Process Guard, Prevx, Online Armour?

I know one person that runs both Prevx and OA at the same time and does not seem to have issues.

Personally, I think you are setting yourself up for conflicts by running more than one HIPS. Also, would there really ever be a need to run PG, OA, and Prevx simultaneously? It seems that it would have the potentail to do more harm than good.

 

Right, that's what I figured. Also, OA doesn't run any sort of freeware version does it.... I was currious, because I know some products switch to a limited version after trial, but I saw no mention of it on their site.

 

OA doesn't have a freeware version, but does offer a free 30 day trial of the fully functional program. That is what I am running on my machines right now. So far, I love it. After uninstalling:

ewido
Spybot
Spysweeper and
the MVPS HOSTS file

I put Online Armor on my machine. Been running for a week. I reinstalled Spysweeper just to do scan. Still completely clean. No conflicts, easy to use, top notch tech support. My OA trial is going very well.

I wish that I was more technical so that I could REALLY put the software to the test. But I'm not. And I also have fairly safe surfing habits. So there are better people to get security software advice from. But I can tell you that I really like OA so far and plan to buy it.

 

You are correct-a-mundo, a truly top notch product with excellant support. And to think it will soon include a firewall at no extra cost...

 

Hi ejr

I think I was half asleep when I explained why I had both Prevx1 and OA running together.

Prevx1 and OA have the following differences (over and above normal HIPS functions) :

OA :
-has DNS poisoning protection for financial sites
-has a program tracking/rollback ability

Prevx1
-has an outbound firewall (so with a hardware firewall I don't need a separate software firewall)
-Rootkit detection capability

There are other differences (in the way they deal with information and such), but I can't see that leading to conflicts.

Both have generic keylogger detection, over and above any signature databases.

Prevx1 these days is closer to an AV (with a HIPS core), so It's probably more likely that Prevx1 would conflict with an AV than it would with another HIPS, but I don't see the chances of either being high (and haven't heard of any such instances). And from OA's point of view, their development team iron out any conflicts remarkably fast.

 

Hey there!

Thanks for the reply. That explains it very well and also makes sense.

 

I have heard much about Prevx Home. Does anybody know what the difference is between v2.0 and v2.1?

I noticed that the GUI was changed from a numbered security meter 0-100% to a straight bar graph.

Is there any other difference, and does one work better on XP Home then the other?

My friend is using 2.1 using XP Home without problems, and I am trying to decide which version is best to use.

Any opinions??

Thanks!

 

Hi whistlebird,

Prevx Home was discontinued about a year ago and is no longer available for download from our servers. Existing installations are no longer supported and updates are not being made.

The replacement for Prevx Home - Prevx1 - can be downloaded from http://www.prevx.com.

Regards.

ghiser1
Prevx Security Architect

 

I ran PG and Prevx1 for awhile and didn't see any conflict, but it was for a short time. Sometimes it takes longer to see a conflict. They are so close in what they protect that I would be surprised if they didn't conflict, albeit unseen. I would say don't run them together. Although I keep an antivirus, antiTrojan, and antispy alongside Prevx1, they are not necessary. I am installing a new computer and plan to use the licenses, until they expire, on it. I plan then to run Prevx1, SpywareBlaster (with paid autoupdate),
Trojan Remover, Spybot Search and Destroy, Adaware SE Personal, Wormguard, and Mailfrontier AntiSpam or Thunderbird.
With Prevx1 there is no need to have an antivirus; ewido is a backup for now, and when the license expires I won't renew. Trojan Remover (which only scans on bootup and ondemand), SpywareBlaster (an immunizer that protects against activex pests), and Wormguard. Port Explorer, ProcessExploreNT, Autoruns, and ondemand scanners for spyware, rootkits, and Trojans are not a burden. Prevx1 is the only true realtime protection you need with a firewall; the free ZoneAlarm is perfect for that.

 

I am working out my personal choices with all the input from folk here. Even subject opinions are useful. I swapped my ZoneAlarm Internet Security Suite license for a ZoneAlarm Pro license (ZA free a valid choce too) because with Prevx1 and ewido antimalware the antivirus niche is well-covered. ZAPro has antispyware module. I did not use Parental Control. I switched from Outlook Express to Thunderbird so I dont need the Mailfrontier module in ZAISS. I used OE because I have PGP; PGP supports Thunderbird now. Now both PGP and Thunderbird truly rock. I decided to keep ewido and Trojan Remover; especially TR since it can't conflict with anything. Ewido seems to work well with the others. Realtime: stateful packet inspection firewall in Linksys router; ZoneAlarm Pro firewall and antispyware, Prevx1, ewido, Wormguard, SpywareBlaster (autoupdate), Spybot S & D (resident in IE). I have an assortment of ondemand antispyware, antirootkit, and views. I tried the Comodo firewall but reject it for too many popups that you can't stop; they fix that and it will be fine. It is also tied to ads for their commercial products. I tried Look n Stop; it is a fine firewall. It works similarly to ZA; it's not as heavy on resources. I dont why it is not mentioned more often. I could use PG; seldom did it raise an alert i could not interpret. It is not necessary with Prevx1. So the question for me is not if there is a conflict, but is it necessary for me. I have closed most attack vectors in the OS. I have two firewalls (router, desktop), 5 antispyware (ewido, Prevx1, ZA antispyware, Spybot S&D, SpywareBlaster), 3 antirootkit(ewido, Prevx1, RootkitRevealer), 3 antiTrojan (ewido, Prevx1, Trojan Remover), 6 antivirus (Prevx1, ewido, Bugbear Removal Tool, Klez Removal Tool, two McAfee Avert tools), and JPEGScan. Pic included(

 

I am running the latest Prevx1 release with the latest Online Armor AV+ Beta version without problems. Pretty smooth!

dja2k

 

Seems that Online Armour would'nt confict with what I have; I may try it out. If not now, on my new computer later this year. I'm intrigued by what I read and what some friends have told me about it.

 

I am also looking at PG, OA, and am currently a user of Prevx1 (free).

Comments please on this interesting test:
http://kareldjag.over-blog.com/2-categorie-69553.html

Kareldjag found that System Safety Monitor was better than PG at stopping certain types of activity, including resistance to being disabled. He rated PG “first” because it is easier to use, not strictly for it’s abilities to protect the user’s computer. Putting user learning curve aside, he favored SSM.

In a seperate review ( http://kareldjag.over-blog.com/1-categorie-86447.html ) Kareldjag evaluated Prevx. If I read it correctly, Prevx was vulnerable to attack in a more substantial way than SSM. It could be disabled by attackers with known tactics. He wrote: “ …after the test, i'm legitimatelly disapointed about Prevx: i like to see a product doing what its authors claim…”

I do not mean to bash Prevx. I have been thankful to use it, though I’ve noticed slogging and glitches. The report is over a year old, and I do not know the technology well enough to evaluate it.

If anyone can comment on Kareldjag’s reviews, please do so.

Are there any spyware / malware testing sources that have regular, standardized testing- like some of the virus sites (AV-Comparatives, Virus Bulletin)??

I haven’t done a complete search, but it is difficult to find a clear explaination of what the various programs specifically protect. This thread at Wilder’s is one of my favorites:
https://www.wilderssecurity.com/showthread.php?t=32823&highlight=system safety monitor . Anyone have a favorite?

The folks over at WindowsSecrets have noticed that even “trusted” examiners of products can print results that must be scrutinized carefully: http://windowssecrets.com/comp/060810/

Thanks everybody.

All the best

Ashwin

 

Hi Ashwin,

This blog entry is about Prevx Pro/Home a product that was withdrawn well over a year ago and has no relevence to the current Prevx product - Prevx1.

I'd like to raise a small point though about these type of tests though. All these "tests" involving running utilities to examine/violate certain parts of the system. In order to do anything to the system, a process has to run. This means that programs such as Prevx1 that intercept the running of programs cannot be tested in this way. Their primary protection is to prevent process execution. If those products prevent the running of the tool they have passed the test - as they have done their job. If they query the running of the tool and the user chooses to run it anyway, the product has still done its job and should pass the test.

The real test of any HIPS product is two-fold:

1. How it copes in the wild with real malware; whether it detects it, blocks it and whether it can cleanup the mess. And it shouldn't matter whether the malware was on the box before installation or introduced afterwards.

2. How it copes with legitimate programs. A good HIPS should ignore them unless you tell them otherwise.

Just my 2p.

ghiser1

 

I've been using Prevx1 for 3 or 4 months and the new version they have out
now are much better then previous ones. Alot faster bootups and low on
system resources. No bog downs here. I have used OA and PG in the past
but like Prevx1 much better. And its alot easier to use.

 

I have prevx and PG working together in one config. And PG and OA in another.

All three together has a great deal of overlap - probably not a great idea

 

I'm sure it does since you - like most other Windows users - most probably don't practice safe computing. You run your system exclusively as administrator, of course. You use IE, of course, with ActiveX and Scripting enabled, of course.

Forgive me if I'm wrong, but, if I am - why are these programs discussed in this thread so important for you? I've been running my system as a limited user for years, and I've been using Firefox with the extension Noscript (and some others, like AdblockPlus and Cookie Button) for quite some time. And guess what - I've never been infected.

Oh yes, I'm running Kaspersky AV on my system, and once in a while I start Adaware and Spybot R&D - but they simply don't find anything! Well, with the exception of some viruses in emails (most of them are caught by my spam filter anyway) - but do you really execute suspicious file attachments?

Sure, it's fun to play with all these HIPS and they can help you to learn something about your OS, especially if you are a control freak (and that's the only reason why I'm still running GSS). But they are not a replacement for safe computing.

Sorry - this wasn't meant to offend you ...

 

I got to disagree, most people *here* practise safe computing (arguably if you ignore the whole administrator thing) , they are just paranoid.

 

maybe the people at this forum surf safely, but theres many more Windows users who dont practice safe hex.

 

The average joes I know don't seem to have any problems, but I'll take your word for it

 

That's my setup. I run all those and haven't been infected in god knows how long. I'm also not a safe surfer. Maybe i've been lucky, but on the occasion's that something did try to get in, my AV or other security app stopped it. Now where would the fun be if i disabled scripts, activex, java and used something other than IE? If i did those things then i may as well get rid of my security apps. And i'm not gonna do that as they cost me a lot of money!

muf

 

tlu, and all, some folk know me more as a raving paranoid, more a tendency to crash my computer by the whelmovering weight of too many security apps; although, thank goodness, I've been weaned (thank you all) from this tendency. One poster suggested that I encase my computer in concrete and sink it in the ocean, then I would surely have a secure system. I asked, what antivirus should I use in that concrete case?

This is how I set the bedrock of security for my XP Pro. Choosing XP Pro, not Home, is the first choice (unless you choose Linux or OS X) you make for security. Then you use this guide:http://www.lbl.gov/cyber/systems/wxp-security-checklist.html

Don't build straw men - Creating a false example, then attaching your opponent to it, is misleading.

Don't misrepresent - Claiming to speak for your opponent in order to belittle them doesn't do anyone any good.
My wife is telling me:

 

I use tests only as a guide to test software not as an absolute truth.

I'm "testing" Prevx1R as only protection together with a firewalled router (and I'm using I.E.) for more than a month now. Prevx1R keeps my pc as clean as a church floor. It protects my "real world" very well.

Periodicaly I double check with KAV and SAS. All that is found are a couple of cookies. I forgive Px for that.

 

egghead,
you've inspired me to remove more programs. I have Prevx1. I look inward and see that I keep Spybot Search & Destroy and Ad-Aware for sentimental reasons. I installed ClamWin for the gushy feeling over open source. It goes.I really dont need these. Hush, i am thinking in forum. I have K-Meleon, Firefox, Opera, and OffByOne, but I still use IE sometimes; so I should keep SpywareBlaster. I will keep the ones that I have licenses for, even though in the past that didn't matter. I have a license for PG and I don't use it. (I plan to use an old laptop as a network server. Since the active process will be predictable I'll use it on it). Viruses are contained by Prevx1, so are Trojans, keyloggers, rootkits, and spyware; ewido covers about of the same. ZoneAlarm Pro has a spyware. scanner. I dont need an antivirus to scan email; ZAP does that, changes the extension of all executables to harmless. You can add extensions. What do you folk think about keeping CWShredder?
Prevx1 and ZoneAlarm Pro I feel would be sufficient. Donja think? But ewido, SpywareBlaster, Wormguard, and Rootkitrevealer I believe okay to keep. DiamondCS's JPEGScan is unnecessary since ewido covers jpg and jpeg. I added jpg and jpeg to the list of extensions that ZAP changes.
With Prevx1 and the four that I'm keeping that should be sufficient. I uninstalled Sandboxie to try VM and appliance. So i expose my inner secret all programs to you. Would some principles stated implied apply if I had PG instead of Prevx1? I may on the server use PG, ZA Free, and Avira AntiVir PersonalEdition Classic, SpywareBlaster; or may use same with Prevx instead of Process Guard. I like Process Guard but Prevx1 is that and more.
ewido real scheduled
Prevx1 real scheduled
Sandboxie (or VM) for Thunderbird and all browsers
ZA Free or Pro (spyware scan) real scheduled
SpywareBlaster immunizer
Wormguard sorta real/immunizer
Sandboxie allows write to drivefor email, but not attachments.
Perhaps this would allow elevation of limited user acct to power user acct and still be reasonably safe. What is the consensus selection of this type of security app? I say Prevx1.