How can you differentiate between hips hids and an antivirus?
Are Host IDS and Host IPS an antivirus software? What's the difference between the above? A blog I was recently reviewed had the explanation of both - HIDS stands for “host-based intrusion detection system,” an application monitoring a computer or network for suspicious activity, which can include intrusions by external actors as well as misuse of resources or data by internal ones. Host Intrusion Prevention System (HIPS) is a security technology that protects computers from unidentified viruses and Suspicious Behavior. It includes both pre-execution behavior analysis and runtime behavior analysis.
We'll talk about HIDS HIPS one by one.
The 'D' stands for "Detection". It means that the protection system will be able to detect and alert upon a possible security event, but it will not attempt to block anything. The 'P' stands for "Prevention". This means that when the protection system detects a possible security event, it will automatically try to block it. Since an anti-virus main use is to actively block the access to files detected as malicious, then it would be nearer to an HIPS than and HIDS. Are they the same thing? This is a good question, especially since Wikipedia states that "The lines become very blurred here, as many of the tools overlap in functionality." Historically speaking: no. An anti-virus primary goal is to detect and block access to malicious files, while and HIPS solution has a broader goal: it may track changes on the file system (to detect changes not necessarily implying any malicious code, like an unexpected settings change for instance), analyze log filess (system and application logs), check the system components to detect any irregularities, and indeed also try to detect potential malware. An HIPS solution may be either composed of several different software and the anti-virus be only of them, or one may go toward all-in-one solutions where a single tool will bundle all these functions.
The fact is that nowadays end-user's anti-virus are a bit more than simple anti-virus, over time they have accumulated a very large panel of features turning them more into security suites which can be indeed perceived as end-user's HIPS solutions. So, my answer here is two folds: A basic anti-virus, whose only goal is to detect and block access to malicious files, is only a part of an HIPS solution, Current end-user's anti-virus go well over this, they are often renamed as security suites and are becoming end-user's HIPS solutions.