PDA

Просмотр полной версии : HIPS



Sjoeii
27.11.2007, 14:26
Do you believe in a seperate HIPS/ IDS?

Do you use one?

NickGolovko
27.11.2007, 14:55
I do. HIPS is a strong solution to resist malware but it requires expert knowledge.

Sjoeii
27.11.2007, 15:04
What program are you using ?

XP user
27.11.2007, 15:20
Do you believe in a separate HIPS/ IDS?

Do you use one?
I believe in not downloading/installing malware and other programs you don't want/need. When such programs got onto your OS, it's Russian roulette whether your HIPS/IDS will be able to do anything or not. Most of the time, that kind of programs will just react to legitimate processes that were meant to be. I don't see any need for cryptic alerts about those.

I also believe in bare-bones program configuration; any functions you don't need should be disabled until you really need them. Any programs, modules, or services that come with the OS, and which you don't use should be either removed or disabled.

I don't use HIPS/IDS, nor do I use any other types of real time 'protection'. I do have a set of tools by sysinternals to check the integrity of my OS.

Paul

Ultima Weapon
30.11.2007, 20:34
I believe in HIPS a lot. It is the first defense against mallware, your main & your on demand scanners your 2nd defense & finally ISR ( immediate system recovery) your final defense when everything fails!!


All antivirus & antispywares & ISR
Default Allow..... then try to catch the MALLWARES...and all antivirus & antispywares only catch the MALLWARES they know (even so called heuristic, packer/cryptor & suspicious) is just a glorified or just really different signature based default allow system) It works on a blacklist system by detecting mallware by its signature database ,heuretics. packer/cryptor & suspicious detection methods. ISR-softwares remove all known & unknown malware on reboot, which is usually very short & also ISR softwares prevent any changes into your system partition.

Firewalls with HIPS(HOST INTRUSION PREVENTION SYSTEM)
work with

Default Deny... your name is not in the list you are not coming in...It work on a whitelist of approved applications.