Prevx Home calling home

Hi all,

Since several members have analyzed Prevx's messages, I would be very interested in knowing what exactly are they transmitting back to their servers.

Since they are trapping applications and files, my guess is that they are tracking which applications and files are being accessed. Is this correct?

Rich

 

Rich,

I suppose the difference for you would be, that Prevx is not reporting on what you do on your computer - it is not reporting on your behaviour...it is reporting on process interaction.

It doesn't know what websites you surf, it doesn't track personal information, and it doesnt seek out passwords, all it knows is what process interactions happen in the protected areas of your computer.

And as stated previously, what it reports on has been audited.

However, as I've said in other columns, I agree with you, it's decidely odd behaviour for such a program to need to report back so often.

 

What they are sending is the same info you see in the details of the 'event history' Prevx is set to connect at regular intervals, whether there is data to send or not. It's only supposed to connect like once an hour or something, but there has been a bug that makes it connect more often, and sometimes irregularly. A bug, though, is a pretty far cry away from spyware.

 

Hi Notok,

Thanks for the reference. It appears that it is tracking all events that it monitors. Sounds about right.

As far as whether this can be called spyware - I have seen many tracking cookies and programs that do a lot less and are labeled spyware. It is all in the eyes of the beholder. In this case, there are some users who are willing to accept this tracking behavior in order to use the program for free. In my case, I would have no choice, since I am unable to install the Pro version. But if it is quacking, it is certainly a duck - and the fact that some users (either knowingly or unknowingly) accept this behavior is one of personal choice.

I do hope that if someone does recommend this product, they do include a note about this rather unusal behavior. I have no idea, why Prevx needs to know everything that I am doing on my system - e.g. the files that I am accessing and executing. Other excellent AVs, ATs, and ASs apparently do quite well without this information.

Rich

 

Well, when was the last time you saw someone mention the ADS streams while recommending KAV? One could easily turn this around to say that it's an anti-competitive move to make life miserable if you try to use other malware scanners, but we all know that's not the case.

Prevx does include the information on their website for those that honestly seek answers to such questions, and doesn't make it hard to find. Honestly, richrf, I can't help but think that if you had been able to get Pro working, you wouldn't be here.. let's lay off the spyware thing, ok? The items you mention all attempt to collect personally identifiable info without your knowledge. Prevx only records what you see, sends it anonymously, and you have to admit that the info I pointed out to you is all pretty obvious if you don't gloss over everything but the 'download' button.

Another difference is that you get to benefit from that information by clicking on the "get advice" button to see how others handled any given alert, and be notified if the offending file is known malware.. it couldn't do so without PAWS. Once they get the spyware scanning implemented that is planned for the next release (apparently), this will function much like the GIANT products' "SpyNet" It also wouldn't bother me if MS sold aggregated statistics to other vendors of what's been seen by SpyNet.. I would actually appreciate them doing so because it would help the rest of the industry to improve their products to a certain baseline, much like AVs with ITW malware.. and this is what Prevx is offering. You don't have to participate in it if it makes you uncomfortable, and it's not going to hurt anyone's feelings if you decide that, however just because some low-life companies have abused simlilar functions doesn't mean we should condemn everything similar. By that logic we should be protesting Yahoo and Google for their toolbars, Wilders for the cookie, NOD32 for the "advanced warning system", the aforementioned GIANT products, etc etc.. after all, they quack, right?

I actually tried to start a thread about this subject when Prevx 2 first came out, asking where we draw the line with data collection in general, (not limited to Prevx) because it's easy to see that more and more security products are starting to do this. I was rather disappointed that people seemed more willing to take a reactionary stance rather than articulate what is, and what is not, reasonable. Obviously there can be uses that ultimately benefit everyone, but if we can't articulate any kind of consensus then someone else will do it for us. We're going to have to be more constructive with our opinions than just labeling anything that sends data as spyware, because that will just further blur the lines between what actually -is- and what -is not- spyware, which in turn only helps the companies making spyware.. and now with companies like Lavasoft losing customer trust by making those decisions for us, what will we be left with? Am I making any sense here?

 

Hi Notok,

I do all the time. In fact, I personally only recommend KAV 4.5, partly because of ADS, and partly because I do not see any value to the users for moving to 5.0. There are other reasons.

Not true. I was prepared to pay for a license, even if I decided to stick with Prevx Home. My own feeling, based upon what I have observed in forum discussions, is that Home is probably more stable than Pro. I was quite prepared to pay for any use of Prex. Until, someone on DSLR pointed out to me what Prevx was doing. I am not naive, but it sure wasn't at all apparent to me.

As for the right to privacy, I draw the line at my home. I do not want anyone monitoring what I am doing while I am at my home computer. I understand that businesses have their own issues, and may of them are in fact "spying" on their employees. I do not see how privacy can be fully guarded in the workplace. But my home is my castle. I don't want MS prying into what I am doing. I don't want the government prying into what I am doing (the government could easily use the argument that you are presenting in order to deploy monitoring tools in software). It would be interesting if every vendor, of let's say free security software, decided to do exactly what Prevx is doing, and put a monitor on users machines under the guise of collecting data for the good of mankind. Talk about a "mess".

Those who are fully informed (I believe it should be right on the home page), are free to do as they want. I think Prevx worded their Home Page declaration (and people should read it for themselves) in the way they did, because they know exactly how most people will react if they saw the words "Along with Prevx, a monitor will be deployed to anonymously collect data in real-time that wil be sold to third-parties". Is there any doubt as to the reaction?

I think I will buy licenses from other parties who are serious about protecting my privacy such as DiamondCS, Ghost Security, Kaspersky, Greatis, Tom Coyote (I donated for HijackThis), NSClean, Ewido, Eset, and all the others.
There is so much money I can spread around, and I prefer it to go to those who are trying to create great products without monitoring activities on my machine. I am sure there are others like me, just like I am sure there are others who agree with you.

Thanks again for all of your comments. Certainly this topic warrants a spirited debate.

Rich

 

Slashdot just posted this article, lol
http://www.msnbc.msn.com/id/7546554/

 

Nice thread people.

I always wondered what actualy is sent to MS Antispyware Spynet too.
Yes it is encrypted but what is sent. Can you see it using a sniffer if encrypted?
I know most software developers send info back to verify you are using a ligit
paid for version. This is good for them but still is a doing something behind your back issue, IF it isn't posted in direct view on the download page and not buried
deep on a web site.

I think one should be a an advocate one way or the other and no fine gray lines inbetween.

Bruce

 

Yes, I agree; researchware sounds like corporate speak for bend-over ware to me.

 

Thanks for the link Notok. The "slippery slope".

Rich

 

Hello there.

I find this thread interesting having installed PrevX home in the last couple of days. I too couldn't load the Pro trial version

I am very much a newbie in these security matters but having read peoples concerns I have set my Zone Alarm to deny PrevX from 'calling -home'. Is it somehow bypassing this denial ?

This may be a little off-thread but I also have a couple of questions regarding the alerts on Prevx.

Firstly, when I start up I notice in the events entry there is reference to Trojan Guard as a Registry Alert. It initially says it has prevented THGUARD.EXE from accessing protected areas in the registry but at the bottom of the entry it says ;this action has been allowed' - what has it done allowed it or denied it and should Trojan Guard have access to these areas of the registry it is referring to (sorry my machine is not with me so I haven't got full details to hand.

Secondly, last night I installed Java Run Time Environment and I got endless requests to allow or deny all the components. Will this happen to this extent with all software downloads ?

Finally, this may totally unrelated but since installing PrevX whenever I log on I get a strange flash on the top left of the sceen (looks like a ghostly image of a program running then it disappears. Is this coincidence and any ideas what could be happening ?

Hope someone can help a little on these as this is all very new to me.

 

Ya gotta think.....A lot of these companies are like politicians.

They say and make a lot of promises....when running for office.

But they say....and what they do.....are often two different things.

 

There's an unfortunate ring of truth to what you say. It has affected what software I use: as far as I am concerned BOClean, NOD32, ProcessGuard, for example, are not only outstanding products but are produced by companies with integrity, I trust them and their software. I cannot say the same about Prevx.

 

Hi Old Monk,

At first, I too set ZoneAlarm to intercept all messages originating from Prevx. If I remember correctly, there were four programs that were associated with Prevx - PXAgent, px|1, pxl1, and pxl, - or something like that. I am sure others can give you the correct program names. I believe that this should stop all messages to Prevx Home - but it does not stop the internal activity of Prevx, which was causing a fair degree of resource drain. Prevx is quite adament about sending those messages out. So, I just decided to get rid of it.

I too got that "ghostly" image after trying to install the trial. I had no idea what it was, but I couldn't get rid of it, even after uninstalling Prevx Pro - so I performed a complete image restore. I don't like it when funny things start happening on my computer and based upon the completely lack of response to my previous question to Prevx (others have had similar experiences), I did not think any question to Prevx about this issue was going to elicit any information. So I just went back to a previous image copy. Maybe others on this forum can provide more information.

In regards to Trojan Hunter, I believe that Prevx maintains an internal database of trusted programs, so it will permit certain events (e.g., updates, installations) from trusted programs such as Trojan Hunter. I observed similar events. I think this is designed to cut down user interaction. But there are times where you have to "train" Prevx to permit certain types of installations and updates via its "allow this event" mode. But because installations for certain programs are always changing, it may not be possible to train Prevx for all kinds of installations/updates. For me this was a minor issue, and when I was doing a large update, e.g. Microsoft Update, I would suspend Prevx.

I hope this helps a bit. Others with more in-depth experience will no doubt have more to add.

Rich

 

With my FW ...I have pxagent.exe...blocked
and with PG ...I have pxl1.exe.........deny always

Before I did that...when I ran Prevx, with just pxagent.exe blocked by FW. it was trying to get out...far more often then every 15 minutes...it was banging
on the door almost all the time.

Now with both blocked.....no FW activity....and zero cpu usage.

 

Hi Just Wondering,

I noticed, using FileMon, that ZoneAlarm was constantly blocking file writes of PXAgent. Probably it was all "in memory" so CPU usuage is neglible, but PXAgent was certainly keeping vsmon busy. Thanks for the additional information.

Rich

 

Hi guys,

There certainly is this over-arching question of "who do you trust"? DiamondCS (ProcessGuard), Ghost Security, Kaspersky, and Ewido have earned my trust. Of these, Kaspersky and Ewido have on-demand access to my Internet connection, for auto-updates. Unfortunately, so does Generic Host Process - which is a huge hole in my security. Hopefully, I will find a way to manage this hole. For now, I will keep my list short.

Rich

 

Hi Rich and Just Wondering

Thanks very much for your input. Reassuring in a way that others have experienced the same.

As I like the idea of the product, will persevere a bit longer and see how it affects resources etc.

Just one thing Rich, what do you mean by an 'image restore' and how would I go about doing it if needs be ?

Going to check on the Spyware Blaster/ Guard / NS Keylogger thread now. Is there never a time to stop worrying !!

The more you delve the more you need to know. Unfortunately it seems 'ignorance is bliss' is not an option when it comes to these issues !

Thanks again folks.

 

Hi Old Monk,

An image copy is a complete copy of a hard disk as it existed at a point in time. The nice thing about having an image copy is that if I ever have the slightest doubt about whether I have been infected by a real nasty (e.g. a keylogger or rootkit), I can go back to the last clean image copy by restoring my hard disk with the image copy.

I take an image copy of my hard disk, by copying an image to an external Maxtor USB drive. This extrernal drive cost me about $80. I use a program called Image For Dos (Terabyte Unlimited) to create the image copy. I like IFD, because it copies under DOS, so it is very straightforward and I am sure that my image is a clean image (i.e. nothing else is executing on my system while I am creating the image). I have used this image copy facility several times in the past. I think it is a very good idea to have at least one image copy available.

As for the latest MS AS thing, there are several threads already on this topic and new ones popping up by the minute. It is most probably a false positive (MS AS is detecting a string that really isn't a spy) and at this point I wouldn't worry about it or do anything. False positives are actually quite common in the anti-spyware world.


Hope this helps,

Cya,
Rich

 

Thanks Rich

I'll have a look at that.

Cheers

 

Rich....You may want to try out NetVeda FW....it is free, and has excellent
app control...I like it better than the generic allow...or deny of ZA
It has allow, deny and allow or deny once....that way if you are not sure of
something ...you can deny once...and look it up on the net.
It also has component control...you can deny dlls....great logging.
If you use firefox...with just a little putzing...you can nail down your PC pretty
tight....Far too many programs try to call home...and I just don't like it for
G.P.s...let alone what else they may be trying.....and it holds down windows
processes real good.

 

Hi Just wondering,

Sounds like an interesting FW. I noticed some posts about a new version coming out. Since my ZoneAlarm Pro license is expiring, I will look into it. ZoneAlarm, in essence, has the ability to "Ask", each time. With Generic Host Services, it appears I need to give it permission, or FireFox hanfs when it tries to do a DNS lookup and GHS is not given permission via ZA.

But if there is a product out there that is better than ZA, I am certainly interested. I'll search around for other topics on NetVeda.

Also, of interest, is a new thread that just started up on DSLReports, on this same topic that we have been discussing. Others, apparently, are also a little disturbed about "Researchware""

http://www.dslreports.com/forum/remark,13233065


Thanks for the info.

Rich

 

Yeah ....I saw that article earllier....Ya notice...how they seem like they are
trying to do it thru the goodness of their heart....and to help ALLLLLLLLL
mankind....When the real bottom line is MONEY.

On NetVeda...If you have any questions on it....I don't speak tech talk, but
I'll try to help you if I can.

 

Thanks. I'll let you know if I have any questions. In the meantime, I think will also look for ways to help all of mankind.

Rich

 

Hi rich,

if I was you I would spend money on all those apps as well. Great software from very reputable companies. Unfortunately I can't afford $40 bucks a time to defend so many different parts of my pc. In truth McAfee AV, SSA&D and ZA personal has pretty much defended me from all forms of nasties till now. Prevx Home is free and tightens the ship a little further,as far as I am aware. You compare it to spyware but what I consider spyware is something that records and monitors without offering anything back.

Can I ask you a simple question? If you didn't have PG full or RegDefend, would you get rid of Prevx?