Prevx vs. MSAS

If you had to choose either Prevx or MSAS real time protection (not MSAS itself, just the real time scanning features) which would you choose and why? Mucho Thanks.

 

UltrA .
Two MOSTLY different programs here . You SHOULD use both but , if only one , Prevx . Prevx offers more in the way of protection .

 

Prevx. It is proactive and I feel more comprehensive though some knowledge is required in order to interpret the messages.

I have a license to Giant and it just doesn't seem to be doing anything or going anywhere (except maybe backwards) ever since MS purchased it. Lately, I have become a big fan of proactive defense software such as Prevx, ProcessGuard, and RegDefend. I use KAV 4.5 with these products and have been very satisfied. I use Ewido and Ad-aware as a backup and that seems to be working well though it rarely finds anything anymore.

 

Isn't it funny Rich ?
Just wait . Giant was great . M$ will screw it up sooooo bad , it will probably COME with spy/ad ware VERY soon . Everything they touch turns to crap ! This is NO exception . Give it time and we will have to dump it I am sure

 

Truly, when I was using MSAS's resident protection, I kept getting infected by nasties as detected by Spybot & Spyware Doctor. MSAS is a sham!
I like Javacool's Spyware Blaster better...its good...and ofcourse, Prevx is damn cool. Very proactive indeed.
Added processguard to my arsenal, and I am very clean now...

Abhishek

 

Well it's strange, I have MSAS running in resident and it scans automatically every night and never finds a thing. Yet I have just run Ad-aware and it has turned up 45 'critical' pests in my IE cache. All of these are tracking cookies but I wonder why MSAS doesn't prevent them?

I should mention also that since running the Ad-aware scan my Firefox browser with it's profile settings won't load so I don't think I'll be running Ad-aware again in a hurry. Spybot doesn't pick up any cookies either so I'm inclined to think the one's Ad-aware is picking up must be fairly harmless.


As for whether MSAS is more effective than PrevX, they seem to be designed for very different purposes, I haven't seen too much overlap so far. Both programmes are running along quite nicely and they aren't messing up other apps so I'm grateful enough for that. Right now I am going to have to re-boot and hope that Firefox will function as a result.

EDIT: Yep after a shaky start the re-boot did indeed do the job.

 

I think that the reason that MS's products are so poor is because MS really has another agenda. Fundamentally, MS keeps the underlying OS operating system "open" so that they can peep into the desktops whenever they want to. (It is called account control). This "architectural design point" is contrary to good security. And surely, they would not want a product out on the market that "detects" their own spying (and it is spying) efforts. So they will naturally limit the capabilities of their own AS products as well as maintaining fundamentally flawed operating systems to suit their own purposes. And they will be very slow in closing any of their self-imposed "holes", since MS designed them in the OS for their own purposes.

I believe that the industry will slowly migrate away from MS (the beginning of this is clear by MS's own stunted growth and the way Firefox is being adopted) but these things take time. Probably 5 - 10 years, but the security problems are so severe that it will probably force the migration away from Windows. It will probably happen in the Asian countries first since they have no reason to embrace MS's strategy (no real money invested) and it is already happening in Europe where MS is being forced to disassemble their OS. Slowly but surely. In a way, the hackers are doing everyone a favor by exposing the holes that MS has built in the OS to suit their own aims.

Rich

 

I guess I am not too bright, but I have not determined what Prevx is exactly. It evidently is not a AV, AT, or AS. Is it some program that duplicates some of those utilities or what does it do.


What is it closest to, ie PG?

Jerry

 

Prevx and ProcessGuard are both attempting to monitor unexpected or unauthorized events on a computer and alerting the user if such events occur - but the events they are monitoring are "caught" at slight different times during the processing cycle. For example, ProcessGuard may detect the execution of a new or unauthorized progam on a system, while Prevx may catch the program while it is updating the registry or trying to change or store a program in a particular directory. So very often, I will receive messages from both ProcessGuard and Prevx during the execution cycle of a given program.

You can look at precisely which events each program is monitoring by downloading each program, since all the events are enumerated for each program and each program allows you, as the user, the determine which events should or should not be monitored and allows the user to decide whether a program can go ahead and execute that event _before_ it happnes. The paid versions of each product allow more graularity or events to be monitored. They are certainly redudant in some cases, but I love the fact that there are multiple "walls" that a progam has to get through before it can execute on my machine. As soon as my trial period for Prevx is up, I will be purchasing it. This is REAL defense (ala ProcessGuard and RegDefend).

I am sure there is lots more that others can add, and if I am mistaken in some of my description, I apologize in advance. This is the best way I can describe my understanding at this time.

Rich

 

Thanks, Rich.
It appears to be a useful tool. I realize that it is new, and I am far from being able to trouble shoot my computer and the various programs.


After it is around long enough, and seems relatively trouble free so that I can feel safe, I'll get it.

Thanks again,
Jerry

 

Hi Jerry,

I think you have the right idea. It takes time to become comfortable with products such as Prevx. I think the vendors can greatly increase the comfort level of their products if they hired people to write professional documentation that clearly explains the capabilities of the products, how to use the products, and expected events and how to handle them. PC vendors, as far back as I can remember, were never really focused on end-user documentation - which hurts them. As a consequence, the necessary knowledge has to be acquired in an ad-hoc manner - such as through a forum.

Prevx, ProcessGuard, and RegDefend are truly excellent products. Coupled with a good AV, they can provide really strong defenses against current and potential malware. I hope the vendors can get their act together so that more users can benefit from their technology. Good luck with your own efforts!

Rich

 

It's been around a while Jerry, and it works pretty nicely alongside PG. There's a decent review of both PrevX Home Edition (free) and PG here. http://www.techsupportalert.com/intrusion-detection-p2.htm

The author really rates PrevX and gives a decent outline of it's abilities. Not really sure if it's necessary of you have the full version of PG but for a free product it's pretty hard to beat.

 

Your caution is very sensible. A new release is due soon and I would advise waiting for that and then monitor how well it performs:

"...we have a fairly big release coming out end March/early April 2005 that we expect to have significant all round performance improvements."

http://castlecops.com/postp473183.html#473183

 

Thanks, All for the replies.
I will take the advice. I do not have PG or similar programs. I do have AnalogX Script Defender. I had to check because I never know it is there.

I guess it is normal that those who write programs for whatever, because of their vast knowledge of that subject, assume that end users will understand what they have written or understand the in and outs of the program.

However, folks like me cannot begin to understand enough to fix anything. I need something that I can cookbook and it works. If it does not then I am in trouble. I cannot even bear to look at something like a Hijack this log.

It is unfortunate that there are those who enjoy wrecking computers, but since that is a fact we need to be able to prevent them from getting into our computers.

I think that the developers of the various security programs are doing a superb job overall. In time the programs get the bugs worked out, but in the meantime I do not have the knowledge to use them.

As I look at the number of security programs that I have, I am almost staggered. If some of them were not free the cost would be prohibitive for some. I sometimes wonder if many of the problems that I read about are not the result of so much stuff on the machines that it is almost impossible for all of the programs to work together. The developers have their work cut out for them.

Thanks again, and I'm just rambling.

Jerry

 

On the PrevX side of things, I notice it most on my laptop as a slow down
I'm still not convinced one way or the other about how useful it is, but PrevX Home has a good price tag, I don't actually run PrevX all the time due to it slowing things down too much so I'll be interested to see the new version

I have full copies of PG and RegDefend (both setup to be paranoid) so they should cover any "gaps" and the overhead they put on the system is mostly wait time for me to read te dialog box and then click on Allow or Deny button

Firefox with the PrefBar, AdBlock and CookieCuller extensions (and one of the decent adblock lists ; 2 good ones are Ronjor's or Filterset.G) certainly help keep the problem sites away by either filtering out the offending sites or by the ease of being able to leave javascript, java etc turned off most of the time and being able get accept/deny prompts for cookies (prefbar) can alert you to your Adblock patterns not being up to date

I generally use Avant if I need to use IE so that I get some ad-blocking and popup blocking (my use of Protowall, see below helps protect here as well)

Like lots of other people I use Adaware, Spybot S&D, and Spywareblaster

I also use Protowall as an IP blocker and the associated IP list updating app (Blocklist Manager). I find it very useful for blocking ad sites and trojan sites as another layer of defense for everything that has taken to using IP's in the url (to bypass hardcoded hosts files). Blocklist Manager can export its blocklist data in various formats and this can be directly imported into some firewalls (to avoid needing yet another application)