Prevx vs. COMODO IS - Keylogging

Lock this if it's not permitted to ask, but I've been wondering this for a long time.

I want to use only CIS, but my fear for keyloggers has made me always run it in conjunction with Prevx cause of its SafeOnline. Referring to v4.1 (latest) of CIS, is it able to handle keyloggers on its own with (a; preferred) only its Sandbox or (b) Sandbox and D+ at the same time?


Thanks

 

With both options a) and b) you will get a protection from keylogers using CIS, you can test it with zemana test for example.
But the best and the natural way of comodo is use it with D+ and the sandbox active and the Proactive settings. You will notice that the poups of D+ have been reduce dramatically, maybe 8 or 9 after the first reboot, and then 0, 1 or 2 each time that you try to install a new app.
Also they are going to increase the whitelist soon: https://www.wilderssecurity.com/showthread.php?t=275385

I use comodo but also I use keyscrambler free, just to be sure http://www.qfxsoftware.com/ks-windows/which-keyscrambler.htm
The impact in the computer performance of keyscrambler is inappreciable and as far as I understand is the best way to protect your computer from any kind of keylogger method.

 

and here's some info about how Prevx SafeOnline keeps you safe online:

the full Prevx SafeOnline can be downloaded for free..
http://prevx.com/safebook.asp

my reason for using prevx is its MITM protection aside from its antikeylogging protection it offers antiphishing/pharming method and protection against cookie stealing and browser process manipulation.

Also this:

 

I have remembered now that there is a free product similar to safeonline.
http://www.trusteer.com/node
I have never use it, so I can't tell you nothing about it.

Check this extension for firefox: https://www.eff.org/https-everywhere

Also software like safeonline or trustport are useful when your computer is already infected, if your computer is clean they are not very useful, and the protection offered can be easily replaced by other software.

 

Looks like I'll be running both Prevx and CIS once again, CIS only having its sandbox enabled. Thanks for the answers so far.

 

I dont understand what is adding prevx online to your security.

 

I'm running PrevX SOL alongside CIS 4.1 on this particular box at the moment.How much (if any) additional protection Prevx offers in this scenario I'm not sure,but there's no discernable impact upon resources in doing so.

 

Have you read my post above?
Are you concerned about the lack of malware removal of Prevx CSI FREE?

 

Yes, and as I said before you need to be infected make SafeOnline a bit useful.
But if your computer is infected you will notice, and then you will clean it.

DNS level hijack/Pharming: if you write google.com and the browser redirects you to givemeyourbankaccoount.com or any other website you will notice that you are infected without using SafeOnline.
Antikeylogging: already covered by CIS and more amply. (keyscrambler)
Phising: internet is plenty of free antiphishing filers as good as safeonline or even better. Every broswer has a phising filter.
http://antivirus.about.com/od/freeantivirussoftware/tp/phishingfilter.htm
Browser process manipulation: Covered by D+
Cookie stealing: Covered by any broswer (Private broswing included in every broswer), even extensions of firefox. Also you have to be infected again so D+, an AV, a firewall, the sandbox wont allow this.
https://addons.mozilla.org/es-ES/firefox/addon/722/
https://addons.mozilla.org/es-ES/firefox/addon/2497/
https://addons.mozilla.org/es-ES/firefox/addon/6623/
https://addons.mozilla.org/es-ES/firefox/addon/14217/
...

 

That's not the DNS level hijack that I'm talking about. Your example are just simple redirect and is more like phishing.
This is pharming: http://www.youtube.com/watch?v=1d1tUefYn4U

Although this threat is very unlikely to occur...
I'm quite afraid of it and I have yet to find a program that can do what SafeOnline does.

 

Ok but this kind of DNS hijack have ever happened?, I mean somebody have been able to make this attack successfully? because is a security breach in the DNS server and not in your computer.
Anyway your phising filter will protect you, you can check if the website have SSL or not (very easy to identify) and also is quite easy to notice the differences btw the fake and the real websites, they are never exactly the same.
Maybe SafeOnline add something but I think that is quite paranoiac

 

If running full CIS, Prevx free doesn't really add much if anything. I would just do periodic scans using Hitman Pro or Malwarebytes (which everyone should probably do anyway). Then you have one less memory resident program running 24/7.

 

http://www.zdnet.com/blog/security/...tch-coming-details-at-black-hat-vegas-08/1460
http://unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
http://www.linuxjournal.com/content/understanding-kaminskys-dns-bug

I have been reading about the DNS Spoofing and DNS Cache Poisoning and this have never happend in wild.
This vulnerability was discovered Kaminsky 2 years ago and all the DNS servers have fix this issue so this can not be exploited nowadays.
Anyway you can test if your DNS are vulnerable here:
https://www.dns-oarc.net/oarc/services/dnsentropy

So I if I am not wrong I think that this feature is quite useless.

 

1. There's a version on Facebook which includes SafeOnline for free. 2. I also got a license for the whole program.


I really hope you understood this and not just read a topic title.

 

Well then, prevx will help but safe online wont make any difference.

 

Yes, I do understand this, but thanks for your concern. All free versions of Prevx, including safeonline are pretty worthless IMO. If you have a paid license, use it.

 

Oh yes?. How could I notice that an info stealer rootkit ¡s in my computer if my antivirus doesn't detect it?. I'm interested, this is an important point.

 

Could you tell me where I said that if you are infected with a ROOTKIT you will notice? I'm interested, this is an important point.
You took the phrase out of context read it again.

 

Thanks for clearing that up.

 

Is this what I need to read again?:

I'm still reading the same: Safe Online is not useful because if you are infected you will notice.

If we are to measure the usefulness of a security product, we should take every kind of malware into account. Maybe you don't do online banking or shopping. I do, and so, a product that claims to protect you from hidden malware trying to steal your data is worth checking, at least for me.

 

I am going to try to make it more clear.
I said :

Due to the DNS hijack will redirect to any other site if you write google.com you will notice that you computer is infected because the broswer will redirect you every time to other webs. Is so dificult for you understand that?

and when i said:

I was referring to if you are using it with comodo (we are talking all the time about comodo+prevx safe online) the only security added by safeonline is the DNS hijack and in this case you will notice (as I explained before). In all the other cases you are already protected by comodo or your broswer.

And as I said here: https://www.wilderssecurity.com/showpost.php?p=1699416&postcount=13
The DNS protection of safeonline is completely useless.

I found this that can be interesting for you: http://malwareresearchgroup.com/?page_id=2
Check Trusteer Raport that is free and have the same useful features than safeonline

 

It's very easy for me to undestand that. That's the reason why I've said absolutely nothing about this.

First, you dismiss Safe Online because you say it's easy to know if your computer is infected and now you turn the guns towards the DNS protection, as if it was the only thing important about Safe Online.

Well........having info stealers inside your computer is not a trivial thing. Even if you have Comodo or any other AV or suite installed, the risk is too big: losing a lot of money. If SO or any keylogger can help reducing that risk, they are worth it. I understand that they do nothing for you, but that doesn't mean that they are useless or that they don't add anything positive to Comodo or other apps.

 

Did you understand something?
Could you tell me please how can help safeonline to my security if I already have installed comodo?
Tell me a case with comodo and safeonline installed where safeonline will save me.

 

If you don't correct me (I may be wrong, indeed), this is Comodo plan against keyloggers (from their site) : "Online depositors should protect their personal computers from malicious executable files, otherwise known as malware, by using top-quality firewall and antivirus software. Such software should prevent software such as keyloggers from installing itself in a computer."

If the AV fails and the keylogger is able to install itself in your computer, dedicated anti-keyloggers claim to offer more protection to what happens inside the browser (bank transactions, for example) than that supplied by AVs. You believe that Comodo is enough because it pass the Zemana test. I don't believe that's enough. This has been released today, maybe you already know about it:

https://www.wilderssecurity.com/showpost.php?p=1699873&postcount=1

 

Ok, so I see that you dont understand how Comodo works.
If the malware is not detected by the AV will be executed inside the sandbox, so will not infect your computer.
If the malware is not detected by the AV and you force it to run out of the sandbox once the malware tries to modify somehow the broswer process D+ will alert and block this, if the malware tries to capture your keystrokes D+ will block it...

I have already seen this comparative, I fact I post it before for you: https://www.wilderssecurity.com/showpost.php?p=1699913&postcount=21