continue as is thinking what your doing can never be a problem, then when a problem occurs under the right circumstance, you end up with serious problems.

its better to be aware of the potential problems instead of thinking its all fine and dandy

[Asyn]

@firzen771: See Reply #23...!!!
Thanks,
asyn

[Dieselman]

surprising i have to agree with DieselMan. you might not experience a conflict, but you will be much more prone to a conflict when operating 2 security software with a similar function since both are hooking the same areas of the system, and ther is a chance during a detection that problems could arise, such as BSOD's sometimes.

just like when running more than 1 AV, u might not experience a problem right away, but eventually and under the right circumstances its much more possible.

Thank you. You can run almost everything side by side with no conflicts. The problem is who will decide to fight the malware when under an attack? Thats what you need to think about people.

[firzen771]

@firzen771: See Reply #23...!!!
Thanks,
asyn

for sure, its completely ur choice, i never said change your setup so dont take it that way. im making sure that other people are aware of the potential problems and that they arent misguided into thinking that no problems can occur by doing this.

[Dieselman]

Dont fear being infected. Prepare for it. I could careless if I get infected. Hence the system image. Avast misses something then MBAM may catch it. If MBAM misses it then HMP may catch it. If all other tools fail I can use Kaspersky Rescue CD or just mount a new image.

[Asyn]

for sure, its completely ur choice, i never said change your setup so dont take it that way. im making sure that other people are aware of the potential problems and that they arent misguided into thinking that no problems can occur by doing this.

Ok, that's something completely different, then.
I can't speak for others, but I can handle my setup.
But Dieselman tries to teach me things, I don't need.
asyn

[doktornotor]

Well, I for one hope there won't be one included with Avast, like ever. People don't seem to really grok the purpose of behaviour shield/autosandbox, let alone HIPS. Not useful for average user.

[firzen771]

for sure, its completely ur choice, i never said change your setup so dont take it that way. im making sure that other people are aware of the potential problems and that they arent misguided into thinking that no problems can occur by doing this.

Ok, that's something completely different, then.
I can't speak for others, but I can handle my setup.
But Dieselman tries to teach me things, I don't need.
asyn

u can handle it perhaps, but that doesnt change the fact that problems can arise and MOST people shouldn't follow suit

[Dieselman]

Exactly dok. HIPS is for advanced users. The reason companies like Avast and Symantec went with a BB is cause its more user friendly. A HIPS will ask you 50 million questions and people dont want pop ups.

[MAG]

Sorry to prolong the agony - but I am still interested in a balanced (perhaps even an avast) view on this.

Diesleman and Firzen seem to be implying that we should all turn off the HIPS component of our third party firewalls now that avast has a behaviour shield.

(if so, wouldn't avast have offered that advice when they rolled out the BS? maybe they did but I missed it.)

Anyway, Craigb seems to think the opposite, and Asyn is confident in her use of both - but then as she says, she knows what she's doing - I couldn't make that claim!

As you'll see from my signature, I had acquired both a HIPS and HIDS before BS was rolled out, and I'm happy with them both - they both prompt me on things I expect them to (which is not very often). Having said that, if the nett effect is decreased security if an attack ever comes, I would get rid of something.

(w764 bit users with comodo FW/D+have already had a conflict between comodo guard64.dll and avast BS that stopped windows loading - now resolved by a change to BS by PK. perhaps there are reasons not to run BS and HIPS even without any attack?)

[Dieselman]

Where did I say disable HIPS? I did not. There are plenty of firewalls without HIPS such as Windows 7 Firewall.

[MAG]

Where did I say disable HIPS? I did not. There are plenty of firewalls without HIPS such as Windows 7 Firewall.

Well, that's how I interpreted this (reply 17)
'BTW the way people you cannot use a HIPS and a BB together. Its one or the other.'

So since avast now has a behaviour shield, this seemed to suggest to me that you think the BS or the HIPS should go - wrong interpretation?