HIPS vs Behavior Blocking

A host intrusion prevention system (HIPS) monitors each activity a program attempts and (depending on configuration) prompts the user for action or responds based on pre-defined criteria. Behavior blockers monitor and profile whole program behavior. When a collection of behaviors tips the scale, the behavior blocker will (depending on configuration) alert the user or take action against the entire program based on pre-defined criteria. While they sound similar, HIPS is application-level control (i.e. this program is allowed to do X but not Y), whereas behavior blocking is more cut and dry - the entire application is either good or it is not.

While HIPS allows far more granular control, it is best suited for experienced users who have both the knowledge and the patience to answer the prompts and make the proper configuration choices. Used properly, HIPS cannot only offer superb protection for your PC, it can also educate and inform you about the individual actions certain programs take.

Because it assesses a collection of actions taken by a program, behavior blockers help with much of the decision making. For example, a program deemed to be wholly bad is typically automatically quarantined with no input from the user. And since behavior blockers are concerned with the entire program rather than individual actions, they can be far simpler for users to understand (and thus use appropriately). For this reason, behavior blockers are ideal for the less experienced user. Of course, even experienced users will appreciate the added layer of protection - generally speaking, HIPS and behavior blockers can be run together (and both in conjunction with traditional signature based antivirus software and firewalls).