Radical Proposal for Improving the Security Industry

Congratulations to Prevx for pushing the industry forward for the benefit of all!

 

This I would like to see. We would all benefit from it.

 

Thanks! We're definitely trying to start a shift of legitimacy in an industry that has long been reliant on misleading users. The discussion we had with Neil was very candid and we are definitely keen on upholding our request for a mutual "penetration testing circle" in the industry.

It will definitely be interesting to see what comes of this I personally think it will result in a massive improvement across all of the products involved.

 

Has Prevx been able to advance this initiative?

 

Unfortunately no - and we have been quite adamantly trying to do so

 

LOL, not sure how to interpret that ...

I salute you for wanting to improve what's available through any means: not really sure that Symantec, Sophos, Kaspersky et al would be thrilled with that description of their business model ??

 

It isn't picking out any vendor in particular - it is just trying to outline conceptual issues in how security products are portrayed to the end user. Pitching a product as "Total protection" or blatantly saying that the user needs no other security is misleading as no security product is perfect.

We're hoping that some of the other vendors will agree and start either adjusting their messaging or improving their products as a whole - we also do not like the scenario which users find themselves in frequently where security products end up resulting in a net lowering of protection because of holes, which is one of the key attributes of what we're looking to do in the security testing we've posted about on our blog as well

 

I am sorry but there is more to a security suite than its detection rates. My experience this year has been a terrible one. From small annoyances like Norton interfering with my screensaver to Prevx breaking my keyboard it has been a rough one.

If you have 100% detection rate but your product silently uninstalls itself or breaks the user's keyboard in my opinion it is not worth much. I would rather have 95% detection rate with no problems from the software.

I would like to see a bugs measure introduced in testing security products. So you would get rated on your detection rate and the number of bugs your software has. That would really change the security industry.

 

I do agree that misleading advertising is an abomination. I would respectfully caution Prevx, however, that it is perilously close to committing the same sin when it puts forth claims such as being the “world's strongest, fastest, most powerful security solution;” or stating that the product provides “max protection” or “ultimate security;” or that the product has the “exceptional ability to protect, detect, and remove rootkits and ‘early life’ malicious software.” Viewed in total, it would be easy for a casual reader to incorrectly infer that a Prevx user "needs no other security,” in my opinion.

P.S.: Please interpret my comments in the spirit of a "helpful suggestion" rather than a "criticism."

 

I understand these complaints but unfortunately we can't understate ourselves too much We quite honestly do have the largest cloud database (and therefore most breadth of protection) and the fastest/smallest agent out of any significant vendor (with it being less than 1MB in size and taking < 2 minutes to scan).

However...

Could you let me know where this exists on our website? I do agree that this is a bit much in terms of positioning.

Note that we do blatantly say that the user can/should continue to use other security products as well:

"People are often told they should only run one Antivirus program on their PC in order to avoid any compatibility issues - but with Prevx 3.0 we have removed that limitation.

Prevx 3.0 was built with compatibility in mind - therefore you could safely run Prevx 3.0 alone, but there's really no reason why you couldn't also run another security program alongside if you wished, which gives a deeper and more layered overall protection."

 

Note that “largest cloud database” or “most breadth of protection” is not one of the components of the claim “world's strongest, fastest, most powerful security solution.” I do agree that “fastest/smallest agent” is an assertion that can be reasonable defended by Prevx. However, that still leaves the issues of “strongest” and “most powerful” generally unsubstantiated, because these assertions are comparative in nature and would require an independent evaluation of the anti-malware protection provided by Prevx against that of the major competitors.

The phrase “max protection” is the bold heading of the box containing the text “Full real-time protection, automatic cleanup and comprehensive SafeOnline™ security for banking and shopping online” on the home webpage.

The phrase “ultimate security” is contained within the sentence “Combines antivirus, rootkit, antispyware, and zero day heuristics for ultimate security” (see http://www.prevx.com/products.asp).

To be clear, Prevx states that a user could run another security product in addition to Prevx -- which isn’t the same as saying that a user should run another security product. Editing these statements to substitute or include "should" in place of (or in addition to) "could" would be an improvement, in my opinion.

Nonetheless, in fairness, I do applaud the forthrightness of Prevx when it explicitly says that “all vendors miss threats.” I am unaware of any other vendor that puts foward such an honest statement.

 

That's really amusing, a security vendor that states "you should run another security product alongside ours". I'm sure that will increase sellings enormously.

BTW, did you make the same suggestion to Symantec?. Aren't you worried that your security vendor of choice explicitly warns against running their products alongside others?. You know, I don't follow symantec forums that much, even if I do run NIS in my system. Maybe you use to patronize them too, I don't know.

 

Vojta, it would be beneficial if you interpreted my comments in context. To review, PrevxHelp began by saying that “we do blatantly say that the user can/should continue to use other security products”; to which I replied, arguing that in fact Prevx doesn’t state that a user should employ other security products -- only that a user could.

While I am unaware of any anti-malware vendor publically stating that users should employ multiple layers of protection, making that recommendation is a honest piece of advice, in my opinion. Call me “old fashioned,” if you like; but I sincerely believe that honesty is appreciated by customers and is actually good for business in the long term.

 

And I say that it would be more beneficial if those security vendors that completely deny the possibility of using their products alongside others are the ones that change their stance.

I can't understand why you want to push Prevx to the limit of maximum humility while others keep claiming that they should be the one and only and everything you'll ever need. Wouldn't it be better to try to improve Symantec's honesty than keeping asking Prevx to deny themselves as a standalone solution?.