Future Changes to Prevx

So will I All of our technology is built in-house and will remain that way

 

Feature request of a bystander (not a user), but sympathising with PrevX

I have a small feature request

I do understand the defaut settings of PrevX used in a new installation. Reason is that you can't assume the system is clean. But I would like to suggest a relatively simple (because it is based on existing components) optimisation.

Intelligent/Adaptive heuristics
Phase1:
PrevX starts in the default settings, after a predefined time (say a month), the apply HEURISTICS BEFORE changes to AFTER applying AGE/POPULARITY. The reason is obvious, after having looked at all programs for a month and NOT having met a warning (this is a 'confidence' elevation criteria), it is fair to assume the system is not infected. Ergo the PrevX can limit its focus to recently installed and or changed programs. This makes PrevX even use less CPU cycles.

Phase2:
After NOT having met any warnings in an additional time frame (again a month for example), the Progam AGE heuristics slides to MEDIUM. The reason is also obvious, since there is no sign of infection, PrevX should emphasis its other quality: zero day malware protection. For the same reason the program POPULARITY setting should also slide to MEDIUM, making it a balanced setting. As stated earlier not being infected is again a 'confidence' elevation criteria.

I have played around with PrevX in the past and really liked PrevX in this setting. In my experience this setting even offered a (slightly) higher protection. The difference between LOW and MEDIUM is not as dramatic as gearing up from HIGH to MAX. So this still should be a comfortable setting for average users.

Bottem line
I am sure the developers will have additional ideas/improvements (e.g. looking at the amount of new programs installed to classify the user and determine the applied confidence periods). I think this is a practical improvement for the average users. The knowledge of the user is the same after two months, but the knowledge of the PC usage by PrevX application has increased and hence the settings can be optimised. It also offers an extra feature marketing wise.
After the innovative lisence model of PrevX2, the innovation to cloud based protection was made (PrevX3). May be the next innovation will be usage (is risk) based setting personalisation, to provide the best security fit to individual users.

Regards Kees

 

As always, fantastic post, Kees I think this is a great idea and something that will be a very valuable addition.

Also, I noticed on another thread that you were having some problems with SafeOnline and typing in URLs - it might be worth trying out the newest beta to see if the problems persist

 

Is it possible for the uninstall routine to have the option to allow the list of user configured sites and confidential data to be preserved. Or failing that, provide some guidance on how a user can preserve this manually by making a copy of one of prevx's files.

This will prevent me having to re-enter confidential data for 20+ sites when I do a re-install.

 

SafeOnline does store its configuration on disk but it is checked for integrity and will be deleted if changed or replaced with another set of configuration options. I'll see what we can do about adding an override for this

 

Instead of an override, wouldn't it be better to add an import/export option that would allow all Prevx/SafeOnline settings to be saved and restored on demand?

 

I will try i when I am home. Weekend before eastern i had a rugby accident. Could not move anything from chest down for half an hour. They fixed spine 3 to 7 in my neck, so i will tripwire security on airports the rest of my life. I have internet in the hospital to kill time browsing wilders. I will report whether the issue is solved hopefully within two weeks.


Here is another idea for future prevx development

Safe install mode
What it does? Checks the executable against the white/black list of prevx.
When good = allows install, when bad = denies install, when unkown
a) creates a restore point
b) logs registry changes for autoruns
c) sends a report to prevx servers
d) creates 'safe boot undo'

When the prevx servers have not answered in 3 days (or any other reasonable time frame), prevx will invoke a re-boot in safe mode, undo all logged auto run registry changes, trigger a restore. This will effectively wipe out the loading of the installed program, drivers or services. This same mechanism can be used to remove the executable when it turned out to be malware after the analysis.

Marketing advantage
With this mechanism the cloud availability is a non-issue. When malware disconnects the pc from the prevx servers, it will always be wiped out after 3 days. This takes away the disadvantage of cloud based security (needing a life connection)

Technical advantage
This safe boot registry healing mechanism, should work with scripts. This mechanism can also be used for newly discovered threats and pushed through the internet as a tailored recovery, as though some external specialist analysed my hijack this log and created a script to clean it and best of all executed the script remotely.

Regards kees

 

You should make your own program Kees =)

 

I was a programmer at 21, way back, had to take the difficult route of data base admin and network/tp designer, before I discovered where I was 'born' for: analysing business problems and specifying user requirements. Giving hints to innovative companies is more my cup of thee now.

Also when Prevx2 came out with all sorts of protection mechanismes, I thought it would become to much a mixed bag to excell at anything. PrevX3 prooved I was wrong by applying all those different technique (white/black list, community, age, behavioral heuristics) in a way it made sense, meaning increasing security and reducing user decisions.

 

I'm truly sorry to hear this, Kees. I do hope you'll be alright - not a good situation to be in at all

You've hit the nail on the head with one of the most interesting aspects of Prevx 4.0's protection We won't be using restore points but our own technology behind-the-scenes for extremely intelligent cleanup and rollback of individual infections.

More on this to come as we're still shaping the technology but it will certainly be quite a powerful feature.

Prevx 4.0 in many ways will be even easier than Prevx 3.0 to use for the average user, but we're adding in some of the features from Prevx 2.0 and many, many more which will really give technical users a huge toolset to work with without compromising the simplicity of the product. It's honestly hard to curb our excitement with the mass of functionality coming around in it, but we still have quite a lot of work to do before it is ready for mass consumption

Thanks again for the suggestions and please let me know if you have any other thoughts! Again, I do hope you recover swiftly and fully!

 

of course some features from prevx 2.0 will be arriving, that green blob is here to stay

so, if 3.5 is the next big version before 4, whats in that?

 

Well I am improving, makes one humble recovering from something nasty.

Makes me curious to the release calender

 

I am surprised that Prevx doesn't block ad's and popups with its PSO, maybe a future feature or would this be a line prevx wont be going down?

 

perhaps you can add in the scan result window a "view report"buton?

 

I have a new problem I have not seen before. Its a good one too. I was using the new 119 RC.

I left prevx doing a scan while I went for a cup of tea. I had various other things open, firefox, powerpoint, which may not be relevant. There was no reason to do a scan, just that I'm paranoid and like to see System Clean from prevx.

When I got back prevx had disappeared from my system tray and the GUI wasn't open. Oh no not again I thought.

Save my work and restart and it will come back, only this time it didn't. I rebooted again and it didn't run again.

I doubled clicked the prevx icon on my desktop and got a message that the target file did not exist. When I went to look, my C:\Program Files\Prevx direcory was empty. Prevx has uninstalled itself! I'm not joking. I don't know if PrevxHelp can do anything remotely -- there might be some clues as to what has happened; I can wait and see what he says before I re-install (my system's clean and im not logging into any of my sites next day or so, so I can live without it if it helps others).

I just noticed there's a new RC so it could be this tried to update when I did the scan? I think TripleHelix told me it could do this.

I have saved scan log from this morning if it helps (when all worked ok). Prevx is still showing in add/remove programs but there are no files.

Edit: I re-installed and have now got 124 RC working.

 

2 suggestions:
1: With password protection, it even asks for a PW when adding a site to protection, but it doesn't when uninstalling prevx, please also make a password prompt to secure unwanted uninstalls.
2: I have the MVPS hosts file, when to browser accesses sites in the file a warning dialog from Prevx pops up with 3 options: close(which closes the whole browser, just not one tab), ignore(which lets you visit the site) or fix it(which presumably removes the entry from the HOSTS file?) I would like to have another option, keep blocked.

 

Good idea. I would support a "keep blocked" option for an entry in the hosts file with IP 127.0.0.1 (and for 0.0.0.0 which is sometmes used) as these could be intentional entries. You can click "ignore" but it adds an entry to the list of sites in SafeOnline which is not needed.

 

Future request:

prevx blocking screwed up av to mess up your windows like mcafee did last week

 

Request; Submit sample for analysis via the main program if the hash (or whatever) of the file has never been seen before.

 

Perhaps this has already been suggested, but I would like to see in future changes the pop-up screen when you need to disable Prevx during installs slightly smaller and transparent because it interferes with what you need to see on the programs you are installing. Thanks.

 

I don't know where else to place this since there doesn't seem to really me much on Prevx out there but would it be possible to make it to where you could have a trial of it (with protection enabled) for so many days like most security programs have instead of just saying what it could have caught if you bought the program? that way it would give people a chance to actually test it?

 

Additional protection against rouge AVs/AMs.

 

Shadek, you're funny.


You need to repair the SafeOnline module.

 

Now THAT is funny.

 

Why this is funny? The right is that SafeOnline module makes the most problems of Prevx. SafeOnline weakest part of Prevx, weakest link.