Has Your Computer Got HIPS?
- Grab the RSS feed and read our posts in your leisure
- Drop a comment on this post
- Follow author on Twitter | FriendFeed
Unless you have a humanoid robot running around your house, you will say a big NO to the above question, isn’t it? But I asked about “HIPS”, not “hips”!
HIPS is a relatively new security concept that aims to provide you better protection than conventional security tools like antivirus and antispyware. HIPS – Host Intrusion Prevention System – has been steadily gaining popularity and has now been incorporated along with some antispyware (Spyware Terminator) and firewalls (Comodo Firewall Pro) to put forth a much stronger security suite.
Working of HIPS
The working of HIPS technology is pretty much simple. It aims at blocking alien files from running on your computer.
Suppose your computer has hundred files named A1, A2, A3, … ,A100.
1.When you install a HIPS software, the first thing it will do is to create a database of all the hundred files on your computer. By default, it assumes all these files to be safe.
2.HIPS keeps running silently in the background and monitors the files that are accessed (in any manner) in your computer. Now suppose HIPS finds a file named A172 trying to run somewhere on your computer. As the file was not present on your computer when you had installed HIPS, it is obviously not in the HIPS database. HIPS will consider such files as alien and will flash you an alert. You can choose to allow / permanently allow / block / permanently block the file.
Advantages of HIPS
1.As opposed to conventional security tools, HIPS doesn’t need to scan your computer again and again. It creates it’s database once and checks if the files, that get executed in your computer, are there in the database or not. The alien files (which may be viruses or spyware) can be easily blocked thereby keeping your computer safe.
2.Large daily updates, like those in antivirus and antispyware, are not required.
3.HIPS software require much less memory to run on your computer than the combination of antivirus and antispyware.
4.The HIPS feature in newer age security tools (like Spyware Terminator and Comodo Firewall Pro), can use the parent tool’s database to themselves decide which files are bad and which are not. Therefore, you get less alerts and more security.
Disadvantages of HIPS
1.A pure HIPS software cannot distinguish a bad file from a good one. Suppose your computer has two viruses on your computer when you install a HIPS software. It will now create it’s database as usual and will include the viruses too (as they were present in the computer, so they are NOT alien). However, most of the HIPS containing software have got malware detection capability themselves (like Spyware Terminator and Comodo Firewall Pro) and will weed out the harmful files for you.
2.The most irritating part in using HIPS comes when you are installing some new software. A software contains thousands of files and all of them get added to your computer when you install that software. Now if you have got HIPS running, it will see all those files as alien and will keep alerting you continuously. To tackle this, most HIPS software come with an Install Mode feature. Just before you install some software, turn on the Install Mode and your HIPS will stop working. After the installation is complete, you can turn off the Install Mode to restart your HIPS.
3.If your HIPS alerts you of some alien file (which turns out to be a virus), you may allow the file by mistake. HIPS will now allow the virus to run comfortably on your computer (as you allowed it)! Again, security embedded HIPS tools come to the rescue by detecting the viruses for themselves.
I say…
I am not a huge fan of the HIPS technology and I prefer the conventional security tools (I turn off the HIPS features in Spyware Terminator and Comodo Firewall Pro). But then it’s becoming popular and there is a good chance that you will like it. There are some pure security embedded HIPS freeware that you may try out (they can detect harmful files themselves):
System Safety Monitor Free Edition – Windows Vista/2003 Server/XP/2000/ME/98
OSSEC – Windows 2003 Server/XP/2000, Linux, FreeBSD, OpenBSD, Mac OSX
Samurai – Windows Vista/2003 Server/XP/2000/ME/98
AntiHook – Windows 2003 Server/XP/2000 (AntiHook is free for personal use only – read this).
Winsonar 2007 XP – Windows XP/2000/98
Kinda sounds like a application I used to use on my XP machines, called WinPatrol.
WinPatrol is a ‘process guard’ software; it checks for suspicious processes, registry changes etc. in your computer. It doesn’t bother for alien files, unless they are harmful.
