Anyone tried Dynamic Security Agent?

LOL @ DA

And yes this app seems to act like a rootkit, no problem if long it´s legit, because most of the better anti-malware tools act like rootkits, they have to be doing this for better protection of course. But I will try to install this app on a clean virtual machine to see if it does have anything to offer that the others don´t.

 

Depending on what you mean by "act like rookit". I'm not aware of many that actively hide themselves so they show up on RR , BL scans, etc.

I know Spycatcher does that, care to tell me about any of the 'better anti-malware tools' that do that too?

You didn't try it on a clean system Why not? With VM it's just a click away. Much faster than uninstalling all your HIPS....

 

If you look in Privacyware's software directory (http://www.privacyware.com/software/), you will see DSA.exe dated June 15. There are no references as to what's new/fixed with this, just a heads up.

 

Thanks QBgreen

Just updated it. Can not kill DSA.exe with taskmanager, and can not kill it, even with ATP http://www.diamondcs.com.au/index.php?page=apt ATP was alloved to run. Could not kill it.

If taskmanger is allowed, you can kill all other applications. Just keep taskmanger not allowed (just removed from the protected apps, not in quarantine, of course), and all allowed applications are protected from being shutdown.

 

Thank you for all of the comments on this forum. We appreciate and value this feedback as it helps us ensure that we are aware of what is delivering value and what needs improvement. In response to some of the comments posted here and elsewhere, I'd like to inform you of a few updates:

1) We have begun posting the version history and release notes on the DSA support page, available here:
http://www.privacyware.com/DSA_Support.html

2) The latest DSA build, (1.0.6.14) does not allow the DSA.exe process to be closed from the Task Manager.

3) While DSA is "an ideal complement to conventional virus and spyware scanning software as well as personal and server firewall applications", it does also include many of the core features that one would associate with a typical client firewall. If you have a personal firewall that you prefer, DSA will likely work alongside it without conflict. There are two exceptions that we have recently addressed; Panda AV/Anti-Spyware 5.x and Agnitum Outpost Firewall 3.5x. With the latest DSA release, we have introduced a fix that enables these applications, plus any others that we may not be aware of, co-exist in the same environment. If during installation, DSA detects a firewall application for which it conflicts, DSA will install all components except the conflicting driver. Therefore, whatever personal firewall you had installed originally (and presumably prefer), will provide such capabilities. DSA will enhance that firewall with the anomaly detection and process monitoring layers. If you are not married to any particular personal firewall, we suggest Privacyware Privatefirewall 5.0 in which DSA will be fully integrated and available in the coming several weeks.

In addition to its behavioral layers of security, DSA also includes inbound/outbound packet filtering as well as port protection so it can be considered a firewall. That is why Windows XP Security Center detects it as such. However, DSA does have limited configuration capability compared to traditional client firewalls, including our own Privatefirewall 4.0. So despite the possibility of some functionality overlap, DSA is designed to either work with client firewalls and av/as scanners, or as a stand-alone behavioral/ips defense layer.

Thanks again for the comments. I look forward to the continued dialogue.

Chris Iannicello
Privacyware - DSA Product Manager

 

Hi,folks:I just installed the newest build 1.0.6.14, it has no conflict with outpost f.w. Smooth sailing UNTIL I run weekly spybot D&R scan. Spybot D&R has flagged DSA as a Tango in two locations: program file-dsa.exe and autorun setting. Can anyone echo my surprised fingings? Other than that, the app seems working flawlessly.

 

Also installed it here on a Win2k system to have a look, and so far no problems at all. I will use it for a few weeks and see how it goes. Fairly simple interface but seems nice so far.

 

@ciannicello: I didn't get the "get you're outpost out of here"-popup now, so that's ok, but during install you have to give your/a name and emailaddress and have to be connected to the internet...which brings me to my question...why should I register a FREE product?

 

when i tried it, i just used a fake email like "spam@mailinator.com". it wasnt too hard, and wasnt a major annoyance either.

 

hi ciannicello you mentioned that If during installation, DSA detects a firewall application for which it conflicts, DSA will install all components except the conflicting driver. what may happen if you uninstalled the first firewall , would DSA lack any protection due to maybe not having drivers that it initially would have installed?

 

@WSFuser: of course it's easy to do and indeed you can use a fake name/address, but my question is.."Why?".. and the reason for me asking is I can't think of a valid reason and that makes me suspicious.

 

well it says its to register DSA (tho ive never seen mandatory registration), but i send a support ticket to get a definitive answer.

edit: heres their response

 

Well, ok, it's clear now why they want you to register, but i'm not convinced (why would anyone download a product and then not install it and when they do how are you going to measure if they keep it installed?) and it should be optional. I uninstalled it (don't need it), but apart from the registration it seemed very nice.

 

I´ve tried it and it´s not good enough, and with that I mean overall, not the features per se, but also the GUI and options. And besides it seems to conflict with a lot of other security tools in my virtual machine, so I will stay away from this app.

 

@ DA

Well, you know what I mean, perhaps not all security tools are exactly acting like a rootkit, but a lot of them do try to get as much control over the OS as possible.

 

Hi All, I am just wondered when someone tells Yeah, that product is the best, or on contrary, that it is just kind of dummy and there are no any reason to have it. And nothing at all, only these unfounded conclusions.
What criteria was used, which tests were taken, performance impact and so on - in most posts on the forum it's not revealed. I have looked enough posts in different threads but have found that really sound and interesting posts are rarely. That make me think I am that who can burst some more truth about security products.
So, "Wilders Security" be aware I am coming

I have not seen yet DSA, so have no opinion, but definitely next week it's my promise to turn this inside out.

 

well we will be prepared and welcome to the forum as well.

 

Thanks

 

I installed DSA today. It appeard to be doing it's job rather well. Pop-up alerts when apps started... When I tried to update a snapshot w/ FD-ISR. FD shut down. I didn't have this problem prior to installing DSA. And haven't had it since un-installing DSA. Seems like a nice app, just not for me.

...screamer

 

Tried it recently. Like others, it generated two 'tango' hits with SpyBot (false positives??) & threw up an 'app error' at shut-down. I've uninstalled it, just didn't feel totally comfortable with it. The uninstall left a lot of 'litter'.
Guitarelf.

 

Here are some my findings about DSA:

It consists of following layers (quoted from help):
1) SYSTEM ANOMALY DETECTION
The DSA System Anomaly Detection layer analyzes the normal use patterns of running applications and generates alerts as it detects unusual activity. The System Anomaly Detection Engine applies a sophisticated algorithm to establish a baseline of normal use based on several system variables such as CPU utilization, thread count, and others.
2) EMAIL ANOMALY DETECTION
The DSA Email Anomaly Detection layer analyzes the normal use patterns of outbound email delivery and generates alerts as it detects unusual activity.
3) PROCESS DETECTION
The DSA Process Detection feature records all processes that are launched during the 'Training Period'. .... After the training period, DSA will generate a Tray Alert when any process attempts to run that was not recorded during the training period.
4)APPLICATION SECURITY
The DSA Application Security layer monitors all inbound and outbound Application-specific Internet activity as well as WinAPI calls for system processes.

Process detection and email anomaly detection are pretty well. Process detection guarantees that no one unknown process will be executed without your will. Or you can just deny some processes from running (I used it for prevent running auto update utility and for a time some games from child

Email anomaly detection is well suited for detection of mail worms.

About system anomaly detection, i am kind of doubtful about its advantage, possibly it really increase security level for these rare cases when other layers defeated, but it also generates some additional false alerts. So ratio of succesfully detected possible threats to false alerts is minimal in comparison with other layers.

The core functionalities are firewall and process monitor (for tracking winapi/kernel calls) are joint into APPLICATION SECURITY.
I have tried DSA against some tests, as PCAudit, MBTest, Thermite, Ghost, WallBreaker, DNSTester, APT, PCFlank and so on (these all and more can be found on firewallleaktester.com) - almost all of them succesfully passed, that definitly impressed me. But there still exist some ways to execute malicious code.

Also I have found problems with unauthorized access to some DSA data.

Firewall makes no any network performance impact. Average DSA CPU usage is 0.05%, maximum is 6%. Average memory usage is 15Mb, maximum 20 Mb.

Interface is very simple and ascetic. But tray balloons and alerts look very nice. "Big" alerts provide pretty detailed information about events and have hyperlink to google just for search process name.

DSA still has some imperfections (that really can confuse) so keep an eye for further updates. It has good potential and worthy enough. And it's free.

That's all. This week I am going to test another product, CUL

 

So it's pretty much another HIPS app, and it gets flagged by some other apps cause of the fire with fire analogy. How well all of these apps work with eachother still confuses me. Is anyone using it in conjunction with say Prevx or OA? I'm sure if it's a "rootkit" it will piss off Mcafee and any other scanner I run on my computer....

 

SuperAnti-Spyware and Dynamic Security Agent works in tandom flawless so far with my XP Pro setup. That also includes SSM & Launch Monitor too.

Quite pleased with this combo as is. I was really an advocate of CyberHawk untill they buggered it that caused it to create incompatibilities but then many good products overstep their bounds on a good thing only to shoot themselves in the foot. So goes messing with something that works only to make it unpopular.

DSA & SuperAS work well and i'm completely pleased with them both. Hope that helps.

 

Hello,
You do realize that Task Manager is just a GUI?
You can kill apps from command line.
Mrk

 

EASTER.2010, just curious as to what incompatibilities you have seen with Cyberhawk? I used it and liked it as well, but have recently uninstalled it to try DSA, which may be a bit too much for my needs. SSM Free or PS Free both seem like good choices, but CH seemed my best bet. I was using ZA Free and AVG Anti-Malware with it for a short time, but saw no problems.