Get our latest top picks
Subscribe to our Top Picks RSS Feed or enter your email address below to get the feed delivered to you by email:
|
Follow Gizmo |
 |
 |
 |
Register/Login
Top Rated
Gizmo's Freeware is Recruiting
We are looking for people with skills or interest in the following:
- Mobile Platform Reviews
- Rootkit Scanner and Remover
- Streaming Media Recorder
- Email Client
- Archive Manager Interested? Click here
Best Free Intrusion Prevention and Detection Utility for Home Use (HIPS)
|
In a Hurry?
|
|
|
Go straight to the |
Introduction
|
|
Gone are the days when a virus was a virus and everything else was - well – different! Now known collectively as “Malware” these threats are constantly evolving and pose a serious challenge to security software. Signature based scanners give the most reliable detection results but these are limited by the frequency of their database updates. To compliment signature recognition software HIPS programs were developed which look for behavior on your PC which is “characteristic of malware activity”. The user is then presented with an alert to either allow or block the event. Some programs automate this process which can occasionally lead to problems. See my article “HIPS Explained” which deals with this and other issues in more detail. Evaluating the performance of HIPS programs is far from easy and any so called “test results” should be viewed with a degree of caution. It is straightforward enough to feed malware files to a selection of signature scanners and then count what they find to arrive at a score. AV Comparatives provides an admirable service here and the results are always consistent and reliable. There is no such definition line possible for testing HIPS software and my feeling is that some of the vendors may possibly use this to their own advantage (“hype”). Review Criteria |
|
Discussion
|
|
Malware Defender was formerly a commercial program, but this excellent HIPS changed ownership a while back and a new version was released as freeware. The sequence of events relating to this event is set out quite nicely here if anyone is interested. Just follow the thread through.
In addition to the usual file, registry and application modules, Malware Defender also provides network protection should you choose to enable it, including a connections monitor. This makes it the ideal companion for anyone using Windows own firewall, but wanting more detailed control. It also scores very highly in the Matousec tests for those inclined to value the results. It was difficult to know exactly where to place Malware Defender in terms of a review rating. For what it does it's an excellent performer but the complexities of using it make it unsuitable for average users. Mistakes can be rectified by changing rule permissions from the log entries, although if you've already denied a vital system function, your screen might now be empty!
WinPatrol has many advocates and has recently been upgraded to achieve greater compatibility for Vista and Windows 7 users. It's main objective is to warn you about alterations to your system which may be malware generated. It does this by taking a snapshot of your system settings and alerting you to any changes. WinPatrol operates using a heuristic approach which makes it more likely to find new malware than traditional signature based scanners which are heavily reliant on updates. WinPatrol will alert you to new program activations as well and is effective across a whole range of malware including worms, trojans, cookies, adware and spyware. Even stuff designed to replicate itself on your system is with WinPatrol's reach. You can also use WinPatrol to filter unwanted cookies and IE add-ons. An added bonus is that WinPatrol will also deal with the problems it finds so you won't need another program to do this for you. As of V19.0, WinPatrol becomes a "Cloud Edition". Mostly the extra features will only benefit users of the paid Plus version. One part of the WinPatrol Cloud though is a poll where the WinPatrol community of users can provide personal feedback on files that are detected. The poll data will be available to both FREE and PLUS users. The author, Bill Pytlovany, provides support and has an interesting comments and resource blog here: http://billpstudios.blogspot.com/
The program now also includes: Process Launch Monitoring, Folder and File Hooking, EMailing of Alerts and Quarantining of Files and Directories. There is an active thread for this software at Wilders forum here: http://www.wilderssecurity.com/showthread.php?t=54666 The author, Mark Jacobs, also maintains a range of other free software on his website and will respond to emails for support if requested. |
- Article type:
- Login or register to post comments
Printer-friendly version
Comments
I admit myself that I can't really understand the direction that this company is meant to be going in. Just when I'm ready to have a category re-think they come up with a burst of activity to keep me interested. This has happened twice now but I am definitely running out of patience.
On a personal note, if you care to register here and then send me a PM via the forum I'll take your situation up directly with the vendor. For obvious reasons they won't entertain a request about an anonymous post.
Does Winpatrol need any special tweaking for optimum performance/protection once installed?
WinPatrol is fine at its default settings. All security software is designed to install at an "optimum" level, i.e. one which the devs have determined to offer the best protection for the most people on the majority of average systems. Of course advanced settings are possible, but unless your knowledge of Windows (or in the case of firewalls, networking) is at a sufficiently high level then these are best left alone.
Could someone please tell me if I can use DriveSentry with my existing AVG 9 and a firewall? I remember reading (here?) a while back that if you had DriveSentry you had to turn off any existing installed AV or firewall program -- or is that only if you have a firewall with a HIPS component enabled...? Thanks.
I don't have any personal knowledge of compatibility with AVG because I've never used it. You can always try installing DriveSentry because it will warn you if AVG is not compatible and you can then abort the process. In this case you could try WinPatrol instead which is widely regarded.
I think I'll try the little "watch dog" with my avira and PC tools firewall plus. Sure is a lot of good feed back on WinPatrol.
Like to ask further...I was using threatfire but it seemed to slow my system down somewhat. Not so with winPatrol along with avira and pc tools firewall plus. Question is do threatfire and winPatrol perform the same functions basically ?
Ultimately both are seeking to achieve the same thing although the way they go about this is somewhat different. Threatfire contains behavior analysis technology designed to watch for actions typical of and possibly caused by malware.
WinPatrol still takes a heuristic approach to the same subject but is far less involved with your system than Threatfire which is why, in general, people have less issues with it. With your current setup, WinPatrol will be more than adequate to partner the programs you already have, all of which are excellent choices.
I'm sure you won't be disappointed. Even gets an excellent status in the review at Softpedia which is one of the better sites for such things. The version reviewed there is not the latest either so none of the recent improvements will have been considered. There are two roads to go down with this type of software. You can do it the hard way with old stuff like System Safety Monitor or EQSecure, or you can do it the easy way with WinPatrol. OK, so there's no real comparison with the individual component control possible but for most folks the end result will be the same, but the headaches a lot less!
I've been trying out Scotty of late and find it very light and especially excellent on XP. But I get mixed results on Vista. For some reason it won't detect some types of scheduled tasks. It fails to stop Secunia PSI from secretly infiltrating the task scheduler, and it never picked up my manual task with Ccleaner. It stopped Secunia on my XP system though.
Thanks for the feedback. I'll take this up with Bill and let you know what he comes back with.
This is Bill's response now from WinPatrol which others might also find of interest.
"Starting with Vista, Microsoft introduced Task Scheduler 2.0. Luckily, Microsoft made Task Scheduler more secure so it hasn't been a priority to add monitoring to WinPatrol. Under the original Task Scheduler an attack could be introduced by just adding a .job file in the right location. Vista and Windows7 still support the original Task Scheduler model for compatibility so it's still monitored by WinPatrol.
I'm not sure what manual task was done using CCleaner but Scotty would not have objected to a user choosing to run an application unless it tried to embed itself in the registry. WinPatrol monitors particular registry entries which allow programs to become resident. If we monitored any registry change users wouldn't like the performance"
Thanks, MC/Bill. It was CCleaner.exe /AUTO, by the way. The reason I thought it was odd is that it detects Defraggler's automatically added task (df.exe C: /ts) but not Secunia's (psi.exe --start-in-tray). Though it just detects Defraggler to the extent that it lists it in its manager; Secunia & CCleaner don't appear at all.
Windows Defender, of all programs, does detect the Secunia task scheduler change and prompts me about it.
All of the programs are excellent and known to be safe, of course, but many users know zero about the task scheduler and would be stuck with extra programs loading at every startup. Many Vista Home editions bog down enough just on their own and I usually find a bunch of startup programs as the first thing I have to manage to try to make the computer (sort of) fast again (which is rarely successful to my satisfaction in home editions for some reason). I would think WinPatrol would be interested in managing the startup/task-scheduler as much as providing protection, as a multi purpose utility, and to alert the user of "changes that may occur without your knowledge".
For example, a common way to avoid startup popup alerts in Vista (from the UAC) is to use the task scheduler to autostart a program (which is what Secunia does).
It's still a great little program and will remain in my portable reserve, but it probably won't make the cut for me as an installed program on Vista (I will continue using it on XP probably).
Thanks for the work MC.
Note: Current WinPatrol version is 17.1.2010.0
Thanks for the jolt - I've changed it. I'll try to get round to checking the others too because I'm pretty sure that the version of ST at least has also changed. If only there were 25 hours in the day........
Hi MC! I've got a question pertaining to MJ Reg Watcher. When you said... Installation is not required, simply run the program from whichever directory you un-zip it to. Where you referring to Program Files Directory or Windows Directory? Mark mentions to make a shortcut to C:\MJRegWatcher\RegWatcher.exe which sounds like its extracted to the Windows Directory. Also, to make Reg Watcher start up with WindowsXP, should I copy/paste the Reg Watcher.exe into the Start folder in the all programs menu? Thanks alot as always!!
Hi
I keep all of these things in my program files, or at least I did because MJRW won't work on my new system. If you create a new folder for it in Programs and unzip the contents into this, then you can open the folder, right click on the file and then "send to desktop - create shortcut". The auto start can be configured from the options menu after you start it for the first time with the shortcut.
hi i was wondering what would be the best hips for a 64-bit os?
For a lightweight compliment to your existing security software then WinPatrol is stable and able. I've run it extensively now without a single negative issue to report. The best possible solution in my opinion would be CIS (Comodo) but then you probably already have another firewall which you don't wish to change.
Are there any known conflicts between Winpatrol Plus and Microsoft Security Essentials?
Thanks
Scotty works and plays well with others.
I've been running both successfully under Windows 7 since early beta of both. While there may be some redundancy there are no problems.
There was a comment about WinPatrol still having a more classic user interface look. One of the reasons WinPatrol is so compact and quick is I didn't spend a lot of time on fancy graphics or transitions. The result of a simple interface is great performance and it provides support for many Enabling devices like screen readers.
Thanks,
Bill
Thanks Bill. Now that's what I call support!
Thanks by the way Bill for contributing here. Much appreciated.
To change the theme a little and go back to WinPatrol, I have a comment or two about that software. It enjoys a very good reputation and has been around for a while but I have noticed a couple of things about winpatrol that I do not like. For a short background, I have always been extremely unhappy (being diplomatic) with IE creating the index.dat files. With the "enhancement" to XP the alterations I had made to ME to drastically reduce these files would no longer work. So I began using another browser and basically buried Internet Explorer (Only needed for sites that believe their existence depends on IE). The results: better security, easily removable items that point to where you have been on the internet and very little, if any, build up of the "index.dat" files. (Again, these files have been one of my pet peeves).
If you use winpatrol, it has a tendency to favor IE and will, all of a sudden, create a build up of index.dat files for just about all your security software. As index.dat is one of the major contributors to my irritation level, I removed winpatrol. Index.dat files are back to virtually nothing.
Reckon I got a little verbose on this one.......sorry about that. Other than that, the program does a good job but needs to be altered to recognize the browser that is actually being used on the system. One would think that the authors would be aware of this issue but perhaps they are not concerned. The other option is that people consider things like index.dat files trivial. So be it but I will not accept having any software creating files I do not want or need and then making it difficult for me to eliminate.
Have a good day (tomorrow).
Dazeydog,
I welcome you to send your comments to support@WinPatrol.com. To be honest I'm a little confused about your index.dat file comment. The only index.dat file I know of is related to IE cookies. This file is related to IE cookies. This file should be reduced automatically by Windows depending on your settings for how often your cache is cleaned up. I recommend keeping your default Temporary Internet Folder size to a smaller number than the Windows default.
If you use other browsers you may be happy to hear WinPatrol 2010 now includes support for Firefox 3.x and even Chrome.
Bill
Thanks for your input dazeydog. As I have only just added WinPatrol to my review I am still learning about it's capabilities myself. This plus I tend to use my Ubuntu partition more than Vista which limits my exposure to the software. I've actually approached the author and asked him if he would like to contribute here or at least respond to your comments. Depending on the response I get I'll post the details here and maybe open up a thread in the forum for WinPatrol too.
Drive Sentry have just released V3.4.0.20 of their free desktop version. There are no new features but I'm informed that improvements have been made to existing components in several areas.
Users of the previous version please note that there are no time limited automatic updates as before. From V3.4 the free version requires updating manually.
I can't install Drive Sentry on W2K because the install throws up an error message right at the beginning:
"Drive Sentry requires the Filter Manager in order to operate. Please install the latest Service Pack for your operating sytem."
The install continues but I assume it is not 100%, so I terminate it.
I have W2K SP4 Rollup1 - which is the latest version of W2K. So it looks like DS doesn't work on W2K?
chris.p
Received confirmation from Drive Sentry today that V3.4 Desktop "should" still work on W2K assuming SP4 or above. I've asked for a bit more detail than this as "should" is something I don't understand. Either it does or it doesn't.
Thanks for the feedback on this. According to their website DS is still compatible with W2K but I'll mail their support for confirmation. I've not found them too responsive of late, in fact there doesn't seem to be very much activity at all.