Battle Firewall + HIPS choices

[Coool]

Hello everyone,

I have been a long time lurker, always finding these forums and the members extremely informative and helpful, and finally joined trying to find some advise on this subject.

I am setting up from scratch a Windows 7 Pro 64 bits system on an HP workstation (Xeon E3-1240, 16gb RAM) and I am hesitant regarding the real-time security software setup.
I am going from my old desktop (same OS) set up with real-time security software being CIS - Firewall and HIPS only - and ESET NOD32 (AV only).

I will keep NOD32 as AV but keeping HIPS down (I did try it but did not really get good impressions).
On the other hand, I am a bit tired of Comodo as I have found quite heavy on resources lately and somehow sometimes forgetful (a couple of Firewall exclusions and HIPS popups always popping up and rules not remembered).

As an advanced user, I want to keep visible control at these two levels, network access and execution granularity (not overly too paranoid), and so have been looking at alternative setups.
I was considering Private Firewall as it also has a HIPS (tried it once some time ago) but have been reading over here on security concerns for it not being updated any more.

I prefer free software but would consider paid alternatives if proved more capable in terms of efficacy and resource usage (that was the case with ESET NOD32).

Thanks in advance!

 

[shmu26]

@Umbra is talking about AppGuard and ReHIPS. The same can be achieved in COMODO; just set the HIPS and\or sandbox to "Block" Unrecognized files. If it blocks something that is safe\needed, just un-block it. Simple concept that applies to almost any SRP and anti-executable.

But if you are going down that path, why choose Comodo?

 

[Deleted member 178]

But if you are going down that path, why choose Comodo?

Because if you can't pay for Sandboxie, Appguard or ReHIPS, comodo is the only serious choice.

 

[shmu26]

Because if you can't pay for Sandboxie, Appguard or ReHIPS, comodo is the only serious choice.

If you don't use a standard user account, NVT ERP free beta 2015 is fine.
And if you aren't going to run Chrome in isolation, then ReHIPS demo edition is fine.

 

[Deleted member 178]

If you don't use a standard user account, NVT ERP free beta 2015 is fine.
And if you aren't going to run Chrome in isolation, then ReHIPS demo edition is fine.

FF is multi-process so you have to pay for ReHIPS anyway.

 

[shmu26]

FF is multi-process so you have to pay for ReHIPS anyway.

Right. I forgot that firefox switched to multi-process.
But anyways, I was talking about anti-exe solutions, not isolation, so I was thinking that the OP would use only the anti-exe aspect of ReHIPS.

 

[Handsome Recluse]

That is how both myself and @Umbra used to do it.

You might secretly be two peas in the same pod

 

[Handsome Recluse]

But if you are going down that path, why choose Comodo?

Comodo's free and with cruelsister's settings, more convenient than NVT ERP because of the bigger whitelist. It's also supported and is more robust on what it blocks. VoodooShield might be good though I haven't tried it extensively. The only other thing I can think of is the whole Excubits package.

 

[Coool]

I think I will try a Windows Firewall interface software like Windows 10 Firewall Control (both Binisoft's and Tiny Wall require some .NET framework and that is not very appealing to me...) together with an execution / exploit control tool with has an interactive mode.
Not very fond of silently blocking, I'd rather be asked for (since I don't get asked over and over again like with Comodo bugs...).
That excludes the Excubits tools, that are silent, and leaves SecureAPlus (free) / Voodooshield (paid).
Or, instead, as paid alternative combos, with firewall and anti-exec features, Spyshelter or ZoneAlarm Pro (not sure of their interactive mode abilities...) .

 

[shmu26]

I think I will try a Windows Firewall interface software like Windows 10 Firewall Control (both Binisoft's and Tiny Wall require some .NET framework and that is not very appealing to me...) together with an execution / exploit control tool with has an interactive mode.
Not very fond of silently blocking, I'd rather be asked for (since I don't get asked over and over again like with Comodo bugs...).
That excludes the Excubits tools, that are silent, and leaves SecureAPlus (free) / Voodooshield (paid).
Or, instead, as paid alternative combos, with firewall and anti-exec features, Spyshelter or ZoneAlarm Pro (not sure of their interactive mode abilities...) .

SecureAPlus scans your system and automatically makes all your files into trusted installers -- except for apps like browsers, unzippers, torrent clients, etc. So I don't think it will give you the control you are looking for.

 

[Deleted member 178]

Binisoft + ERP, simple and effective monitoring with Alert to answer.

 

[AtlBo]

If you don't use a standard user account, NVT ERP free beta 2015 is fine.

@shmu26...does NVT ERP break in a standard user account? Maybe you were referring to a specific kind of protection that it won't provide in that that type of account? I am using it in a standard account now...

 

[shmu26]

@shmu26...does NVT ERP break in a standard user account? Maybe you were referring to a specific kind of protection that it won't provide in that that type of account? I am using it in a standard account now...

It depends. Sometimes it acts up, sometimes not. You will notice, if it is behaving funny.
It sounds like you are one of the lucky ones, and @Umbra is one of the unlucky ones, and I fall somewhere in the middle.

 

[AtlBo]

OK thanks. I haven't noticed anything. I saw you mention in another thread fonts issues. Are these the types of issues you see or are they related to the actual security engine and its functions ?

 

[shmu26]

OK thanks. I haven't noticed anything. I saw you mention in another thread fonts issues. Are these the types of issues you see or are they related to the actual security engine and its functions ?

The font issue is a totally separate thing. It won't bother you if your system settings are English or a similar language.

In SUA you probably will never have a problem with ERP, unless you try to run super paranoid settings, like @Umbra does. When I tried to do that, ERP got stuck and became unresponsive.

The only other thing I noticed was that one time, after a reinstall, and I imported my old rules, it kept prompting me to upgrade to the "new" version (that came out 2 years ago), i.e., it kept reverting to the "check for new version" setting, even though I stubbornly disabled it time and again.

 

[Deleted member 178]

In SUA you probably will never have a problem with ERP, unless you try to run super paranoid settings, like @Umbra does. When I tried to do that, ERP got stuck and became unresponsive.

on SUA , ERP reset the settings at every boot. (it is what happened to me)

 

[AtlBo]

Thanks for the information @shmu26 and @Umbra. I don't seem to be having these issues, but I will keep an eye out for them now. Actually, I have noticed a couple of freezes but for me it seems to have been a NVT ERP sad collision with UAC password prompt, and the program responsible for the UAC prompt was probably in there somewhere too. Nothing here to upset the rhythm of the time-space continuum or anything...

 

[shmu26]

NoVirusThanks EXE Radar Pro turns Freeware

referenced file is existentially challenged

Do you have an alternative download?

http://downloads.novirusthanks.org/files/EXERadar_Pro_x86_x64_v3.1_24062015_BUILD1.exe
this is the latest beta build. It is from two years ago.