DefenseWall HIPS

Softsphere Technologies

http://www.softsphere.com

DefenseWall HIPS (Host Intrusion Prevention System) is the simplest and easiest way to protect yourself from malicious software (spyware, adware, keyloggers, rootkits, etc.) when you surf the Internet! Using the next generation proactive protection technologies, sandboxing and virtualization, DefenseWall HIPS helps you achieve a maximum level of protection against malicious software, while not demanding any special knowledge or ongoing online signature updates.

DefenseWall HIPS divides all applications into 'Trusted' and 'Untrusted' groups. Untrusted applications are launched with limited rights to modification of critical system parameters, and only in the virtual zone that is specially allocated for them, thus separating them from trusted applications. In the case of penetration by malicious software via one of the untrusted applications (web browsers etc), it cannot harm your system and may be closed with just one click! With DefenseWall HIPS, Internet surfing has never been so simple, safe and easy. Try it today, and you will be convinced!

Also see DefencePlus (previously known as Anti-Cracker Shield) and DefencePlus "Server Edition"

Free download, Cost for registration

Information updated: 20 Feb 06

McAfee Host Intrusion Prevention

McAfee

http://www.mcafee.com

Your systems and applications are under constant attack from vulnerability based zero-day exploits, application access and data theft. Host Intrusion Prevention Systems (HIPS) monitor and block such unwanted activity. McAfee Host Intrusion Prevention protects your assets with multiple proven methods, including a system firewall and both signature and behavioral analysis. Standalone products have cumbersome non-integrated management platforms that prevent many companies from deploying the comprehensive protection they need against today’s blended threats. McAfee Host Intrusion Prevention integrates into your existing ePolicy Orchestrator management platform, for accurate, scalable and easy-to-use advanced system protection. With automatic signature updates and zero-day protection, you get the advanced vulnerability-shielding capabilities you need. Patching systems is something you will do less often and less urgently, and you will find it easier to comply with legal regulations. With a single agent for host intrusion prevention and desktop firewall, McAfee Host IPS is easy to deploy, easy to configure, and easy to manage.

Commercial

Information updated: 20 Feb 06

Primary Response SafeConnect

Sana Security Inc.

http://www.sanasecurity.com

Primary Response SafeConnect delivers a whole new approach to PC security with a standalone solution that provides instant and constant protection against spyware and adware threats. Advanced behavioral technology detects and removes malicious software attacks as they occur, eliminating the need for scanning and signatures. As a result Primary Response SafeConnect delivers a higher level of protection that is not only more user-oriented but is also more effective and reliable.

Primary Response SafeConnect is the first threat protection solution designed with the user in mind to radically simplify security:
* Comprehensive protection against many different attacks in a single solution
* Instant detection and removal of malicious software in real-time without scanning
* Constant protection that is always up-to-date without requiring signature updates
* Complete removal that eliminates all traces of malicious software and prevents reinstallation

Also see Primary Response for a centrally managed solution, and Attack Shield for targeted protection from network worms.  SafeConnect OnDemand is designed for unmanaged resources accessing the corporate network.

Commercial

Information updated: 20 Feb 06

Cisco Security Agent

Cisco Systems, Inc.

http://www.cisco.com

Cisco Security Agent provides threat protection for server and desktop computing systems, also known as endpoints. It helps to reduce operational costs by identifying, preventing, and eliminating known and unknown security threats. The Cisco Security Agent consolidates endpoint security functions in a single agent, providing:
* Host intrusion prevention
* Spyware/adware protection
* Protection against buffer overflow attacks
* Distributed firewall capabilities
* Malicious mobile code protection
* Operating-system integrity assurance
* Application inventory
* Audit log-consolidation

Because Cisco Security Agent analyzes behavior rather than relying on signature matching, it never needs updating to stop a new attack. This zero-update architecture provides protection with reduced operational costs and can identify so-called "Day Zero" threats."

Commercial

Information updated: 20 Feb 06

Host Intrusion Prevention Service

SecureWorks Inc.

http://www.secureworks.com

Host Intrusion Prevention takes your security defenses beyond perimeter security by protecting critical servers from internal attacks and from external attacks where hackers use encryption as an attack technique.

SecureWorks’ Host Intrusion Prevention Service (HIPS) provides an application firewall to ensure that the application is doing only what it is supposed to be doing. When encrypted traffic is received and decrypted by the operating system on the host machine, the HIPS agent intercepts instructions prior to reaching the application to prevent malicious activity.

Why Implement Host Intrusion Prevention as a Service?
SecureWorks has wrapped the Cisco® Security Agent (CSA) with our award-winning 24x7 managed services to deliver Host Intrusion Prevention Services (HIPS). Host Intrusion Prevention is complex and difficult to configure – and it can cripple the applications on the host server when implemented incorrectly. SecureWorks provides HIP as a service so that our skilled security analysts can define policies, configure rules, monitor your environment and tune the system to protect your critical assets. Threats are prevented in real-time and then evaluated by a security analyst as needed for escalation or policy tuning.

Host Intrusion Prevention Service Features
An expert security team monitoring your Security Console
24x7 monitoring and first response to prevent hacker attacks directed at your protected servers
Real time, behavior-based attack blocking
Elimination of known and unknown attacks (zero day)
Customized security policy design and tuning
Immediate updates as new attacks are identified
In-depth reporting on attempted intrusions
Precision escalation matrix
Superior protection against buffer overflow, port scans and SYN floods
Enhanced protection from encrypted traffic, infected floppies, laptops, consultants and providers who can access your network over an encrypted channel
Secure access to web-based reporting console through two-factor authentication
Logging and reporting of all intrusion events

Commercial Service

Information updated: 25 May 06

Third Brigade Deep Security

Third Brigade Inc.

http://www.thirdbrigade.com

Third Brigade Deep Security is an advanced intrusion prevention system (IPS). It provides the best and last line of defense against attacks that exploit vulnerabilities in commercial and custom software, including web applications. It enables you to create and enforce comprehensive security policies that proactively protect hosts, applications and sensitive data. The system consists of three main components:
* Deep Security Manager
* Deep Security Agent
* Deep Security Gateway

Third Brigade Deep Security has been architected for today’s demanding multi-platform, multi-server enterprise environments. It provides deep, flexible protection for Windows, Linux, Solaris and other hosts.

Deep Security can be deployed as a host-based, or network-based, IPS.

Commercial

Information updated: 25 May 06

Symantec Critical System Protection

Symantec Corporation

http://www.symantec.com

Symantec Critical System Protection protects against day zero attacks, hardens systems, and helps maintain compliance by enforcing behavior-based security policies on clients and servers. A centralized management console enables administrators to configure, deploy and maintain security policies, manage users and roles, view alerts, and run reports across heterogeneous operating systems.

Key Features
* Includes pre-defined application policies for popular Microsoft interactive applications.
* Out-of-the-box policies continuously lock down the OS, high-risk applications, and databases to prevent unauthorized executables from being introduced and run.
* Offers broad platform support including Microsoft Windows, Sun Solaris, and Linux.

Key Benefits
* Provides proactive, host-based security against day zero attacks.
* Offers protection against buffer overflow and memory-based attacks.
* Helps maintain compliance with security policies by providing granular control over programs and data.

Commercial

Information updated: 20 Feb 06

ThreatSentry

PrivacyWare Inc.

http://www.privacyware.com

ThreatSentry — Host Intrusion Prevention Software + Application Firewall

ThreatSentry is a Host Intrusion Prevention software application (HIPS), designed to protect Windows Web servers running Microsoft Internet Information Services (IIS). ThreatSentry is comprised of two powerful components. The first is an Application Firewall, pre-configured with a knowledgebase of known exploitive techniques and attack characteristics. Administrator can establish explicit guidelines for permissible and/or denied activity. The application firewall is coupled with an advanced neural-based Behavioral Engine that organizes server requests into a multi-dimensional baseline of typical system activity. Each server connection is scrutinized by the rule-set configured in the application firewall and the behavioral baseline to identify and take action against any activity falling outside trusted parameters. ThreatSentry’s intrusion prevention capabilities progressively improve as the baseline evolves automatically or based on input from the system administrator. ThreatSentry is an easy to use enterprise-grade solution - at a small-business price.

Commercial

Information updated: 20 Feb 06

Proventia Desktop

Internet Security Systems

http://www.iss.net

IBM Proventia Desktop Endpoint Security provides 'ahead of the threat' protection against both known and unknown types of malicious attacks that can result in computer downtime or critical data loss.

Complete Desktop Protection - Proventia Desktop offers preemptive protection, the only effective way to preserve network uptime and avoid the negative business impact caused by Internet attacks. Proventia Desktop works ahead of the threat to block attacks before they can cause outages and contribute to data loss. It is a simple-to-use, all-in-one solution that delivers effective, cost-efficient and standardized security for your enterprise's most commonly used IT assets.

You benefit from:
* Robust protection at a lower cost with multi-layered security architecture that blocks attacks through both the application and network threat vectors. Proventia Desktop offers the most robust and effective protection available for desktop systems.
* Easy integration with existing corporate infrastructure, including interoperability with Active Directory, most e-mail and Web clients, and popular antivirus and Virtual Private Network (VPN) software.
* Compliant desktop systems that are running protective software, like the desktop agent or antivirus, before local access to the corporate network or remote access through a VPN is granted. Centrally managed security updates keep users current automatically.

The endpoint is the new perimeter. Protect it with IBM's Proventia Desktop, one of the most effective endpoint and data loss prevention solutions on the market.

Commercial

Information updated: 06 Sep 2007

BlackICE PC Protection

Internet Security Systems

http://www.iss.net (via digitalriver.com)

BlackICE PC Protection Guards and Secures Against:
# Theft of personal identity, passwords or credit card info and more…
# Hackers using your PC to launch attacks against other PC users
# Computer downtime and system crashes

BlackICE STOPS ATTACKERS COLD
# BLOCKS hacker attacks instantly
# PREVENTS destructive applications like worms and Trojans from ever starting
# REPORTS attempted attacks and identifies intruders
# SECURES any Internet connection, including dial-up, DSL, or cable modem

BlackICE PC Protection is Powerful and Easy-to-Use - BlackICE teams a personal firewall with an advanced intrusion detection system to constantly watch your Internet connection for suspicious behavior. BlackICE responds immediately by alerting you to trouble and instantly blocking the threat.

BlackICE PC Protection now features Application Protection, an exciting new feature designed to shield your PCs, laptops and workstations from hijack by an attacker, and protects you from Trojan horse applications, worms and other destructive threats.

BlackICE's Application Protection quickly and invisibly defeats dangerous programs that attackers deliver through instant messaging, email, or even your Web browser! BlackICE stops these destructive programs before they do harm-like damaging your PC or launching email attacks against your friends and co-workers.

BlackICE automatically detects and blocks attacks through a comprehensive inspection of all inbound and outbound information to your computer. And BlackICE PC Protection is constantly working to secure your dial-up, DSL, and cable modem from hackers 24 hours a day, every day of the year.

Key Features
BlackICE PC Protection offers:
# Professional-strength protection from hackers for your home PC
# An advanced Intrusion Detection System (IDS) Plus a Firewall!
# Easy installation and "out-of-the-box" protection means you're instantly protected

Commercial

Information updated: 20 Feb 06

WehnTrust

Wehnus

http://www.wehnus.com

WehnTrust is a Host-based Intrusion Prevention System (HIPS) that provides secure buffer overflow exploitation countermeasures. While other Windows based intrusion prevention systems are only capable of working with a pre-defined group of applications, WehnTrust's technology allows it to work with virtually all software products. Perhaps best of all, WehnTrust is currently free for home use.

WehnTrust implements Address Space Layout Randomization (ASLR) for Windows. While ASLR is a common security measure for UNIX-based operating systems thanks to the PaX Team, it has not been widely implemented for, or deployed on, Windows. When implemented properly, ASLR mitigates nearly all exploitation techniques. The commercial version of WehnTrust also provides other security mechanisms that help to augment ASLR.

Free for home use, Commercial

Information updated: 20 Feb 06

System Safety Monitor 2.0

System Safety Limited

http://www.syssafety.com

System Safety Monitor (SSM) allows you to track down Microsoft Windows operating system activity in real-time and to prevent undesirable actions from various malware and spyware programs. SSM's main goal is to discover and block malicious actions of any application.

SSM keeps track of the activity of all applications already started or being started and allows you to control:
* which application can be started;
* which child application can be started by a selected one;
* which parent applications are allowed to start a selected one;
* whether a selected application is allowed to start if it was modified;
* whether a selected application is allowed to install a driver;
* whether a selected application is allowed to perform code-injection or DLL-injection;
* create/terminate a process (application);
* suspend a process and resume it afterwards;
* watch the list of DLLs loaded by a selected application.

Tracking and blocking changes in the following important operating system parts:
* Windows registry;
* drivers and services state;
* INI-files;
* "Startup" item of Start menu;
* Microsoft Internet Explorer settings.

Window management:
* watches running applications windows;
* runs "black list" of applications windows, closes "unwanted" applications windows automatically;
* browses the list of applications windows created in the system;
* shows invisible applications windows, hides visible ones, enables user input for "locked down" applications windows.

Free

Information updated: 21 Feb 06

Prevx1 ABC

Prevx

http://www.prevx.com

70% have inadequate PC security and are infected - 70% of PC users have no PC Security at all or are using a PC security product which is either unlicensed or has not been updated for a very long time. Most, if not all of these users' PCs will be infected with numerous Adware, Spyware and viral infections exposing themselves to credit card fraud, identity theft and other forms of cyber crime whenever they use the Internet.

Powerful Protection - Prevx1 ABC is a powerful PC security solution. It was designed to be used as a standalone security product replacing your existing Antivirus, Antispyware and security suites. However, it has been proven to work collaboratively with all of the major security products significantly strengthening the systems' defences against all forms of cyber attack. Many users however, choose to put their faith in Prevx1 as a standalone solution. Running one product is more convenient and uses less resource than running several. The choice is of course, up to you.

Stops New and Established Threats - Prevx1 ABC will protect your system from attack by viruses, trojans, worms, adware, spyware and hackers. It offers much stronger protection than conventional Antivirus or Antispyware products. It will also protect you from established threats as well as new and evolved malware which bypass conventional products with ease.

Prevx 1 Community Provides Safety In Numbers - When you use Prevx1 ABC your system becomes part of a huge community of PCs. Being part of that community allows your PC to learn about and protect against new and evolving threats much faster than using conventional security products. Whenever your PC tries to install or run a program it has never seen before it interrogates our centralized community database to find out if the program is known and safe to run. If it is then the program will be run without delay or interruption. If not the program will be blocked and you will be alerted to the risk it poses.

Prevx1 sees more and protects better - Twenty-four hours a day our Centralized database monitors the propagation and behaviour of new or unknown programs automatically deciding to block programs which pose a threat to our user base. Daily, more than 50,000 new programs are seen within the Prevx1 community. On an average day 2,000 or more new or modified programs are blocked because of malicious behaviour. Compare these statistics with those of our competitors who manually identify around 1,000 new malicious programs per week.

Prevx1 Packs In More Security Technology Than Any Other Agent - Prevx1 ABC incorporates a wide range of security technologies to protect you and your system. Click here to see the list of protection features you get in Prevx1 ABC

Prevx1 ABC is very easy to install and virtually silent in normal operation. It is designed for every day users like you and me, as well as those technically advanced users who want an automated solution to their security needs.

See also Prevx1 Pro & Expert, Prevx1 Family, and Prevx1 Enterprise.

Free for home use, Commercial

Information updated: 21 Feb 06

AppDefend

Ghost Security

http://www.ghostsecurity.com

AppDefend is a kernel based application protection system, designed to be secure whilst using few resources. AppDefend intercepts various privileged actions and lets you decide whether they should occur or not.

Without AppDefend you are highly vulnerable to rootkits, worms, viruses and spyware. In some cases without AppDefend, the only way to fix the problem would be to format your hard drive and start fresh.

AppDefend is designed to work on Windows XP, 2000 and 2003

What does AppDefend protect against?
Rootkit Installations
Process Creation
Process Execution
Process Modification
Thread and Process termination
Thread Context Changing
Network Access
Direct Physical Memory Access
Global Hooking
Remote Thread Creation
Thread and Process Suspension

Commercial

Information updated: 21 Feb 06

Last page update:  06 Sep 2007