DefenseWall HIPS
I have been in contact with the creator of the excellent DefenseWall HIPS application for some time now and he was so nice to give away ten copies of his software to Ghacks readers. Let me first explain what the software does. DefenseWall HIPS is a Host Intrusion Prevention System that uses sandboxing and virtualization to protect the computer from dangers that are not stopped by anti-virus applications.
All applications running on the system are divided into trusted and untrusted groups. Everything deemed untrustworthy is run in the virtual environment, this includes by default programs like Internet Explorer, Microsoft Outlook, Opera, Firefox, Safari and dozens more. The real beauty of the DefenseWall HIPS concept is that every process started by an untrusted application becomes untrusted as well.
This ensures a minimum amount of user interaction, i.e. popups that ask you if you want to trust the application or not. That's one of the main reasons that those programs are highly unpopular because in their drive to protect the system they lay the burden of decision on the user, and the user, as we all know, is most of the time the biggest security threat of them all..
What is DefenseWall Hips protecting you against ? Basically against everything that is initiated by untrusted applications. It protects against Registry modifications, rootkits, keyloggers, trojans, worms and everything else that would be considered malware.
A new virus for instance downloaded by Internet Explorer can do no harm to the system because it is running in a sandbox. It can actually be terminated with one click of the mouse in the DefenseWall Hips interface. Protection itself is, mostly, policy-based. Thus, DW protects only the sensitive places of the registry as well as file system.
The only responsibility of the user is to add additional applications to the list of untrusted programs which is especially important for applications that have net access. Even if you are using a limited user account instead of an admin account on your computer you will increase the protection of your system because several attack vectors are known to work on this kind of accounts as well.
Folders can also be added to the untrusted group which can be helpful in certain situations. I'm thinking of ftp servers for instance or networks with shared directories.
DefenseWall HIPS runs on all Microsoft operating systems starting with Windows 2000 including Windows XP and Vista. The homepage links to several reviews and comparisons with other HIPS applications, good read if you want to find out more about it first.
As I said earlier ten readers will win a copy of DefenseWall HIPS with one year of free updates and priority support. All you need to do is comment on this article and let me know what you think of this product. Just post your opinion. I will draw the ten lucky ones in 48 hours. I do need to contact you on your email because I need your real name for program registration along with the email.
Advertisement
To GR- you see, HIPS is not an AV, ans Windows Security Center do not recognizes HIPS- it simply has no slot for it.
You see…this is one of those things that the Gnomes of Redmond should have just DONE in their zeal to create the plethora of “security” features for XP and Vista. Why didn’t they just allow Windows Firewall to do this from jump? But of course, far be it for them to list their own browser as an “untrusted” app; although the annoying security prompts when using IE basically lets the user know that it can’t be trusted to begin with. And far be it for them to actually design a level of intuitiveness into their programs. The end result is that the average user is bombarded with anoying, confusing and often useless choices.
Yes, that Apple commercial was ridiculously funny. The sad fact is that had Windows Firewall been designed to work like the aforementioned app, Apple would have little to joke about and a whole lot to worry about.
While I’m at it, is this program recognized by Windows Firewall the same way my AV program is? If it is, it’s a welcome addition in the viral wars!
Include me.
To Dante- well, this is a nice idea. I have some community participants who are Chinese- I’ll ask them about such the possibility. Thanks a lot!
Hi, I’m also interested in a copy…
duryodhan, you see, I don’t know the exact resource usage, the only thing I know is that it works OK at my old (Pentium2-450, 386MB of RAM) and my new (AMD 3800+, 2Gb of RAM) computers. Not sure you will find any slowdowns with it at your’s computer or at your friend’s ones :)
As about UI and the core ideology- I tried to implement it as simple in learning curve as possible. And, as I know by my community feedback- I have reached a success with it.
Hey Martin,
After the software’s been dished out. You might want to revisit the issue again to let the users vent their praise or dislikes. This way, at least, I’ll know whether to spend actual money on it for the lesser technical minded folks.
And Ilya:
This idea might be totally off the wall, but have you tried contacting the Chinese concerns like Legend Computer, Lenovo or Asus? China has a huge problem with uneducated PC users who are totally infected. You will have to lower the prices for that market though. And you’ll definitely need some anti-piracy protection. Maybe a Chinese language version that’ll only work with Chinese languaged OS’s. It’ll keep pirated copies out of the more lucrative US market.
As a reminder, do not include me in the draw. It’ll be wasted on me as I don’t have time to test it out.
Well with the “anti virus” options that are available right now, this product could have the capacity to actually preform to a greater degree than the predecessors that came before. I welcome this change as I have been burned by the other products even going so far as getting an all clear from multiple archive scans only to have it infect my system minutes later. Any program that brings about change in the way that we protect our digital selves is much welcomed in the electronic age.
Illya,
No offense but I would like real numbers on the resources issue, not just a “very low”. :)
I agree with you on the biggest vulnerability thing. Thats why I said that more important is UI as only a friendly, easy to understand UI will make sure that the user doesn’t add wrong programs to trusted group.
By the way, I would also love such a software (not for me), but for my parents or relatives who keep calling me for “support”, from the latest crash.
Well, I would try it if I got it.
I had given Sandboxie a try, but for me the learning curve was a bit to high, and I wasn’t patient enough to give it a chance. I hope DefenseWall HIPS is more user friendly.
i think that this should be an effective way to control unknown intrusions.
To Dante:
1) DefenseWall HIPS is not a “one more” virtual environment like VMWare, it is a policy-based sandbox anti-malware protection, made to be as simple in everyday use as possible and strong in its defense by the true old-school hacker.
2) Yes, I tried to bundle it with some PC vendors in the place I live (Moscow, Russia), but failed- I had no response.
To dyryodhan:
1) System’s resources usage is very low.
2) Mostly, people from the Wilders security forum.
3) There should be no problems. If you meet the one- mail me to support.
4) Not all the vulnerabilities are buffer overflow. The biggest vulnerability in this world is a guy who runs attachment in order to check who sent him “I love you” message.
To Dahlberg:
There is even no straightforward methodology of such the software (HIPS) tests (just google for a ‘AMTSO’, I’m a participant of this group). So, right now, it is mostly a question of a trust.
This looks to be a great product for those of us who spend our days on the internet. I’m always careful, but it never hurts to have an extra layer of protection between me and the nasties out there.
I can’t live without programs like this one. At least not on my windows machine. The question, as commented earlier, is just if it’s good enough.
Anyone knows of any site where they do in depth tests of this kind of programs?
I would be interested to see what the system overheads are while running this. Particularly on lower end machines running XP.
A 3rd line of defense is always beneficial although a lot does come down to how easy the alerts for a general home user are to understand.
sounds like a really great system utility.
If not to late…I’d love to get a copy!
thanks
Ok few questions :
how much does this add as load to my system ? any data on memory / cpu usage ?
who has tested this out ? As in actual security people? Cos the one thing worse than having a unsecure system is having an unsecure system which you _think_ is secure.
If every program runs in its own virtual environment, wouldn’t it cos some problems? I mean, would Google Talk be able to access my currently playing song?
It seems to say that untrusted processes are blocked from accessing the system areas. But isn’t this what exploits are all about ? A windows XP install with sp2 is supposed to block any access to the secure areas, but there is always some buffer overflow exploit hanging around.
How would you rate the usability? Cos the thing is , I don’t really need a software like this, as I would know better than use IE6, or go to “different” sites etc. The person who would do such things, would need some really easy to use interface. The UI is where the true innovation is needed. The backend tech for all this has been there for a long time, its just hard making it usable.
“It protects against ,…rootkits,”
well not the ones which are installed by software from some reputed company (Sony?), which says you need to install this for you to get your support or something like that. I mean, rootkits were easy only because the user was stupid, I don’t see how anything will change over here. I am talking about rootkits specifically. This will help in malware which comes in through IE/Firefox.
Incidently, everyone ought to use NoScript to make firefox actually secure, the normal firefox isn’t really upto the task.
Don’t include me in the draw. I don’t need it. Just like to comment. This is a neat little program for US$30. Have they considered bundling it with PC vendors as a trial program? I’m pretty sure they’ll get a wider subscription base if they do.
I personally go the much more complicate route of using VMWare and multiple virtual systems. That’s why I won’t need to compete with the others for a copy of this :)
This sound to be a great program. I tried sandboxie some time ago, but was not user friendly enough. But from the things that Martin said, I think this most be a great program and like to get a copy. :p
Thanks
This sounds like one of the best ideas to come around since programs like Fortress that just block off everything. A nice hybrid.
My primary concern would be the performance on older machines. Since I have troubles guessing the techniques used to create such a piece of software, I go for most Virtual Environments I know of as of now and claim it being rather slow on my powerless machine at home. I’ll give it a try though, since there is a 30-day-trial, and it costs only slightly more than 20 bucks (euros, that is).
Sounds like a useful program. I’d like to try it. Please enter me in the draw. Thanks
The virtual execution (sandbox) sounds good about the application! Although the lastest Kaspersky seems to have these functions with a module called Proactive Defence
I’m interested to see what options can be enabled/disable and if it can be done via User Accounts, or whether it is “across the board”. Security is definitely a big issue these days: one can never have too much!
I’d love a copy – thanks so much!
Looks quite impressive. But I/We need to find out how well it fares against sandboxes for IE and Fx.
Anybody used/using similar apps, please comment.
And Yes. I am Third !!!
>already a bunch of programs
I know only one program that acts almost the same way.
me too, i allways wanted to check a sandbox. it looks like a good alt to my non-existing antivirus
looks like a nice application, even though there’s already a bunch of programs that do nearly the same. i’d like tog ive it a shot though, to see wht it’s worth.
hi :)
i want key but i rly dont know what to say about this software :'(