Do you really need another firewall? Both Avast and Windows each have one. I’ve been using Avast for many years now and it seems more then adequate for the average PC user. To each his own I guess? :
Do you really need another firewall?+1 ;)
Do you really need another firewall?With today's ever evolving zero day malware, you definitely need a firewall with HIPS protection. You are kidding yourself if you believe otherwise. If you need further convincing, browse the Avast virus and worms section of this forum and start counting the number of instances of users getting nailed with zero day exploits. Bottom line, no retail available software based anti-malware will protect you 100%. Some products such as DefenseWall come close but are worthless against any existing resident malware.
Malware can “jump” sandboxing. Now you can create a virtual machine and always run your browser from the VM. However, you will have to eventually transfer what you downloaded from the VM to your real OS. I am sure malware creators will develop ways if they already don’t exist to detect they are on a VM and remain in a stealth status until transfered to a real OS. Then you have the overhead of maintaining the VM.
I am a firm believer of that old saying “an ounce of prevention is worth a pound of cure.” One can spend hours or days in many cases removing malware versus responding to occasional alerts from the HIPS. Then there is the cost of having PII data stolen while your infected.
Considering that I’m using the Windows Firewall, and work on a clean computer,
I’d say that shoots some holes in your statement.
But, we also have some forum members who check every link they go to through all kinds of
3rd party scans.
So I guess it comes down to just how paranoid one want’s to be. ;D
For me my current protection along with a regular backup scheme has so far always paid off.
I had enough of HIPS in my year of using Comodo. I’ll never go that way again. I think the Win 7 Firewall, with outgoing filtering enabled by either the Windows Firewall Notifier or Windows Firewall Control is sufficient.
Well, a HIPS can be quite demanding… 
Well, a HIPS can be quite demandingSo far PrivateFirewall's HIPS has been the quitest HIPS I have ever used. I have received one popup from the always borked unsigned nvsvc NVidia service and that was it. Now I haven't turned on PF's Process Detection yet so the final verdict is still out. :-\
At this point though, I would say that PrivateFirewall is a firewall with HIPS for the masses. The only configuration change was to set Network Security on the Home Profile to High since I am on a single PC. I also had to set Norton’s AV and MBAM’s applications to allow from filtered since PF’s firewall was blocking some of the dial-outs.
Again a HIPS is only as chatty as you configure it. If your truely paranoid and set it to monitor everything including every outbound connection, of course your going to see a lot of alerts. You can then put on your tin foil covered hat and wait for an alien PC abduction. ;D
BTW - Comodo in it’s default Proactive configuation results in Defense+ remaining silent for the most part. The difference in HIPS between default setups of Comdo and PF HIPS is PF is still monitoring all critical OS files whereas Comodo’s Defense+ will only do that if you set its settings to maximum ProActive. When you do that, you will see many more alerts. Finally PF has System Anomaly Detection which will detect application run behavior deviations from the norm based on a set percentage value. It’s the only HIPS I know of that has that feature. A great way to catch a rogue process in the act!
Hi, care to give some examples? Even by PM if you care to.
hmmmm…why dont you ask google…then you dont have to wait
Think sandboxing will stop malware? Here’s why you’re wrong, Apple
http://www.guardian.co.uk/technology/blog/2011/nov/08/sandboxing-malware-failure
At this point though, I would say that PrivateFirewall is a firewall with HIPS for the masses.That's provided you don't use avast! ??? Not a good choice in my opinion. :(
Great link there Pondus!
For those to lazy to read the entire article, I copied the relevant portion dealing with sandboxing.
[i]Sandboxing
We’ve already discussed that sandboxing allows for an application’s rights to be limited and why asking the user to confirm those rights via permissions is a largely pointless affair.
In the MAS requirements we find things like “an application can only write to its own private folder” (and not wherever it fancies writing on the disk). OK, laudable - this means that an application distributed via the Mac App Store cannot find my private documents and transmit them back to Malware HQ.
Ignoring the fact that malware authors are not going to use curated app stores, sandboxing doesn’t prevent you from building a botnet. From first principles, we know that a botnet just needs to be able to receive commands from a “command and control” server and then do some work. If we’re sending spam, we need to receive a list of email addresses, build each message in turn and then send them to an SMTP server of our choice. Sandboxing doesn’t catch any of that. In fact, neither do fine-grained permissions - all we need there is permission to talk to the internet and we’re done.
So we’re back to a false sense of security. “It must be OK because it will run in a sandbox.” No, it just means it could be a class of malware that operates adequately within a sandbox.
For reference, the video from Charlie Miller referenced at the top of this article exploits a hole in code signing and runs properly with a sandbox. That’s the perfect illustration of the problem: malware is about exploits, not about constraining developers.
The sinister problem with sandboxing is that it stifles innovation without offering any real malware protection at all. For me, Apple significantly fails with regards to what a user’s data actually means. My data is my data, and I shouldn’t have to be reduced to tears by the complexity of getting a Word document onto my iPad. If I have data on one device it should flow effortlessly to all of the other devices that I operate. We have the bandwidth and understanding to do this now - it’s a trivial problem. My fear with sandboxing is that it pushes this argument in the wrong direction by further restricting data rather than freeing it up. The strength of the personal computer is that you can take data that you own, then massage and manipulate it using any software that you wish to install. That becomes increasingly difficult when the sandbox is in play.[/i]