I rely on HIPS for my home protection, not anti-virus
I know many people might not agree, and would even see my statement of relying on HIPS and not anti-virus as dangerous information to tell…
I know many people might not agree, and would even see my statement of relying on HIPS and not anti-virus as dangerous information to tell people… but with so many ways to bypass anti-virus, and some studies showing many anti-virus software being vulnerable to attack… I think I’ll be okay.
HIPS
HIPS (host intrusion prevention system) is host-based software that allows you to apply layer 7 policy to your computer. I can prevent many types of attacks, network connections, and executables from running; or even run with limited access.
I mostly use my windows machine for gaming and some light web browsing in between gaming sessions, so locking things down isn’t too difficult. If I were doing development with IDEs, VMs, docker, etc. I’d have a much more difficult time locking it down properly, but most executables are in known and controllable locations that don’t get too complicated.
Policy
The policy I have on my system is pretty straight forward, complexity is the enemy of security. If an executable isn’t in a certain folder path then it can’t run, period. Anything in Windows, program files, or steam directory is allowed to run. Temp is hit an miss as some games install additional things and extract things to temp to run, in which I try limited, else I disable temporarily… not the best solution, but it’s what I’m willing to do.
I do have a folder path that allows limited system access, just enough to run and not change anything in the registry, system files (even with admin), or anything outside of the application like startup. I use that for portable applications, things that don’t need installation to run, or the need to change anything on the system.
Firewall
I honestly don’t use this feature very much. If it’s not an established or replayed connection coming into my system then it’s not allowed. I don’t run any servers on my computer. I also mostly rely on my network firewall to restrict most protocols like RDP, Telnet, etc. as I don’t use those things.