Does anyone know how Authensys (from the makers of pc Internet Patrol) got the balls to claim the following... "Protects your security programs (Anti Virus, Firewall, Anti-Spyware etc) from termination or modification by malicious code better than Process Guard" :o

It's available at http://www.authensys.com/.

Regards,
Spiff5000

i think its bs, i dont like it.

This software is for the norton lovers out there that have no brain and want a point and click "Oh click this to protect your pc"

It's a little unclear whether they are touting their white list approach in which user intervention is not heavily required, or if they are claiming that their internal process protection code is more robust. In former sense, it could be more robust for novice users than an approach which requires dedicated user decision and input. As for the latter, I have no idea.

As for it's appropriateness as an application, please bear in mind that users of Norton et al. are the economic drivers in the PC security market. You might not like that fact, but when you get down to it, everything else, except for a couple of like-positioned vendors (McAfee, etc.), is currently a niche cottage industry. Vendors/resellers with a perspective like your own often go down the tubes because they launch a product that the overall market does not want or value and will not support.

Blue

-{ Quote: "This software is for the norton lovers out there that have no brain and want a point and click "Oh click this to protect your pc"" }-
Unfortunately, this kind of consumer dominates the market. People seem to want easy-to-use security. If they can't get it, many will go without.

Well what about making good security with extencive help files and tooltips with information to teach them what they need to know. A monkey can be trained to push the red button every time someone knocks on the door but he does not know whos knocking and what do they want . . . Users need to know more about their pc's and they will also feel better about them self and feel more confident on computers. am i right or wrong ?

-{ Quote: "am i right or wrong ?" }-You're wrong for the vast majority of users. The PC is an appliance to do things in a person's life. Many are really not interested in how it works, only that it does work. While the analogy is somewhat overused, it is appropriate - how much do you thing ordinary drivers know or wish to know about the inner workings of an internal combustion engine? Precious little if you ask me. There are afficioandos who go the distance and learn the details, and many of them will assist us when in diffculty. However, the vast majority of drivers would be at a complete loss if they had to fix an automotive problem on their own.

As a means to an end, how does a PC differ?

Blue

Not really new . pcInternet Patrol is just an earlier version in a basic sense .
HOW can they say it protects better than PG ? Because it does . pcInternet Patrol did a great job at keeping all types of malware out . And , it passed all the leaktests with ease . ALL of them . Simple ? Yes . Why should that matter ? I am very advanced in this field yet , i use pcIntermet Patrol and it has protected me from things that NOD and two firewalls missed . Great againt viruses and trojans . Authensys is a bit more advanced and , obviously , newer than pcInternet Patrol . If it is too simplified , do not use it . If , for WHATEVER reason you dislike it , do not use it . It is simple . lol . Good program for those who CHOOSE to use it . For beginners and advanced users alike .

-{ Quote: "HOW can they say it protects better than PG ? Because it does. I am very advanced in this field" }-Does 2 claims that it does make it so :-\

It would be very beneficial if Authensys or your self even would take the time to explain to us how that is achieved :-\

Hi,

I couldn't establish for what OS this is for, or whether it is Free or not. Anybody know the answers ?

Thanks


StevieO

-{ Quote: "Hi,

I couldn't establish for what OS this is for, or whether it is Free or not. Anybody know the answers ?

Thanks


StevieO" }-

It's not free but a 30 day trial. About the OS I can't give an answer.

Gerard

A properly configured Process Guard with an educated user is damn near perfect defense against viruses, worms, trojans, etc. The claim that Authensys is better than Process Guard can't go unchallenged. I can only imagine that they think it's so easy to use that it trumps PG based on usability.

As for users with "no brain", I guess that statement would have to include me too. I'm often stumped when prompted that SVCHOST.EXE is trying to execute. Even if I know the reason, who the hell has the time for that kinda crap?!

Hi Bubba .
Too much detail to go into here . Simply put , you cannot be better than perfect . PG CAN be perfect IF the user is perfect . How many users of PG are perfect in that sense though ? Authensys has already made the decisions based on years of research and continuing research on everyday anomolies . This , by itself , already makes it better than PG for MOST users . Because professional researchers make the decisions as opposed to the PG user . That is a simplified answer . I will ask the ISA guys to either step in here or give me something I can copy and paste to give you more detail .
Hope that helps . Please note that I use PG as well . I like PG and know it is a fine product . But , again , it is up to the user to make many decisions .

It seems like this company is always taking the cheap way out. I know in the beginning they blocked a small hand full of ports and called it a firewall, then there's the leaktest which they just marked "bad", now they're trying to pit themselves against DCS using ambiguous verbage. That's not the kind of company I would entrust to my system security.

They have always been supportive when I have had questions . They are very professional whether you like their attitude or not . The product can speak for itself . This is the only firewall I know of that will stop ALL 15 leaktests dead right out of the box . Back when Copycat and Thermite could not be stopped by anyone , this one stopped both ! I do not like how they tout the pcaudit test on their site . It is very fishy as it will ALWAYS tell you that you have open ports . Even if THEIR firewall is installed . But , they do not stealth ports . Never have . Everyone has their opinion of why to use or not to use certain software . These folks are good people . At least , in my dealings , they have been . And I love the firewall . A bit too simple for me but , it stops trojans , virii , all types of malware . I would not be without it . At least it works and does what it is supposed to . That is important .

-{ Quote: "They have always been supportive when I have had questions . They are very professional whether you like their attitude or not . The product can speak for itself . This is the only firewall I know of that will stop ALL 15 leaktests dead right out of the box . Back when Copycat and Thermite could not be stopped by anyone , this one stopped both ! I do not like how they tout the pcaudit test on their site . It is very fishy as it will ALWAYS tell you that you have open ports . Even if THEIR firewall is installed . But , they do not stealth ports . Never have . Everyone has their opinion of why to use or not to use certain software . These folks are good people . At least , in my dealings , they have been . And I love the firewall . A bit too simple for me but , it stops trojans , virii , all types of malware . I would not be without it . At least it works and does what it is supposed to . That is important ." }-

Hi hollywood!!

As we talked about PcIp last spring, I have been using it since and would not be with out it!!

Cheers Bud, ;D

I have not used this Authensys program, but I do not trust Internet Security Alliance. From being a previous user of pcInternetPatrol, I have determined that they use anti-virus programs for their 'verification' and have wrongly labeled Phant0m's Rule-Set as described here: http://www.wilderssecurity.com/showthread.php?t=110637

I have used the member support (while I was still a registered paying member) to notify them of this, and even posted at their forums at www.pcinternetpatrol.com with absolutely no feedback from them what-so-ever. You can see from the threat linked above that even anti-virus vendors have updated their declaration of Phant0m's Rule-Set. It looks like Authensys is more or less basically the 'authentication' portion of their pcInternetPatrol software, which means it more than likely uses the same methods of 'authentication' as its predecesors.

This brings up an interesting thought, that they probably use AV programs to declare a program bad, but not good. This means that it is probably a safe bet to use instead of an AV, but will still have false positives.

Intersting AJohn .
I have had a couple of false positives in the past but , a couple in more than 2 years time ? The AV they use must be good then . And , whatever they use , it has ALWAYS stopped all the leaktests AND caught trojans with ease . Just my opinion but , seems that whatever it is they do , it works . As for no feedback from them . I am now running into that . Kinda strange . Never had any problems with them in the past . I will keep it until it begins to fail . I have seen no indication of that as of yet . I must agree that if I got no response from support after trying a few times , I would walk away . Cannot blame you for being bothered by that .
Again though , AV or not , it works . Strangely , NOD catches virii first . Trojans and some other malware are detected by pcIP first . I guess you are saying THEY use an AV to tell THEM if something is good or not right ? Either way , some will like it and some will not . The bottom line is it works though . That is my concern .

It would be nice if you could bring some facts to the table, hollywood.. unfortunately it seems that the only facts are against the product right now. Do they at least have a full fledged firewall now, or does it still just block a few ports and call it good?

pcIP's outlook has always been to be used as an addition to a firewall. I believe this is partially the reason they are now offering their Authensys program as stand-alone.

Hi AJohn .
pcIP has not been pushed to be used in conjunction with other firewalls . There really is no need . The reason it is OFFERED to be used with other firewalls is because many people want to be stealthed . It makes them feel more secure . For that reason , it works with other firewalls . Another reason , although small , is to give the advanced user a better feel . pcIP is load it and go . Nothing to configure .

From their FAQ: -{ Quote: "A good firewall is the cornerstone of any security solution; however, choosing the right product for personal or business use can be a challenge. As firewall vendors increasingly produce specialized, less comprehensive products, accurately matching your firewall's capabilities to personal or company's needs becomes critical. A firewall that meets this criteria is: pcInternet Patrol™" }-(emphais is mine)

I also like how the summary on the front page states that pcIP is the *only* product that can protect you [against unknown malware]. I keep thinking of the post by the Avast! rep talking about how security vendors need trust, and how that trust can take years to build.. we're supposed to trust these guys?

Hmm, you are right. They market it to be a stant-alone security program. There are more other firewalls offer than stealth though. With pcIP you dont really know what attacks are covered untill they are brought to your front door.

Nice Patent Reading:
http://patft.uspto.gov/netacgi/nph-Parser?u=/netahtml/srchnum.htm&Sect1=PTO1&Sect2=HITOFF&p=1&r=1&l=50&f=G&d=PALL&s1=6944772.WKU.&OS=PN/6944772&RS=PN/6944772

Take it from someone who is also " very advanced in the field"

I don't see what the big deal is.

Prevx1R does this too with heuristics (rules) + community online database for whitelisting known files.

Safensec has it's only rules too so it doesnt alert on everything.

I predicted a long time ago (actually a few months ago lol), that this would be the trend, stuff like PG/Regdefend/appdefend are great , but they only work for a niche audience.

Even stuff like BZ and defensewall have stated policies of not creating popups, in recognition of the fact that most users just dont want or know how to handle it. Altough this is not a complete solution since stuff can fail without warning.

Okay, now Erikalbert can give him patented speech about his favourite class of users .... :)

AJohn and devily .
Agreed !!

-{ Quote: "I don't see what the big deal is." }-It's not a matter of the alerts, but rather the big claims that can't be (or at least aren't being) backed up. Saying that it protects against termination and hijack "better" than ProcessGuard, claiming to be a full firewall when all it does is block a couple ports, claiming that the files are analyzed by live experts in realtime when it seems that they just run it through a bunch of AV scanners, claiming that they're the only one that can protect you, claiming to be the only ones to block leaktests when all they do is blacklist it from running (at least in the past), and who knows what else. The product I don't necessarily have a problem with, but rather the company and their claims. Better to go with one of the other products you mention.. probably better protection anyway, and for half the money (or less).

What I've noticed since installing Authensys...

1. It does not use the pcIP database of whitelisted apps. Instead, it asks for permission to run on every Windows component and application (including itself!) which makes it no more useful than ZA or simiar firewall products.

2. When I run Prevx PreView, it partially opens before pcIP suspends it and asks for permission. What if that was a rootkit instead?

3. It doesn't pass PreView or BufferZone tests. Contrary to earlier claims, catching an unknown running process is *not* the same as catching a blacklisted app.

Bottom line... has anyone *really* tested this product? Or Prevx, which makes similar claims.

-{ Quote: "It's not a matter of the alerts, but rather the big claims that can't be (or at least aren't being) backed up. Saying that it protects against termination and hijack "better" than ProcessGuard, claiming to be a full firewall when all it does is block a couple ports, claiming that the files are analyzed by live experts in realtime when it seems that they just run it through a bunch of AV scanners, claiming that they're the only one that can protect you, claiming to be the only ones to block leaktests when all they do is blacklist it from running (at least in the past), and who knows what else. The product I don't necessarily have a problem with, but rather the company and their claims. Better to go with one of the other products you mention.. probably better protection anyway, and for half the money (or less)." }-

I agree with you here on the Claims however "they" all do it.

Some that might ring a bell -"It is considered by experts to be a must-have program for all users of Windows, and is the only program available that can prevent the
infection of all known rootkit trojans." ::)

Have you read the sentence in bold on the appdefend webpage? I'm shakin' in me boots...:isay:

-{ Quote: "What I've noticed since installing Authensys...

1. It does not use the pcIP database of whitelisted apps. Instead, it asks for permission to run on every Windows component and application (including itself!) which makes it no more useful than ZA or simiar firewall products.

2. When I run Prevx PreView, it partially opens before pcIP suspends it and asks for permission. What if that was a rootkit instead?

3. It doesn't pass PreView or BufferZone tests. Contrary to earlier claims, catching an unknown running process is *not* the same as catching a blacklisted app.

Bottom line... has anyone *really* tested this product? Or Prevx, which makes similar claims." }-

Goto www.authensys.com and read this:

"Programs and components authentication is done
for you in real-time BY EXPERTS with
no efforts on your part."

You probably have it set to "Ask Every Time" instead of "Trust ISA Experts".

All four zones, both executables and components (dll's?), are set to "Ask Every Time" *by default*. So what do you think happens once Authensys is installed? That's right!... every single dingle OS component generates a pop-up for permission to run.

But even after I adjust the settings so only the "potentially dangerous" zone is set to "Ask Every Time", all the apps I run generate a pop-up. Which is why I believe it's not checking the central database - if it were then Outlook, Word, Adobe Acrobat, etc. would not appear as potentially dangerous apps.

-{ Quote: "I agree with you here on the Claims however "they" all do it." }-I will agree that some do, but I wouldn't say all.. Online Armor, Prevx, Safe'n'Sec, DefenseWall, BufferZone, RegRun, ViGUARD, WinPatrol, ProcessGuard, Anti-Hook, SnoopFree, System Safety Monitor, and a bunch of others I'm sure, are all able to market their products without claiming that their product is something that it's not, or saying things like "...is the only system in the world that will protect you even if a hacker is using a completely unknown malicious program..." Some of them will state that they're "the best", but they're all going to think that.. it's not a blatant lie.

-{ Quote: "Have you read the sentence in bold on the appdefend webpage? I'm shakin' in me boots" }-lol, me too ;D

There are a number of other web based Apps that compare using white listing of authenticated programs etc, here's just a few examples.

Online Armor

As far as i'm aware OA is not only a behaviour based system, but can also upload data about your Safe/Unsafe Apps to it's central database for cross checking.

. . .

This next one is quite new and Free.

. . .

myNetWatchman SecCheck

SecCheck is a Windows forensic tool which aids in the detection and removal of malicious applications, backdoors, trojans, worms, and viruses that may be unknowningly installed on your computer. This is accomplished by collecting the following information from your system and reporting it back to you in a web page or text file:

Currently active processes
Defined services
Startup folder items
Startup Registry Key contents
Applications listening for inbound connections
Applications with active network communications
Active Browser Helper objects (BHOs)
Installed ActiveX controls
Module dump (DLLs) for all active applications

http://www.mynetwatchman.com/tools/sc/


Prevx

When you use Prevx1 Pro your system becomes part of a huge community of PCs. Being part of that community allows your PC to learn about and protect against new and evolving threats much faster than using conventional security products. Whenever, your PC tries to install or run a program it has never seen before it interrogates our centralised community database to find out if the program is known and safe to run. If it is then the program will be run without delay or interruption. If not the program will be blocked and you will be alerted to the risk it poses.


StevieO

-{ Quote: "There are a number of other web based Apps that compare using white listing of authenticated programs etc, here's just a few examples.

Online Armor

As far as i'm aware OA is not only a behaviour based system, but can also upload data about your Safe/Unsafe Apps to it's central database for cross checking.
" }-

Hi StevieO,

This is correct - we have a centrally maintained whitelist/blacklist, just did a major update of it about a week ago.

Cheers

Mike

I assume that Authensys asks you so much, because of all the potentially dangerous filename extensions. You need to switch to "Trust ISA Experts" mode:http://authensys.com/i/mainview.gif

-{ Quote: "I will agree that some do, but I wouldn't say all.. Online Armor, Prevx, Safe'n'Sec, DefenseWall, BufferZone, RegRun, ViGUARD, WinPatrol, ProcessGuard, Anti-Hook, SnoopFree, System Safety Monitor, and a bunch of others I'm sure, are all able to market their products without claiming that their product is something that it's not, or saying things like "...is the only system in the world that will protect you even if a hacker is using a completely unknown malicious program..." Some of them will state that they're "the best", but they're all going to think that.. it's not a blatant lie.

lol, me too ;D" }-

LOL ;D
Ok - I hear you, but quote one is DCS.

Heres APT or advanced process nonsense termination:
"DiamondCS APT offers seven different methods of process termination - the only thing we know of that can stop all 7 methods is Process Guard! "

Have they looked at all ever at what is available? ;D So while true, it applies to my hair also (because i haven't looked into it)

How many do you know will stop APT? I know a bunch. Thats Childs play. junk talk. The only thing i know of to stop all 7 methods that I am aware of is my hair.

-{ Quote: "Heres APT or advanced process nonsense termination:
"DiamondCS APT offers seven different methods of process termination - the only thing we know of that can stop all 7 methods is Process Guard! "

Have they looked at all ever at what is available? So while true, it applies to my hair also (because i haven't looked into it)

How many do you know will stop APT? I know a bunch. Thats Childs play. junk talk. The only thing i know of to stop all 7 methods that I am aware of is my hair." }-Hehhehehe, ok, I think you got me on that one. DCS still isn't as bad as some of the others, but certainly do some 'junk talk'. It actually seems to me like they did some more of that in the past, but I can't really recall.

-{ Quote: "It's not a matter of the alerts, but rather the big claims that can't be (or at least aren't being) backed up.
" }-

Okay, Notok I was actually responding to the big Cheerleader of pcIP here about how the central database thing is a big deal. But as for the others.

-{ Quote: "
Saying that it protects against termination and hijack "better" than ProcessGuard,
" }-

Well from what the 'cheerleader' is claiming, this means better in the sense that the user doesn't have to make the decision. But on the off chance it refers to real better that it can surivive termination attempts that PG doesnt, we have no evidence it does. We have no evidence it doesnt either.

-{ Quote: "
claiming to be a full firewall when all it does is block a couple ports, claiming that the files are analyzed by live experts in realtime when it seems that they just run it through a bunch of AV scanners, claiming that they're the only one that can protect you, claiming to be the only ones to block leaktests when all they do is blacklist it from running (at least in the past), and who knows what else. " }-

As for claiming to be the only ones to be able to protect you, as commented already it's a very common line. I bet there are products in which you play cheerleader, which make similar claims.

-{ Quote: "Heres APT or advanced process nonsense termination:
"DiamondCS APT offers seven different methods of process termination - the only thing we know of that can stop all 7 methods is Process Guard! "

Have they looked at all ever at what is available? So while true, it applies to my hair also (because i haven't looked into it) " }-

To be fair to DCS, they might claim that at the point in time they wrote this which was what 2 years ago? It was probably true. Of course, that's the thing about the market, any gains you make, is not going to last.

-{ Quote: ""It is considered by experts to be a must-have program for all users of Windows, and is the only program available that can prevent the
infection of all known rootkit trojans."" }-

I wonder which experts this quotation is referring to. Must be all the 'experts' in Wilders. :)

-{ Quote: "Okay, Notok I was actually responding to the big Cheerleader of pcIP here about how the central database thing is a big deal. But as for the others." }-Hehe, ok, I'll concede that I did misread your post, I thought you meant "big deal" in the opposite way that you did.

-{ Quote: "As for claiming to be the only ones to be able to protect you, as commented already it's a very common line. I bet there are products in which you play cheerleader, which make similar claims." }-Don't go there, you know by now that I recommend different products for different people.. which one I talk about most at any given time is directly related to what I have to offer over others around here, and changes as new things come up.

As for the rest of the statement, I'd say that it's common among the "rogue" products (which outnumber the legit ones), which is kind of the point. If you really look at the website for legit products they don't use that kind of verbage as much, although they are certainly going to try to convince you that theirs is the best, otherwise they need to find new marketing guys ;D Seriously, though, there's a difference between saying "We're the best! We can offer what your current software can't!" (very common) and saying "We're the only ones in the world that can protect you" implying "don't use our software and you'll suffer the consequences!" - or even further, directly stating that they're better than one of the small guys that most of the world hasn't heard of, and not offering anything to back it up, offering only false claims (saying it's a firewall) and/or deceptive claims (saying they can defeat leaktests, and doing so by just blacklisting the executable, although that was before making this authentisys program). There have been some companies that made some of these kind of claims, but stopped shortly after.. with these guys it just seems to keep going. Anyway, you get the idea, I don't think you and I are on all that different of pages :)

Really, though, if you disagree with me that it's not that common among the legit products, take a look at the websites of the well known and respected products that we all talk about here, I found more reasonable ones than not. The legit products seemed more intrested in convincing you of how the program works and how it can supplement what you already know, rather than trying to convince you that nobody else out there can protect you at all. RegRun was the closest, and they just said that you need something else to complete your security setup, and then goes on to explain why RegRun is your best choice. Their presentation might be a little edgy, but they're not misrepresenting the program.


-{ Quote: "To be fair to DCS, they might claim that at the point in time they wrote this which was what 2 years ago? It was probably true. Of course, that's the thing about the market, any gains you make, is not going to last." }-I agree, it doesn't count when it's actually true :) The update is just around the corner, though.. they still have "just released" on there for PG.


-{ Quote: "I wonder which experts this quotation is referring to. Must be all the 'experts' in Wilders. " }-I still haven't used AppDefend, so I must not be an expert :'(

-{ Quote: "Hehe, ok, I'll concede that I did misread your post, I thought you meant "big deal" in the opposite way that you did." }-

Ah... English, the language where slim chance and fat chance means the same thing...

-{ Quote: "
Don't go there, you know by now that I recommend different products for different people.. which one I talk about most at any given time is directly related to what I have to offer over others around here, and changes as new things come up. " }-

Oh sure, did i say otherwise? But that doesn't mean that as a partisian supporter of certain products hence you tend to overlook certain flaws in those products you support or make apologist remarks for products that you do favour. Everybody does it, even me.

As for your arguments about the difference in claims, while i agree rogue products might perhaps tend to be far more aggressive in marketing, I think it is mostly a different in degree rather than kind.

As you point out , Appdefend and Proccessguard make pretty strong claims, surely you are not saying they are rogue products? Besides as you have remarked, it is pretty common for products in this genre (regrun for example)to argue that

1) They are the only ones with a certain unique feature

and

2) This feature is necessary to protect you.

Are they all rogue products?


About PG claims.

-{ Quote: "
I agree, it doesn't count when it's actually true :) " }-

Ah... then by your argument,. Processguard is a rogue product? :)


-{ Quote: "Anyway, you get the idea, I don't think you and I are on all that different of pages" }-

Of course, you just like to argue.