The efficiency of Prevx vs Antivir

View previous topic View next topic Go down

The efficiency of Prevx vs Antivir

Post by Rico on 23/10/2010, 07:58

For a while now I have looked over the internet for some solid evidence as to the detection rates of either, without avail. I have a vague concpetion of how prevx uses advanced heruistics and behaviour analysis to detect malware, but how does this compare to antivir's free solution?

PS wilders draconian rules have meant that any possible and meaningful inquiry in such a matter is not tolerated -- its beyond me how you cant discuss the effectiveness of security solutions on a security forum even if statements are supported by empirical evidence... confused Sleep

Rico
Advanced Member
Advanced Member

Posts : 118
Join date : 2010-06-18

View user profile

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by ssj100 on 23/10/2010, 08:19

Hi Rico, and good to see you posting more here.

The question you raise is a difficult one. You could argue it either way. To cut a long story short, I would personally stick with Avira Free for the following reasons:

1. It's free! Remember that Prevx's free version detects malware, but lets it infect your system. They don't even have a trial version that lets you test its cleaning abilities.

2. Prevx has had a run of "bad press" lately regarding its self-protection:
http://www.kernelmode.info/forum/viewtopic.php?f=15&t=249
http://www.kernelmode.info/forum/viewtopic.php?f=2&t=289
Might take a long time to read through all that, but essentially Prevx's self-protection is mediocre at best and is easily bypassed time and time again (despite patching with each new version). However, all of those exploits require Administrator rights, and therefore only really applies to those who disable UAC or who run Windows XP as Admin (which is probably a significant proportion of people).

3. Prevx doesn't have the ability to scan within archives, and probably never will. It also takes "forever" to scan the entire system properly. Do remember that its default scan skips a lot of files/folders.

4. Prevx provides anti-logging abilities, but these have been bypassed time and time again, despite the apparent "good press" and clever marketing strategies propagated by the (in my opinion) "blind" followers of Prevx. For example, aigle has discovered that Prevx's anti-keylogging abilities are bypassed by "Advanced Keylogger", and I have confirmed this bypass myself. Note that this program is nearly 1 year old. This means that Prevx SafeOnline has been bypassed for a long time. And according to aigle, KeyScrambler blocks this logger. Regardless, as I've written time and time again, there is a much safer method to do online banking (hint: Sandboxie).

5. In terms of detection rates, there is no clear evidence that one is stronger than the other against in-the-wild malware.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by noorismail on 23/10/2010, 12:05

Just a couple of other problems I have with Prevx.
1. At least on my system,it slows my shutdown time. Somewhere in the additional 15-20 second range.
That is not a big thing,but I dont like it.
2.The "SafeOnline" competent, does not work with Sandboxie.

When I used real time anti-virus,my choice was Avira free.
Other than the periodic update problems,(maybe fixed by now?),
I never really had any problem with Avira.

regards,
noor


_________________
ShadowDefender 1.1.0.323 Sandboxie 3.49, NAT router.
Open DNS with "Malware/Botnet Protection",
MalwareDefender,Malwarebytes on demand.
avatar
noorismail
Moderator
Moderator

Posts : 193
Join date : 2010-06-23

View user profile

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by simmikie on 23/10/2010, 13:36

hello,

newly registered member, first time poster here.

i am a user of Prevx (and not blind by any measure) have been for several years. i used to test this product (before ver 2) against all kinds of live nasties and prevx was amazing. knocked the snot out of most everything i put up against it, even drive-by stuff. but nothing is 100%. i have seen infections get by prevx, but one of it's interesting features is it's "intelligence gathering" capability. as an infection progresses, prevx continues to gather intel on it, and make a determination on the fly, block and clean the code.

so with a layered approach (which i use) for example alongside defensewall, the malware is restricted in what it can do, and if prevx does not nail it right away, it's very sophisticated heuristics will evebtually get a handle on it and stop it, clean it....no damage to my system.

is prevx perfect? no. is it 100%? no. would i use it as a stand alone app? no. the very thought of browsing (even with prevx) without defensewall makes me cringe.

i use prevx, because it has a small footprint on my pc. is fast (someone moaning that it takes forever to perform a full scan, well i'll go on record to say mbam took over 5 hours to do a full scan on my box) has a very sophisticated cloud infrastructure, and has been for me for many years (3-4) a very effective security tool. not because i am blind.

also even though prevx has been punched in the grille pretty good by exp_off, while that guy has the emotional constitution of a toddler, he is in rarified air as a coder, so it's no surprise to me he can target and write code to take down prevx or about anything else he determines he wants to muck with. prevx has some pretty talented folk on their payroll, and i believe they can keep it close. i have noticed btw, no other venders are opening their yaps. the last thing most of them want to do is get exp_offs attention. i suspect there would be bloodied noses and bruised egos handed out to more than a few.

simmikie
Member
Member

Posts : 17
Join date : 2010-10-23

View user profile

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by ssj100 on 23/10/2010, 13:58

Hi simmikie and welcome to the forums!

As always, what doesn't work for someone may work well for others. I suppose that the Prevx free version would be sufficient if you are using DefenseWall (which means you're still on 32-bit, which is nice to see haha. Who said 32-bit was dying?), since it wouldn't matter if Prevx let the infection through - it would just be important for you to know that there is "frozen malware" on your system so you could clean it up.

The original poster was wanting a comparison between Prevx and Avira, and that's why I mentioned the time it takes to do a full scan. The fact is that Avira scans much deeper than Prevx, and yet does it much faster. For most of 2009, I used Avira real-time, and I found it to be very light on my system. I was spoilt by the "lightness" of NOD32 version 2 in the "old days", and Avira basically continued to spoil me haha.

But yes, in my opinion, Prevx wouldn't be a bad option depending on your security setup/approach. For me, I no longer use a real-time "anti-virus". In fact, I don't even have an on-demand scanner installed. When I want to store newly introduced files/folders away, I run "EmsisoftEmergencyKit" sandboxed and scan those files/folders. I think in terms of overall detection rates, Emsisoft's scanner is among the top 3.

EDIT: and yes, you are certainly not one of those "blind" followers.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by simmikie on 23/10/2010, 15:14

ssj100 wrote:Hi simmikie and welcome to the forums!

As always, what doesn't work for someone may work well for others. I suppose that the Prevx free version would be sufficient if you are using DefenseWall (which means you're still on 32-bit, which is nice to see haha. Who said 32-bit was dying?), since it wouldn't matter if Prevx let the infection through - it would just be important for you to know that there is "frozen malware" on your system so you could clean it up.

The original poster was wanting a comparison between Prevx and Avira, and that's why I mentioned the time it takes to do a full scan. The fact is that Avira scans much deeper than Prevx, and yet does it much faster. For most of 2009, I used Avira real-time, and I found it to be very light on my system. I was spoilt by the "lightness" of NOD32 version 2 in the "old days", and Avira basically continued to spoil me haha.

But yes, in my opinion, Prevx wouldn't be a bad option depending on your security setup/approach. For me, I no longer use a real-time "anti-virus". In fact, I don't even have an on-demand scanner installed. When I want to store newly introduced files/folders away, I run "EmsisoftEmergencyKit" sandboxed and scan those files/folders. I think in terms of overall detection rates, Emsisoft's scanner is among the top 3.

EDIT: and yes, you are certainly not one of those "blind" followers.

yeah, but i am ready to jump the 32 bit ship. with the size of the newer generation of software, and the cpu required to run them, one has to be a little goofy not to want to take advantage of the increased bandwith, and the ability to use more than 3-4 gigs of ram. my next computer will be custom built through digital storm, but i am holding off (for a bit longer) untill Ilya or Tzuk come up with a 64 bit compatible Sandboxie or (preferably) Defensewall.

what is the criteria you are using to make the statement Avira scans more deeply than does Prevx? i have in fact used Avira (7 or 8 series) alongside and in place of Prevx 2. i had a loto f confidence in it, but it annoyed the stink out of me because it kept "pinging" the harddrive. drove me bloody nuts. but i stuck with it for nearly a year or perhaps a bit longer. good app, but no advantages over Prevx that i was able to find. when i ran live malware on my system, they both seemed to have similar etection rates, but remember, because Prevx is cloud-based, updates are automatic, and getting new defs for for zero day infections was typically much faster with Prevx over Avira. the downside of Prevx, was/is if i a managed to infect my system and not have an internet connection, my system would be hosed. that, however never happened....to me.

i use the free because i absolutely refuse to purchase a license until they (Prevx) release version 4. good grief, they have only been working on P4 for going on 2 damn years!!! and in my opinion, they have bitten off more than they can chew with Safeonline. way more problems than it's worth and has certainly held up (in my opinion) development of P4. i don't have SO installed/enabled now, nor will i in the foreseeable future. piece of crap i say.

yeah i see in your sig there is no AV or a scanner. but to address your "frozen malware" therom. i have used the rollback feature in DW, and it works. if i download something shady, or the more likely scenario, something downloads it self, it executes, i notice something i should not, i look into what untrusted processes are running. i terminate what shouldn't. i go to files and registry tracks. i seewhat was recently installed, i highlight the whatever and rollback to before when they where born. what "frozen malware"? the junk strewn about by browsers (chrome for me now, opera for years before that) is cleaned out by the browser itself, and ccleaner scoured what ever was left. really ssj, it takes you maybe 5 minutes less to clear debri. but at the end of the day, we have similar results. in fact i feel i have an advantage. my files are resting quietly in their permanent homes while still being isolated from from harming the system. i do not have to make a determination of what stays sandboxed and what gets released. i don't have 30 sandboxes containing various file types or programs. i can change my music, image, video etc files at my leisure or not at all for infinitum. oh and i have used sandboxie. i like sandboxie. i have a forever license to sandboxie.. in fact at one time i ran DW and Sandboxie together. boy was that a mistake. even though a lot of people use them together succesfuly, they fought like dogs and cats on my system. whenever i rebooted (everytime) for some reason chkdisk would run and other snafus which i no longer remember. i uninstalled sandboxie, and all was well. i probably could have just uninstalled Dw and gotten the same return to sanity, but i have a slight preference for DW.

ultimately, it's as you say ssj. it is what works for the individual you.


Mike

simmikie
Member
Member

Posts : 17
Join date : 2010-10-23

View user profile

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by ssj100 on 23/10/2010, 16:11

simmikie wrote:yeah, but i am ready to jump the 32 bit ship. with the size of the newer generation of software, and the cpu required to run them, one has to be a little goofy not to want to take advantage of the increased bandwith, and the ability to use more than 3-4 gigs of ram.
What do you mean by increased bandwidth? And why would you need more than 3-4 gigs of RAM? I'm sure there are good reasons, but for me personally, I can't think of any for now.

simmikie wrote:my next computer will be custom built through digital storm, but i am holding off (for a bit longer) untill Ilya or Tzuk come up with a 64 bit compatible Sandboxie or (preferably) Defensewall.
There is already a compatible 64-bit Sandboxie - it's been out for several months.

simmikie wrote:what is the criteria you are using to make the statement Avira scans more deeply than does Prevx?
The fact that Avira scans archives and also scans more areas of the system than Prevx by default. Also, Avira detects more malware that is not in the form of a PE executable. For example, an on-demand scan of Avira would pick up an Excel file containing an exploit (without having to execute it) while Prevx would not. As I understand it, the same would apply for PDF files.

simmikie wrote:yeah i see in your sig there is no AV or a scanner. but to address your "frozen malware" therom. i have used the rollback feature in DW, and it works. if i download something shady, or the more likely scenario, something downloads it self, it executes, i notice something i should not, i look into what untrusted processes are running. i terminate what shouldn't. i go to files and registry tracks. i seewhat was recently installed, i highlight the whatever and rollback to before when they where born.
Yes, I do know about the rollback feature of DefenseWall. However, what if you don't notice it? What if it is a well disguised exploit and you don't happen to notice anything strange? This is one (of the many reasons) why I like Sandboxie over DefenseWall. Not only does Sandboxie contain all the "frozen exploits/malware", but you can also literally delete everything in the sandbox safely with a couple of clicks. Then, you can sleep soundly haha. With DefenseWall, you'd never know for sure if you've been infected by something or not. If you don't pick up the infection on the same day, it could be fairly difficult to sift through the long list of entries in the rollback log. But I guess at the end of the day, the actual system stays clean with the use of either program.

simmikie wrote:...in fact i feel i have an advantage. my files are resting quietly in their permanent homes while still being isolated from from harming the system. i do not have to make a determination of what stays sandboxed and what gets released. i don't have 30 sandboxes containing various file types or programs. i can change my music, image, video etc files at my leisure or not at all for infinitum.
This is where I have to disagree. How do you know for sure that every single file will open untrusted? How are you opening your files (which are apparently labelled "Untrusted" by DefenseWall)? If you are simply double clicking them, then you do NOT guarantee that they open untrusted. To guarantee that they open untrusted, you have to manually right click and go through the DefenseWall context menu to specifically run it "Untrusted". This can become extremely inconvenient if you are wanting to browse through eg. 100 picture files. With Sandboxie, I use this method (note I describe the issue about files not opening sandboxed despite it being inside a "forced sandboxed folder". The same issue occurs with DefenseWall and GeSWall for respective "Untrusted" and "Isolated" files):
http://ssj100.fullsubject.com/sandboxie-f1/newbie-sandbox-setup-help-t88.htm#488

And therefore because of the above, there is no real advantage of DefenseWall over Sandboxie (from the "purist" viewpoint) even in this context. You would still have the inconvenience of manually opening the "Untrusted" file via a more long-winded method. With the "sandboxed explorer.exe" method, this actually becomes highly convenient. I really should do a video to demonstrate this one day. And with regards to having 30 sandboxes containing various file types or programs...I don't quite understand what you're talking about there mate.

simmikie wrote:...in fact at one time i ran DW and Sandboxie together.
Been there, done that too mate. And just to be different, I got rid of DefenseWall haha.

EDIT: by the way, I think we should continue any further discussion on Sandboxie/DefenseWall in the appropriate areas of the forum. Feel free to create a new topic or read through this and post here:
http://ssj100.fullsubject.com/defensewall-f9/the-confusion-of-the-rollback-list-t63.htm#300.
Cheers.


Last edited by ssj100 on 23/10/2010, 16:39; edited 3 times in total

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by Guest on 23/10/2010, 16:16

I had exactly the same experience but I kept Sandboxie Smile

simmikie wrote:i have a forever license to sandboxie.. in fact at one time i ran DW and Sandboxie together. boy was that a mistake. even though a lot of people use them together succesfuly, they fought like dogs and cats on my system. whenever i rebooted (everytime) for some reason chkdisk would run and other snafus which i no longer remember. i uninstalled sandboxie, and all was well. i probably could have just uninstalled Dw and gotten the same return to sanity, but i have a slight preference for DW.

Mike

Guest
Guest


Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by simmikie on 24/10/2010, 01:23

ssj100 wrote:
simmikie wrote:yeah, but i am ready to jump the 32 bit ship. with the size of the newer generation of software, and the cpu required to run them, one has to be a little goofy not to want to take advantage of the increased bandwith, and the ability to use more than 3-4 gigs of ram.
What do you mean by increased bandwidth? And why would you need more than 3-4 gigs of RAM? I'm sure there are good reasons, but for me personally, I can't think of any for now.

simmikie wrote:my next computer will be custom built through digital storm, but i am holding off (for a bit longer) untill Ilya or Tzuk come up with a 64 bit compatible Sandboxie or (preferably) Defensewall.
There is already a compatible 64-bit Sandboxie - it's been out for several months.

simmikie wrote:what is the criteria you are using to make the statement Avira scans more deeply than does Prevx?
The fact that Avira scans archives and also scans more areas of the system than Prevx by default. Also, Avira detects more malware that is not in the form of a PE executable. For example, an on-demand scan of Avira would pick up an Excel file containing an exploit (without having to execute it) while Prevx would not. As I understand it, the same would apply for PDF files.

simmikie wrote:yeah i see in your sig there is no AV or a scanner. but to address your "frozen malware" therom. i have used the rollback feature in DW, and it works. if i download something shady, or the more likely scenario, something downloads it self, it executes, i notice something i should not, i look into what untrusted processes are running. i terminate what shouldn't. i go to files and registry tracks. i seewhat was recently installed, i highlight the whatever and rollback to before when they where born.
Yes, I do know about the rollback feature of DefenseWall. However, what if you don't notice it? What if it is a well disguised exploit and you don't happen to notice anything strange? This is one (of the many reasons) why I like Sandboxie over DefenseWall. Not only does Sandboxie contain all the "frozen exploits/malware", but you can also literally delete everything in the sandbox safely with a couple of clicks. Then, you can sleep soundly haha. With DefenseWall, you'd never know for sure if you've been infected by something or not. If you don't pick up the infection on the same day, it could be fairly difficult to sift through the long list of entries in the rollback log. But I guess at the end of the day, the actual system stays clean with the use of either program.

simmikie wrote:...in fact i feel i have an advantage. my files are resting quietly in their permanent homes while still being isolated from from harming the system. i do not have to make a determination of what stays sandboxed and what gets released. i don't have 30 sandboxes containing various file types or programs. i can change my music, image, video etc files at my leisure or not at all for infinitum.
This is where I have to disagree. How do you know for sure that every single file will open untrusted? How are you opening your files (which are apparently labelled "Untrusted" by DefenseWall)? If you are simply double clicking them, then you do NOT guarantee that they open untrusted. To guarantee that they open untrusted, you have to manually right click and go through the DefenseWall context menu to specifically run it "Untrusted". This can become extremely inconvenient if you are wanting to browse through eg. 100 picture files. With Sandboxie, I use this method (note I describe the issue about files not opening sandboxed despite it being inside a "forced sandboxed folder". The same issue occurs with DefenseWall and GeSWall for respective "Untrusted" and "Isolated" files):
http://ssj100.fullsubject.com/sandboxie-f1/newbie-sandbox-setup-help-t88.htm#488

And therefore because of the above, there is no real advantage of DefenseWall over Sandboxie (from the "purist" viewpoint) even in this context. You would still have the inconvenience of manually opening the "Untrusted" file via a more long-winded method. With the "sandboxed explorer.exe" method, this actually becomes highly convenient. I really should do a video to demonstrate this one day. And with regards to having 30 sandboxes containing various file types or programs...I don't quite understand what you're talking about there mate.

simmikie wrote:...in fact at one time i ran DW and Sandboxie together.
Been there, done that too mate. And just to be different, I got rid of DefenseWall haha.

EDIT: by the way, I think we should continue any further discussion on Sandboxie/DefenseWall in the appropriate areas of the forum. Feel free to create a new topic or read through this and post here:
http://ssj100.fullsubject.com/defensewall-f9/the-confusion-of-the-rollback-list-t63.htm#300.
Cheers.

holy smoke boy!! what are you? a bleedin' attorney???? alien

and yes, we are slightly off topic. cyclops

simmikie
Member
Member

Posts : 17
Join date : 2010-10-23

View user profile

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by ssj100 on 24/10/2010, 01:44

Haha, no mate. It's just that I've been through many different security software in my time, and Sandboxie/DefenseWall have probably been the most interesting ones. I've spent hours testing each of them thoroughly and I must have written those thoughts I posted above at least ten times across various forums in the past haha. It's the same story to this day, and is simply because of the "nature" of each product. I really liked the idea of DefenseWall, and I must have installed/uninstalled it at least five times on my REAL system (meaning I converted to it when I installed it) in the year 2009. However, despite my efforts to keep DefenseWall, I just didn't like it for the reasons described above. So yes, I've given DefenseWall a good chance, and I still keep an open mind - I usually end up testing each newly released version in (the safety of) my VM! But at the end of the day, when I figured out how to conveniently run "explorer.exe" sandboxed (and thus guaranteeing that every newly introduced file opens sandboxed), I realised that I would probably never stop using Sandboxie haha.

To the original poster of this thread, what other security software are you using? Detection rates between "antivirus" products is always a hot and often controversial topic. Avira and Prevx both use fairly powerful heuristics, but I think Prevx has a more refined "behaviour-blocker" component. Regardless, in my opinion (and from my own personal testing), the "antivirus" products with the best overall detection rates are as follows (in no particular order):

Avira (false positive rate probably slightly higher than "average")
Prevx (false positive rate probably much higher than "average")
MBAM (low false positive rate)
GDATA (I'm unsure about false positive rate)
Emsisoft (false positive rate probably falls between Avira and Prevx)

So yes, I personally feel that both Avira and Prevx provide decent detection rates. Other pros and cons have been discussed above.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by simmikie on 24/10/2010, 02:56

actually i forgot to answer the "how could you possibly want/need more than 3-4 gigs of ram. my first pc based computer had 2 mb of ram. the sales clerk (true story) informed me that they would have the same model (a Compaq Presario) with 4 mb of ram come in the following day, and did i want to wait. i couldn't imagine why i would ever need 4 mb of ram!

along the same lines, i recall a manager at a company i worked for at the time (early 90's) was talking about a computer he was building. 16 mb of ram with a 16 gig hardrive. i thought this man was godlike! a 16 gig harddrive, and 16 count 'em 16 MEGABYTES of ram! man that was heady stuff back then. why indeed! Cool


Mike

simmikie
Member
Member

Posts : 17
Join date : 2010-10-23

View user profile

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by ssj100 on 24/10/2010, 04:28

Good points, but I think we're in an "exceptional" period of computer technology. For example, an OS that is nearly 10 years old is still taking up more than 60% of the market share!

If I was planning on playing the latest PC games while doing video editing and running 10 instances of Linux Ubuntu in VirtualBox at the same time, then having 8Gb of RAM would come in handy for sure haha. But for the near future at least (the next 5 years or so), I can't see how I'd personally need/want more than 2Gb of RAM (what I currently have). I've been running on 2Gb RAM for nearly 4 years by the way, and I must admit that I've probably wasted my money - I could have made do with just 1Gb RAM.

But yes, I do realise that eventually, 64-bit will take over etc. I'm going to hold off for as long as possible though, as I don't want to waste too much more money haha.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by simmikie on 24/10/2010, 05:19

i'll send you the spec sheet of my next 'puter (PM) you're gonna need to change your drawers. hehehe Razz

simmikie
Member
Member

Posts : 17
Join date : 2010-10-23

View user profile

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by Scoobs72 on 8/11/2010, 13:41

ssj100 wrote:
4. Prevx provides anti-logging abilities, but these have been bypassed time and time again, despite the apparent "good press" and clever marketing strategies propagated by the (in my opinion) "blind" followers of Prevx. For example, aigle has discovered that Prevx's anti-keylogging abilities are bypassed by "Advanced Keylogger", and I have confirmed this bypass myself. Note that this program is nearly 1 year old. This means that Prevx SafeOnline has been bypassed for a long time. And according to aigle, KeyScrambler blocks this logger. Regardless, as I've written time and time again, there is a much safer method to do online banking (hint: Sandboxie).

Hey SSJ, I finally showed up. I just want to add to your comments because I've done quite a lot of testing of this myself, including diagnosis of the apparent failure of Prevx Safeonline against Advanced Keylogger with Joe from Prevx. The situation is that Prevx SOL is correctly protecting against keyloggers and has been for a long time. But there's three things that have confused the results and made people think SOL is not doing its job:

1. SOL's results in Virtualbox have been inconsistent so that when people have tested keyloggers they've said "hey it doesn't work!". This should now be fixed in the latest release although I haven't yet tested it. Joe spent a long time debugging this on my system but the final outcome was that SOL was working correctly on real systems...which is where it matters. Lots of software, especially security software, doesn't work correctly in VMs so this is not a big issue as far as I'm concerned.

2. When testing POCs such as Spyshelter's, Prevx was detecting these as malware and blocking them. But to run the test you had to click 'Trust once'. This has the effect of allowing some functions of the POC to be allowed through SOL, again giving the impression that SOL is bypassed, when in fact it isn't. I don't believe this has been satisfactorily dealt with yet.

3. The protection on 32bit versus 64bit systems is different. Patchguard blocks some of SOLs protective capabilities on 64bit, so when some users have tested they've said "hey, this bit of the functionality isn't working".

So, the upshot is that Prevx SOL has been protecting users correctly (as far as I can tell), it's just that when we attempt to test it out we've done it in ways that either have compatibility problems (e.g. VMs) or we've had to trust the malware to allow it to run, which allows it through some of the SOL protective layers. It's not a great state of affairs, but eases some worries for users at least for now.

Scoobs72
Member
Member

Posts : 28
Join date : 2010-11-05

View user profile

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by ssj100 on 8/11/2010, 13:56

Yes, I do know about those issues. Unfortunately, it doesn't ease the worries for those that use Virtual Machines to do banking, and/or those who use software like Shadow Defender etc.

Regardless, I'm a little surprised that you have been taken into using Prevx SafeOnline for (?genuine) fear of getting infected by keyloggers/screenshot-loggers etc.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by Scoobs72 on 8/11/2010, 23:46

ssj100 wrote:Yes, I do know about those issues. Unfortunately, it doesn't ease the worries for those that use Virtual Machines to do banking, and/or those who use software like Shadow Defender etc.

Regardless, I'm a little surprised that you have been taken into using Prevx SafeOnline for (?genuine) fear of getting infected by keyloggers/screenshot-loggers etc.

That actually raises a good point that I neglected to mention. SOL is trying to be very clever (some would say too clever) in what it does, with zero interaction needed by the user. Consequently I believe it (and similar applications, e.g. Trusteer) is far more prone to conflict when it is on more complex security setups. It's great for people who run a just an AV. For those with more complex setups..well..hmmm...I think the jury is still out. There could be a real risk of a false sense of security

In terms of whether I have a genuine fear of getting infected, I believe my risk is something in the order of 0.0001%, almost all of which is user error Smile But the impact if it does happen could be so severe for me it's a (tiny) risk I'm not prepared to take. Saying that, I don't actually need it now and alternatives which provide interactive protection against keyloggers are far more suitable for me...so a swap could be coming for me in the near future Smile

Scoobs72
Member
Member

Posts : 28
Join date : 2010-11-05

View user profile

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by ssj100 on 9/11/2010, 09:18

Scoobs72 wrote:In terms of whether I have a genuine fear of getting infected, I believe my risk is something in the order of 0.0001%, almost all of which is user error Smile But the impact if it does happen could be so severe for me it's a (tiny) risk I'm not prepared to take. Saying that, I don't actually need it now and alternatives which provide interactive protection against keyloggers are far more suitable for me...so a swap could be coming for me in the near future Smile
Do keep us up to date about your future change in setup.

Regardless, if you get time, can you explain how exactly a piece of logging malware could bypass your security setup/approach? Don't you already use Online Armor which has anti-logging protection?

For me, the only method I can think of is if a keylogger program was allowed to be installed on the system (with administrator rights) - as you say, this is user error. Regardless, wouldn't the safest method to do online banking etc be via a Linux CD? I'm pretty sure that would be much safer than relying on third party software which could cause conflicts and not protect you at all. And even though booting from a Linux live CD every time you want to do online banking may be relatively inconvenient, if you aren't satisfied with "0.0001%" risk, then surely this is just a very minor inconvenience.

EDIT: an interesting read here:
http://www.anotherwindowsblog.com/2010/06/banking-online-done-right-on-live-cd.html

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by Scoobs72 on 9/11/2010, 12:47

ssj100 wrote:

Regardless, if you get time, can you explain how exactly a piece of logging malware could bypass your security setup/approach? Don't you already use Online Armor which has anti-logging protection?

For me, the only method I can think of is if a keylogger program was allowed to be installed on the system (with administrator rights) - as you say, this is user error.

Like I say, user error is the most likely reason. Either that or I've downloaded a piece of software that should have been safe and from a trusted source, but has been compromised. It's happened a few times before where Firefox extensions or downloads off CNET have been compromised and served up malware. As you probably know some keyloggers don't need admin rights to do their deeds. The new generation install themselves and run quite happily on a limited user account, albeit assuming they can execute initially.

Most of us that visit security forums such as this one have pretty resilient security setups and in the normal course of events we shouldn't get infected. So when we try to ask ourselves "How would we get infected?" it's difficult to come up with an answer. And we can't answer it properly because it's the thing we hadn't planned for or thought about that gets us infected. So I like to adopt the 'failsafe principle'....which goes "I should not get infected but what happens if I do...have I got a backup layer of defense that will stop it?".

In terms of Online Armor it has a significant weakness in its keylogger protection (for me that is), in that almost all software gets installed with Trusted status (or has to be Trusted to work properly). This allows the software to perform any action, including keylogging, silently. So again, if a keylogger has found its way onto my system, it would be able to log silently, and in OA's case with the default settings, it would also be able to connect out to the internet. So I have two options to satisfy my keylogger anxiety - either use a program that alerts to every Keylogger activity (e.g. Spyshelter) or use a program that blocks any keyloggers activity silently (e.g. Prevx SOL). It's flip a coin between the two.

ssj100 wrote: Regardless, wouldn't the safest method to do online banking etc be via a Linux CD?
Yes, but such a pain for me...I'll throw my PC in the bin before going to those lengths every time I want to log onto a https site Smile

Scoobs72
Member
Member

Posts : 28
Join date : 2010-11-05

View user profile

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by ssj100 on 9/11/2010, 12:55

Scoobs72 wrote:Yes, but such a pain for me...I'll throw my PC in the bin before going to those lengths every time I want to log onto a https site Smile
Haha, the good old security verses usability/convenience issue. I suppose if you were that paranoid but didn't want to "go to those lengths", there are two realistic options:
1. Don't do anything on your computer that is sensitive.
2. Have a separate computer which always runs Linux and use that system to do sensitive browsing.

Option 1. is probably not that realistic haha. All of us are relying on the internet more and more with each passing day. Option 2 is a very valid one, particularly for those of us who have more than two computers "at home". In fact, this is a great option for the "family home" - you can instruct every family member to always use the Linux system whenever they want to do online transactions etc. This way, even high risk users (who have their systems infected heavily) can still safely do eg. online banking with 100% peace of mind.

The reason I'm labouring this a bit is because I don't feel adding more security software will necessarily add more security. I think the more third party security software you use, the less secure you are. Conflicts come in all shapes and sizes - unhidden and hidden. Have you actually tested Prevx SafeOnline against real-world and/or in-the-wild malware loggers? How do we know if it is truly effective?

In the end, you need to ask yourself if adding more third party security software will give a favourable risk-beneft ratio. When asking yourself this question, you are asking yourself. You aren't asking some "average" "high-risk" user that gets infected willy nilly. Regardless, from your personal experience, what are the actual chances that you will mistakenly install a piece of genuine real-world in-the-wild malware that aims to specifically log your keystrokes? Keeping this chance in mind, balance it with the risk of hidden conflict and also the risk that eg. Prevx SafeOnline won't do anything against such logging malware and in fact cause your security setup to be bypassed (eg. malware keyloggers that installed on to your system at kernel level via a fancy buffer overflow exploit and you didn't use Sandboxie to surf the compromised site because Prevx SafeOnline is not compatible with it).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by ssj100 on 9/11/2010, 14:59

By the way Scoobs72, might be best to continue our exchange here:
http://ssj100.fullsubject.com/other-f6/prevx-safeonline-against-advanced-keylogger-t283.htm#2348

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: The efficiency of Prevx vs Antivir

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum