Short version:
Check out this article - The Register article on PrevX
Long version:
For those that don't know, here is a quick run-down on IDS & IPS:
The concept of an Intrusion Detection System (IDS) has been around for years - they can be network or host-based and typically use signatures to spot different types of attacks.
For example, network-based IDS can spot port scans, repeated login failures to web servers, buffer overflow attempts for web services, while host-based IDS can spot repeated local login failures, scripts attempting to elevate their privileges and so on.
They have a set of actions they can perform when an event is triggered, sending an SNMP alert or an email, or maybe using commands with compatible hardware firewalls to create a temporary rule to block the attack in real-time.
By contrast, the Intrusion Prevention System (IPS) concept is all about the detection and prevention of the attack before it can have an effect or reach a potentially vulnerable system.
IPS is starting to be included in high-end firewall vendor products - CheckPoint have "SmartDefense" integrated in its Firewall-1 line.
PrevX is the first free, consumer-aimed IPS product I have come across and I intend to give it a try on my work and home PCs to see if it:
- works
- has a significant impact on system performance
- conflicts with any software I run
Computer security is all about a combination of methods to protect yourself, there is no single "silver bullet", especially as malware has evolved over the years.
Personal firewalls, "hardware" firewalls, anti-virus, trojan & spyware detection tools and IPS can work together and have individual roles - and with the exception of the hardware firewall there are free versions of all these products (in some cases quite a few choices).
To say that any one of these tools is not needed is incorrect, in my opinion - too many times have I heard of people not running AV because they are "too careful to run things they don't know about", but neglect to think of what might happen if their OS or an application decided to run something on their behalf, or through some vulnerability.
I'll try to remember to report back here if I find anything significant (good or bad) with this product.
I hope this was of use to some of you.