1. Technology
You can opt-out at any time. Please refer to our privacy policy for contact information.

HIPS and Behavior Blocking


A host intrusion prevention system (HIPS) monitors each activity a program attempts and (depending on configuration) prompts the user for action or responds based on predefined criteria. Conversely, behavior blockers monitor and profile whole program behavior. When a collection of behaviors tips the scale, the behavior blocker will (depending on configuration) alert the user or take action against the entire program based on predefined criteria.

Though they sound similar, HIPS is application-level control (i.e. this program is allowed to do X but not Y), whereas behavior blocking is more cut and dry - the entire application is either good (allowed) or it is not. Fortunately, many of these types of products combine both. Still, for those that don't, it pays to understand the differences.

While HIPS allows far more granular control, it is best suited for experienced users who have both the knowledge and the patience to answer the prompts and make the proper configuration choices. Used properly, HIPS cannot only offer superb protection for your PC, it can also educate and inform you about the individual actions certain programs take.

Because it assesses a collection of actions taken by a program, behavior blockers help with much of the decision making. For example, a program deemed to be wholly bad is typically automatically quarantined with no input from the user. And since behavior blockers are concerned with the entire program rather than individual actions, they can be far simpler for users to understand (and thus use appropriately). For this reason, behavior blockers are ideal for the less experienced user.

When combined, behavior blocking technology can make the decision for the HIPS side of the equation - something both novice and experienced users will appreciate. Even more of a plus, both HIPS and behavior blockers can be run together (and both in conjunction with traditional signature based antivirus software and firewalls).

Is it overkill?
With an estimated 30,000 new malware requiring analysis daily, it's difficult for signature-based scanners to keep up. As a result, many antivirus vendors are adding a blend of HIPS and behavior blocking to their Internet security suites. If your antivirus doesn't provide these features, it's a good idea to add that extra layer. A good one to try (and free) is PC Tools ThreatFire.

Of course, no amount of protective software is a replacement for good user habits.

Related Video
How to Minimize Hips
Install a PC Power Supply
  1. About.com
  2. Technology
  3. Antivirus Software
  4. Antivirus Reviews - Windows
  5. Essential Addons for Antivirus
  6. HIPS and Behavior Blocking

©2014 About.com. All rights reserved.