Free HIPS (Host Intrusion Prevention System) and Application Firewalls

Free Application Monitoring Software, Rootkit Prevention and Host-based Intrusion Prevention Systems

You are here: thefreecountry.com (main page) > Free Security Resources > Free HIPS (Host Intrusion Prevention System), System and Application Monitoring Software

Free HIPS (Host Intrusion Prevention System), Application Firewalls and Monitoring Software

Software that implement HIPS, or Host Intrustion Prevention System, allow you to monitor all applications, drivers, shared libraries (DLLs), and other activities that occur on your system. For example, in Windows, HIPS software often check when programs are loaded (whether in the foreground or invisibly, behind your back, in the background), when drivers are being installed or loaded by programs, when global hooks or keyboard hooks are inserted into your system, when code is injected into another process (that is, running program) by another program, etc. Some of them allow you to prevent such programs from running and also allow you to kill (terminate) any programs that may already be running. They may be useful, for example, in helping you detect when a rootkit, keylogger, spyware or trojan is being installed into your system. Such host-based prevention systems or application and system monitoring software often work beside your personal firewalls (for the network or Internet), antivirus software and anti-spyware and anti-malware tools.

Note that this page does not lists commercial HIPS software like System Safety Monitor (download free 60 days trial) which provides you with a very fine level of control over your system (and even monitors the registry, the INI files, IE settings, etc). You should also note that certain commercial vendors feature complete solutions, which include a software firewall (for the network/internet), antivirus, anti-spyware, anti-trojan and application monitoring (HIPS). One well-known example is Kaspersky Internet Security.

Disclaimer

The information provided on this page comes without any warranty whatsoever. Use it at your own risk. Just because a program, book, document or service is listed here or has a good review does not mean that I endorse or approve of the program or of any of its contents. All the other standard disclaimers also apply.

Free HIPS (Host-based Intrusion Prevention System), Application and System Monitoring Software

System Safety Monitor Free Edition: The free edition of this commercial software tracks the loading of device drivers, installation of global hooks, monitors the startup menu, tracks INI files, and has rudimentary support for monitoring the registry, processes and IE settings. The commercial version has full support for monitoring the registry, processes, IE settings, monitoring of low level disk access, etc, as well as all the features of the free version. The free edition runs under Windows 9x, 2000 SP4 and above, and XP SP 1 and above.
OSSEC Open Source Host-based Intrusion Detection System: OSSEC performs log analysis, integrity checking, rootkit detection, real-time alerting and active response. The Windows version also does registry monitoring. The program runs on Windows, Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, Solaris, HP-UX, AIX, and any POSIX-compliant operating system. It is open source and distributed under the GNU General Public License.
Samurai: Samurai is a system hardening tool with host intrusion Prevention (HIP) features. Once you enable the anti-rootkit option, it will warn you if a program tries to install a kernel driver.
AntiHook 2.6: This Host Intrusion Prevention (HIP) program monitors the launching of applications and processes, protects against the termination of your security software (such as your firewall and antivirus software), loading of DLLs such as ActiveX controls, loading of kernel drivers (such as used by kernel rootkits), injection of code into other running programs, installation of system-wide (global) Windows hooks, and so on. Version 2.6, a Windows 2k/XP program, is free (though not the later versions).
ProcessGuard Free: ProcessGuard controls application execution, protects programs from termination (to protect malware from killing your antivirus software or firewalls), protects applications from modification by other processes (code injection, etc), and protects your processes from being read or viewed by other processes. The program requires Windows 2000, XP or 2003.
Winsonar: Winsonar monitors processes (programs) running on your system. If a new or unknown process is detected, it will notify the user, who can then take action such as terminating it. Note that it does not prevent the program from running, it merely notifies you and allows you to terminate it, or allows you to set it up so that it automatically kills certain programs when it starts running. It works under Windows 98, 2000 and XP.