Prevx vs. Online Armor vs. MSAS

Hello,

I was a PG user but have since uninstalled it -- the False Positive/Actual Threat ratio was just too high. I am currently running the following:

Realtime/resident:

• NOD32
• MS AntiSpyware

On-demand:

• Watcher
• SpywareBlaster
• SpyBot S+D
• AdAware
• HijackThis

I must admit that this combo has been working quite well, however I feel I am still missing something to fill the void that was left by PG. I am considering OnlineArmor or Prevx, and would like to drop MSAS as soon as possible since I believe that since being acquired from GIANT, it is now doomed to become ineffective especially given the recent alliances MS has made with spyware companies such as Claria.

Does anyone have any comments on the efficacy of Prevx vs. Online Armor, especially with regard to False Positives and CPU usage, both of which I am always trying to keep to an absolute minimum. Are these products even comparable?

much obliged.

 

I suppose I should clarify what I meant by 'false positive'. I didn't mean it in the typical sense of an AV program detecting a virus signature in an otherwise legitimate file. I meant PG popping up an alert for an event which was either a) something I initiated, or b) something a program that I trust initiated. I just found that I spent too much time fiddling with PG just to keep my system running normally which includes lots of app updating (so CRC's constantly changing) and unattended script running.

In addition to spending lots of time clicking on that 'Allow' button, in all the time I had PG installed (over 6 months) I never actually had it 'catch' any trojans or prevent any malware from installing. <knock wood!> That's not to say it wasn't working properly-- It was, just that I am quite careful about what I install, and from where, and thus just wasn't exposed during that time.

So I was looking for something that perhaps dealt with these types of attacks a little differently and distinguished a little more intelligently between what was malware and what wasn't.

If no such thing exists, I suppose I will just keep clunking along with the tools I have.

cheers

 

Fustrating isn't it?

I share your pain. But i would guess most people here are fanatics about security, all this clicking makes us feel warm and cozy inside, a sign that we are protecting our computers.

What fun is there in a silent antimalware system that only craves attention if something malicious occurs? Given our security and careful most of us are, this system would almost never do anything!

I'm afraid you have to wait then. Most of the products on the market these days are dumb products that have no ability to differentiate between malicious behavior and none-malicious behavior.

On one hand they talk about how good their non-signature based methods are, on another they tell you they don't really detect malware! They alert on every freaking new detail, never mind if it is really malicious.

That said, you might try Panda's truprevent.

 

any other opinions on Prevx vs. Online Armor? Anyone using this "Truprevent" that was mentioned?

 

Hi LuckMan212,

I won't comment on the other apps - there are a couple of threads on Wilders regarding OA - but to answer your questions:

Other users on here have commented that OA is very "Quiet" with it's popup messages. This is partly because there is a thorough setup process which we call the "Safety Check Wizard" that runs when you first install OA.

During the SCW, OA will check your start menu for programs it does not recognise and ask you if you want to trust them. Assuming that you do, you would not get a popup from OA regarding them unless they changed for some reason.

We try and keep the whitelist/safelist as up to date as possible - again, for the purpose of minimising these popup messages. So, even if you take a new program - there is a chance that we've already seen it and added it.

Probably the best advice if you have a little time is give each of these programs a try and see which one you prefer.


Regards


Mike

 

Thank you Mike, I think I will do just that

 

Hi Luckman

I use Prevx1, OA, and PG.

I can give you a fairly decent comparison of them, although Prevx haven't actually release details on what Prevx1 can and can't do, that I can find (annoying).

Prevx1 beta

NB Prevx1 is in report mode only for a lot of settings at the moment. This should change in the future.

-Filewall - ie notes when exe changes occur in protected directories
-Execution Protection with Whitelist/Blacklist
-Installation tracking
-Can uninstall what installations it has tracked
-Registry Protection - some
-Host file protection
-Raw memory protection
-BHO protection (doesn't mention any other IE protections)
-Self Protection

Pro's
- much more 'intelligent' than the old Prevx Pro
- quick Support response (for those made via email) - usually 24hours

Con's
- Setupwizard takes forever to complete it's scans.
- Popups, when they occur, are extremely annoying. You have to type in a description, and select 'installation' or 'not installation', before you can 'allow/deny'
-Report mode only, for many settings.
-Not as transparent as the old Prevx Pro
-oversimplified interface (there's no settings to play with)
-slow response to posts on their forum at Castlecops (I mean sometimes a week and more)
-yearly fee or it stops working
-very infrequent updates (so what are you paying a yearly fee for?)

Future (likely)

-Adding Prevx Pro like customisability
-Adding script defense
-Adding buffer overflow protection
-Adding firewall
(these are only the ones I know of)

Online Armor

Execution Protection with Whitelist/Blacklist
-Installation tracking
-Can uninstall what installations it has tracked
Phishing protection
-email filter (for tricks used by phishers)
-DNS checker (checks your high value sites against a central database)
-these are listed in the Protected Sites tab
Web filter
-filters ActiveX & Java (popup if site is unknown)
Trusted sites
-list websites intro Trusted, Untrusted, or Ask(?)
-trusted lets activex etc through, untrusted doesn't, Ask asks.
Keylogger Protection
-detects keylogger via behavioural means
Browser Protection
-I'm not entirely clear on this, says :
-IE extensions
-Homepages settings (for all browsers)
Hosts file protection

Pros
-Very easy setup (and quick compared to Prevx1)
-User-friendly interface
-Fantastic support (either on their forums, or here at Wilders...Mike doesn't sleep you see)
- Mike listens to suggestions (actually seen many improvements to OA directly from suggestions people have made on these boards)
-Frequent updates (seems at the most, 3 days apart, often sooner...great for a HIPS)
-Program still works if you don't pay a renewal fee...you just don't get the updates (rather fair policy).
-Uninstalls completely (heard this from other users)

Con's
-Hmmm...ummm...it hasn't reached 1.2 yet !!! (when it gets registry protection)
-Still a few programs it conflicts with (I think...as they get fixed quickly...)

Future

Mike says he has 40 pages of things to do, but for the immediate future :
-Registry Protection
-Possibly a firewall (mentioned in Mikes previous posts as a maybe)
-Advanced settings for those that like to play


Hope it all helps

 

Yes actually, that was extremely helpful, thanks! I have downloaded OA 1.1 but in all honesty I am probably going to wait for 1.2 before giving it a throrough testing, so I can use my 15-day trial with that version. I will most likely remove MSAS and purchase OA at that point.

 

I'll be resetting all eval keys so people who tried 1.1 will also be able to try 1.2 when it's released.


Mike

 

...MikeNash,

My Question:

What is the "Minimum System - RAM MB" needed to run Online Armor on an old "Win 98 PC", so as not to significantly degrade the Win 98 PC's performance when running Online Armor

... P.S. Your web site does not list memory requirements. I think it would be a good idea to list this info (i.e. for the various Window operating systems their min. memory requirements)

 

Hi JBB,

I'll do some testing and see - usually I recommend that for XP you have 512mb of RAM, regardless of whether or not OA is installed. For XP I'd say the minimum is 256mb.

On 98 - I don't recall how much Ram was in the test box. I'll do some playing around on Monday and post back here with an update.


Mike

 

1) Anyone try Online Armor with Outpost Pro Firewall 2.7

2) Anyone try Online Armor with Outpost Pro Firewall 3.0 with its new Spyware Plugin Enabled

... Are there any conflicts or issues running Online Armor with either version of Outpost ?

 

"Anyone try Online Armor with Outpost Pro Firewall 3.0 with its new Spyware Plugin Enabled"

Yep seems fine - I'm also running Fsecure 2006 wth anti ad etc

 

MikeNash,

I have been reading about Online Armor here on threads of Wilders and I was reviewing the description/user comments on the FileForum.BetaNews site. According to the description of Online Armor, on the FileForum.BetaNews site it indicates that Online Armor's "Program Blocker - now has option to track changes". I have a quick question about the tracking changes feature:

Question:
Does the "tracking changes" feature of program blocker, only track file adds and registry key adds ? ... Does it additionally track changed and deleted files and registry keys, by detecting an attempt to change and/or delete files/registry keys and first backing up these files and registry keys and then letting the file/registiry key change or delete action to proceed ahead by the program being executed ?

... If not, can this be considered for an enhancement to Online Armor? In my opinion, the ability to track all three actions (chgs, deletes, and adds of file/reg keys) of a program executing and then be able to also restore/reverse out changes and deletes of files and regsitry keys would provide a way of reversing out most of the destructive activities that an undesirable program can do to the files in your Windows System folders and your other application folders (Internet Explorer, Outlook, etc).

.... (Especially, since some programs must upon install or re-configuring make changes to the win.ini, system.ini, etc files. Or when executed cause unexpected chgs and deletes of files on your PC.)
... Just an idea, what do you think?

 

I think it's a good one - it may not get into 1.2, but we're always improving every feature we possibly can

Mike

 

MikeNash,

1. Does the Mail Screen filter of OA work as a local proxy program ?
... I ask because I am using a SPAM filter program which runs as a local proxy server listening on port 110 and I was wondering if OA and a Spam Filter Program that runs as a local proxy would cause a conflict to occur between the 2 pgms ?


2. P.S.
Did you get a chance to perform the below testing that you previusly mentioned that you were going to do on Win 98 PC, regading memory used/needed ?

 

Hi again,

MailScreen is implemented as a transparent proxy. No settings are required and it should work with existing spam filters with no problem.

I did not get a chance to review on Win98 - someone nabbed the test box for another person; I'd suggest you give it a try on your box and see if it works for you.

Mike

 

MikeNash,

...This is really, really the last question that I have about Online Armor, before trying it:

Question:
Does the current version of Online Armor have the below feature (... If not, what's your view to adding it as an enhancement ?)

-- A Family or Child Mode (for the less experienced family members) where OA would operate in an "automatic mode" where:

1. All Untrusted or questionable events that are detected would automatically choose the blocked action:
A) With either *no* screen windows prompts for actions
-- or --
B) Let the screen prompts occur, but with all choices except for the "block" choice to be grayed out.)

2. All automatic blocking events are recorded in a history log for viewing by the administrator family member, at a later time.

3. Adiminstrator Member Mode and Family/Child Mode ( Automated Block Mode), determined by providing an option on a configuration screen where you can specify a Windows UserId that OA should invoke Administrator Mode when the PC has been logged on with that UserId and where you can specify 1 or more Family/Child - Windows Userid's that should likewise invoke the "Automated Blocking Mode" of Family/Child Userid Mode.


... Basically, looking for a HIPS program that could provide the above type of parental control that is detemined by "Windows Userid Account" Logon, so its always easily invoked and no longer have to worry about the less experienced family members choosing the wrong action.
... If OA does not currently, do this by Userid, what's your view to adding something along what I described above ??

 

Someone pointed out that the current OA 1.1x beta has this "sort of" - by preventing the kids from accessing the GUI part of OA. However, it will be in 1.2



Mike

 

MikeNash,

Oops, ...Wouldn't you just know it, I just remembered that I had two remaining software compatability questions that I want to ask before trying OA, but that I forgot to ask in the prior forum message to you:

1. Has Online Armor been tested and confirmed to work with a PC running:
.... VMWare ? ... or alternatively System Commander (from VCom) ?

2. Does Online Armor make any modifications to the PC's Hard Drive's Boot Sector ? ... (I ask, since, I know utilities like System Commander do this, so could I have a conflict in the future running OA with System Commander or Vmware ?)


Thanks, again for your time.

 

At one time I had the current implementation of OA (trial) running in a VMWare virtual environment as well as on a workstation manageing virtual machines without issues.

 

@JBB

Install OA, you won't be disappointed!