Regdefend vs Prevx

Discussion in 'other anti-malware software' started by pires3, May 20, 2005.

Thread Status:
Not open for further replies.
  1. pires3

    pires3 Registered Member

    Mar 16, 2005
    I'm new at wilders, so I hope this is the correct forum to post this question.

    What are the main diferences between regdend and the free Prevx Home 2.1?

  2. Vikorr

    Vikorr Registered Member

    May 1, 2005
    RegDefend works on the principle that spyware/trojans want to autorun, and to do so on their own, they must change the autostart areas of your registry. Regdefend is a kernel level program, and intercepts such attempts BEFORE they change your registry. This makes it much better defence than a registry monitor that polls for changes after the event has occurred, then attempting to undo the change.

    Regdefend does have some weaknesses
    1. A trojan/worm may inject itself into an autorun process. This way it doesnt have to change the registry
    2. Certainly doesn't protect against Virii (it doesn't claim to)
    3. if a rootkit installs itself at Kernel level, I doubt that RD would be able to prevent it making changes to the registry (this is just a guess though)

    PrevX home's basic premise is 'if they can't install, they can't hurt you. PrevX does have some registry protection, can't say how much though. PrevX works by protecting areas of your computer commonly chosen by spyware/trojans as their installation. It protects new executables (ie spyware trojans, maybe worms) from installing in those locations. It also protects your system autorun processes from modification (ie trojans injection), it protects (not sure just how strong this part is) from buffer overflow (used by some worms).

    PrevX has some weaknesses too.

    1. It's registry protection doesn't seem as strong as RegDefends (will always get the request from RD before you get one from PrevX)
    2. it does offer some protection from Virii, but only to programs located in the area's it protects (but this will include your autorun system files, and likely your security products)
    3. it doesn't protect all areas of your computer, just the most important ones
    4. sometimes buggy 'trusted install' feature, which may mean you have to suspend PrevX to install a program (I have this bug).

    A downside to the PrevX Home version includes (I personally like the Pro version much better for these 3 reasons)
    1. you can't set rules like the Pro version, so it's quite noisy
    2. It can dial home frequently (depending on how many times your application breaks its rules)
    3. It doesn't offer as much protection as the pro version

    I would also suggest you look at Process Guard. A combination of either PG/RD or PG/PrevX is a very powerful combo security tool

    PG does a few things :
    1. it asks for permission to run any executables (you allow/deny once/always)
    2. it protects your executables from termination/modification (malware can't terminate or modify your security apps or running processes)
    3. Protects from installation of rootkits (remote access trojans)
    4. Protects from Global Hooks (method used by keyloggers)
    5. Protects from installation of drivers/services (trojans etc that want to autorun)
    6. Blocks Registry DLL Injection - method used most notably by the CWS trojans (250 variants out there. Nasty things to remove)

    PG does have a few weakness/downsides
    1. takes a while to set up the first time you use it (after that its fine)
    2. normally have to disable it to install a new program (so you want to make sure its safe first)

    All said an done, if you use PG with an application based firewall, you can be much more certain that nothing can get in, but more importantly that nothing can get out (say a trojan by injecting itself into one of your firewall trusted applications). It's combo with either PX or RD make for a very nice bit of security.

    Also nothing wrong with running all 3 side by side. I do with no problems :)
    Last edited: May 21, 2005
Thread Status:
Not open for further replies.