Best Free Intrusion Prevention and Detection Utility for Home Use (HIPS)
|
In a Hurry?
|
|
Introduction
|
|
Gone are the days when a virus was a virus and everything else was - well – different! Now known collectively as “Malware” these threats are constantly evolving and pose a serious challenge to security software. Signature based scanners give the most reliable detection results but these are limited by the frequency of their database updates. To compliment signature recognition software HIPS programs were developed which look for behavior on your PC which is “characteristic of malware activity”. The user is then presented with an alert to either allow or block the event. Some programs automate this process which can occasionally lead to problems. See my article “HIPS Explained” which deals with this and other issues in more detail. Evaluating the performance of HIPS programs is far from easy and any so called “test results” should be viewed with a degree of caution. It is straightforward enough to feed malware files to a selection of signature scanners and then count what they find to arrive at a score. AV Comparatives provides an admirable service here and the results are always consistent and reliable. There is no such definition line possible for testing HIPS software and my feeling is that some of the vendors may possibly use this to their own advantage (“hype”). Review Criteria |
|
Discussion
|
|
DriveSentry also includes a community advisory for each alert showing details of how many people have either allowed or blocked an event previously. A similar function called Threatcast is now included with Comodo's CIS Internet Security suite. Whilst this format for sharing information is always welcome, community based advisories should be viewed with a degree of caution. If an alert is presented for a new safe program and nine out of the ten people who first saw it chose to “block” then you will see a 90% advice to do the same and may be tempted to follow suit. The good thing is that with DriveSentry you can always change or remove the rule created later if you discover that something blocked is really OK to run. There are considerable options for adding extra rules but this facility is only for experienced users. The logging facility is excellent and provides an invaluable source of data for determining any changes you may wish to make to an application's access rights. Some programs bestow levels of system “invadability” upon themselves at install which they either don't need, or in some cases, shouldn't have! Only you can decide if this amount of adjustment and control is really necessary for your own circumstances. As with all rule settings, if you do make changes it's best to do them individually and then check your system functions. One error can usually be tracked back and altered fairly easily but several might take some finding! DriveSentry's own literature describes it first as being a “firewall” (for drives) and then an “antivirus” so it's little wonder that many of us end up a bit confused as to exactly what this program does! It's not altogether the manufacturers fault as it's becoming more difficult to classify the threats too, hence maybe the confusion. I've given DriveSentry our top pick award because not only does it do what it says on the box but it does it in a way less likely to cause you problems than some of the alternatives. Whilst it will automatically block and quarantine known malware, the other automated features are fully controllable, keeping you in the DrivingSeat if that's the way you want it. The GUI is easy enough to navigate and the information presented is clear and concise. Resource consumption, in particular memory use, was an issue with previous versions but this has now been fixed in this release. There is also a paid version of DriveSentry which offers automatic updates and a portable version called “GoAnywhere” aimed at USB drives, but this too is paid. The free version “trickle” updates cease after 30 days but users can still download these manually by clicking the “Synchronize” button on the options page. If DS doesn't require an update it will tell you, otherwise it will go ahead and download the latest signatures. The PDF available is not exactly what you might expect, containing just two pages similar to the web layout, but it does give some additional information. DriveSentry Security Suite In line with the trend already set by other vendors, DriveSentry have now released a "Security Suite" which combines the separate DriveSentry desktop and GoAnywhere programs. This basically adds Drag & Drop AES 256bit data encryption and File Synchronisation/backup to the features list. Users should be aware though that this package does not contain a network firewall as you might expect from the description so if you are not using the Windows firewall you will need to consider a third party application to perform this role. Despite being in direct contact with the vendor I've found this to be one of the most confusing product juggling exercises to follow, and I'm not alone as visitors to the dedicated thread at Wilders will see. This FAQ link now answers some of the questions raised since the suite was introduced. forum.drivesentry.com/viewtopic.php I guess this would be the one on most people's minds. Will you continue to support and offer updates to DriveSentry Desktop (paid & free version)? Both the suite and desktop applications are evolving products and as such have suffered less of the stability issues reported by users of comparable software. DriveSentry remains a solid choice for PC security and a real alternative to established protection methods, but do expect some bugs as the upgrades become implemented. Despite the reassurances in the FAQ above it remains to be seen which direction the "free" version of this software will eventually take.
- Attempts to access a protected registry area There is also an email and system anomaly analyzer. The thing I like most about DSA is that it can stop a lot of things but it never deletes them so in case of error you can always return things to how they were before. There is a “learning period” for this software which is adjustable but best left at it's default settings to ensure maximum efficiency afterwards. If you decide to disable this be prepared for a blizzard of popups. A little extra care is needed to monitor your system activities until after the learning period has finished, but then DSA will warn you if an application deviates from it's normal pattern of resource and system use. The alerts are displayed in the usual popup format but can be configured to remain on screen until user input determines an action. With default settings the alert will “time out” after 30 seconds and block whatever process has been flagged. Privacyware refer to this as detecting “unacceptable deviations from typical use”. In so doing DSA provides protection against viruses, spyware, Trojans, worms, rootkits and hackers. Because of it's ability to monitor incoming and outgoing Internet traffic it is also possible to use DSA to compliment your existing standard firewall application. Matousec even test this function in DSA. Whilst I wouldn't want to rely solely on DSA for firewall protection it will add another layer of security to your existing line-up. If left at default, the settings will automatically block anything trying to “phone home” should you not be at your computer when the attempt is initiated. I've been unable to dig up any real conflict issues affecting DSA ,and Privacyware who have been highly cooperative assure me that support requests of any nature for DSA are rare. The PDF available is excellent and includes screen shots. This is a pretty impressive line-up of abilities, resource usage is light, and the software deserves to be better known.
The thing that concerns me most though is that the level of program automation has been increased with the addition of “in-the-clouds black and white lists to automatically handle threats, significantly reducing user interaction”. This means it will now do more things without asking you! You may prefer to keep your feet on the ground instead of “in-the-clouds”. Maybe I'm being a little unfair as this program continues to be hugely popular but with forum posts highlighting a range of issues, some relating to the (supposed) automated removal of Windows system files I can't help but think that increasing the automation still further was a bad choice. I've never questioned the value of behavioral based detectors in a balanced security line-up but what I do doubt is the wisdom of giving them an increased automatic ability for process termination. General feedback for the new version though appears to be very positive and from personal contact with PC Tools I can confirm they are working hard on fixes for any remaining issues. Certainly browsing performance with this version shows a significant improvement. Time will tell if the major problems some have experienced with ThreatFire have finally been smoked out. Despite my reservations ThreatFire continues to be a top contender amongst the free behavioral detectors, but I am wary of recommending it for average users. Especially since the removal of the signature based virus scanner, I believe DriveSentry to be a better option. Be aware that automatic updates are not provided with the free version if you elect to “opt out” of the ThreatFire Community. The paid version does offer this option plus other flexibility, permissions for commercial use and telephone support.
No less than ten real-time shields are provided for system protection and each one can be enabled separately. An install mode is included for use when adding new software and there's a separate cookie scanner. Other features include locked file removal, file analysis, browser restoration and even a system restore function. See the full details here. There are several scan options including customized and context menu scanning. The updates are compressed to minimize bandwidth usage, and there's even free support via email and the forum. The spyware scanner is 64-bit compatible for both XP and Vista but unfortunately the Real Time Shield is not. This is planned for the third quarter of 2009. Free for home and commercial use. How do they do it!? Resource use and system impact will vary according to your component strength and what you ask Spyware Terminator to do. It is always likely to be on the moderate side but unless you have a really old computer it's worth living with. Be advised that Spyware Terminator only loads a small installer program initially (632kb) and then connects to the Internet to download the other stuff you've ticked as options. There is a separate link for downloading an off-line installer if preferred.
|
|
Related Products and Links
|
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
Delicious
Digg
StumbleUpon
Please rate this article


Subscribe to our 





I've got KIS and DRive sentry.... do I need drive sentry? Are the two antiviruses conflicting in anyway?
Should one add DSA?
At the moment I've got:
Drive Sentry
KIS
SAS Professional
Comodo Memory Firewall
As well as the WOT, COmodo Verification engine, Spywareblaster, etc.....
Any thoughts?
I think these issues have already been answered in your forum posts
"I've been unable to dig up any real conflict issues affecting DSA ,and Privacyware who have been highly cooperative assure me that support requests of any nature for DSA are rare. The PDF available is excellent and includes screen shots." - MC
Another excellent observation why Dynamic Security Agent should be THE top recommendation for the average user.
How many other free security apps can claim this? Yes, you're right..unlikely.
"The thing I like most about DSA is that it can stop a lot of things but it never deletes them so in case of error you can always return things to how they were before." - MC
This observation alone is THE reason why Dynamic Security Agent should be THE top recommendation for the average user.
DS and TF aren't pure behavioral HIPS. They're more like antivirus solutions. These should not be even on this category. DSA on the other hand doesn't require any form of database updates - perfect for dial-up users.
Thanks for the observation which is appreciated. I only wish it was more easy to classify these things into one direct category or another, but because of the crossover abilities of each application this isn't always possible.
Maybe a "revised review" will be in order when the new version of DSA hits us shortly. By that time the updated version of DriveSentry may also be with us together with clearer details about how much of it will be staying "free". Once we get to this point I'll look at the whole category again.
ThreatFire 4.5 the NEWEST build
For no apparent reason it disabled start task manager and made my vista sp1 unusable - meaning I could not run ANY of my programmes.
I had to run system in safe mode and uninstall it - works fine now.
What a pity cause I liked the software verrrry much...
Thank you for sharing this information which unfortunately is typical of this software.
Many users are able to install it without issue but for others it causes problems.
Because you like it so much it might be worth posting your circumstances and system details on the PC Tools forum to see if the mods there can help you and/or others with a similar situation.
Commercial Russian HIPS (Safe n Sec) on Giveawayoftheday (9th June)
http://www.giveawayoftheday.com/
PC Mag reviewed ThreatFire 4.5:
http://www.pcmag.com/article2/0,2817,2347573,00.asp
This is the key part of their editor's review - and he uses ThreatFire himself.
"Makes user decide whether to allow potentially malicious unknowns. Not enough information about behavior of unknowns"
As I've said many times what is the use of finding stuff you then don't know what to do with? Users certainly need well above basic system knowledge (including the correct location for Win system files) to avoid deleting stuff that's needed to keep their PC alive. I'm not disputing it's benefit as a complimentary partner to other software in the hands of experienced users but for average folk I still think DSA would be a safer alternative, or DriveSentry if you wanted something a little more comprehensive.
I've run ThreatFire for quite a while and I've rarely had any pop ups. Personally I've ThreatFire to be more user-friendly HIPS than DriveSentry.
ThreatFire is certainly more user friendly in that it requires less work but then what it achieves in terms of overall security is far less. Threatfire is designed to be complimentary software whereas DriveSentry is a front line solution. As such it's cover is far more comprehensive and it's configurablity options more wide ranging.
It's also poor judgment in my opinion to choose security software on the basis of it's popups. You cannot have security without them and I feel the time would be better spent in understanding their meaning and what triggered the event, rather than counting how many one application has compared to another.
ThreatFire 4.5 is out!
http://www.threatfire.com/updates/
Have you tested winpatrol?
Winpatrol is not really a HIPS.
Midnight-- I'm trying to understand all of this. Will you let me know if I seem to be getting things right? I'm not 100% sure if I'm missing something or, at the other extreme, reaching overkill.
I have a new HP Pavillion dv5(2 GHz Intel Dual Core Processor, 4 G Ram) running Vista SP1 64... that's all I can think of off the top of my head. I usually use FF (with WOT, AdBlock Plus, CookieSafe Lite, KeyScrambler Personal, and some other add-ons... that do slow FF's loading), but, when I just want to check something in a hurry, I open Opera with nothing added. I don't do a lot of gaming or visit porn, etc. sites, and I try to follow the security advice I've read re: downloading, pics/links in emails, not logging in as administrator, keeping my software updated, etc. On the other hand, I'm constantly downloading and trying new/beta software, web 2.0 type sites, and FF add-ons; plus I use public WiFi a lot, and I also have four teenagers who occasionally borrow my laptop.
After doing some reading, I equipped my laptop with Avira plus Comodo Firewall (w all that it included... Defense+, SafeSurf, & BOClean). I disabled Windows Firewall but not Windows Defender, and I added SuperAntiSpyware for on-demand scans. That seemed to cover Antivirus, AntiSpyware, & Firewall, so I stopped there. Now I'm reading about HIPS software and programs like Sandboxie. I *think* that extra HIPS software would be overkill, since I've already got Comodo's extras, especially Defense+. I can't use Sandboxie on a 64-bit system, so I was thinking about Geswall. Does that sound right? I'm also wondering if any of what I'm using makes KeyScrambler redundant. Do you have any other suggestions?
Thanks so much for your time!
Well, you're right about the HIPS. Adding something else in with CIS would not only just be overkill but likely to give you BSOD's as well! Defense+ of course also includes the integrated memory firewall as well as BOClean and in my opinion remains the best HIPS component available.
I know I must sound like an old record because for most users I'm always questionning the need for Windows Defender, or indeed any form of realtime spyware protection. SUPERAntiSpyare is perfectly good enough for most people on it's own.
In theory you would be adding another layer of protection with isolation software but both Sandboxie and Geswall are far from easy to manage and with four teenagers using your laptop I feel that adding Geswall would invite more problems than it would solve.
Your description of browser choice is excellent. I think that by editing the Dr. Web script into Opera's default directory you can achieve a better rendering speed and security with Opera more easily than loading Firefox up with addons and extensions, but that's just my personal preference.
Overall, what you already have is an efficient and above all manageable solution. Try to resist the temptation to be sucked in by all the vendor hype surrounding PC security and start seeing spooks in every file! The short answer to a total security solution for Windows is always going to be Linux, but as this isn't a practical step for most of us what you are already doing is the next best thing.
When I tried to install DSA on Vista the message that the program is incompatible with this version pops up.
I'm assuming that is happening because I installed Vista SP2 yesterday.
I installed DSA on a friends computer last night without Vista SP2 and it went fine.
You are correct. A new version of DSA is due out shortly which will fix this and some other issues with Vista. It will also produce fewer alerts and have improved performance.
Will it then also work on Win 7 RC? Had the same incompat message.
No idea - but I've emailed Greg at Privacyware today and I'll post his answer for you (and other potential W7 users).
OK- the updated news from Privacyware is this: The new version of Privatefirewall which is W7 and Vista64 compatible is now in Beta and will require a few weeks of testing before being released. During this time Privacyware will be deciding whether to make the firewall freeware (and so scrap DSA) or if not, the new drivers will be incorporated into DSA as well. I hope that the former becomes the case because in terms of protection v system compatibility Privatefirewall is the best software available. Sure if you want to pass a few more leak tests you can pick Comodo or OA but then you also have to contend with the issues as reported in their forums.
Thanks for that news MC. Was looking for a light prog mainly to alert (allow/disallow) for outbound connections, to compliment NAT router firewall and Win7 RC firewall. i.e. something like Vista Firewall Control (sphinx-soft.com), but free VFC doesnt cover 'system' connections.
No problem. It's also worth noting that Privacyware are doing their beta testing 'in house' and not chucking it out into the public domain for us to do it for them. I've long maintained that merely releasing stuff with a beta tag 'warning' is not acceptable for mainline security applications. No matter what is said people will use this stuff and ultimately end up either getting in trouble themselves, or inadvertently spreading it to others.
geswall management system could not be easier.
see for yourself.http://www.youtube.com/watch?v=PBKNHBl-yos&feature=channel_page
I made the Geswall comment on the basis that four teenager were borrowing the PC in question. This is the warning that appears on the Softpedia page for Geswall.
"NOTE: Only for advanced users. Please be very careful. Your operating system may not start anymore!"
This is why I did not think the risk was worth taking for these particular circumstances.
And this appears on softpedia page for geswall:
"Easy to use - fully non-intrusive, no configuration required".
This warning "Please be very careful. Your operating system may not start anymore!"applies to the majority of free software.
Geswall is one of the best programs I have used and recommend it to anyone.
I'm sorry but this type of warning does not apply "to the majority of free software", and again, my original comment was made on the basis that four teenagers were to be borrowing this machine and using Firefox which does have some issues with GeSWall as illustrated here.
http://www.wilderssecurity.com/showthread.php?s=37a58f0793c47d6e8aa97fb0...
This is typical of other user comments you will find on the web.
"Secure your online World"
by cutewave on April 24, 2009
Pros: Light and compact
Great protection against various threats
Cons: Not user friendly
Difficult to configure
Summary: This is a good free security application if you are an IT experts or advanced users.
Thanks so much for your help! I didn't realize that BOClean was integrated with CIS, and, somehow, I had both, so I was able to delete BOClean.
Yes, I have heard different opinions about Windows Defender, and, honestly, I've disabled and enabled it several times.... You must be right about the temptation to be sucked in by hype. I think it started after my (now 14 year old) discovered Morpheus and Limewire and brought my old desktop to a screeching halt. That's when I started learning about system security and maintenance.
Do you make your statement about realtime spyware protection because CIS now has such strong HIPS protection? I know that, when I first started reading about this stuff (a few years ago), I kept hearing that I needed this software for antivirus, that for antispyware, another for antirootkit, etc. Did HIPS change that, or was it overkill then, too? With Avira and CIS, I will probably take your advice and disable Windows Defender.
Last question: What do you mean by editing the Dr. Web script into Opera's default directory?
I am still something of a beginner, but I love learning, and partitioning, virtualizing, isolating, and proxy-ing interest me right now. (Just because I want to learn.) I think I spend more time configuring my system than using it. :)
Again, thanks for all of your help!
Well, first off spyware has to get in before it can get your stuff out so concentrating on preventative measures is better than hunting for it after it's arrived. In so far as real time protections for anything are concerned then you will always have the issue of user input. I've said many times that a lot of the infected PC's I see all have things like Kaspersky, Comodo, Nod32 etc., but if you allow something that should be blocked then it's in! Second, is there anything on your PC worth stealing? If not, why worry, just use an on demand scanner like SUPERAntiSpyware to get rid of it. If you do have sensitive files on your PC maybe letting four teenagers loose with it is not such a good idea and by far the safest remedy would be to convert the whole thing to Ubuntu.
On the assumption that you stay with Windows though, yes as you say the HIPS component in CIS is excellent. Any spyware that did manage to creep in would need to activate itself to get out at which point Defense+ would offer an alert. Problem solved.
Rootkits are another issue that it's possible to become obsessive about although in terms of causing system damage they can be amongst the most destructive. Avira 9 has good rootkit protection and an on demand scanner like Sophos is good for a second opinion. There are other more effective detectors like GMER but you would need considerable system knowledge to interpret the results.
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
The Dr. Web feature is not so easy to use with Opera as Firefox where it's available as a self installing plug-in. You can however edit your default Opera directory manually to enable the function with a right click from the context menu. This explains how to do it.
http://www.freedrweb.com/browser/opera/
It does take a bit of navigating to scroll down the list until you find the sections you want to edit, but it's straightforward enough so long as you take your time. If you think you're made a mistake just exit without saving. Even with a complete mess up you can always reinstall Opera so no harm done. This will then enable you to check the integrity of any download link before you instruct the download.
It's good to see you enjoy your PC for what it is (in your case) a media, entertainment and learning tool. I too spend a lot of time doing things with mine that are of no Earthly use to anyone or anything, but I love doing it! I often spend ages configuring rules into different firewalls and then the same amount of time afterwards trying to figure out why nothing connects!
DriveSentry free/suite
This link now answers the questions most of us have been asking since the new suite was released. I will be updating the review here to include the suite as soon as I get a chance to run it.
http://forum.drivesentry.com/viewtopic.php?f=6&t=290
Is ThreatFire a HIPS? I thought it was a behaviour blocker?
From what I can tell, HIPS is just a super-duper behavior blocker that comes with less pre-set "bad behaviors", letting you decide what's bad. This article is pretty good: http://antivirus.about.com/od/antivirussoftwarereviews/a/hips_behavior.h...
Many applications now combine technologies making it difficult to place them into one specific category or another. They've evolved in this way because the malware they protect against has too. PsychEroc's own interpretation is pretty spot on and the article he's linked for you is a great source.
DriveSentry have now released their new security suite, although users are reminded that this does not contain a network firewall like most other software using this description.
http://www.drivesentry.com/AntiVirus-download-free-Firewall-products-for...
They have also confirmed that a free version will continue to be available and that this can be updated manually as before.
Hi MidnightCowboy! Just curious, have you heard any word as to when to expect the next new version from DSA? I'm going to install a new OS in the near future & it would be nice to try out the new version on my existing OS as now would be a good time for trying out experimental software! As always, many Thanks!
Hi
I'd like to have more news but as yet I don't. I was told it would be a "few weeks" and that was well, a "few weeks" ago! I was last in contact with the vendors just a few days ago and I know they are considering other issues too at the moment which might be holding DSA back. In addition to this there is work being done on the firewall for Vista 64, IPV6 and performance improvements and I guess they want to release the whole package at the same time. As the DSA component is part of Privatefirewall anyway, this could well be the reason.
DriveSentry competition winning entries now posted in the forum.
http://www.techsupportalert.com/freeware-forum/security/709-drivesentry-...
does anybody use xp home edition firewall with dynamic security agent? just wondering how good that combo is. should i stick with comodo internet security instead? thanks
me again. if i use xp firewall for inbound protection and use dynamic security agent for outbound protection, as good as CIS? worse than CIS? thanks
This really depends on how much value and importance you need to attach to having outbound protection. Everyone's needs are different. I have always looked on this feature in DSA as being a "bonus" rather than a specific reason for having it. In real terms CIS will offer far more protection especially for threats like ARP poisoning, and of course you have the logs and other monitoring features so you can actually see what's going on in real time and review the history afterwards. I am currently trialling CIS (again!) on one machine and the RC2 beta of 3.9 finally seems to be fixed unless you happen to have Vista where there are still a few issues to iron out. The final 3.9 is due out on May 12 and I would wait for this. I think this would be your best solution. Don't forget to check the Windows Security Centre with a CIS install because currently it is not disabling the Windows firewall by default so you need to do this manually.
how much value or importance should i have on outbound protection? i always thought the biggest reason for not using the built-in firewall was for that reason.(no outbound protection) would dsa and the xp firewall use less system resources? thanks
I guess the question to ask yourself is do I have anything residing in my computer that would adversely affect my life if it got out? If you do have sensitive files then a good third party firewall/HIPS combination is designed to at least alert you should data theft malware get in by some means and attempt to 'phone home'. Nothing of course is guaranteed and as I've said many times before human interaction remains the biggest threat when presented with an "allow" or "block" choice button. At this level system resource use ceases to become a relevant issue but for an example the system I am using here with Comodo CIS beta 3.9 (RC2) is recording an average memory use of 9.2MB for the firewall and Defense+ components, which is very low. Bear in mind that this version now has the former BOClean (Trojan) module integrated too. When I briefly tested the new version of Outpost Free for instance the memory use was nearly three times this for a lot less protection. I don't have the AV part of CIS installed.
Personally I don't think it's important. If malware is already active in your system you're already in big trouble. But if you simply prevent malware that won't happen unless you'r exceptionally unlucky.
MIDNIGHT I was wondering how your trial of DS Drive sentry is going? Do you recommend running DS with Avira Personal or as a stand alone alone side a firewall of coarse. I have noticed that there is a little bit of a pause at times when I run both. I have the settings on avira set to high. Is drive sentry a better approach to complete protection? I also use webroot desktop free I like it better than most of the other free firewalls meantioned on here runs best for me. I've always found that my system doesn't really like comodo or Online armor but Pc tools is ok I guess. My laptop is finiky when it comes to security software. I love avast its only a bit shy of avira. Avira detection is 99.7% and avast's is %98.3 thats not a big difference to me really for more complete protection. 1.4% difference.
I know of users who run DriveSentry and Avira together with no issues. Like all vendors DriveSentry do not recommend running two AV components at the same time but they have also told me that doing so with Avira will not cause any conflicts. There are still no test results available for DriveSentry from the popular providers but the feedback on Wilders is very good. You might find this link interesting though:
http://www.virus.gr/portal/en/content/2009-04%2C-09-10-april-hips-antian...
If you do a straight scan of inactive samples then DriveSentry will not find as many as Avira or Avast!, but it is finding 100% of what tries to run which is what it's designed to do. In this respect you could make an argument for it being a better option although the lack of trickle-feed signature updates after 30 days with the free version is also a point to consider.
DriveSentry are releasing a brand new suite in the coming weeks which should be very interesting.
Surely GeSWall should appear is this category, and not the "best browser protectors" category?
Inevitably there will always be an amount of crossover or overlap between software in terms of both features and objectives. You could even maybe make an argument for a separate sub-category to cover this type of application. Primarily though GeSWall employs an isolation policy which is not a recognized HIPS function.
This definition is from wikipedia
"A host-based IPS (HIPS) is one where the intrusion-prevention application is resident on that specific IP address, usually on a single computer. HIPS complements traditional finger-print-based and heuristic antivirus detection methods, since it does not need continuous updates to stay ahead of new malware. As ill-intended code needs to modify the system or other software residing on the machine to achieve its evil aims, a truly comprehensive HIPS system will notice some of the resulting changes and prevent the action by default or notify the user for permission"
Although the results aim to be the same the method here is different in that GeSWall imposes a blanket isolation policy on internet facing apps by default at the outset.
Can you do a review on Geswall freeware.Great product!!!
http://www.youtube.com/watch?v=PBKNHBl-yos&feature=channel_page
Thanks!!
See:
http://www.techsupportalert.com/best-free-browser-protection-utility.htm