What is HIPS and what isn’t?

I support Microsoft’s attempt to introduce kernel patch protection whole heartedly and I don’t have a too high opinion about HIPSs either, but this interview can only be characterized as:

  • Microsoft trying to say: look, HIPS products can work with KPP
  • Sophos saying: we have HIPS too

To make it even clearer: running an executable in an emulator and watching its actions (observing the genes) isn’t new, Sophos isn’t the first (or even the best) at it and it certainly isn’t HIPS.

Repeat after me: heuristic detection != HIPS.


Leave a Reply

Your email address will not be published. Required fields are marked *