dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
864
share rss forum feed


MSE_fan

@rogers.com

Behaviour Blocker versus HIPS

What is the difference between a Behaviour Blocker and a HIPS.

Thanks,
MSE_fan



norwegian
Premium
join:2005-02-15
Outback

»www.google.com/search?q=What+is+···ie=UTF-8

Homework?
What specifics are you asking?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



MSE_fan

@rogers.com

I am a little bit confused: I tought that a HIPS is totaly different than a Behaviour Blocker but Emsi Soft (they have Mamutu) said that their Behaviour Blocker is in fact a HIPS.



norwegian
Premium
join:2005-02-15
Outback

2 edits

IPS - Intrusion Prevention is actually hardware. HIPS can be software on a SOHO machine doing a similar job.

Hardware:
»en.wikipedia.org/wiki/Intrusion_···n_system
»www.ciscopress.com/articles/arti···seqNum=3
»www.cisco.com/en/US/products/ps5···ome.html
»www.sans.org/security-resources/···-ips.php

Software:
Sophos write up for their engine:
»www.sophos.com/en-us/why-sophos/···ion.aspx
Topics here:
»Free HIPS program?
»Differance between IPS in router and HIPS?

»www.sans.org/security-resources/···ased.php

It's a little cloudy to say that both are different items in a SOHO environment and the firmware/software engines that run hardware against that of software on your computer with their multi-layered detection modules may seem to have similar traits to the average user.

I'm almost confusing myself.
Hope it helps clear it up a little though as terminology and language gets a little over board at times.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



planet

join:2001-11-05
Oz
kudos:1
Reviews:
·Cox HSI

My simplistic explanation would be for example a program such as ThreatFire (behavior blocker) which would monitor for code that might be malware related (heuristic) versus a program like Faronics Anti-Executable (HIPS) which prevents all non-white listed exe and dll files from running on your PC without your permission.


HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to MSE_fan

(H)IPS is a wellknown and accepted terminology in IT.

Behavior blocker... not so much. Or at least I've never come across it before.

Got a link to this Mamutu software?

Regards



MSE_fan

@rogers.com

»www.mamutu.com/en/software/mamutu/



balloonshark
Lets Go Mountaineers

join:2006-08-11
WV
reply to MSE_fan

I think a HIPS pretty much reports on everything that happens while a behavior blocker looks for patterns.
--
If we quit voting, will they all just go away?


HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to MSE_fan

quote:
»www.mamutu.com/en/software/ids/

In addition, the Behavior Blocker can monitor and stop any of the following actions:

Installation of new drivers and services
Any kind of process manipulation like DLL-injection, code-injection, patching, termination, etc.
Installation of new BHOs (Browser Helper Objects)
Changes to your Internet Explorer configuration
Hidden installations of software
Changes to your Hosts file (redirects domains)
Installations of debuggers on the system
So in a very BROAD sense, you could argue this is a HIPS in that it resides on and protects on an endhost,
but truth to tell it's all semantics to me. If you are security conscious, keep in mind the following truisms :

a) security is a PROCESS not a product
b) if it can be made by human hands, it can be broken by human hands
c) security is best designed and done in multiple (decoupled) layers

My 00000010bits.

Regards