Help Me Decide Best combo of FW, HIPS, SB & BB - Your views

HarborFront

Level 38
Content Creator
Joined
Oct 9, 2016
Messages
2,707
#21
@HarborFront Your new setup is a bit of an overkill. Drop Avast or adroxideHIPS. Probably Avast because it will have a heavier load.
Avast AV is my AV. As for adroxideHIPS and reHIPS you mentioned they are different HIPS, right?

If I drop reHIPS then I don't have SB

Unless the new Avast uses both BB + HIPS then I'll drop adroxideHIPS (HIPS + BB)
 

SHvFl

Level 32
Content Creator
Trusted
Joined
Nov 19, 2014
Messages
2,164
OS
Windows 10
Antivirus
Emsisoft
#25
Most of us were combo crazy at one time or another. Nowadays I'd rather spectate pigeons.
I know, i used to run a lot also but there is no point. If you cover the bases you are fine. If you get infected i can assure you even if you had 100 programs running the result would have been the same.
 
W

Wave

Guest
#29
If I use adroxideHIPS (HIPS +BB) and reHIPS (HIPS + SB) I'll need to disable one HIPS. Can HIPS in reHIPS be disabled? I have spoken with @Wave and he said his HIPS/BB can be disabled.
If you're talking about mixing reHIPS with AdroxideHIPS (once it's released), there shouldn't be a problem with compatibility since reHIPS works completely differently and therefore shouldn't get in the way of AdroxideHIPS functionality. While I haven't tested it myself yet, as long as AdroxideHIPS can access the memory of other running programs then there won't be an issue.

Unless the new Avast uses both BB + HIPS then I'll drop adroxideHIPS (HIPS + BB)
I doubt Avast will release any BB/HIPS which is even close to what AdroxideHIPS is being built to do anytime soon because I think they would've done it by now if they wanted to.

is adroxideHIPS in private beta or something? Mr. Google doesn't seem to know very much about it...
Yes, it is in private testing and this is due to it still being in development. Of course I could release a beta version and have it's release launch off quicker but I don't really feel this is appropriate since not only does the first opinion of a companies software stick, but in terms of security software I believe it's important for it to be reliable and functioning correctly.

Once the product is closer to release (I would say the ETA is 1-2 months) I will have some others test it out privately, and if everything is alright then I'll be able to release it to the public (the free version - the premium version will take additional time).

Note i didn't try adroxideHIPS but if my friend @Wave it's making it there is for sure some value in using it.
Thank you for your kind words, even more reason not to release it until it's perfect, knowing that friends are waiting! Originally I wasn't going to provide the details until the development stages was closer to release, however... The easiest way to explain how my BB/HIPS product works is by mentioning the Emsisoft Behavior Blocker; for example, AdroxideHIPS can ask the user if they wish to allow a program: to inject code into another program, install a device driver/create & start a Windows Service, modify the Windows Hosts file, modify the Master Boot Record, hijack the browser (e.g. change the Internet Explorer or Google Chrome home-page), install keyboard hooks (used by keyloggers), ransomware protection (e.g. encryption attempts to files), add to start-up (e.g. via the registry, task scheduler, start-up folder, etc.), drop files to protected directories such as the start of it.Windows folder, perform unwanted system modifications (e.g. disabling of Task Manager, Registry Tools, or even UAC), and that's just the

That being said, for every BB/HIPS feature, the user can change the rule-sets to have it auto-allow/auto-block/ask the user - therefore if they want to allow a program to add to start-up but auto-block modifications to the Master Boot Record (and they can have it set to alert them when this action was auto-blocked) then that is fine.

Alongside this, I am working towards dynamic heuristics (which will also be able to be disabled at the users decision) which will log the activity and intervene only when it's very certain that the program is indeed malicious, without needing any static databases to work with... And anti-executable.

I hope the wait won't be too long for release, I'm just as excited as you are... I've been studying and working for a long time, hopefully the work will be paid off and count towards something!

Thanks for reading. :)
 
Last edited by a moderator:

HarborFront

Level 38
Content Creator
Joined
Oct 9, 2016
Messages
2,707
#31
To be honest you don't need that combo of security software.

I would just install 1 good AV/Malware suite that has exploit protection and have a few on demand scanners for back up.

Anything more is just bloat and not needed.
Yes, taking a suite is one option. However, it'll deprive me of experimenting with other software
 
W

Wave

Guest
#32
Yes, taking a suite is one option. However, it'll deprive me of experimenting with other software
You could use an Anti-Virus product for real-time/web protection (e.g. Avast), alongside with a standalone BB/HIPS product - adding on a couple browser extensions such as uBlock and HTTPSEverywhere would be clean too. That would be a pretty neat configuration.

Alternatively, you could work with isolation methods via Shadow Defender - take note that data theft can still occur when you are using this product.
 

shmu26

Level 60
Joined
Jul 3, 2015
Messages
4,972
OS
Windows 10
#33
If you're talking about mixing reHIPS with AdroxideHIPS (once it's released), there shouldn't be a problem with compatibility since reHIPS works completely differently and therefore shouldn't get in the way of AdroxideHIPS functionality. While I haven't tested it myself yet, as long as AdroxideHIPS can access the memory of other running programs then there won't be an issue.


I doubt Avast will release any BB/HIPS which is even close to what AdroxideHIPS is being built to do anytime soon because I think they would've done it by now if they wanted to.


Yes, it is in private testing and this is due to it still being in development. Of course I could release a beta version and have it's release launch off quicker but I don't really feel this is appropriate since not only does the first opinion of a companies software stick, but in terms of security software I believe it's important for it to be reliable and functioning correctly.

Once the product is closer to release (I would say the ETA is 1-2 months) I will have some others test it out privately, and if everything is alright then I'll be able to release it to the public (the free version - the premium version will take additional time).


Thank you for your kind words, even more reason not to release it until it's perfect, knowing that friends are waiting! Originally I wasn't going to provide the details until the development stages was closer to release, however... The easiest way to explain how my BB/HIPS product works is by mentioning the Emsisoft Behavior Blocker; for example, AdroxideHIPS can ask the user if they wish to allow a program: to inject code into another program, install a device driver/create & start a Windows Service, modify the Windows Hosts file, modify the Master Boot Record, hijack the browser (e.g. change the Internet Explorer or Google Chrome home-page), install keyboard hooks (used by keyloggers), ransomware protection (e.g. encryption attempts to files), add to start-up (e.g. via the registry, task scheduler, start-up folder, etc.), drop files to protected directories such as the start of it.Windows folder, perform unwanted system modifications (e.g. disabling of Task Manager, Registry Tools, or even UAC), and that's just the

That being said, for every BB/HIPS feature, the user can change the rule-sets to have it auto-allow/auto-block/ask the user - therefore if they want to allow a program to add to start-up but auto-block modifications to the Master Boot Record (and they can have it set to alert them when this action was auto-blocked) then that is fine.

Alongside this, I am working towards dynamic heuristics (which will also be able to be disabled at the users decision) which will log the activity and intervene only when it's very certain that the program is indeed malicious, without needing any static databases to work with.

I hope the wait won't be too long for release, I'm just as excited as you are... I've been studying and working for a long time, hopefully the work will be paid off and count towards something!

Thanks for reading. :)
the word that comes to mind is "awesome"
 

HarborFront

Level 38
Content Creator
Joined
Oct 9, 2016
Messages
2,707
#34
You could use an Anti-Virus product for real-time/web protection (e.g. Avast), alongside with a standalone BB/HIPS product - adding on a couple browser extensions such as uBlock and HTTPSEverywhere would be clean too. That would be a pretty neat configuration.

Alternatively, you could work with isolation methods via Shadow Defender - take note that data theft can still occur when you are using this product.
The first method is what I'm aiming for with more. As for the second it'll have a problem when software performs auto updates whether you are using SD or SBIE. Moreover, it's more suitable if you are testing malware or software
 
W

Wave

Guest
#35
the word that comes to mind is "awesome"
The reason I didn't want to give many details at the start is because a couple months ago it was no where near to release time and wasn't forming together as I had expected, so I knew if I posted anything that was "public", it'd be pointless and raise eyebrows because then everyone would be waiting and they'd see nothing for a long time. I am taking a risk by providing details now, hoping my plans go to plan... But I don't see why they shouldn't because work is going well. :)

The things I mentioned in the above post are pretty much planned for the free version, I haven't really done much thought on the premium version and it hasn't even been started yet - I can focus on that afterwards if the free version is successful and loved.
 

HarborFront

Level 38
Content Creator
Joined
Oct 9, 2016
Messages
2,707
#36
The reason I didn't want to give many details at the start is because a couple months ago it was no where near to release time and wasn't forming together as I had expected, so I knew if I posted anything that was "public", it'd be pointless and raise eyebrows because then everyone would be waiting and they'd see nothing for a long time. I am taking a risk by providing details now, hoping my plans go to plan... But I don't see why they shouldn't because work is going well. :)

The things I mentioned in the above post are pretty much planned for the free version, I haven't really done much thought on the premium version and it hasn't even been started yet - I can focus on that afterwards if the free version is successful and loved.
So far have you tested your software against RanSim Ransomware Simulator? How's the result?
 
W

Wave

Guest
#37
So far have you tested your software against RanSim Ransomware Simulator? How's the result?
No, because the independent ransomware protection module is not ready to be tested properly (in fact it's on the to-do list really). However, the Master Boot Record protection was finished recently and it's working as expected (it's been tested), therefore ransomware which targets the Master Boot Record such as Petya will simply be unable to do damage to the system without permission from the user. ;)