Author Topic: AIS Firewall vs HIPS  (Read 7805 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: AIS Firewall vs HIPS
« Reply #15 on: June 12, 2011, 02:53:25 AM »
Isn't that the integrated version of GMER?
GMER is an antirootkit technology. Nothing related to HIPS afaik.
The best things in life are free.

bellgamin

  • Guest
Re: AIS Firewall vs HIPS
« Reply #16 on: June 12, 2011, 03:41:33 AM »
If you want to be notified of everything every application wants to do (99% of the time safe and necessary)to be able to function then you will like a HIPS program.
This was true in the past but is no longer fully accurate. All of the major HIPS (Online Armor, Private FW, Outpost, etc) now have "training" modes whereby the HIPS can observe your use of the various programs & processes currently on your computer, & thereby build your own personal whitelist. During the training period, you will receive few if any alerts. When the training period is terminated by you, the only alerts you will receive will be valid anomalies warranting your attention.

To structure a HIPS, so that it gives you HIGH protective value but with a very LOW number of routine alerts:

1- Set the HIPS in "training" mode

2- Go through your *normal* routines & surfing for a few hours

3- Exit "training mode.

By virtue of step 2 above, your HIPS program will learn the programs, processes, activities, & websites that are "normal" for you & your computer. Thereafter, the HIPS will alert ONLY when something abnormal is taking place.

Moreover, some HIPS programs (for example, Comodo D+ and Online Armor) maintain extensive whitelists of programs and processes that are known to be safe. Those huge whitelists make it even easier to implement a powerful HIPS with few if any meaningless alerts.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: AIS Firewall vs HIPS
« Reply #17 on: June 12, 2011, 03:48:11 AM »
If something get wrong in the training period... all the security is gone...
You have allowed something that you shouldn't.
You can't bypass the annoying of HIPS... It belongs to the its own technology.

I agree that normal users, after a training period in a clean computer, will have few alerts of HIPS.
But what would we say to the ones who test software? They will have to decide...
And in this case, imho, nothing better than Virus Total and sandboxing/virtual machines :)
The best things in life are free.

bellgamin

  • Guest
Re: AIS Firewall vs HIPS
« Reply #18 on: June 12, 2011, 06:56:56 AM »
. . .nothing better than Virus Total and sandboxing/virtual machines
Or a good integrity checker + periodic/sustained imaging. Or Deep Freeze. Or Linux.

Dch48

  • Guest
Re: AIS Firewall vs HIPS
« Reply #19 on: June 12, 2011, 07:47:05 AM »
. . .nothing better than Virus Total and sandboxing/virtual machines
Or a good integrity checker + periodic/sustained imaging. Or Deep Freeze. Or Linux.
Or---none of the above  ;D