These days all users face the real risk of having malicious programs secretly install themselves on their computers. Anti-virus and anti-spyware products dramatically reduce the chance of infection, but they're not perfect. In particular, they are prone to miss new malware products which are not yet included in their signature databases. They can also fail to detect malware programs that are cleverly disguised to avoid detection.

To prevent these malevolent programs from slipping by your AV and anti-spyware programs, you need additional defenses, such as a Host based Intrusion Prevention program (HIPS). These programs identify intruders by their behavior, rather than by their characteristic fingerprint. HIPS programs are not limited to the detection of specific malware products; rather, they can target a wide range of interlopers. For the most part, HIPS programs all work in a similar manner; they stop any suspicious behavior and then ask the user whether he or she wants to allow it. This, as we shall see, can be a mixed blessing.

Unfortunately, most HIPS programs, including the popular free programs WinPatrol and Prevx, generate a lot of warning messages, and many of these are quite cryptic. These messages tend to alarm many less-experienced users who feel there is something wrong and simply don't know how to respond. That's why these products are only suitable for the very experienced (and very patient).

Thankfully, a new generation of HIPS programs has emerged that use white lists, black lists, policies and behavior analysis rules, along with other techniques, to reduce the number of messages and the load on the user.

Editor's Choice:

A prime example of this class of product is ThreatFire (formerly Cyberhawk) from PCTools. It's available as a free or paid version, and I use the free version on one of my PC's. It only occasionally issues warnings, but when it does the warnings are usually real and need to be taken seriously. In essence, it provides a vital additional layer of protection to my AV and anti-spyware scanners, and at little cost in terms of annoyance and no cost in terms of my wallet. It is the stand-out free product in the HIPS category.

There are some other solid contenders. Blink Personal from eEye is a HIPS with a firewall, as opposed to products like Comodo and ZoneAlarm Pro that are firewalls with HIPS.

Product Specifications:

ThreatFire
Website: http://www.threatfire.com/download/
Author: ThreatFire
Date: 04/28/2008
Version: 3.5.0
Download File size: 21MB
License: Freeware
Operating systems supported: Windows 2000 - Vista
64 Bit Capable: yes
Portable version available: no
Other languages supported: no
Additional Software Required: no

Blink
Website: http://www.eeye.com/html/consumer/products/blink/download/index.html
Secondary download mirror: http://www.download.com/Blink-Personal-Edition/3000-2239_4-10658343.html?tag=lst-1
Author: eEye Digital Security
Date: 04/28/2008
Version: 3.2
Download File size: 41.5MB
License: Free for personal or home use
Operating systems supported: Windows 2000 - XP
64 Bit Capable: no
Portable version available: no
Other languages supported: no
Additional Software Required: no