HIPS...Some would argue that this type of tool isn't a firewall. I disagree. Firewalling is really a very simple concept. No matter how much techno mumbo jumbo you hear, a firewall is just a filter...plain and simple. There are two types of firewalling predominantly in use today; process filtering and content filtering.

Process filtering, in my opinion, is the easiest concept to get a handle on. It's basically finite. There are only so many processes. I also find it to be the most important filtering because "you can't get infected if the infection can't initiate". 

On the other hand, content filtering is infinite...an endless stream coming to you. There is a vast amount of web scripting out there and it is all exploitable. Every tool you allow to connect CAN be exploited. Even with total control of processes, a tool allowed permissions may still be manipulated/exploited to some degree. 

Depending on your comfort level, content filtering can also require a bit more vigilence and understanding. With that said, I would mention that you can use content filtering  techniques and products that range from the most simple(install & forget) to the very powerfull proxies that literally let you rewrite and see the web any way you want it to be. There is something for every expertise. No one should go unguarded through the pittfalls known as the web. 

However, this piece is written about process filtering. Most users today depend solely on their end point packet filter 'common firewall' (including NAT) to cover all of both types. But they don't. They only protect a portion of what is needed. Depending on which brand of product/s used, you will see varied amounts of protection in both process & content filtering.

Just as a matter of opinion, I really don't want some bloated crapware trying to do everything. I prefer to use several tools to provide a multi-layered blanket over the sys. So I don't want my tools trying to do all of both content & process filtering.

Below, you will find some simple test files and related screenshots of various process firewalls in action while they are either blocking or allowing initiation of a test process. Some of the testing files may be identified by your anti-virus tool as malware. In reality, they are just harmless simulations.

I may include some true malware samples later to further demonstrate the control that process firewalling gives the user. Again, if it isn't allowed to initiate, it can't infect. 

The screenshots below were made from use in a w2k system used daily for general purposes...mostly graphic FX. Some of the tests would have failed even without a process firewall because of configurations and content filters already deployed and in place on this system, such as Proxomitron and AdShield.

However, the point is that all of the test files fail to initiate or are allowed to run as the user chooses. In other words, the user has complete control. You are welcome to use the test tools here to see for yourself.