A host intrusion prevention system (HIPS) monitors each activity a program attempts and (depending on configuration) prompts the user for action or responds based on pre-defined criteria. Behavior blockers monitor and profile whole program behavior. When a collection of behaviors tips the scale, the behavior blocker will (depending on configuration) alert the user or take action against the entire program based on pre-defined criteria. While they sound similar, HIPS is application-level control (i.e. this program is allowed to do X but not Y), whereas behavior blocking is more cut and dry - the entire application is either good or it is not.
While HIPS allows far more granular control, it is best suited for experienced users who have both the knowledge and the patience to answer the prompts and make the proper configuration choices. Used properly, HIPS cannot only offer superb protection for your PC, it can also educate and inform you about the individual actions certain programs take.
Because it assesses a collection of actions taken by a program, behavior blockers help with much of the decision making. For example, a program deemed to be wholly bad is typically automatically quarantined with no input from the user. And since behavior blockers are concerned with the entire program rather than individual actions, they can be far simpler for users to understand (and thus use appropriately). For this reason, behavior blockers are ideal for the less experienced user. Of course, even experienced users will appreciate the added layer of protection - generally speaking, HIPS and behavior blockers can be run together (and both in conjunction with traditional signature based antivirus software and firewalls).
Is it overkill?
The question of when enough is actually too much is best left to the individual user. A casual computer user will likely benefit more from an Internet Security Suite combined with a behavior blocker such as PC Tools ThreatFire (formerly Cyberhawk) along with Spybot TeaTimer to guard against changes to startup Registry keys and to protect the HOSTS file. Pros: good security with fewer alerts. Cons: less granular control; the security apps determine what can and cannot run on the system.
Conversely, an experienced computer user might choose to forgo the suite approach and instead combine a standalone antivirus scanner and Spybot TeaTimer with System Safety Monitor (or other HIPS/application-level security), ThreatFire (or other behavior-based protection), a firewall (preferably permission-based), and ProcessGuard to protect these security apps from being maliciously terminated or suspended. Pros: excellent security and a high degree of user control over the system. Cons: requires considerably more experience and a generally increased level of alerts requiring user input.
Of course, no amount of protective software is a replacement for good user habits.
