What do you say about community-based HIPS

Discussion in 'other anti-malware software' started by Wai_Wai, Sep 26, 2006.

Thread Status:
Not open for further replies.
  1. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Usually because another "trusted" app doesn't detect it.

    Indeed, and these are taken on a case-by-case basis. Every vendor has their own guidelines about what they will and will not detect.

    The workload we have is not as big as you think, there's a lot of automation. The database has tens of millions of files, but just a few analysts have no problems keeping up; we don't have to prioritize the way most signature-based vendors do. To give a little perspective on that, we actually have tools to sell to those vendors to help, and there's always more in the works. You can also go to the "Prevx Insight" page on the website and see how many new files are seen so far for the day (over 198,000 today, at the time of writing) and consider how few Unknown prompts you see (many/most people never see one).
     
  2. stubbs100

    stubbs100 Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    17
    Let me set the scene very briefly as to why Prevx1 is quite different to your existing end-point security products.

    When we set out to develop Prevx1 we wanted to address a fundamental weakness of conventional security products - their blindness to threats which they fail to recognize. In simple terms, unless these products recognize something by its signature, file heuristics or behavioural traps then they simply ignore it. Our belief was, and still is, that as malware threats become more and more covert and diverse security becomes more a question of intelligence than recognition.

    Prevx1 turns this issue on its head. We designed Prevx1 to monitor software activity at the system level and report unique behaviors back to a centralised database. Of course we also use signatures and heuristics but these are not conventional AV signatures, we are not trying to store signatures of the million or so malicious programs we have identified in the last twelve months on each PC. On the PC, Prevx builds and maintains a unique agent based inventory of signatures which relate one to one with each executable (good or bad) present on the PC. This inventory is then updated as required in real time to reflect the determination of each and every program on the PC. Known good programs can therefore be allowed to run freely without interruption, Known bad programs can be blocked from running and Unknown programs can be closely monitored for signs of malicious behavior and then blocked.

    This might sound a little like Host Intrusion Prevention but there is one big difference. Behavior is examined centrally. This means we can take account of the aggregated behavior of any executable and we can also consider its relationships to other objects. So whereas HIPS has to make decisions based on what it sees a program do on the PC, Prevx1 has a massive advantage due to the additional intelligence it has gathered. Even if we fail to stop a new threat, once it is identified we already have all the event information associated with it to be able to clean up effectively.

    We now have just under 500,000 users (27.09.06) who have downloaded and run Prevx1. This has allowed us to build a vast software database which knows of more than 40 million executables and 1.5Billion unique behaviors. Every day we see around 200,000 new unique executables. Of these more than 2,500 are identified as malicious. With each of our Prevx1 agents reporting new unique behaviors in real time we are seeing and categorising new malware much faster than other security companies which translates into much earlier and more extensive protection.

    Prevx1 also incorporates comprehensive cleanup capabilities that can deal with the advanced ‘keep-alive’ technologies being used by state-of-the-art malware.

    Prevx Support
     
  3. herbalist

    herbalist Guest

    That's not suprising considering there is no "official" definition for malware, or most of the other terms used to describe different undesirable wares. There is a lot of grey area when setting criteria as to exactly what constitutes malicious behavior. That's one of the biggest reasons that no 2 adware or spyware removal apps target the same things.
    If one assumes the apps function as they claim, and are not easily bypassed by new variants and similar changes, the user has to ask 2 questions with regards to community based HIPS:
    1, Do you trust the community to update their lists in a realistic amount of time?
    2, Does the community definition of malicious or undesirable agree with your own?
    I'd have no problem with the first question. If you use other software as a guide, community based programs have problems fixed much faster than the commercial equivalents. One doesn't need to look any farther than alternate browsers and operating systems for an example of who fixes vulnerabilities faster.
    For me, the 2nd question might be a problem, depending on what criteria they use. I didn't see anywhere on their site that details exactly what behaviors or criteria have to be met for an app to be blocked. I might have missed it. While there might not be that much variation in what gets called "malicious", there's a lot more variation in what different people or companies call undesirable behavior.
    Rick
     
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I'm not talking about bundled adware like with WeatherBug that some people may knowingly decide to use, I'm talking about worms and trojans, like Bagle, which were clearly detected as such. One that comes to mind was a software crack that was clearly dropping all sorts of other trojans and such.

    This is true, however I don't know of any anti-malware vendor that publishes detailed descriptions of their heuristics. These are also changing daily based on both observed and projected trends. You can see the list of what areas are monitored and what Prevx1 will do when it sees something happen (whether it will prompt you or report it for heuristics), policies set to "Prevent" are the ones that will be outright blocked.

    Like Stubbs100 pointed out, while Prevx1 has some similarities with HIPS, there are some major differences. Instead of just blocking behaviors, the monitored information are used for (centralized) automated malware analysis. Instead of having a human find a piece of malware and reverse engineer it, that process is automated so the analysts only have to look at the information and mark it good or bad. Then instead of downloading a signature, Prevx1 just looks it up as needed and either allows it, blocks it, or asks you (depending on your settings). The intent is to close the "zero day" gap, the pure behavior blocking is more secondary and meant to give advanced users an opportunity to control the situation, but only when necessary.
     
    Last edited: Sep 28, 2006
  5. austin1257

    austin1257 Infrequent Poster

    Joined:
    Sep 24, 2006
    Posts:
    31
    You can debate this in to the end of the world of infinite wisdom, but for most normal users as myself, the bottom line is, this product works and works well. There is a thread about if you could only pick 4 applications, well if you could only pick one, this would be it for me. It comes before all I have ever tried. The one piece of software that only took me 20 minutes to decide to buy and never regretted it. I think even today, blackspears stated that a good HIPS or CIPS, program is something you cant do without, and this is the best.
     
  6. herbalist

    herbalist Guest

    That isn't quite what I meant. I'll try again. What I was looking for was something that stated what they considered behavior unacceptable to add an item to the blocklist. Obviously, if it logs keystrokes, it's added. Lavasoft has/had their TAC, where behaviors were given point values. If a program exceeded a certain value, it was supposed to be added to the detection list. I was looking for something that would be similar to that in concept.
    What about these behaviors, which are grounds for the app to be blocked:
    delivers popup ads
    banner ads
    data miner
    calls home
    updates silently
    downloads more software
    modifies hosts file
    modifies internet zone settings or adds itself to trusted zone
    questionable changes in products EULA
    vendor shares data with other companies
    Which or how many of these would get an item added to the blocklist?
    Rick
     
  7. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    That's one that's probably going a bit OT, but you might bring it up in our forum or write directly. I can try to get someone with more direct knowledge to answer, but going into this much fine detail about Prevx1 is probably better saved for official venues.

    I am more than happy to answer questions as well as just generally participate and share what I know, but I do feel like we're going in a bit deep here (and at length), so would encourage people with questions to come over to our forums. You'll also be more likely to get answers from some of the team that are far more technically knowledgable than I am over there, too :)
     
    Last edited: Sep 28, 2006
  8. Davidpr

    Davidpr Registered Member

    Joined:
    May 24, 2006
    Posts:
    92
    I agree. Prevx is the only security software that I will recommend unreservedly to friends. It works and on ABC mode just runs in the background until it blocks something. And for £13 per year it is good value - other companies should take note.
     
  9. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    You spotted it right. That's also one of my concern. If you run it in ABC or Pro mode, you just don't know what it blocks, what it allows. These behaviours are those I would like to decide at my own discretion.

    How about if Pevx1 asks us for the final decision when it is going to block/allow (the behaviours) of greyware (Prevx1 may post a recommendation/explanation, but it offers the option for user to decide)?

    Does anyone know which website has made a malware test regarding Prevx1?
     
  10. ghiser1

    ghiser1 Developer

    Joined:
    Jul 8, 2004
    Posts:
    132
    Location:
    Gloucester, UK
    Hi Rick,

    That's make a few things clear. When it comes to malware, we are effectively at war. A bit strong? Well maybe. Malware is firmly in the hands of organised crime, it is no longer down to script kiddies and idiots out to "make a name" for themselves. Malware is written for one reason - to make money. Likewise, Anti-Malware software is written for one reason - to make money! Yes, it helps the community to get clean, but the bottom line is we wouldn't put the effort in if there wasn't a commercial reason for doing it.

    Now, given that we're at "war" with the malware writers there is a mantra from the intelligence community that holds firm for this "malware war" as it would for any other war - that is:

    WHENEVER POSSIBLE, YOU NEVER LET YOUR ENEMY KNOW HOW GOOD YOU ARE!

    It's unlikely that we'll publish details of how our AI engines work, what data points they use individually or collectively to determine that a program is good, bad or otherwise. This is strictly need-to-know information :blink: Joking apart, you really don't need to be concerned with it. It works. That's the important thing :)

    Let's look at the competition for a moment... Many of them publish the results of their malware analysis after they've released their signature updates. Why do they do this? Simple - marketing. Most people that get a malware infection go straight for Google and search for the filename. AV vendors publish analysis results to get hits on their websites from filename searches. Filename-based marketing leads to hits which leads to downloads which leads to sales. Anti-Malware products are written to make money! End of story.

    Now, how many of those same companies tell you HOW they do their analysis? How many tell you what rules they employ to decide whether something is bad or not? How many use automated tools versus a manual process? How many publish the nature of their signature structure or algorithms? What... you don't know? Of course you don't as these things are commercial secrets and simply aren't published. The user's of their products TRUST them to have done a good job. If they have, they detect the malware and if your lucky they clean it up. If they haven't or they are simply too slow to win the war against the malware writers... their user's start to reduce that TRUST level and look for something else.

    In this war on malware, products with automated intelligence engines are the the only ones that have a chance of keeping up with malware evolution/production. Traditional AV vendors are struggling now, and it's going to get much worst for them.

    You have a simple question to consider - where should you put your TRUST?

    Regards,

    ghiser1
    Prevx Security Architect
     
    Last edited: Sep 28, 2006
  11. herbalist

    herbalist Guest

    ghiser1,
    Thanks for taking time to reply. No explanation needed regarding this war or the monetary motivations behind it. Been in this war for quite a while and have seen enough instances where a company chooses to make the product and its support more important than the needs of the users. That's not an accusation, referrs to other products.
    How would a list of behaviors that you consider malicious amount to giving details of how your software works? How would stating that "we target keyloggers" help the author of a keylogger or harm the software/community? I'm not asking for details of how the detection process or removal procedure works. I just want to know what behaviors are considered malicious, not filenames or software brands.
    I doubt that I'm the only one here who's asked an adware/spyware remover the question "why don't you target such and such, and gotten a reply that effectively states "we don't consider it malicious", even though it meets their written criteria of targetable behavior. If a particular program delivers intermittent popup ads, will it be targeted? Popup adware is annoying and usually undesirable, but is it "malicious enough" to target or will the user need an adware remover to target it? I don't see where a yes or no answer would benefit the enemy or hurt the software/community. If anything, I would think that defining what will be considered malicious would have the opposite effect. For potential users, they'd know just what they'll be protected from. It would have no effect on malware writers or the criminal element at all. They expect to be targeted and know it's coming, just like we know what to expect from them, more of this war. Another instance where a list of malicious or unacceptable behaviors would be a benefit is with the vendors of what I'd call "grayware", that stuff that tries to see how close they can get to the line without crossing it. I'm sure you know the type, the ones that scream "our software isn't spyware", all the while knowing that there's no legal definition for that word. A list of behaviors that are considered malicious would send a message to all of them, something on this order.
    This community considers these unacceptable behaviors. Any software that engages in these or any other equally repulsive activities will be targeted. If you don't want your software targeted, don't write it to do these things.
    I apologize if I sound distrusting or skeptical, but after seeing one anti-spyware after another fail to do what they claim, watching viruses go past 2 out of 3 AVs I used to run, and seeing so-called "acceptable software" engage in activities I find very questionable at best, I've lost all trust of definition or signature based security and chose to use and recommend classic HIPS programs, SSM in particular, which trusts nothing except what I tell it to. For me, it's an ideal solution, but I also recognize that it's not that good of a choice for the average or casual user. For the average user, yours looks like a more usable option that doesn't require the user to know their systems to the same degree. I both use and test Open Source software, so I'm familiar with the "community approach" and its advantages. Community based malware protection could be what the average user needs, depending on how you define malicious.
    Rick
     
  12. ghiser1

    ghiser1 Developer

    Joined:
    Jul 8, 2004
    Posts:
    132
    Location:
    Gloucester, UK
    Hi Rick,

    You see, that's the root of the problem. There are no behaviours that in themselves are malicious. Maliciousness is a subjective area. Whether an application that logs keystrokes is malicious or not depends on a large number of factors and there are many legitimate reasons for logging keystrokes and many legitimate applications that do it. If those keystokes are captured to a file and transmitted across a network to a range of differing domains and IP ranges you might say it's looks more suspicious but it still isn't necessarily malicious. BTW, I've just described most Instant Messaging and VoIP applications that have a "Log my conversation" capability turned on.

    There are also lots of apparently benign behaviours that when taken collectively become malicious in intent. There is no guidence that can be given on "do this and you'll be targeted, or do this and you wont". You need to get to the level where you can say things like don't do X when you've already done Y and Z if you were first first created by A in folder B with your name looking like C. That's the problem - you need specifics. Without this context individual behaviours are useless - which is why IMHO traditional HIPS are useless - unless, like in your case, the user is confident that they know how to answer the questions the HIPS presents you with.

    As an example, which of these should be considered malicious:

    1. Creates a run key that points to itself.
    2. Creates a copy of itself with a different name in a new folder under the windows directory.
    3. Uses a different folder or file names that appear to be random hex digits.
    4. Downloads and installs new programs/DLLs to replace standard system files on reboot.

    Depending on context they could all be. Likewise if the context is that these behaviours were all done under the guidence of the automatic windows update service, you get a vastly different picture. Context is key and globally gathered data is paramount in understanding the true context. The view from one PC is always cloudy.

    Hope this helps,

    ghiser1
     
  13. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Herbalist: One of the things your last post made me think of, as well, is that while you will see a TAC system posted by Ad-Aware, you won't necessarily see the same for NOD32. The detection scope of Prevx1 is closer to that of NOD32's than Ad-Aware's, although we do not have to prioritize the same way and so can include the more minor stuff that comes through. Same goes for Online Armor or most other community based apps. One of the other things to consider is that Prevx1 will work perfectly fine alongside other software as well. Even if one program fit all your requirements, none of them will catch 100% of everything (I'm sure you know that's impossible), so if there's an anti-spyware app that you know and trust to catch some things, you don't -have- to make a choice between one and the other, you can use both and still be ahead of the game (an AV, AT, or AS plus Prevx1 and Windows Firewall would still beat having 5 apps of different types).
     
  14. herbalist

    herbalist Guest

    ghiser1,
    I must say I'm somewhat disappointed with this response. While I agree that, by actual definition, that there are no absolutely malicious behaviors, I wasn't asking in those terms. The behaviors I listed would be in the form an average user might use them, not their true, technically correct definitions, but conventional usage. This is the first time I've ever run into an anti-malware (community HIPS, behavior blocker, choose your term) software that either can't or won't define malware. You describe the present situation as a war, a term with which I completely agree, yet you don't define or identify the enemy in any usable terms. Identifying the enemy in general terms isn't advertizing or marketing. It's stating simple facts. If someone were to ask me what PrevX protects me from, I'd have to honestly say "I don't really know." It appears we're at an impasse where none should exist.
    That's exactly my point. Before I use or recommend a security application, I want to know what it does, what it protects me from, etc. I know what SSM can do, and I've grown to trust it enough that I no longer use any signature, definition, or reference file based software. When I don't know what a security apps specifically defends me from, there's no incentive for me to try it.
    Rick
     
  15. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I wonder if some of the posts in this thread haven't crossed the line such that they constitute plugs for a specific software program rather than topical discussions about community-based HIPS in general?

    In any event, my comments about community-based HIPS (versus those HIPS where the individual user makes most decisions) are stated in a somewhat related thread over YONDER. Please note that I pointedly avoid plugging specific programs, including my own personal favorite HIPS.
     
  16. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    My simple answer is no. The discussion involves a general question of operating mechanism posed by a member, and the followup to that. For more in-depth technical consideration the offer has already been tendered to move the discussion to the home support forums if appropriate. As far as I can see, this has not turned into a support discussion.

    I don't recall any general admonishments against the mention of commercial product names, nor of a general prohibition against vendors responding to open questions. There is general guidance to both members and vendors to pursue in-depth and focused product support discussions in the appropropriate venue, be it an official forum here or elsewhere. The discussion thus far is not a specific product support issue, rather the posts of late have turned on a general question of how a product classifies malware, which is a question of general interest and can easily expand to other products.

    Blue
     
  17. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Herbalist,

    It might be useful to turn the question around a bit and ask what classical signature based AV products protect you against or what do they specifically define as malware. Do they really define things any differently? By my reading of your comments, you wouldn't know what, for example, any classical AV protects you from. If you were to ask a vendor, aside from a general response that we protect you from software having signature X that our analysts have determined does bad things to your system, they are not about to air their internal approach to signature development and implimentation.

    As for classical HIPS like SSM, they don't protect you from anything per se, rather they do provide you with an opportunity to allow or disallow specific classes of operating system functions on a per application basis. Protection rests entirely with the user and for most PC users herein lies the problem. While this can afford a very high level of protection and control to an informed user, a system can be rendered almost unusable in the hands of an ill-informed user.

    Blue
     
  18. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England

    That is an extremely well put point BZ. Classic HIPS programs are only as good as the person controlling them. People should remember that. Community-based HIPS provide a whitelist/blacklist to assist the user. These types of HIPS are easier, safer and in my opinion are better suited to the general masses. I wouldn't put an inexperienced user who frequents the 'darker' side of the net in a position where they have to rely on a classic HIPS. They will eventually make the wrong decision.

    muf
     
  19. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Which file extensions are considered as executables in Prevx1 ? ".exe", ... o_O
     
  20. ghiser1

    ghiser1 Developer

    Joined:
    Jul 8, 2004
    Posts:
    132
    Location:
    Gloucester, UK
    File extensions are unimportant to Prevx1. You can rename an executable to anything you want. If it attempts to run as a process it will be "assessed" regardless of extension or even whether it has one.
     
  21. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's what I thought too. Faronics Anti-Executable claims to recognize more than 80 executables.
    They give a few examples on this webpage :
    http://www.faronics.com/html/AntiExec.asp
    but I didn't find the complete list until now.
    I hope AE works like Prevx1 and that their whitelist isn't based on file extensions. Of course AE requires a clean computer when installed, otherwise possible bad executables will be whitelisted as well.
     
  22. herbalist

    herbalist Guest

    Absolutely. I pretty much said that earlier.
    For me, it's an ideal solution, but I also recognize that it's not that good of a choice for the average or casual user. For the average user, yours looks like a more usable option that doesn't require the user to know their systems to the same degree. ........Community based malware protection could be what the average user needs, depending on how you define malicious.
    Regarding:
    The "classic AV" protects against a varying percentage of the malicious code in circulation. If you're lucky, it'll recognize the next one you encounter. For the record, I don't run a resident AV either. As for defining what they detect, at least they "claim" to defend against viruses, worms, and a varying list of other undesirables. Regarding what PrevX detects, I can't even get that much of an answer. So far, I don't see a single "YES" or "NO" answer to anything I've asked. I'm not trying to start an argument here. I just want a few simple answers to the type of questions the average user might ask. Those are the ones they ask me. I need something to tell them that actually says something they understand. When an average user says "keylogger", they aren't thinking of IM programs message archiving. They're referring to the password stealing variety. That would be obvious to most people when the topic is malware. I asked about adware. For the sake of clarity, I'll define it as "software whose primary purpose is the delivery of ads", not every app with a little banner ad in it or cycling ad at the top. Do you target conventional adware or will the user need a separate app for this? If I give my customers the kind of answers you're giving me, I won't have any customers. Yes, I understand what you mean when you say "that depends on....", but I'm sure you know exactly what context I'm asking the question in, user terms , not technically correct definitions. Regarding the examples you gave earlier, keyboard hooking by an IM program, I block it. Regarding the windows update procedure, since they released WGA, it's all manually done and monitored.
    Earlier, you made reference to the financial motives of many spyware/malware remover vendors, a condition with which I completely agree. They have no reason to release software that will truly protect users as that cuts into future business, like a few million sales for individual PCs wouldn't be enough business for one lifetime, even as a one time sale. IMO, they're part of the problem, not part of the solution. I like the concept behind PrevX for the typical user, community based with much of the process automated, taking the difficult decisions off of the user. My single problem here is that there's some very basic information missing. In laymans terms, "What will you protect me from?" The marketing people from these other apps know what the user is asking. I realize that with free, community based, software, there isn't much advertizing or marketing, although I see that you do sell a business version, so there is some financial motivation as well. Perhaps you should have someone with enough marketing experience :gack: (did I say that?) to answer laymans questions in their terms, starting with the ones I've been asking from the start.
    Rick
     
  23. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Prevx1 is a general anti-malware, it will detect anything the analysts come across, whether that's viruses, trojans, worms, adware, spyware, rootkits, keyloggers, or other. The only thing we consciously don't add detection for is riskware, but even then it's going to be taken on a case-by-case basis along with the automated analysis. Prevx1 even detects legitimate apps, though marked differently. There is almost nothing that Prevx1 does not detect one way or another... some are even marked 'caution', usually by the automated analysis. There are around 200k new files every day to be determined both good and bad, the way that just a few analysts keep up so effortlessly is because a lot of it is automated.

    Now when it comes to the grayware, the anti-spyware apps will publish "TAC" style lists explaining how they decide to include detection for something or not, your anti-malware apps like NOD32, Norton, and so on, don't often publish those kinds of lists, and being closer to those AVs than to anti-spyware apps, we don't either, partially because we really would need to start talking about how the automated analysis engine works. The main difference, however, is that the AVs add detection based more on if and when they can get to those samples, they have to prioritize.. we don't.

    As I've mentioned in private (as well as previously in this thread), however, if you want more specifics then you will need to come over to our forum where the entire team can and will see your question, not everyone on the team visits Wilders regularly.
     
    Last edited: Sep 30, 2006
  24. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    It works very well. It is the one product as I have said before, I cant do without.
     
  25. ghiser1

    ghiser1 Developer

    Joined:
    Jul 8, 2004
    Posts:
    132
    Location:
    Gloucester, UK
    Thanks Notok, was about to put something similar myself.

    To ensure we have clarity though, we aim to detect, protect and clean up everything that could be considered malware except for one thing. That one thing is tracking cookies as we don't consider tracking cookies themselves as malicious - though that's not to say that they're off the agenda for good...
    We focus on identifying malware files, whether applications, dlls or drivers regardless of purpose or infection route.

    I think I misunderstood the technical depth herbalist wanted in his original question. I hadn't realise that he mean't high level headings like worms, spyware, keyloggers etc. Sometimes its easy to get too close to a topic and forget that sometimes the very basic information isn't clear.

    For the record, Prevx's business is automated malware research - that is all malware files regardless of type. If it is persistant on disk, then it is in our scope. Our aim is to identify and classify ALL executable files in one of three primary categories: good, bad, caution.

    Good is a legitimate.
    Bad is malware.
    Caution are items that would not normally appear on the average user's PC, but may be considered legitimate for use by security professionals.

    Hope this helps,

    ghiser1
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.