Results 1 to 5 of 5

Thread: What are some good HIPS/IDPS

  1. #1
    Member
    Join Date
    Dec 2011
    Posts
    35

    What are some good HIPS/IDPS

    I'm trying to find 1 last set of programs for my rig, and that's a good HIPS/IDPS.

    I currently have NIS-2012 (which I guess you can consider a form of IDPS), but I need something else in case that fails.
    Proactive, or just a monitor... I need something else to monitor hidden processes and see them, or manually control their execution.

    Here are some I've found so far...
    - SystemSafeMonitor (SSM)
    - IceSword
    - EQSecure
    - WinPatrol
    - DynamicSecurityAgent (DSA)
    - Fortego's All-Seeing Eye
    - ProSecurity (PS) ... I can't find this anywhere, anyone know where I can DL it?

    - Any other program not listed...

    I know some of these use hooks or heuristics to try and find the pesky ones, but I'm mainly looking for a "recent" program that works well on Windows XP.
    As I said, it can be an active one, or a passive monitor with just alerts.

    Thanks.

  2. #2
    HYBR|D
    Guest
    Not my area of expertise, but here's hoping Cider spots this topic. He works for an actual AV company.

    He should have a helpful response.

  3. #3
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hi!

    Yes I did see this but been a mad few days (you know how bosses are at this time of year ...).

    Anyways, we have a technology called Truprevent which does what you are looking for. It does some good stateful inspection and you can set defined policies, this is true for our corporate range and for retail we create the rules on our side and update it via automatic updates. This technology is quite old and it causes alot of problems for us.

    IMHO I can only comment on Icewsord and Winpatrol (Nihil actually introduced this a few years ago).

    Icesword is a great tool to check your computer after something that has gone wrong ... It has some nice features.

    1. Shows hidden files
    2. Shows weird processes
    3. Bulitin Reg viewer
    4. Can copy a suspected file (it renames it for you so you cant infect yourself)
    5. Force delete on those files

    etc etc

    WinPatrol is what you want to use on your machine, I use it personally and push it for the more experienced clients with small sites. http://www.winpatrol.com/

    I do think that you have somewhat of an overkill, can you share what exactly you are doing on your machine which requires all of this?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  4. #4
    Member
    Join Date
    Dec 2011
    Posts
    35
    Quote Originally Posted by Cider View Post
    I do think that you have somewhat of an overkill, can you share what exactly you are doing on your machine which requires all of this?
    Thanks Cider.
    Basically every-day stuff, and I just don't feel like re-installing everything on my machine once it gets infected, knowing first hand some of these guys can be REALLY nasty...
    I haven't been infected in a VERY long time, but when I was, I was pulling my hair out because I was working on reports with due dates very near.
    I tried every possible tool at the time (safe mode), and just couldn't get rid of the damn thing because it was a very good polymorphic bugger. I had norton at the time, but i also tried spyware doctor, malwarebytes, etc etc, and nothing worked.
    I could make a Raid-0 backup, but I don't have the spare HDDs at the moment... so I'm opting to be proactive as much as possible to prevent infections in the first place.
    Not to mention I have to keep my parents PC pretty tight, because pretty sensitive data is being used on that PC, and they are clueless when it comes to security.
    So, it's for my PC, as well as theirs.

  5. #5
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Basically every-day stuff, and I just don't feel like re-installing everything on my machine once it gets infected, knowing first hand some of these guys can be REALLY nasty...
    For this, i would suggest using imaging software to create an image of a healthly system. When sh1t hits the fan, reload.

    Tools to use once you are infected

    1. Nemesis , this is a tool that our malware department developed to compete with other competitors like kaspersky and their TDSS killer.

    http://www.pandasecurity.com/resourc...ndanemesis.msi

    If however you have a file infector that is not going to allow you to run any executable then you can use the active X version (basically run it in a browser).

    http://www.pandasecurity.com/resourc...ls/activex.zip

    This is not a biased opinion but this tool is extremely affective, it has a sandbox type thing and it specifically aimed at rogueware (popup adware, winXp antivirus etc).

    2. Safe Cd: http://www.pandasecurity.com/homeuse...152&idIdioma=2

    I personally created a bootable USB drive and walk around with that. The diff here is that our live CD picks up a DHCP addy or you can set a static one and it will download the latest definition files.

    3. Hitman Pro: http://www.surfright.nl/en/hitmanpro

    Part of the competition but im not ashamed to admit that other vendors have some good stuff. You can run this without installing it forever, sort of a one time thing.

    Then for more advanced malware , I use things like Icesword and gmer.

    Now gmer is possibly the best rootkit software I have come across in the last few year: www.gmer.net. If you know how to use it , you can disinfect any machine.

    Look , to be honest the only way you can infect yourself is by being an idiot and some badluck, so walk the good line. If you are going to torrent, do it in a VM and scan the stuff before moving it to your primary machine.

    And please change your AV software from Norton. I am not saying use Panda, but use something with a good heuristic detection.

    If you like *because you tickled my buds* I will give you a free copy of panda Internet Security 2012, test it, if you like it you can have it for a year.

    Let me know.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

Similar Threads

  1. A Guide to AntiOnline and the world of security.
    By Ennis in forum AntiOnline's General Chit Chat
    Replies: 5
    Last Post: December 27th, 2003, 05:28 PM
  2. Good router for home use?
    By dstevens1958 in forum Hardware
    Replies: 6
    Last Post: October 28th, 2003, 04:55 AM
  3. Good E-mail
    By adiz in forum Web Development
    Replies: 4
    Last Post: October 14th, 2003, 07:59 PM
  4. Good, Free IDS anyone?
    By th3>kLuTz in forum IDS & Scanner Discussions
    Replies: 14
    Last Post: August 1st, 2002, 08:33 PM
  5. Need Good Firewall
    By LilDraganon in forum Newbie Security Questions
    Replies: 8
    Last Post: June 29th, 2002, 04:53 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •