Best Free Intrusion Prevention and Detection Utility for Home Use (HIPS)
These days all users face the real risk of having malicious programs secretly install themselves on their computers. Anti-virus and anti-spyware products dramatically reduce the chance of infection, but they're not perfect. In particular, they are prone to miss new malware products which are not yet included in their signature databases. They can also fail to detect malware programs that are cleverly disguised to avoid detection.
To prevent these malevolent programs from slipping by your AV and anti-spyware programs, you need additional defenses, such as a Host based Intrusion Prevention program (HIPS). These programs identify intruders by their behavior, rather than by their characteristic fingerprint. HIPS programs are not limited to the detection of specific malware products; rather, they can target a wide range of interlopers. For the most part, HIPS programs all work in a similar manner; they stop any suspicious behavior and then ask the user whether he or she wants to allow it. This, as we shall see, can be a mixed blessing.
Unfortunately, most HIPS programs, including the popular free programs WinPatrol and Prevx, generate a lot of warning messages, and many of these are quite cryptic. These messages tend to alarm many less-experienced users who feel there is something wrong and simply don't know how to respond. That's why these products are only suitable for the very experienced (and very patient).
Thankfully, a new generation of HIPS programs has emerged that use white lists, black lists, policies and behavior analysis rules, along with other techniques, to reduce the number of messages and the load on the user.
A prime example of this class of product is ThreatFire (formerly Cyberhawk) from PCTools. It's available as a free or paid version, and I use the free version on one of my PC's. It only occasionally issues warnings, but when it does the warnings are usually real and need to be taken seriously. In essence, it provides a vital additional layer of protection to my AV and anti-spyware scanners, and at little cost in terms of annoyance and no cost in terms of my wallet. It is the stand-out free product in the HIPS category. Note: A number of readers have reported browsing performance problems after installing ThreatFire. I've not found that myself, but be aware that this may be a problem on some PCs.
There are some other solid contenders. Blink Personal from eEye is a HIPS with a firewall, as opposed to products like Comodo and ZoneAlarm Pro that are firewalls with HIPS. It's a useful tool for advanced users, though I found ThreatFire to be more effective and yet simpler to configure and use. Blink is also only free for non-commercial use.
ThreatFire
Website: http://www.threatfire.com/download/
Author: ThreatFire
Date: 06/30/2008
Version: 3.5.0
Download File size: 19MB
License: Freeware
Operating systems supported: Windows 2000 - Vista
64 Bit Capable: no
Portable version available: no
Other languages supported: no
Additional Software Required: no
Blink
Website: http://www.eeye.com/html/consumer/products/blink/download/index.html
Secondary download mirror: http://www.download.com/Blink-Personal-Edition/3000-2239_4-10658343.html?tag=lst-1
Author: eEye Digital Security
Date: 06/30/2008
Version: 3.2
Download File size: 41.5MB
License: Free for personal or home use
Operating systems supported: Windows 2000 - XP
64 Bit Capable: no
Portable version available: no
Other languages supported: no
Additional Software Required: None
“Caveat”.. Products and links recommended by site visitors in our forum are not necessarily endorsed by this site. Download at your own risk!
Related Topics
- Best Free Adware/Spyware/Scumware Remover
- Best Free Anti-Virus Software
- Best Free Trojan Scanner/Remover
- Best Free Rootkit Scanner/Remover
- Best Free Browser Protection Utility
- How to Secure Your PC
This software category is maintained by volunteer editor Jeffrey Brown.
Delicious
Digg
Technorati
Symantec has plans to acquire PC Tools, end of Threatfire ?
http://arstechnica.com/journals/microsoft.ars/2008/08/19/symantec-to-acq...
EQSecure is now most commonly used. Also system safety monitor.
I have heard that threatfire contains a keyboard filter(type of keylogger), be careful, also the old cyberhawk still works good.
Some of others :
All-Seeing Eye
http://www.fortego.com/en/ase.html
Very good application, I test it and works very well, but after activation software and " learning mode " level ; one of my network drivers harmed and I', not sure it happend by installing ASE or uninstalling WinPooch, because I done them in the same time, and I don't check it again, yet !
But perhaps this is my problem and not for others , so I suggest test it
EQSecure
This is good, too. But not as ASE ( that is very strong and has full manage on executing and activity on OS ) I test it and has not any problem
DriveSentry
I cant test it yet, I couldn't understand that it is free or not but I think is free, at least in several month ago that I checked the developers site many times. ( DriveSentry need XP service pack 2 or later ).
It has a full control on your hard disk and has a great list of malwares, which can detect them and prevent from activation.
ProSecurity Version 1.30 Free Edition
And I test it too, It works good and has a reasonable control on activities on system
There are many apps in this class , but I write some of them which I tested them or love them ( from descriptions of developers and users or from screenshots )
Drivesentry is good, it only had problems with about 2 programs that it didnt have in its whitelist, also, it's free, BUT tricklefeed updates turn off after 30 days, from then on you have to update it whenever the warning comes up that you need to upgrade.
NOTE: Do not use drivesentry on Vista Home Basic, or it will crash.
I don't test it yet ! because I have a Windows XP Professional, Service Pack 1; and it need SP 2 at least , I download SP 3 newly and I will install it later, Thanks for your comment
But I think it is a great tool for security on a system, do you ever test ASE ?
Thank you for your suggestions.
I will consider reviewing security tools after being contacted personally through techsupportalert. I require the name of the product, links to its expert review sources and testimony, and your name so I may respond in kind directly if I decide to review the product or have any further questions.
I can be reached at jeffrey@techsupportalert.com
Please note: Unfortunately I lack the resources to review personal experiences with the products your submitting so please keep your emails short and to the point. Products reviewed may or may not be approved for this site so please don’t be discouraged if your pick does not make the list.
Thank you,
Jeffrey Brown
IT Security Specialist
You'r welcome
My name : Hadi
For sending product names and quick comments to your e-mail ...
Ok , I try listing some of them ( that are popular or robust ) and send to your mailbox
But do you want other products ( in other parts of site / Image Editors or 3D apps IDEs , etc ) or just HIPS ? or perhaps all of the security apps ?
I really liked Threatfire after using it for about a week. It detected some things that other software I use missed.
However I have since removed it from 2 machines and am about to take it off a third. The XP (SP2) Media Centre PC I have would lock up on start-up and I had to physically switch it off, it also locked up browsing a directory with explorer. The Vista Ultimate (SP1) laptop would lock up, again either on start-up or even just under normal use. I had to use Safe mode to remove it from this system. Both problems were linked to Threatfire in some way (although I didn't investigate too much - the priority was getting the systems working!) Both systems use different AV / Firewall / Anti-Spyware software, and both have been fixed by removing Threatfire. The third machine is a friends laptop that I have been repairing for them and I can't risk giving them it back with Threatfire on if this is likely to happen.
I've read lots of posts in other forums with the same or similar problems. Hopefully the developers will solve this because, at first glance, it appears to be a promising piece of software.
I tried out Threatfire and to tell you the truth I felt better without it on my system. I uninstalled it and it left a bunch of drivers still on my system. They were keylogger drivers.
PCTools is evil! if you want HIPS without a keylogger, find the old cyberhawk on a site then install it, it worked fine for me.
Anybody else noticed the keylogger alarms from other programs saying that threatfire is keylogging you? The former program(Cyberhawk) detected threatfire attemtping to keylog me!
Greetings all.
I'm surprised nobody has mentioned the excellent System Security Monitor. I agree it can be a steep learning curve - but only if you want to go "high tech" and enjoy tweaking a lot.
Unlike the two versions above in the "official" list, System Safety Monitor (SSM) has a version for Win98/ME users.
There are both the paid versions (much more advanced) and the free versions.
Free versions :
For 2000/XP - version 2 XXX. 585
For Win98 - version 2 xxx 583
For non-techincal users, the best way to configure this is to :
* First, make absolutely, totally sure your PC is compleyely free of viruses, malware etc. The best way to do this is to use several secirity applications PLUS a few online scanners
* Download the .exe file, then disconnect from the Internet
* Install SMM
* Enable ALL the modules (Registry module, .ini file module, Windows files modules etc)
* Tick the box to place SSM in "Learning Mode"
* Close SSM (it minimises to the system tray)
* Now, open all the applications and programs on your PC (or as many as possible) That's all. Just open them and close them. Internet Explorer, Outlook Express, your anti-viral program, Microsoft Word, Excel etc. In this way, SSM "learns" that there are OK programs.
* When you have done that, disable (unltick) Learning Mode and reboot your computer.
* Connect to the Internet and continue using your PC as normal.
* From this point on, there will only be a few pop-ups with warnings - which you should take seriously.
To get hold of the free version, click here:
http://www.syssafety.com/files.html
Scroll to the bottom of the page and download your free and excellent SSM HIPS!
Remember : 2. xxx .585 for XP - 2 xxx 583 for Win98/ME
And while you're there, you can also download the Help files - but be warned - they are heavy going if you want to try to be an expert! Far. far simpler to use the "learning mode" method I described above.
Good luck!
Dr. Mac
Dr. Mac,
Although it presently does not support Vista, please feel free to contact me about the HIPS from System Safety. It would be helpful if you could provide the information below when contacting me. Thanks.
I will consider reviewing security tools after being contacted personally through techsupportalert. I require the name of the product, links to its expert review sources and testimony, and your name so I may respond in kind directly if I decide to review the product or have any further questions.
I can be reached at jeffrey@techsupportalert.com
Please note: Unfortunately I lack the resources to review personal experiences with the products your submitting so please keep your emails short and to the point. Products reviewed may or may not be approved for this site so please don’t be discouraged if your pick does not make the list.
Thank you,
Jeffrey Brown
IT Security Specialist
I am an unsophisticated computer user with no security background. Can Blink interfere with the performance of my already installed Firefox 3 and iGoogle gadgets? Can I trust the Blink default settings?
Since you said that you are an unsophisticated computer user, I recommend to not try any hips programs since it may very well confuse you or may not be compatible with your other programs on your computer.
I myself would recommend process guard for expert users and people with computers with problems. It has a small footprint and is a very powerful program. It should be considered for one of the best free hips.
Process Guard is too noisy and annoying for most users.
Thats why I said it for expert users
And naturally you noticed this from the origional poster asking for help..
"I am an unsophisticated computer user with no security background."
..before you suggested "Process Guard"??
LOL, Fetching!
Adding any new software product is always a gamble. Be sure you back up your browser settings, any bookmarks or fav's, and anything else you've saved using Firefox. In fact, it's always a good idea to have a full backup of any drive your adding new software to just in case ______ (you fill in the blank). Default settings are designed to be the safest and easiest to use for the majority of users. For more specific questions regarding this product: http://www.eeye.com/~apps/modules/forum/forums.asp Thanks for your question.
I'm a little disappointed that WinPatrol has been panned here: it doesn't even have a little profile like the two main recommended programs. Gizmo used to provide bibliographical-style information about ALL programs mentioned in his articles, whether he recommended them or not.
As for WinPatrol, it eats up a very small footprint of memory, and is invaluable for systems with tight resources, unlike other programs that (for some reason) come with their own bloated skins and try to sink their tentacles deeply into the OS.
Pair it with a light, tight firewall, and you'll be eating up less RAM than a lot of these other MS Office-like, all-in-one packages, and you'll be pretty secure.
Blink personal doesn't seem to be free anymore? All I can find are 30day trial downloads
Hi everyone,
I have used Threatfire and I like the fact that it's pretty much set and forget, it does not bother you with unnecessary warnings, but protects and alerts if something serious happens. A program like this could be a very good addition to standard signature based security software. Most HIPS and behavioral based security products or just too bothersome with alerts, but Threatfire stands out in that it's set and forget with default settings, but can can easily adjust the sensitivity so that the software will give more protection and therefore more alerts.
However, recently on my XP media center edition computer the Threatfire program seemed to get kind of buggy and unstable. The Threatfire icon would disappear from the task bar and when I checked the running processes under the task manager, the threatfire program was not even running. For some reason it just kept shutting down, but it did give an audible warning when it shut down. If I restarted the program, it would just shut down again after a few minutes.
I uninstalled the program and installed a new version and I had the same problems.
If Threatfire can overcome the problems mentioned above and make their product more reliable and stable, then I would recommend it, but based on my experience, I would not recommend the product unless they work out the bugs and make it more stable and reliable.
Making a security product like threatfire work well along with other security products like anti-virus, anti-spyware, and firewall programs may be no easy task, but nonetheless, it's exactly what a product like threatfire *must* do, unless they want to provide a total security suite solution with Threatfire and integrate a firewall, and both signature based and behavioral based protection in a single package that is geared towards stopping all malware threats.
At present, you could probably do more with standard signature based products combined with using limited user accounts except for times when you really need administrator Privileges.
John
I too faced problems after installing Threatfire though not the same as yours. After installation, Threatfire completely took over my machine. I was not able to run any process after the installation. The problem persisted even after re-booting the system. I then re-booted the machine in safe mode and uninstalled Threatfire and everything was back to normal. I have P4 3.06 Ghz machine with 512 MB RAM btw.
John,
Thank you sharing your experience using this product. I too found that on some PC's low on ram, and or with several apps running in the background, that Threatfire can slow things. My test PC's were two Dell's that both experienced what you've described here. Security tools dig deep into the core of a system and can conflict and compete with other resources and subsequent runs. I'm sure Threatfire is aware of this issue and is working for a resolution. Thank you again for your thoughtful contributions about Threatfire.
I hope the threatfire team is looking into these problems, I would like to be able to use the product. Threatfire is a promising product, you can see the potential, but they just have to make it more stable, reliable, and compatible.
If I can't run the free version reliably, I certainly would not purchase the upgrade.
Threatfire also causes a significant increase in start up time, but like you said, these programs dig in deep on the OS. Still, if they could find a way to reduce it's effect on start up time that would be great.
After all, they already load new computers with so much useless junk that automatically runs on start up and *steals* systems resources that you paid for when you purchased the computer, we don't need anything else slowing things down more.
You pay good money for a powerful computer, but at the same time, you also paid the computer manufacturer to load useless junk onto the computer that automatically loads at start up, and thus reduce the computer power that you originally paid for.
I guess the computer companies did a study and found that the money they get by putting this stuff on new computers is greater than the money they will loose by annoying their customers. Perhaps via the power of the internet we should change that (along with a few other things).
I will keep an eye out for your future reviews, perhaps you could let us know if it seems these issues have been addressed.
Thanks for your efforts and research.
John
Hi
Many users have reported bugs with ThreatFire. Maybe you could post on their forums.
"At present, you could probably do more with standard signature based products combined with using limited user accounts except for times when you really need administrator Privileges."
Many people actually replace their signature products with ThreatFire. And you could say the same for using ThreatFire with LUA instead of signature with LUA. Remember, ThreatFire does have an AV database checking suspicious files.
Under Threatfire, it is given 64 Bit Capable: yes
But I was not able to install it. In the page http://www.threatfire.com/requirements/, it is given Minimum System Requirements (Windows 32-bit only)!
d_d
Post new comment