Introducing, The New Prevx Edge.

Hello,
Edge's purpose is to protect your computer. It does that by blocking code from loading, not by scanning every file as it is accessed, like some other AVs do. There is really only a marginal benefit with this type of protection, and I don't see how it would protect you from sending a virus onto someone else unless you literally attached it to an email yourself and sent it

If malware was loaded and trying to mail out, Edge would block it. A 120/200 detection over a very arbitrary folder of samples with an on-demand scan in Edge using an old version (3.0.0.172, > 100 builds old) which had an issue in the on-demand scanner as well, is completely non-indicative of the real protection Edge provides. It would also be useful to see exactly where he got these samples from to eliminate any conspiracy theories which are bound to come up

However, if you really do want a program to scan every file you read/write/create/delete, then you can install a conventional AV alongside Edge but we aren't going to change this because of the extreme amounts of system load it causes and how unnecessary it really is to protect your system. Edge does monitor file access - it collects the data for behaviors - but it does not scan every single file, and that is what makes it operationally different from a conventional AV.

The benefit of an AV scanning email/files on-access is that it may find malware which slipped through that tries to send messages out... why not prevent the malware from slipping through in the first place?

Also, if the poster of that video is reading this, it would be helpful if we could get a copy of the samples to see if they're really malware or if some files are corrupted. Conventional AVs pride which themselves in their on-demand scanning, optimizing their engines to detect 90+% of outdated files on-demand, not necessarily their actual protection against new threats, frequently detect corrupted/non-working malware and in every test I've seen where the testers have sent us samples, there have been between 10-50% of unworking, non-malicious files - many of which were found by other AVs for no reason. [And also note: in some tests, vendors are given the samples before they're tested or for the next round of tests which use the same samples]

It would also be interesting to see the samples to see how popular they really are in our community. We log a count of how many unique users see a file and the files from most tests are usually only seen by 1 user - the tester - which means that these files never infected anyone but were still included in tests (and I'm referring primarily to non-polymorphic static malware)).

I'll step off of my soapbox for now, but let me know if you have any questions or comments Edge protects against real threats - that's how we've designed it. A folder of dormant files sitting on your system, or an archive of files in some sub-folder of C:\FilesIDontWantMyWifeToSee\ can't infect you. You would have to execute them and that's where Edge steps in

 

But go ahead...as that is the way the Edge was designed to work...as a complement rather than an alternative!!!! I have noticed NO performance impact when running KIS AND Edge compared to JUST KIS. Why try to turn Edge into something that it was never designed to be...just because you want it that way.

I really believe that we other users are more than happy with Edge the way it is...not bloatware, just light, unobtrusive until it needs to be obtrusive, ie, almost perfectly formed.

(@others please contradict me if I am incorrect)

 

Exactly - Edge can hold its own as your only security software if you really want (I only use Edge and I know we have a large number of users who are only using Edge), but NO security software (Edge included) protects 100%.

We've developed Edge to be compatible with any other security software - an incremental solution - and in today's world you really should use multiple security products to increase your protection.

If an antivirus company tells you that their product provides total protection or complete security... they're lying and actually should be sued for false advertising

 

We seem to be getting nowhere here. Given it is a fact that Edge detects some malware when it executes only and not when the file is scanned, it is a fact that a user who only uses edge can receive malware via any means - CD, P2P, USB drive, email, via Messenger etc and the user would not be alerted as the application has never been executed. the user would have a system which had inactive malware on it. The user for example could receive a rogue app or trojan etc via some means from someone else or download it and edge will not alert them. They may then forward this to someone else without knowing its a trojan or a rogue. I fail to see how you cant understand this is a big failing of Edge.

For instance there are many rogues out there now. Lets take Antispyware 2009. If I am the average user and I have say Avira, Norton, F-Secure etc installed, I will be alerted that Im downloading malware if I try to download it. With edge, I get no such protection and I can easily send this to another user in the belief it is legit as I have had no warnings.

As a matter of interest, I tried downloading Antispyware 2009 from the homepage www.antispyware.com and I emailed it to one of my other accounts - and hey presto, no alert.

It may interest you to know, I also installed the rogue on to my system and Edge gave no alert!

I have tried the same thing with files Edge does detect and it still allows them to be emailed, burned to disk etc with no alert.

Sure, Edge will probably protect my system from infection, but its not suitable as a sole means of protection.

 

Hello,
Rogue programs like the one at the link you posted are incredibly hard to detect automatically because they generally don't actually have an infection behind them - they just use user fears to get them to pay. If you scan Antispyware 2009 on VirusTotal, you'll see that only 20% of scanners actually find it - proving that no solution is 100% and Edge is not alone in allowing this threat through on your system.

If you receive malware by USB/P2P/CD/etc. Edge will block it if it tries to infect you.

I'm sorry, but I still don't understand your point of passing the infection on. If you are merely forwarding threats on, I don't see how any AV would effectively protect you. Ideally, the other user would be using Edge or another security product which would protect them, but you are explaining an issue which is more of human error than a real threat. Infections these days don't need an intermediary user to spread them and I've personally never heard of a case of someone downloading a threat and then just forwarding it on.... it seems like an extremely stray case that in no way warrants the ~500% increase in performance overhead.

If you are really that worried about spreading threats in this manner, you may want to install a virtual machine with Edge on it and run threats in there before sending them off, or just instruct your friends to install Edge or another security product.

What you are requesting is an antidote which prevents you from being infected as well as curing all of your friends from the disease - an impossibility if you are walking around injecting people with needles full of infected blood

 

This is the same case when AV labs doesn't have sample for new rogue.
If someone in EDGE's family executes it, you will have protection via scanner/on access scanner for this threat almost immediately.
Many AVs will not be able to catch malware "one the fly" but only when someone sends it to their virus lab (or they find it themselves).
I am not defending Prevx Edge, but it is from my point of view. I like program, I like developers/support and I really think Prevx Edge is good protection.
Oh yeah, don't forget that some quite big upgrades for PE are coming soon.

 

I cant see how you cant understand the issue!

Edge does not detect malware / rogue files on access. Unless I have scanned the file AND tried to execute it (since scanning an install file with edge is no way to determine if it is malware). Given this, an Edge user can receive malware via mail, disk download etc, not execute it and then in the belief that it is legit, email it to another. This is because there is no on access scanning.

Avira, Norton etc will have alerted the user straight away that the files were NOT in fact legit on download, on every access and on aany atempt to emaail or stick on a disk.

I dont understand your comment about an antidote... simple on access scanning is required.

 

How can you be sure that they would have alerted? On-Access scanning misses a very large part of any AV's protection. An On-Access scan cannot:

1) Include any behavioral analysis
2) Any dynamic analysis
3) It has to only use cut down signatures to work quickly so probably little/no heuristics.
4) No contextual analysis as no programs are loading it
5) No rootkit analysis as it isn't touching memory, etc.

An on-access scan is not an effective way to measure the safety of a file, and AVs are built so that they protect against threats from entering - not protecting users from browsing their own files.

If you trust a file enough to send it to someone else, then you clearly trust it enough to use yourself so why not run it before sending it? If you are recommending a program to someone else, you most likely would have used it before so wouldn't you have already run it?

 

PrevX is a great Product and i have some PC's Running PrevX alone, as Prevx team said there is no product that protects you 100% if you want add another layer of security is fine.

if prevx didnt pick one then soon will be fixed since they have a great support team, and lately trying to infect my pc is boring since PrevX is giving me a Hard Time

i have seen many trojans etc running with Avira DrWeb F-Prot etc etc so nobody catchs everything

if you make personal tests then send the samples that were missed to help everybody

 

I agree, on access scanning is obviously more limited, but its important - if it were not, why would all the othes AMs have it? its part of standard security.

The comment about trusting a file is not the point. a user should be advised by security software if a file is trustworthy. Edge in these circumstances does not do this.

As I know edge does not have this function and it is not going to be added, I know I neeed to run my AV as fell for full protection - this is waht I wanted to know.

Regards

 

i'm bored this afternoon and since i'm still trying PrevxEdge (i'm still not convince if Prevx will protect me in real world) i click/download/run the link Retadpuss posted.

i build my security around KIS.....unfortunately, its PrevxEdge and Sandboxie do the work fvckin' KIS don't do nothing

1st picture: Sandboxie blocked MSIserver to start.
2nd picture: PrevxEdge pop up the message (KIS is silent )
3rd picture: Sandboxie pop up another message, i dont know what does it mean.
4th picture: not sure what does it mean.

just want to share how PrevxEdge (and Sandboxie) works.....and my KIS, still love it even though Sandboxie and PrevxEdge give me all the first warning.

btw, after this testing of mine, i'll rollback my snapshot to previous snapshot to delete the uncleaned garbage.

 

Not quite true. I have more than a few times had Edge flag a downloaded installer on my desktop as malware/suspicious as soon as the download has finished. That is without doing a right click scan. I have also had it detect malware installers while still in Sandboxie before attempting to empty the sandbox.

 

I find Edge and Online Armor are plenty good together but I do have a license for Avira Security Suite and flip over to that once in a while just for a difference... As many have already mentioned, Avira and Edge also dance well together...

 

well this is interesting. i just installed this myself, around 40 minutes ago, and i received no MSIserver warning from Sandboxie, nor a malware warning from Edge.

i did not download the installer, just installed from within my sandboxed Opera browser, knowing that once i delete the sandbox this will be gone. i also do not have the sys file running, just the exe....strange.

i believe once i clean this sandbox i will download the Antispyware file locally and reinstall it to see if i get a different result.


Mike

 

Well said! I wonder about who actually does not understand what here

 

But is that not just THE point? It is all about layers that overlap and make one more secure...as there is no ONE security app that is 100%...at least none that I have ever heard about or come across (and I am a KIS fan & user ).

And this is what Prevx have recognised and worked very hard to provide a very useful and all round compatible app for us to use (and in my opinion they have succeeded).

 

Thanks Mongol

 

The problem with those rogue programs, many used to infect your system and create all sorts of problems, not being able to uninstall and so on.

But these ones today are legitimate programs. The limited or paid version won't remove any threats, but they will have all working features such as autorun manager, IE toolbar explorer etc.

Yes many AV programs won't detect these 'rogue programs', as their main interest is not harming your system, but getting your money. But you know something? A simple add/remove programs uninstalls many of these. And with these programs popping up every hour, no one can expect any security program to detect all of these.

Many aren't malicious, they are just 'empty' programs, programs with no substance.

Why aren't many of these malicious? Because they've finally figured out, if they give you a program which doesn't cause you any problems and runs smoothly along all your other software, you will believe in their product, and give them your hard earned cash.

 

In my opinion, I still maintain, sending any files to anyone without running the files first, is not only dangerous but is a reason why malware spreads.

And even if the files you're sending aren't malicious, who's to say they won't severely 'corrupt' another's system (errors, blue screens etc).

 

Absolutely

 

I always scan any file with and AV and Prevx and then run it either virtualized or sandboxed to see what it is going to do before I would send it to anyone. Part of doing my due diligence.

 

I have found another rogue AM that Prevx does not detect when it installs (It will install and you can even run it with no alert from Edge) Edge only detects it if you do a system scan.

How should I get this to Prevx for analysis?

 

Send me a PM with a link to the file and I'll analyze it or forward it onto the research team

 

Done...