Do I need a HIPS?
Hi all:
I have been advised that having a solid AV and ASW even behind a router and a H/W FW is not good enough security.
The idea is "Well, maybe you should add SSM or ProSecurity to your shopping list after all, they are HIPS' with network application control."
My security concern is to prevent those applications that ask for access and shouldn't have it AND to block outgoing packets from leaving the PC that have no business doing that.
I will consider all ideas and the rational for them
Thanks
Comments
-
If you are concern about leak test(ddl injection, process injection/termination, OLE communication,...) then a HIPS software will do the job. I see in you sig that you use ZAP, it`s score well in leak tests and you can use his OS firewall as a HIPS.
For me, SSM free version is enough.
Just one question: Does ZAP provide a good outbound control for you?
Khufu0 -
If you are concern about leak test(ddl injection, process injection/termination, OLE communication,...) then a HIPS software will do the job. I see in you sig that you use ZAP, it`s score well in leak tests and you can use his OS firewall as a HIPS.
For me, SSM free version is enough.
Just one question: Does ZAP provide a good outbound control for you?
Khufu
In a word NO.
After much work and testing I just dropped ZA Pro a day or so back because IMO it makes uncontrollable calls home to their mother ship and other sites of dubious nature. I made me very uneasy as they don't explain why these occur. I left their update sites open and blocked the data gathering sites they use. I will update my signature to reflect the change in FW.
I now use Comodo FW 2.4 on a testing and optimization basis. It scores better than ZA pro in some leak tests and doesn't have this data gathering outbound issue. CFW has ddl injection, behavior analysis, and application level control. I can also put in ip and ip range blocking/accept rules easily.
I'm wondering if I can even need to add a HIPS to CFW to really close it up.
What do people think?0 -
Hello Escalader
As CFW already includes HIPS you don't need another one.0 -
Hello Escalader
As CFW already includes HIPS you don't need another one.
Yes, but unless I'm wrong (highly doubtful! ha ha) CFW 2.4 doesn't it is the new CFW 3.0 Beta that is supposed to include that function. I will check again to confirm. More later0 -
Hello Escalader
As CFW already includes HIPS you don't need another one.
Hello I'm back like a bad penny:
"CFW 2.4 has no HIPS function but 3.0 will". this statements has been validated on the CFW forum.
So I'm on 2.4 and that means at the moment I don't have a HIPS... see ya0