Hips

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

Can someone (finally) explain what this is/does, and if NIS2009 has it.  I've read that most new suites have it, but sometimes it is off by default.  What's the status with HIPS and NIS2009?  There seems to be a lot of talk about it, but I must have missed all the explanatory posts.

 

Thanks.

Shane,

 

That was nicely worded, informative and easy to understand.

 

Thanks!

I agree.  Didn't really expect that much- but I do appreciate the explanation in everyday words.  I would give it more kudos if I could.  I think he just sold a copy of NIS2009.

 

Thank you very much Shane.

I love NIS but it fails alot of HIPS tests. I was running Threatfire along side NIS and now I pass the tests but since have uninstalled Threatfire. Here are 2 tests. HIPS is where NIS needs to improve on.

 

http://zeroday-software.110mb.com/

 

 http://www.syssafety.com/leaktests.html

Thanks for the info Dieselman743.  I’m trying to make an informed decision; every little bit helps.

I just added Mamutu along side NIS 2009 and its a good match. Mamutu is alot better then Threatfire.

 

http://www.emsisoft.com/en/software/mamutu/

I’ll keep that in mind.  What I’m looking for is a suite that I don’t need companion programs with; I know every program has flaws, but I think a suite should be just that.  Maybe I look for too much.

I would highly suggest NIS 2009. I believe it to be the most comprehensive security suite on the market and I do not use any companion products with it.

 

I have used Norton Products for many years and have never been infected.

 

And, if you ever have any questions, you will always get good support here on the very active Norton Community Forums.

 

Who else can offer all of that?


Phil_D wrote:

I would highly suggest NIS 2009. I believe it to be the most comprehensive security suite on the market and I do not use any companion products with it.

 

I have used Norton Products for many years and have never been infected.

 

And, if you ever have any questions, you will always get good support here on the very active Norton Community Forums.

 

Who else can offer all of that?


 

Yeah; N.I.S. 2009 is a great Product; it is one of the best - if not the best because it has added features as well as lots of V.D.s Updates so you are always going to be Secure - Anti-Virus Product out there.  I have to say, that I do not like one particulat feature in it which is Background Tasks as there should be more Options in the Settings section.  But yeah, it is a great Product and I would not go with any other one.  Another advantage is how light it is on the system.

Here is a good review. Also every security program out there has flaws and is not 100% effectiveness. Adding a behavior blocker is a good idea and takes up no resources.

 

http://antivirus.about.com/od/antivirussoftwarereviews/fr/nis2009.htm

 

 http://antivirus.about.com/od/antivirussoftwarereviews/a/hips_behavior.htm


Dieselman743 wrote:

I love NIS but it fails alot of HIPS tests. I was running Threatfire along side NIS and now I pass the tests but since have uninstalled Threatfire. Here are 2 tests. HIPS is where NIS needs to improve on.

 

http://zeroday-software.110mb.com/

 

 http://www.syssafety.com/leaktests.html


I tried to SSS and Norton passed.

Tech no it does not. Run the 3 tests and the bottom. The eiacr test passes. The HIPS test fails. The fireall test passes. Are you using SSS 1.1.3? NIS does not stop the registry start up key from being made.

Well I ran it with restriced privilages. Also, an auto start key is common when installing programs. Norton probably anylysed the key and determined it as non-malicious.

Incorrect tech. Threatfire,Mamutu,Defense Wall all pass the test.

Hi Deuceswild,

 

I work on the team that builds the Behavioral Detection engines and HIPS is a big part of that.

 

Simply put, HIPS (Host-based Intrusion Prevention System) engines monitor all applications running on the machine for suspicious behaviors. Some examples of suspicious behaviors are "Writing to the run key", "Registering a BHO",
"Modifying the etc/hosts files" etc. Most HIPS products will simply popup an alert telling the user that "application XYZ is writing to the RUN key. Allow or Block ?" The user then makes a decision and as you can imagine, more users aren't in a position to make this decision correctly.

 

NIS2009 has a smart HIPS technology where it will look at all the behaviors of the applications and run certain heuristics on the application to determine if its a good application or a malicious application. If found to be malicious, it will automatically remove the application from the machine without prompting the user with these difficult-to-answer questions. This technology is called SONAR.

 

SONAR is ON by default in both NIS and NAV 2009 on XP 32-bit and Vista 32-bit. If you have Vista 64-bit, please see this post from Dave Cole for more information:

http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=7486#M7486

 

Hope this helps.

 

Shane.

Message Edited by Tony_Weiss on 09-24-2008 06:57 PM
6 Likes