Prevx OK's rogue AV site

@PrevxHelp

Thanks for the clarifications and link http://info.prevx.com/safehelp.asp which was very helpful.

I visited the link and saw this ?







Only after about ten minutes did it change to BLUE.

I also found that scripting was required to view the Prevx SafeOnline User Guide.



I believe that, the less sites that use scripting the better. I also believe that above all, security sites should set an example by not using it.


Add Protection/Website Protected

Protection Status

On clicking, notice should be given that, "Full protection requires closing and re-opening the web browser to be fully enabled." Not everybody will automatically realise that, and therefore won't be fully protected.


Configuration Options

Is the data encrypted ? If so what type and strength ?


I still think that it would be much better if we could individually select each of the Configuration options, and set anywhere between off and maximum on each one.

Appreciate your input, and your willingness to be open to questions/suggestions etc, not all vendors are.

EDIT the bottom image should be in the 215383 position, don't know why it isn't ?

 

Mine is working fine with that link in FF 3.6!

TH

 

If you can't trust scripts on a security firm's website, then where on the web can you trust them?

Personally, I select "Allow prevx.com" in NoScript and have had absolutely no problems with their website. And the SafeOnline verification (for both https and http) works fine too, just as Triple Helix shows.

 

FBI: Rogue antivirus scammers have made $150M

Story: http://www.computerworld.com/s/article/9142160/FBI_Rogue_antivirus_scammers_have_made_150M

It's hard enough for any security software to catch all Rogues when they are making millions! So it's really up to the user to watch what they try to download and install in the first place IMHO!

TH

 

point taken

 

I suspect it is unlikely that a user will be exploited instantly after downloading SafeOnline so opening a new browser instance is probably reasonable.

We store a cryptographic checksum of the data, not the data itself, so there would be no possibility of stealing the data or having data leakage from it.

We had this in place before but quickly moved away from the individual checkboxes to use the slider bar because each option depends on the options above - i.e. you cannot disable screen grabber protection without disabling window contents protection. The way we currently have it laid out disables the lowest amount of functionality possible with each level down and should work well for users to configure their protection.

Let me know if you have any other thoughts!

 

@Triple Helix

Good for you, but i got the same BLUE result just now ?

@MaxEntropy

I wasn't saying i couldn't trust scripts on a security firm's website. My point was like i said, "security sites should set an example by not using it."

NoScript is what i have, but a lot of regular internet users don't know about it, or how scripts can be used maliciously. Hence my saying, "I believe that, the less sites that use scripting the better.

@PrevxHelp

Good to know on that aspect, but could the unecrypted data still be stolen by someone/something or malware targetting it in Prevx, either locally and/or remotely ?

Thanks on the other info.

 

speaking of rogues, pretty sure ive just helped to add another one to prevx's cloud.

it was first undetected, but a few plays around with the software, a reboot and a scan with prevx detected the new rogue and removed it without a hitch.

probably added a few to prevx's database today, i know of some as Joe as already told me so, but Prevx did miss a couple of the zero-day samples i was testing against.

overall, the only visual elements i could see after all detections/removals, was my RegCure has been removed, maybe one of the file-infectors infected it and it was detected and removed as it wasnt detected prior to my testing.

so, one missing program and an invalid shortcut to that program was the only things i can see.

Hitman pro detected a 'suspicious' file in my TEMP files, but no vendor detected it - i chose to remove it knowing i had been messing with zero-day samples, and hitman pro detected ONE sample that prevx missed, not bad from around 20 or so that i was messing with.

I did notice that Prevx will sometimes not detect the file on execution and allow it to run, but evetually, surely when all the behaviours came to light - the scanner did pick it up.

i notice when the file isnt in the database, it checks its behaviour on my machine and a few scans later shows the infected file, they are labelled as Community.Heuristcs (with me being the community ) lol

overall, a good score 9/10

 

Immediately after the user initially enters their password into Prevx, it is forgotten - only a cryptographic checksum of the password is stored, which prevents any possibility of finding what the real password is (and Prevx itself doesn't even know it at that point).

Also, regarding the blue status - could you try the newest update from http://info.prevx.com/downloadcsi.asp and see if this corrects it?

Thanks!

 

@PrevxHelp

Thanks on the password info. Will try the newest update.