To all licensed/registered users of Primary Response SafeConnect:

Please check to see that you are currently running configuration version 132, product version 2.2.0.1187. If not, you can download the latest version of PRSC at the following link below and perform an over-the-top install.

http://www.sanasecurity.com/try/index.php

FYI, the latest version of PRSC has improved detection/removal abilities and protection against malicious process termination. As far as Norton AntiBot is concerned, I have no idea if they got the same update. Lastly, I would like to mention that an upgrade to PRSC will be available in the near future.


Peace & Love,

CogitoErgoSum

Hi, is there any change log?

Thanks.

Hello lu_chin,

Please take a look at the following link.

http://www.wilderssecurity.com/showpost.php?p=1046874&postcount=18

Other than what I have already said, the only reason that I know that there are changes in PRSC is because I manually download it's .exe file from Sana's web site from time to time and check to see if there is a change in file version or check sum/hash and communicate with both Sana's CTO and technical support regularly.

Hope this helps.


Peace & Love,

CogitoErgoSum

{QUOTE-> To all licensed/registered users of Primary Response SafeConnect:

Please check to see that you are currently running configuration version 132, product version 2.2.0.1187. If not, you can download the latest version of PRSC at the following link below and perform an over-the-top install.

http://www.sanasecurity.com/try/index.php

FYI, the latest version of PRSC has improved detection/removal abilities and protection against malicious process termination. As far as Norton AntiBot is concerned, I have no idea if they got the same update. Lastly, I would like to mention that an upgrade to PRSC will be available in the near future.


Peace & Love,

CogitoErgoSum <-QUOTE}

I can confirm that NAB is (has been for a few days) at configuration version 132.

Thanks for all the info.

Hi, folks: Now is version 135. I just forked over my hard-earned loonies for an excellent protection. Well co-existed with Prevx2, and both are very quite, indeed. I just wish Sana could improve its exposure more aggressively. It deserves a much wider reception by general pc users. PS: It is the excellent time to buy US$ based product. one US$= 0.98 CAN loonie. First time in 31 years.

Indeed,

Beware to purchase in US$, Sana asks the same amount in Euro's while the dollar is worth only 70 Euro cents!

Perman, do not tell the Southparc bunch, they might invade Canada

:) K

Hi, folks: hi, kees: Ya, we have the most porous border in the world between US and CANADA, according to recent US dept of homeland security report. To make it worse is that Canada border agents do not carry any guns. :)

Configuration Version of NAB now at 142.

Hi, folks: So is Primary Response SafeConnect. Very frequent updates indeed.

Hi all,

How to know what had changed from configuration version to another ?

Thx for the answer

Regards,

MaB

{QUOTE-> Hi all,

How to know what had changed from configuration version to another ?

Thx for the answer

Regards,

MaB <-QUOTE}
Hi, folks: No way, except trusting them---too bad. They seem to hold these info very closely to their own chest. Transparency seems to be an issue, hoping some changing are in the works.

{QUOTE-> Hi, folks: No way, except trusting them---too bad. They seem to hold these info very closely to their own chest. Transparency seems to be an issue, hoping some changing are in the works. <-QUOTE}

Thanks Perman for your answer,

May be this is beyond our poor human knowledge !

Primary Response SafeConnect updated
Version 145 now out.

AntiBot also!

Primary Response SafeConnect updated to version 150. ;D

NAB also at Configuration Version 150!

{QUOTE-> Primary Response SafeConnect updated to version 150. ;D <-QUOTE}
Hi,

What is new in this update ? Perhaps a fix for TFService.exe F.P. I had yesterday ? full of mysteries, otherwise a trustworthy app. I am stuck with 2 years-lic. Hope changing of wind direction is in the incubator. ::)

To all licensed/registered users of Primary Response SafeConnect:

Please check to see that you are currently running configuration version 153, product version 3.0.0.1443. If not, you can make a request for the latest trial version of PRSC at the following link below and perform an over-the-top install.

http://www.sanasecurity.com/try/index.php

There are several changes that I have noted with this latest version of PRSC. First of all, the number of behaviors monitored have increased from 274 to 280. Secondly, there are now four running processes compared with the previous version which ran three and makes this version similar to Norton AntiBot. Lastly, this version has five visible SSDT kernel hooks in contrast with the previous which had none.


Peace & Gratitude,

CogitoErgoSum

Hi,

Thanks for the info.

I have the latest one. But..

I have no clue when and how was updated ?

Mysterious app with yet powerful strength, little or nearly none disclosure.

Mysteries company, to say the least. No forum, no free tech support(need to buy tickets, one for one chat, or more$$ for bundle).

I am stuck with 2 year lic. ---a bit regret on my part, hoping government revenue department allow me to write it off as an investment loss. ;D

Hello Perman,

General tech support is free for the duration of the purchased license. Incident support tickets need only be purchased when one requires "live" and "personal" and/or "remote" help in installing PRSC, cleaning/fixing an already malware infected machine(s) with the help of PRSC or advanced set-up. Other "paid" support options are described in the link below. Sana tech support can be contacted via telephone at (650) 292-7111(Pacific Standard Time/PST) or via email at (support@sanasecurity.com). Hope this helps.

http://www.sanasecurity.com/support/home_home_office/index.php


Peace & Gratitude,

CogitoErgoSum

{QUOTE-> There are several changes that I have noted with this latest version of PRSC. First of all, the number of behaviors monitored have increased from 274 to 280. Secondly, there are now four running processes compared with the previous version which ran three and makes this version similar to Norton AntiBot. Lastly, this version has five visible SSDT kernel hooks in contrast with the previous which had none. <-QUOTE}

I have noticed that if one is running PRSC with Vista 32, 293 behaviors are monitored. Regarding specific changes to v3.0.0.1443, I have posted a quote from a response that I recently got from Sana support.

"PRSC 3.0 has some defects addressed. The registry processor is introduced for recovery and it has the shim layer for self protection. The malware behavioral engine has some enhancements as well."

FYI, the latest configuration version is 156.


Peace & Gratitude,

CogitoErgoSum

Hi, do you know what is the equivalent version number in NAB?

Thanks.

{QUOTE-> I have noticed that if one is running PRSC with Vista 32, 293 behaviors are monitored. Regarding specific changes to v3.0.0.1443, I have posted a quote from a response that I recently got from Sana support.

"PRSC 3.0 has some defects addressed. The registry processor is introduced for recovery and it has the shim layer for self protection. The malware behavioral engine has some enhancements as well."

FYI, the latest configuration version is 156.


Peace & Gratitude,

CogitoErgoSum <-QUOTE}

Hello lu_chin,

I believe NAB's equivalent product version is 1.1.838. The latest configuration version should be the same for both PRSC and NAB at 156.


Peace & Gratitude,

CogitoErgoSum

Thanks.

{QUOTE-> Hello lu_chin,

I believe NAB's equivalent product version is 1.1.838. The latest configuration version should be the same for both PRSC and NAB at 156.


Peace & Gratitude,

CogitoErgoSum <-QUOTE}

For all of those who are interested,

With Shadow Defender enabled and DefenseWall disabled, under Vista 32 I tested PRSC product version 3.0.0.1443 configuration version 159 against the following malware samples.

Prueba/Bifrost Trojan - Detected(Quarantined)
SohandIM Worm - Detected(Quarantined)
SSDT Unhooker Rootkit(http://membres.lycos.fr/nicmtests/Unhookers/unhooking_tests.htm) - Detected(Quarantined)
Brontok Worm - Detected(Quarantined)
Zilla( Browsezilla) Trojan/ Worm - Detected(Quarantined)
W32/ Virut.P Trojan - Detected(Quarantined)
Qucan IM Worm - Detected(Quarantined)
POC Malware(http://www.wilderssecurity.com/showthread.php?t=195340) - Detected(Quarantined)
Bot Trojan Malware(Nugache, Rizo & Storm) - Detected(Quarantined)


Peace & Gratitude,

CogitoErgoSum

Hi,

Perhaps a stupid question, but I´m not real familiar with this tool, so are these malware samples detected by signature or by behavior?

Antibot doesn't have signatures. It gives names to malware if they fit a specific set of actions, but they're just names, not signatures.

Hi,

Nice to know that PRSC can intercept those malwares.

Would Shadow Defender remove these malwares w/ DW and PRSC's absence upon reboot?

I think PRSC/AntiBot has improved quite a bit.

To make a correction to my post(#26), I hastily by mistake included "Rbot" to the list of bot trojan malware tested. I have made the necessary changes.


Peace & Gratitude,

CogitoErgoSum

Hello Perman,

Yes, Shadow Defender(SD) will remove all the above malware after a reboot with both DefenseWall and PRSC disabled or uninstalled. FYI, I primarily use SD for testing malware.


Peace & Gratitude,

CogitoErgoSum

For all of those who are interested,

With Shadow Defender enabled and DefenseWall disabled, under Vista 32 I tested PRSC product version 3.0.0.1443 configuration version 159 against the following malware samples.

Gozi Trojan Family:
LdPinch.BSG - Detected(Quarantined)
CWS.D - Detected(Quarantined)
CWS.E3134899 - Detected(Quarantined)

PRG Tojan Family:
ntos - Detected(Quarantined)


Peace & Gratitude,

CogitoErgoSum

Hi,

Good to know again.

A new breed of anti-malware weapon has born.

Those signature-based ones even with tireless efforts will be replaced by this new approach one day ?

For those who are interested,

With Shadow Defender v1.1.0.237 enabled and DefenseWall v2.21 disabled, under Vista 32 SP1 I tested PRSC product version 3.0.0.1443 configuration version 165 against the following malware samples.

Rustock Rootkit Family:
Rustock.M - Detected(Quarantined)
Rustock.NBS - Detected(Quarantined)

Srizbi Trojan/Rootkit Family:
Srizbi.AC - Detected(Quarantined)


Peace & Gratitude,

CogitoErgoSum

{QUOTE-> For those who are interested,

With Shadow Defender v1.1.0.237 enabled and DefenseWall v2.21 disabled, under Vista 32 SP1 I tested PRSC product version 3.0.0.1443 configuration version 165 against the following malware samples.

Rustock Rootkit Family:
Rustock.M - Detected(Quarantined)
Rustock.NBS - Detected(Quarantined)

Srizbi Trojan/Rootkit Family:
Srizbi.AC - Detected(Quarantined)


Peace & Gratitude,

CogitoErgoSum <-QUOTE}
I think the real test is in running without ShadowDefender and DefenseWall, since the former can significantly cripple malware (I've had instances where a malware is undetected when not sandboxed and vice versa), while the latter makes one oblivious to PRSC's sometimes very atrocious cleanup abilities. Also,
{QUOTE->
POC Malware(http://www.wilderssecurity.com/showthread.php?t=195340) - Detected(Quarantined) <-QUOTE}
Unless they've added MBR protection recently, I severely doubt this.

{QUOTE->

Unless they've added MBR protection recently, I severely doubt this. <-QUOTE}

Hello solcroft,

While I acknowledge that PRSC does not protect against low level disk access intrusions(MBR, etc...), believe it or not, it does in fact flag this POC malware(http://www.wilderssecurity.com/showthread.php?t=195340). On the other hand, I have tested PRSC against both the MBR rootkit and killdisk and it fails in both cases.

With Shadow Defender v1.1.0.237 enabled and DefenseWall v2.21 disabled, under Vista 32 SP1 I retested PRSC product version 3.0.0.1443 configuration version 167 against the POC and got the same results. Feel free to test this POC against Norton AntiBot or PRSC for yourself.


Peace & Gratitude,

CogitoErgoSum

Just out of curiosity, did you run any other tool like blacklight or rootkit revealer after detection to make sure the rootkits were removed? Some variants of rustock are notoriously difficult to remove completely.

Cheers!

Hello grumbleduke,

Unfortunately, I did not run any rootkit detection tools to verify that PRSC removed all traces of the Rustock variants. In any case, Shadow Defender which virtualized the testing session, restored my computer to malware-free condition after a reboot.


Peace & Gratitude,

CogitoErgoSum

{QUOTE-> With Shadow Defender v1.1.0.237 enabled and DefenseWall v2.21 disabled, under Vista 32 SP1 I retested PRSC product version 3.0.0.1443 configuration version 167 against the POC and got the same results. Feel free to test this POC against Norton AntiBot or PRSC for yourself.


Peace & Gratitude,

CogitoErgoSum <-QUOTE}
In that case it's worse. Here we have a product flagging a POC test and giving users a false sense of security, while failing against actual ITW malware.

I'll try this out as soon as I get the chance.

{QUOTE-> Antibot doesn't have signatures. It gives names to malware if they fit a specific set of actions, but they're just names, not signatures. <-QUOTE}

Thanks for clarifying this, solcroft. I must admit that I have always suspected these kind of tools from adding some kind of signatures and then acting like the malware is caught by behavior monitoring. Also, you didn´t respond to my PM, so I guess you don´t want to send me the samples. OK cool (well not really >:( :dry: ;D ) but can you at least give some info about the trojans using the NTFS method?

@ CogitoErgoSum, I can´t remember if I PMed you or not, but thanks for the samples. ;)

Hello Rasheed187,

You are very welcome.


Peace & Gratitude,

CogitoErgoSum

{QUOTE-> Thanks for clarifying this, solcroft. I must admit that I have always suspected these kind of tools from adding some kind of signatures and then acting like the malware is caught by behavior monitoring. Also, you didn´t respond to my PM, so I guess you don´t want to send me the samples. OK cool (well not really >:( :dry: ;D ) but can you at least give some info about the trojans using the NTFS method?

@ CogitoErgoSum, I can´t remember if I PMed you or not, but thanks for the samples. ;) <-QUOTE}
First off, sorry about not sending you the samples. I don't have internet access at home any more, and handling malware samples through the uni network is grounds for instant locking of my account. :ouch:

To address your question, it's a technical impossibility that behavioral blockers cheat by using signatures and pretend they block malware by behavior. Currently behavior blockers enjoy a far greater success rate than even the best blacklist scanners available on the market, and if they really do cheat, then that means the sample collection and detection abilities of small companies like Sana Security, Micropoint and Novatix (PC Tools) outstrip the abilities of market leaders like Symantec and Kaspersky by orders of magnitude. Obviously this doesn't make sense.

I know someone here that thinks that behavior can be turned into signature by a product, in memory of course.

OK thanks for letting me know Solcroft. And you know why I´m still a bit skeptical about "smart" HIPS? Because I would first like to see a test: execute 1000 malware samples, and 1000 non-malware samples who both trigger malicious activity, and let´s see how many malware is missed, and how many "false positives" you will get to see. :)

Clean samples with malicious activity is known as riskware/grayware and includes a vast range of software: packet sniffers, network monitoring tools, RATs, intrusion detection tools, malware cleaning tools, cracks/keygens (specially those that use custom/modified packers), game trainers, anticheat software, SMTP servers, IRC-related software, DRM software, comercial keyloggers, jokes, etc.
A behaviour blocker would have a hard time analyzing these samples. If a behaviour blocker doesn't trigger false alarms on a common Windows installation with common software, I consider it good enough.

It is actually entirely feasible for a behavior based security system to also have signatures for detection, naming (classification), and/or categorization. The fundamental problem is, though, the word 'signature' has become so overloaded and meaningless that it invites more confusion to the debate than clarity. Peter Szor's book, the Art of Computer Virus Research ( http://www.amazon.com/Computer-Virus-Research-Defense-Symantec/dp/0321304543 ) is a good place to start when it comes to understanding the history and styles of signature based security products.

Some behavioral products use 'signatures' to assign names to threats, so a person using the product may have a higher degree of trust that the conviction of that program was warranted. Other products might have really simple signatures (like checksums/hashes) to help them with false negatives in their behavioral engine. And others might employ sophisticated signatures to aid their behavioral detection.

Are signatures in a behavioral engine cheating, or a bad thing? Personally, I don't think so. It isn't ideal, but computer security is difficult and usually does not have any one straightforward answer (filling your case with concrete doesn't count as security ;D ).

Couldn't agree more. For end-users a "Trojan.Downloader.Gen" alert is more appropiate than a "Process xx tries to connect invisibly with a remote server using IE" alert.

{QUOTE-> A behaviour blocker would have a hard time analyzing these samples. If a behaviour blocker doesn't trigger false alarms on a common Windows installation with common software, I consider it good enough. <-QUOTE}

OK I see, so even behavior blockers would still alert about the tools that you mentioned. But I still don´t trust it, basically they are using some kind of heuristics (or rules) to determine if an app is bad or not, right? But are they able to recognize the difference between (for example) a rootkit driver from a non malicious one? And what do you mean with common software? I mean, I suppose normal HIPS would also not trigger a whole lot of alerts with "common software".

{QUOTE-> OK I see, so even behavior blockers would still alert about the tools that you mentioned. But I still don´t trust it, basically they are using some kind of heuristics (or rules) to determine if an app is bad or not, right? But are they able to recognize the difference between (for example) a rootkit driver from a non malicious one? And what do you mean with common software? I mean, I suppose normal HIPS would also not trigger a whole lot of alerts with "common software". <-QUOTE}

The rules, heuristics, behaviors, characteristics, and so on are the 'secret sauce' behind any of the behavior based anti malware products. Since there are lots of ways to define even something as seemingly straightforward as 'rootkit', there are lots and lots of ways of describing in code terms how they are different from normal device drivers.

Here are a few examples of techniques a product might take to determine if a driver is malicious or not. Is the driver digitally signed? Does it pass WHQL? Is it installed by a digitally signed application? Can a user mode application see the drivers registry key in hklm\system\controlset001? Can a user mode application see the actual .sys file on disk? Was the driver installed by an IE exploit? Heck, you might even use more than one behavior to convict a piece of software as being malicious (the software has to do this *and* that to be bad).

These are just some ideas off the top of my head, but what I'm trying to illustrate is there is no one way to detect even one type of threat, so unless you want to completely lock your machine down and audit every change there implicitly must be a level of trust in the vendor of the software. I hope i answered your questions!

@ grumbleduke, thanks a lot for the feedback, this is some useful stuff to know about. I´m really hoping that HIPS will be able to make "the next step", with that I mean, I hope that they will become a lot smarter and more powerfull. Personally I would like to see a mix between pure "dumb" HIPS and behavior blockers. And until I see an extensive malware test, I still wouldn´t rely only on tools like TF and PRSC.

{QUOTE->
Here are a few examples of techniques a product might take to determine if a driver is malicious or not. Is the driver digitally signed? Does it pass WHQL? Is it installed by a digitally signed application? <-QUOTE}

But is it possible to spot certain rootkit behavior from a driver when it tries to modify the kernel?

The short answer is Yes. The longer answer is 'It usually depends on who is there first' :) When you are in ring 0 it's really just the knowledge and wits of the security programmers vs. the knowledge and wits of the malware authors. There are lots of tricks both side can pull.

For those who are interested,

A new PRSC program update has been released. The latest product version is 3.2.0.915 and configuration version is 199. For those who have a current license to PRSC and do not want to wait for the new version to be delivered via auto-update, I recommend that one request a free trial at the following link below to receive a direct download link to the latest version and perform an over-the-top install.

http://www.sanasecurity.com/try/index.php

I will update this thread when I receive details as to what is new or what was changed in this new version.


Peace & Gratitude,

CogitoErgoSum

Thx,

any idea why the auto update does not update the program release number, but it shows the correct configuration number?

Regards Kees

Hello Kees1958,

If I can recall, new product versions are gradually released over a period of time via auto-update so as to avoid overloading the servers. It has been my experience that the previous product versions of PRSC can also have the same configuration version
number as the latest product version.

Peace & Gratitude,

CogitoErgoSum

For those who are interested,

The only information that I was able to get regarding PRSC v3.2.0.915 was that this release primarily consists of bug fixes.


Peace & Gratitude,

CogitoErgoSum

Cogito is correct. Agents pull new configurations to fix false positives, and this is done transparently in the background.

I want to thank Cogito for keeping this thread current.

{QUOTE-> Thx,

any idea why the auto update does not update the program release number, but it shows the correct configuration number?

Regards Kees <-QUOTE}

Kees, here is how I'd think about it: new Configuration #'s mean new false positive fixes. New product version means either new features or new 'under-the-cover' features.

I hope to get new bug fixes and features more public exposure in upcoming releases, but as an organization we are not there yet. Thanks for your patience, and Cogito has the most up to date info as of yet.

Hello Jeremy,

You are very welcome. Just doing my modest part to help keep PRSC's visibility and awareness alive.


Peace & Gratitude,

CogitoErgoSum

Since "no A versus B" only applies to antivirus porograms (I think), I must say that I wonder why someone would select PRSC when Threatfire is an equally good behavior blocker (I think) plus...

1- TF has a viable, active support forum. PRSC does not, plus it charges for support.

2- TF is MUCH lighter on system resources -- on my computer. Maybe not on yours.

3- TF enables the user to set advanced rules IF DESIRED. PRSC does not.

4- TF has a non-crippleware free version. PRSC requires a yearly license fee.

Hey, I love to spend $$$ on good security apps -- but NOT if there is an equal or better app available at lower-or-no-cost. Thus, I am quite eager for someone to show me why I should spend almost $30 for PRSC when TF works so beautifully for zippo dollars.

charis humin kai eirene - bellgamin

Do I need to add some antivirus with PRSC?

For me, PRSC must be use with other security software.

I am using PRSC with antivirus (actually KIS 2009)

You can use PRSC with Defensewall or others but for me, this is not a good idea to use PRSC alone.

{QUOTE-> Since "no A versus B" only applies to antivirus porograms (I think), I must say that I wonder why someone would select PRSC when Threatfire is an equally good behavior blocker (I think) plus...

1- TF has a viable, active support forum. PRSC does not, plus it charges for support.

2- TF is MUCH lighter on system resources -- on my computer. Maybe not on yours.

3- TF enables the user to set advanced rules IF DESIRED. PRSC does not.

4- TF has a non-crippleware free version. PRSC requires a yearly license fee.

Hey, I love to spend $$$ on good security apps -- but NOT if there is an equal or better app available at lower-or-no-cost. Thus, I am quite eager for someone to show me why I should spend almost $30 for PRSC when TF works so beautifully for zippo dollars.

charis humin kai eirene - bellgamin <-QUOTE}

Well I guess the reason could be such as in my case as TF would not play nice with my system.
High cpu that would lock up my pc, rebooting did no good as TF would eat up 100% of the cpu the only solution was to rollback to the time before TF.
That was the case everytime I tried TF five different installs with four different builds. Where as PRSC and NAB never once gave me any kind of problem whatsoever. So if TF works for you,great. But I myself am done tring to get TF to work.

{QUOTE-> Well I guess the reason could be such as in my case as TF would not play nice with my system.
High cpu that would lock up my pc, rebooting did no good as TF would eat up 100% of the cpu the only solution was to rollback to the time before TF.
That was the case everytime I tried TF five different installs with four different builds. Where as PRSC and NAB never once gave me any kind of problem whatsoever. So if TF works for you,great. But I myself am done tring to get TF to work. <-QUOTE}

Hi.

So are you saying if ThreatFire didn't have issues you would use it?

And just out of interest, if PRSC was free too and ThreatFire didn't have issues which one would you pick?

Thanks

{QUOTE-> Hi.

So are you saying if ThreatFire didn't have issues you would use it? <-QUOTE}

If I was lacking the protection it provided,. Sure.

{QUOTE->
And just out of interest, if PRSC was free too and ThreatFire didn't have issues which one would you pick?

Thanks <-QUOTE}

Hmmm.....Tough question. I honestly do not know, and I never will, since TF does not work without issues here.
I really wanted TF to work right, thats why I tried it many times. I even tried installing it alone without any other security apps just to find out what the conflict was. That was a no go.
Anyway I was planning on buying PRSC when I got a better deal on NAB (a rebrand of PRSC)
Which works W/O any problems at all. ;D

{QUOTE-> If I was lacking the protection it provided,. Sure.



Hmmm.....Tough question. I honestly do not know, and I never will, since TF does not work without issues here.
I really wanted TF to work right, thats why I tried it many times. I even tried installing it alone without any other security apps just to find out what the conflict was. That was a no go.
Anyway I was planning on buying PRSC when I got a better deal on NAB (a rebrand of PRSC)
Which works W/O any problems at all. ;D <-QUOTE}

Cool. Thanks for the quick reply.
Well for me, ThreatFire works W/O any problems at all. ;D

{QUOTE-> Since "no A versus B" only applies to antivirus porograms (I think), I must say that I wonder why someone would select PRSC when Threatfire is an equally good behavior blocker (I think) plus...

1- TF has a viable, active support forum. PRSC does not, plus it charges for support.

2- TF is MUCH lighter on system resources -- on my computer. Maybe not on yours.

3- TF enables the user to set advanced rules IF DESIRED. PRSC does not.

4- TF has a non-crippleware free version. PRSC requires a yearly license fee.

Hey, I love to spend $$$ on good security apps -- but NOT if there is an equal or better app available at lower-or-no-cost. Thus, I am quite eager for someone to show me why I should spend almost $30 for PRSC when TF works so beautifully for zippo dollars.

charis humin kai eirene - bellgamin <-QUOTE}

Vista64 is the reason!

For those who are interested,

Since the 4Q of last year, I have been actively submitting actual malware samples to Sana Security and testing select malware samples against PRSC. I have also made the PRSC development team aware of concepts and concerns related to the functionality/operation of PRSC that I believe urgently need to be addressed in the near future to close the detection gap that currently exists between it and ThreatFire(TF) or perhaps exceed that of TF.

While I am not at liberty to disclose anything in an official capacity yet, I am pleased to say that there will be something exciting in the pipeline for PRSC sometime this Summer. I am pretty sure that Jeremy will drop by and make an official announcement when it is appropriate.


Peace & Gratitude,

CogitoErgoSum

{QUOTE-> Since "no A versus B" only applies to antivirus porograms (I think), I must say that I wonder why someone would select PRSC when Threatfire is an equally good behavior blocker (I think) plus...

1- TF has a viable, active support forum. PRSC does not, plus it charges for support.

2- TF is MUCH lighter on system resources -- on my computer. Maybe not on yours.

3- TF enables the user to set advanced rules IF DESIRED. PRSC does not.

4- TF has a non-crippleware free version. PRSC requires a yearly license fee.

Hey, I love to spend $$$ on good security apps -- but NOT if there is an equal or better app available at lower-or-no-cost. Thus, I am quite eager for someone to show me why I should spend almost $30 for PRSC when TF works so beautifully for zippo dollars.

charis humin kai eirene - bellgamin <-QUOTE}

Hello bellgamin,

To address your point #1, contrary to popular belief, basic customer/technical email support is "free" for the duration of one's PRSC subscription. Concerns and/or issues regarding installation/upgrades, errors/crashes, configuration, false positives, performance, protection and feature requests are within the scope of free support.

Support can be contacted at (support[at]sanasecurity[dot]com) or via support request form at the link below.

http://www.sanasecurity.com/support/supportRequestForm.php

For information regarding PRSC's "paid" premium support offerings, please take a look at the link below.

http://www.sanasecurity.com/buy/support_learn.php

Lastly, other than what I have already said in the previous post, if official Mamutu, Prevx 2.0 or ThreatFire public support forums are any indication, I get the impression that both Norton AntiBot(NAB) and PRSC typically provide less false positives and are less likely to cause conflicts between security applications. In regards to NAB/PRSC, I can personally vouch for this.


Peace & Gratitude,

CogitoErgoSum

What i personally dont like about PRSC and its offshoot Norton Antibot is the fact that the software becomes disabled if you do not carry on with yearly subscriptions.For such software that is hardly updated (other than bugfixes and possible whitlists)everyday like an av signature ,but rather uses behavior blocking and heuristics i really could not recommend such type software that is useless unless you continue "renting" it.
ellison

For those who are interested,

PRSC consists of the following four components or processes when it is active(SanaAgent.exe, SanaMonitor.exe, SanaSafeConnect.exe and SanaSafeConnectWatcher.exe). SanaAgent.exe detects and removes malware files that have become active on a PC. SanaMonitor.exe monitors the computer. SanaSafeConnect.exe connects to the internet and sends new detected malware information to the Sana corporate database. Lastly, SanaSafeConnectWatcher.exe serves a dual purpose by verifying that SanaAgent.exe is running correctly and verifying process code injection.


Peace & Gratitude,

CogitoErgoSum

For those who are interested,

Under Vista 32 SP1 with Returnil's "session lock" enabled, I recently tested the following four malware samples against PRSC.

userinit.exe - quarantined(detected via behavioral heuristics)
http://www.threatexpert.com/files/userinit.exe.html
http://www.prevx.com/filenames/X2630648548056976493-X1012416264/USERINIT.EXE.html

detnat.a - quarantined(detected via behavioral heuristics)
http://www.darkreading.com/document.asp?doc_id=98905&WT.svl=news1_2
http://vil.nai.com/vil/content/v_139344.htm

sramler.g - quarantined(detected via behavioral heuristics);(Virut family)
virtob.f - quarantined(detected via behavioral heuristics);(Virut family)


Peace & Gratitude,

CogitoErgoSum