Best Free Intrusion Prevention and Detection Utility for Home Use (HIPS)
These days all users face the real risk of having malicious programs secretly install themselves on their computers. Anti-virus and anti-spyware products dramatically reduce the chance of infection, but they're not perfect. In particular, they are prone to miss new malware products which are not yet included in their signature databases. They can also fail to detect malware programs that are cleverly disguised to avoid detection.
To prevent these malevolent programs from slipping by your AV and anti-spyware programs, you need additional defenses, such as a Host based Intrusion Prevention program (HIPS). These programs identify intruders by their behavior, rather than by their characteristic fingerprint. HIPS programs are not limited to the detection of specific malware products; rather, they can target a wide range of interlopers. For the most part, HIPS programs all work in a similar manner; they stop any suspicious behavior and then ask the user whether he or she wants to allow it. This, as we shall see, can be a mixed blessing.
Unfortunately, most HIPS programs, including the popular free program WinPatrol, generate a lot of warning messages, and many of these are quite cryptic. These messages tend to alarm many less-experienced users who feel there is something wrong and simply don't know how to respond. That's why these products are only suitable for the very experienced (and very patient).
Thankfully, a new generation of HIPS programs has emerged that use white lists, black lists, policies and behavior analysis rules, along with other techniques, to reduce the number of messages and the load on the user.
A prime example of this class of product is ThreatFire (formerly Cyberhawk) from PCTools. It's available as a free or paid version, and I use the free version on one of my PC's. It only occasionally issues warnings, but when it does the warnings are usually real and need to be taken seriously. In essence, it provides a vital additional layer of protection to my AV and anti-spyware scanners, and at little cost in terms of annoyance and no cost in terms of my wallet. It is the stand-out free product in the HIPS category. Note: A number of readers have reported browsing performance problems after installing ThreatFire. I've not found that myself, but be aware that this may be a problem on some PCs.
There are some other solid contenders. Blink Personal from eEye is a HIPS with a firewall, as opposed to products like Comodo and ZoneAlarm Pro that are firewalls with HIPS. It's a useful tool for advanced users, though I found ThreatFire to be more effective and yet simpler to configure and use. Blink is also only free for non-commercial use. It is free only if you live in the United States and Canada, if you live outside of these countries it is only available as a 30 day trial.
ThreatFire
Website: http://www.threatfire.com/download/
Author: ThreatFire
Date: 06/30/2008
Version: 3.5.0
Download File size: 19MB
License: Freeware
Operating systems supported: Windows 2000 - Vista
64 Bit Capable: no
Portable version available: no
Other languages supported: no
Additional Software Required: no
Blink
Website: http://www.eeye.com/html/consumer/products/blink/download/index.html
Secondary download mirror: http://www.download.com/Blink-Personal-Edition/3000-2239_4-10658343.html?tag=lst-1
Author: eEye Digital Security
Date: 06/30/2008
Version: 3.2
Download File size: 41.5MB
License: Free for personal or home use
Operating systems supported: Windows 2000 - XP
64 Bit Capable: no
Portable version available: no
Other languages supported: no
Additional Software Required: None
Related Topics
- Best Free Adware/Spyware/Scumware Remover
- Best Free Anti-Virus Software
- Best Free Trojan Scanner/Remover
- Best Free Rootkit Scanner/Remover
- Best Free Browser Protection Utility
- How to Secure Your PC
This software category is in need of an editor. If you are interested in taking it over, please email Elizabeth, our editorial co-ordinator with a little bit about your background and in particular, whether you have any commercial affiliation with products in this category.
If you are currently logged in, you can contact Elizabeth directly by clicking here, if not then click here.
Delicious
Digg
Technorati
Blink is only available as a free 30 day trial, then it's $25.
According to their website: Personal and home users may use one free license of Blink Personal Endpoint Security software for one year from the date of activation, if you live in the United States and Canada, or for 30 days if you live outside of these countries.
Review should mention that.
I'm currently trying the Arovax Shield v. 2.1.103. Just wondering if anyone else has tried it? I too used Winpatrol and had excellent luck with it (it actually caught two possible threats over the years) but decided to try something else after re-installing Windows.
I haven't tried it myself, but I've heard another user say it is very effective at blocking most malware from installing.
Thanks, JT. It seems very unobtrusive. Since it's never been triggered (so far as I can tell), I don't know how it works. I've had no problems with it and it doesn't seem to affect my page loading speeds. I believe it is freeware (at least it didn't cost me anything). It might be worth a look to some of you.
Regards.
Symantec has plans to acquire PC Tools, end of Threatfire ?
http://arstechnica.com/journals/microsoft.ars/2008/08/19/symantec-to-acq...
I always have mixed feelings when this happens. I'm not as concerned about loosing Threatfire free as I am about the future "suite" element of the merged vendors, more bloatware, more PC resource usage, and the general slide in quality of "both" vendors combined wares. They almost never get it right.
Jeffrey Brown
IT Security Specialist
EQSecure is now most commonly used. Also system safety monitor.
I have heard that threatfire contains a keyboard filter(type of keylogger), be careful, also the old cyberhawk still works good.
Some of others :
All-Seeing Eye
http://www.fortego.com/en/ase.html
Very good application, I test it and works very well, but after activation software and " learning mode " level ; one of my network drivers harmed and I', not sure it happend by installing ASE or uninstalling WinPooch, because I done them in the same time, and I don't check it again, yet !
But perhaps this is my problem and not for others , so I suggest test it
EQSecure
This is good, too. But not as ASE ( that is very strong and has full manage on executing and activity on OS ) I test it and has not any problem
DriveSentry
I cant test it yet, I couldn't understand that it is free or not but I think is free, at least in several month ago that I checked the developers site many times. ( DriveSentry need XP service pack 2 or later ).
It has a full control on your hard disk and has a great list of malwares, which can detect them and prevent from activation.
ProSecurity Version 1.30 Free Edition
And I test it too, It works good and has a reasonable control on activities on system
There are many apps in this class , but I write some of them which I tested them or love them ( from descriptions of developers and users or from screenshots )
Drivesentry is good, it only had problems with about 2 programs that it didnt have in its whitelist, also, it's free, BUT tricklefeed updates turn off after 30 days, from then on you have to update it whenever the warning comes up that you need to upgrade.
NOTE: Do not use drivesentry on Vista Home Basic, or it will crash.
I don't test it yet ! because I have a Windows XP Professional, Service Pack 1; and it need SP 2 at least , I download SP 3 newly and I will install it later, Thanks for your comment
But I think it is a great tool for security on a system, do you ever test ASE ?
Thank you for your suggestions.
I will consider reviewing security tools after being contacted personally through techsupportalert. I require the name of the product, links to its expert review sources and testimony, and your name so I may respond in kind directly if I decide to review the product or have any further questions.
I can be reached at jeffrey@techsupportalert.com
Please note: Unfortunately I lack the resources to review personal experiences with the products your submitting so please keep your emails short and to the point. Products reviewed may or may not be approved for this site so please don’t be discouraged if your pick does not make the list.
Thank you,
Jeffrey Brown
IT Security Specialist
You'r welcome
My name : Hadi
For sending product names and quick comments to your e-mail ...
Ok , I try listing some of them ( that are popular or robust ) and send to your mailbox
But do you want other products ( in other parts of site / Image Editors or 3D apps IDEs , etc ) or just HIPS ? or perhaps all of the security apps ?
I really liked Threatfire after using it for about a week. It detected some things that other software I use missed.
However I have since removed it from 2 machines and am about to take it off a third. The XP (SP2) Media Centre PC I have would lock up on start-up and I had to physically switch it off, it also locked up browsing a directory with explorer. The Vista Ultimate (SP1) laptop would lock up, again either on start-up or even just under normal use. I had to use Safe mode to remove it from this system. Both problems were linked to Threatfire in some way (although I didn't investigate too much - the priority was getting the systems working!) Both systems use different AV / Firewall / Anti-Spyware software, and both have been fixed by removing Threatfire. The third machine is a friends laptop that I have been repairing for them and I can't risk giving them it back with Threatfire on if this is likely to happen.
I've read lots of posts in other forums with the same or similar problems. Hopefully the developers will solve this because, at first glance, it appears to be a promising piece of software.
I tried out Threatfire and to tell you the truth I felt better without it on my system. I uninstalled it and it left a bunch of drivers still on my system. They were keylogger drivers.
PCTools is evil! if you want HIPS without a keylogger, find the old cyberhawk on a site then install it, it worked fine for me.
Anybody else noticed the keylogger alarms from other programs saying that threatfire is keylogging you? The former program(Cyberhawk) detected threatfire attemtping to keylog me!
Greetings all.
I'm surprised nobody has mentioned the excellent System Security Monitor. I agree it can be a steep learning curve - but only if you want to go "high tech" and enjoy tweaking a lot.
Unlike the two versions above in the "official" list, System Safety Monitor (SSM) has a version for Win98/ME users.
There are both the paid versions (much more advanced) and the free versions.
Free versions :
For 2000/XP - version 2 XXX. 585
For Win98 - version 2 xxx 583
For non-techincal users, the best way to configure this is to :
* First, make absolutely, totally sure your PC is compleyely free of viruses, malware etc. The best way to do this is to use several secirity applications PLUS a few online scanners
* Download the .exe file, then disconnect from the Internet
* Install SMM
* Enable ALL the modules (Registry module, .ini file module, Windows files modules etc)
* Tick the box to place SSM in "Learning Mode"
* Close SSM (it minimises to the system tray)
* Now, open all the applications and programs on your PC (or as many as possible) That's all. Just open them and close them. Internet Explorer, Outlook Express, your anti-viral program, Microsoft Word, Excel etc. In this way, SSM "learns" that there are OK programs.
* When you have done that, disable (unltick) Learning Mode and reboot your computer.
* Connect to the Internet and continue using your PC as normal.
* From this point on, there will only be a few pop-ups with warnings - which you should take seriously.
To get hold of the free version, click here:
http://www.syssafety.com/files.html
Scroll to the bottom of the page and download your free and excellent SSM HIPS!
Remember : 2. xxx .585 for XP - 2 xxx 583 for Win98/ME
And while you're there, you can also download the Help files - but be warned - they are heavy going if you want to try to be an expert! Far. far simpler to use the "learning mode" method I described above.
Good luck!
Dr. Mac
Dr. Mac,
Although it presently does not support Vista, please feel free to contact me about the HIPS from System Safety. It would be helpful if you could provide the information below when contacting me. Thanks.
I will consider reviewing security tools after being contacted personally through techsupportalert. I require the name of the product, links to its expert review sources and testimony, and your name so I may respond in kind directly if I decide to review the product or have any further questions.
I can be reached at jeffrey@techsupportalert.com
Please note: Unfortunately I lack the resources to review personal experiences with the products your submitting so please keep your emails short and to the point. Products reviewed may or may not be approved for this site so please don’t be discouraged if your pick does not make the list.
Thank you,
Jeffrey Brown
IT Security Specialist
I am an unsophisticated computer user with no security background. Can Blink interfere with the performance of my already installed Firefox 3 and iGoogle gadgets? Can I trust the Blink default settings?
Since you said that you are an unsophisticated computer user, I recommend to not try any hips programs since it may very well confuse you or may not be compatible with your other programs on your computer.
I myself would recommend process guard for expert users and people with computers with problems. It has a small footprint and is a very powerful program. It should be considered for one of the best free hips.
Process Guard is too noisy and annoying for most users.
Thats why I said it for expert users
And naturally you noticed this from the origional poster asking for help..
"I am an unsophisticated computer user with no security background."
..before you suggested "Process Guard"??
LOL, Fetching!
Adding any new software product is always a gamble. Be sure you back up your browser settings, any bookmarks or fav's, and anything else you've saved using Firefox. In fact, it's always a good idea to have a full backup of any drive your adding new software to just in case ______ (you fill in the blank). Default settings are designed to be the safest and easiest to use for the majority of users. For more specific questions regarding this product: http://www.eeye.com/~apps/modules/forum/forums.asp Thanks for your question.
I'm a little disappointed that WinPatrol has been panned here: it doesn't even have a little profile like the two main recommended programs. Gizmo used to provide bibliographical-style information about ALL programs mentioned in his articles, whether he recommended them or not.
As for WinPatrol, it eats up a very small footprint of memory, and is invaluable for systems with tight resources, unlike other programs that (for some reason) come with their own bloated skins and try to sink their tentacles deeply into the OS.
Pair it with a light, tight firewall, and you'll be eating up less RAM than a lot of these other MS Office-like, all-in-one packages, and you'll be pretty secure.
Post new comment