Battle Best combo of FW, HIPS, SB & BB - Your views

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
Hi

I have CFW with EAM in one tablet which covers FW, HIPS, SB and BB

Now, I have a 2nd tablet coming and I would like to try another combo. Below are some combos which need your views

1) Avast Internet Security (FW + BB + SB) + adroxideHIPS (BB + HIPS)

2) Xvirus Personal Firewall Free (FW) + Avast AV (BB) + reHIPS (HIPS + SB)

3) DefenseWall Firewall/HIPS (FW + HIPS + SB) + Avast AV (BB)

Notes :-

a) adroxideHIPS and reHIPS have no stable release yet
b) I believe the new Avast has BB which replaces its HIPS. Needs confirmation.
c) How's DefenseWall's compatibility with Win 10 64-bit?

Thanks
 
Last edited:

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
@HarborFront Your new setup is a bit of an overkill. Drop Avast or adroxideHIPS. Probably Avast because it will have a heavier load.
Avast AV is my AV. As for adroxideHIPS and reHIPS you mentioned they are different HIPS, right?

If I drop reHIPS then I don't have SB

Unless the new Avast uses both BB + HIPS then I'll drop adroxideHIPS (HIPS + BB)
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
Most of us were combo crazy at one time or another. Nowadays I'd rather spectate pigeons.
I know, i used to run a lot also but there is no point. If you cover the bases you are fine. If you get infected i can assure you even if you had 100 programs running the result would have been the same.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Avast AV is my AV. As for adroxideHIPS and reHIPS you mentioned they are different HIPS, right?

If I drop reHIPS then I don't have SB

Unless the new Avast uses both BB + HIPS then I'll drop adroxideHIPS (HIPS + BB)
is adroxideHIPS in private beta or something? Mr. Google doesn't seem to know very much about it...
 
W

Wave

If I use adroxideHIPS (HIPS +BB) and reHIPS (HIPS + SB) I'll need to disable one HIPS. Can HIPS in reHIPS be disabled? I have spoken with @Wave and he said his HIPS/BB can be disabled.
If you're talking about mixing reHIPS with AdroxideHIPS (once it's released), there shouldn't be a problem with compatibility since reHIPS works completely differently and therefore shouldn't get in the way of AdroxideHIPS functionality. While I haven't tested it myself yet, as long as AdroxideHIPS can access the memory of other running programs then there won't be an issue.

Unless the new Avast uses both BB + HIPS then I'll drop adroxideHIPS (HIPS + BB)
I doubt Avast will release any BB/HIPS which is even close to what AdroxideHIPS is being built to do anytime soon because I think they would've done it by now if they wanted to.

is adroxideHIPS in private beta or something? Mr. Google doesn't seem to know very much about it...
Yes, it is in private testing and this is due to it still being in development. Of course I could release a beta version and have it's release launch off quicker but I don't really feel this is appropriate since not only does the first opinion of a companies software stick, but in terms of security software I believe it's important for it to be reliable and functioning correctly.

Once the product is closer to release (I would say the ETA is 1-2 months) I will have some others test it out privately, and if everything is alright then I'll be able to release it to the public (the free version - the premium version will take additional time).

Note i didn't try adroxideHIPS but if my friend @Wave it's making it there is for sure some value in using it.
Thank you for your kind words, even more reason not to release it until it's perfect, knowing that friends are waiting! Originally I wasn't going to provide the details until the development stages was closer to release, however... The easiest way to explain how my BB/HIPS product works is by mentioning the Emsisoft Behavior Blocker; for example, AdroxideHIPS can ask the user if they wish to allow a program: to inject code into another program, install a device driver/create & start a Windows Service, modify the Windows Hosts file, modify the Master Boot Record, hijack the browser (e.g. change the Internet Explorer or Google Chrome home-page), install keyboard hooks (used by keyloggers), ransomware protection (e.g. encryption attempts to files), add to start-up (e.g. via the registry, task scheduler, start-up folder, etc.), drop files to protected directories such as the start of it.Windows folder, perform unwanted system modifications (e.g. disabling of Task Manager, Registry Tools, or even UAC), and that's just the

That being said, for every BB/HIPS feature, the user can change the rule-sets to have it auto-allow/auto-block/ask the user - therefore if they want to allow a program to add to start-up but auto-block modifications to the Master Boot Record (and they can have it set to alert them when this action was auto-blocked) then that is fine.

Alongside this, I am working towards dynamic heuristics (which will also be able to be disabled at the users decision) which will log the activity and intervene only when it's very certain that the program is indeed malicious, without needing any static databases to work with... And anti-executable.

I hope the wait won't be too long for release, I'm just as excited as you are... I've been studying and working for a long time, hopefully the work will be paid off and count towards something!

Thanks for reading. :)
 
Last edited by a moderator:

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
To be honest you don't need that combo of security software.

I would just install 1 good AV/Malware suite that has exploit protection and have a few on demand scanners for back up.

Anything more is just bloat and not needed.
Yes, taking a suite is one option. However, it'll deprive me of experimenting with other software
 
W

Wave

Yes, taking a suite is one option. However, it'll deprive me of experimenting with other software
You could use an Anti-Virus product for real-time/web protection (e.g. Avast), alongside with a standalone BB/HIPS product - adding on a couple browser extensions such as uBlock and HTTPSEverywhere would be clean too. That would be a pretty neat configuration.

Alternatively, you could work with isolation methods via Shadow Defender - take note that data theft can still occur when you are using this product.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
If you're talking about mixing reHIPS with AdroxideHIPS (once it's released), there shouldn't be a problem with compatibility since reHIPS works completely differently and therefore shouldn't get in the way of AdroxideHIPS functionality. While I haven't tested it myself yet, as long as AdroxideHIPS can access the memory of other running programs then there won't be an issue.


I doubt Avast will release any BB/HIPS which is even close to what AdroxideHIPS is being built to do anytime soon because I think they would've done it by now if they wanted to.


Yes, it is in private testing and this is due to it still being in development. Of course I could release a beta version and have it's release launch off quicker but I don't really feel this is appropriate since not only does the first opinion of a companies software stick, but in terms of security software I believe it's important for it to be reliable and functioning correctly.

Once the product is closer to release (I would say the ETA is 1-2 months) I will have some others test it out privately, and if everything is alright then I'll be able to release it to the public (the free version - the premium version will take additional time).


Thank you for your kind words, even more reason not to release it until it's perfect, knowing that friends are waiting! Originally I wasn't going to provide the details until the development stages was closer to release, however... The easiest way to explain how my BB/HIPS product works is by mentioning the Emsisoft Behavior Blocker; for example, AdroxideHIPS can ask the user if they wish to allow a program: to inject code into another program, install a device driver/create & start a Windows Service, modify the Windows Hosts file, modify the Master Boot Record, hijack the browser (e.g. change the Internet Explorer or Google Chrome home-page), install keyboard hooks (used by keyloggers), ransomware protection (e.g. encryption attempts to files), add to start-up (e.g. via the registry, task scheduler, start-up folder, etc.), drop files to protected directories such as the start of it.Windows folder, perform unwanted system modifications (e.g. disabling of Task Manager, Registry Tools, or even UAC), and that's just the

That being said, for every BB/HIPS feature, the user can change the rule-sets to have it auto-allow/auto-block/ask the user - therefore if they want to allow a program to add to start-up but auto-block modifications to the Master Boot Record (and they can have it set to alert them when this action was auto-blocked) then that is fine.

Alongside this, I am working towards dynamic heuristics (which will also be able to be disabled at the users decision) which will log the activity and intervene only when it's very certain that the program is indeed malicious, without needing any static databases to work with.

I hope the wait won't be too long for release, I'm just as excited as you are... I've been studying and working for a long time, hopefully the work will be paid off and count towards something!

Thanks for reading. :)
the word that comes to mind is "awesome"
 

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
You could use an Anti-Virus product for real-time/web protection (e.g. Avast), alongside with a standalone BB/HIPS product - adding on a couple browser extensions such as uBlock and HTTPSEverywhere would be clean too. That would be a pretty neat configuration.

Alternatively, you could work with isolation methods via Shadow Defender - take note that data theft can still occur when you are using this product.
The first method is what I'm aiming for with more. As for the second it'll have a problem when software performs auto updates whether you are using SD or SBIE. Moreover, it's more suitable if you are testing malware or software
 
W

Wave

the word that comes to mind is "awesome"
The reason I didn't want to give many details at the start is because a couple months ago it was no where near to release time and wasn't forming together as I had expected, so I knew if I posted anything that was "public", it'd be pointless and raise eyebrows because then everyone would be waiting and they'd see nothing for a long time. I am taking a risk by providing details now, hoping my plans go to plan... But I don't see why they shouldn't because work is going well. :)

The things I mentioned in the above post are pretty much planned for the free version, I haven't really done much thought on the premium version and it hasn't even been started yet - I can focus on that afterwards if the free version is successful and loved.
 

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
The reason I didn't want to give many details at the start is because a couple months ago it was no where near to release time and wasn't forming together as I had expected, so I knew if I posted anything that was "public", it'd be pointless and raise eyebrows because then everyone would be waiting and they'd see nothing for a long time. I am taking a risk by providing details now, hoping my plans go to plan... But I don't see why they shouldn't because work is going well. :)

The things I mentioned in the above post are pretty much planned for the free version, I haven't really done much thought on the premium version and it hasn't even been started yet - I can focus on that afterwards if the free version is successful and loved.
So far have you tested your software against RanSim Ransomware Simulator? How's the result?
 
W

Wave

So far have you tested your software against RanSim Ransomware Simulator? How's the result?
No, because the independent ransomware protection module is not ready to be tested properly (in fact it's on the to-do list really). However, the Master Boot Record protection was finished recently and it's working as expected (it's been tested), therefore ransomware which targets the Master Boot Record such as Petya will simply be unable to do damage to the system without permission from the user. ;)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top