• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

HIPS

Can someone (finally) explain what this is/does, and if NIS2009 has it.  I've read that most new suites have it, but sometimes it is off by default.  What's the status with HIPS and NIS2009?  There seems to be a lot of talk about it, but I must have missed all the explanatory posts.

Thanks.

Replies

Kudos0

Re: HIPS

Can someone (finally) explain what this is/does, and if NIS2009 has it.  I've read that most new suites have it, but sometimes it is off by default.  What's the status with HIPS and NIS2009?  There seems to be a lot of talk about it, but I must have missed all the explanatory posts.

Thanks.

Accepted Solution
Kudos6 Stats

Re: HIPS

Hi Deuceswild,

I work on the team that builds the Behavioral Detection engines and HIPS is a big part of that.

Simply put, HIPS (Host-based Intrusion Prevention System) engines monitor all applications running on the machine for suspicious behaviors. Some examples of suspicious behaviors are "Writing to the run key", "Registering a BHO",
"Modifying the etc/hosts files" etc. Most HIPS products will simply popup an alert telling the user that "application XYZ is writing to the RUN key. Allow or Block ?" The user then makes a decision and as you can imagine, more users aren't in a position to make this decision correctly.

NIS2009 has a smart HIPS technology where it will look at all the behaviors of the applications and run certain heuristics on the application to determine if its a good application or a malicious application. If found to be malicious, it will automatically remove the application from the machine without prompting the user with these difficult-to-answer questions. This technology is called SONAR.

SONAR is ON by default in both NIS and NAV 2009 on XP 32-bit and Vista 32-bit. If you have Vista 64-bit, please see this post from Dave Cole for more information:

http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=7486#M7486

Hope this helps.

Shane.

Message Edited by Tony_Weiss on 09-24-2008 06:57 PM
Kudos0

Re: HIPS

Shane,

That was nicely worded, informative and easy to understand.

Thanks!

"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: HIPS

I agree.  Didn't really expect that much- but I do appreciate the explanation in everyday words.  I would give it more kudos if I could.  I think he just sold a copy of NIS2009.

Thank you very much Shane.

Kudos0

Re: HIPS

I love NIS but it fails alot of HIPS tests. I was running Threatfire along side NIS and now I pass the tests but since have uninstalled Threatfire. Here are 2 tests. HIPS is where NIS needs to improve on.

http://zeroday-software.110mb.com/

 http://www.syssafety.com/leaktests.html

Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
Kudos0

Re: HIPS

Thanks for the info Dieselman743.  I'm trying to make an informed decision; every little bit helps.
Kudos0

Re: HIPS

I just added Mamutu along side NIS 2009 and its a good match. Mamutu is alot better then Threatfire.

http://www.emsisoft.com/en/software/mamutu/

Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
Kudos0

Re: HIPS

I'll keep that in mind.  What I'm looking for is a suite that I don't need companion programs with; I know every program has flaws, but I think a suite should be just that.  Maybe I look for too much.
Kudos0

Re: HIPS

I would highly suggest NIS 2009. I believe it to be the most comprehensive security suite on the market and I do not use any companion products with it.

I have used Norton Products for many years and have never been infected.

And, if you ever have any questions, you will always get good support here on the very active Norton Community Forums.

Who else can offer all of that?

"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: HIPS


Phil_D wrote:

I would highly suggest NIS 2009. I believe it to be the most comprehensive security suite on the market and I do not use any companion products with it.

I have used Norton Products for many years and have never been infected.

And, if you ever have any questions, you will always get good support here on the very active Norton Community Forums.

Who else can offer all of that?


Yeah; N.I.S. 2009 is a great Product; it is one of the best - if not the best because it has added features as well as lots of V.D.s Updates so you are always going to be Secure - Anti-Virus Product out there.  I have to say, that I do not like one particulat feature in it which is Background Tasks as there should be more Options in the Settings section.  But yeah, it is a great Product and I would not go with any other one.  Another advantage is how light it is on the system.
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: HIPS

Here is a good review. Also every security program out there has flaws and is not 100% effectiveness. Adding a behavior blocker is a good idea and takes up no resources.

http://antivirus.about.com/od/antivirussoftwarereviews/fr/nis2009.htm

 http://antivirus.about.com/od/antivirussoftwarereviews/a/hips_behavior.htm

Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
Kudos0

Re: HIPS


Dieselman743 wrote:

I love NIS but it fails alot of HIPS tests. I was running Threatfire along side NIS and now I pass the tests but since have uninstalled Threatfire. Here are 2 tests. HIPS is where NIS needs to improve on.

http://zeroday-software.110mb.com/

 http://www.syssafety.com/leaktests.html


I tried to SSS and Norton passed.

=\
Kudos0

Re: HIPS

Tech no it does not. Run the 3 tests and the bottom. The eiacr test passes. The HIPS test fails. The fireall test passes. Are you using SSS 1.1.3? NIS does not stop the registry start up key from being made.
Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
Kudos0

Re: HIPS

Well I ran it with restriced privilages. Also, an auto start key is common when installing programs. Norton probably anylysed the key and determined it as non-malicious.
=\
Kudos0

Re: HIPS

Incorrect tech. Threatfire,Mamutu,Defense Wall all pass the test.
Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM

This thread is closed from further comment. Please visit the forum to start a new thread.