WHIPS (Windows Host IPS)

Specialist HIPS programs are no longer being developed because HIPS is now incorporated into firewalls and security suites. This may the reason this project was abandoned in 2008, and has not been updated for Windows 7 and 8. The project website does not inform you that .NET Framework 4 is a prerequisite. There is no installer, so you have to copy the XPPack to your Programs folder, then copy SCIndexes.sci to the System32 folder, and run Install.bat. This installs the WHIPS service that should start automatically at boot-up, but does so after a considerable delay. Executing WHIPSAgent.exe opens a control panel that sits in the system tray. This contains three tabs - ACD; Monitor Log and Status. There is no documentation for users apart from the introduction at the project website, but ACD appears to refer to the Access Control Database that contains all rules defining system behavior. When I press the Refresh ACD button no entries are displayed the ACD panel. In the ACD tab are buttons to insert and delete filters that define which processes can make system calls. The approach here is to limit system calls to legitimate processes and block calls from unrecognized processes. There are also buttons for enable protection, disable protection and log only. It is not clear if the user has to manually enable protection every time the system boots up. The monitor log tab just shows a message saying 'log file not found'. The status tab is empty. This looks like an original approach to HIPS, but I think the average user would be better off using Malware Defender, because it requires an advanced knowledge of the operating system.