It is difficult to find a title for this post. This is an important topic for even a "novice" computer user to get their head around. But it seems to be an onion in the sense that it takes layers of explanations to get to a common language description of what HIPS means to you; ie, why it is important to you.
HIPS stands for Host Intrusion Prevention System. That doesn't mean a whole lot to me and I suspect it doesn't mean a whole lot to you. But it is related to keeping your computer and home network secure; in fact, it is fundamental to maintaining your own security.
I use the term AntiMalware to stand for any computer program that detects and perhaps manages infections on your computer, your network, and the internet. Programs that are called AntiVirus fall in this category, as well as programs that extend their protection to unwanted programs on your computer or in your browser that perhaps just throw up additional ads while you are surfing the internet, or pop up ads on your computer that are a nuisance. Malwarebytes falls in this category.
AntiMalware detect malware through two major techniques. One is by Signature. They look at each object's (program module and data file) construction, such as number of bytes, or certain bit/byte patterns within the object, to identify it as a threat. This is the most common way to determine if an object is malicious. But there is another way to detect malware: look at what the program or data file is "doing." It might change a registry entry in a special way, or it might try to gain access to services on your computer that normal programs shouldn't access. That is what HIPS-based antimalware do. That is how they work.
Some antimalware programs do both Signature-based detection and HIPS-based detection. In fact, that is the main point of this blog entry: when you are evaluating antimalware for use on your computers, you should be looking in their description for both Signature-based algorithms and HIPS-based algorithms.
An important note: You don't need to have an antimalware program that does both. But you need to have both types of protection. So you might pick a good Signature-based antimalware program and a good HIPS-based program. Also, you might want more sophisticated protection on a laptop or tablet that sees public wifi networks. That environment is the most likely source of infection. (Then you bring the laptop or flash drive home and infect the other computers on your network.)
This discussion was inspired by an article I read on the Malwarebytes blog. (Click here) I hope with this introduction you can get something out of that article.
No comments:
Post a Comment