Prevx releases Prevx1 beta

Hi folks,

http://shield.prevx.com/ ... what do you think about it? For those having Prevx Home and Pro be careful and read FAQ at first => Prevx1 will remove the previous versions of Prevx ... not so funny!

It looks the Prevx1 is rather dependent on signatures like AVs, ATs etc. than on behavioral modifications as Home and Pro versions do.

Regards,
Eng

PS: Prevx Home has been today updated (1 security issue has been added).

 

and this is compatible will zonealarm 6.0 beta.

i wonder is this program is better than the previous ones and not as annoying.

 

Hmmm ... this marketspace is becoming very interesting. Prevx looks like they are taking a more expanded direction, trying to become a one-stop suite solution (AV, AT, AS, HIPS).

Pricing for the new product (probably to justify the investment costs) looks to be at the high-end alongside Online Armour. It should be interesting to see how "elastic" is the pricing in this marketplace as each product seeks to differentiate and justify its pricing/technology model. I think that this category of products (which is really starting to expand rapidly) may require its own forum category pretty soon, since the theads for products in this category appear in various forums right now. It would be nice to have a forum dedicated to HIPS and its variants.

Rich

 

$19.99 is on the high side?

 

My thoughts exactly, Rich

 

Hi Notok,

The price listed is with a $20 discount which is good until Dec.31, 2005. After that, the price will be $39.00. There is also a $20.00 annual renewal fee. This will definitely put it at the high end of the curve. Usually these type of fees are associated with software products that users feel are "must have". So, I think it will be interesting to see whether Prevx will be perceived as must have technology by its user base and how large of a user base Prevx can build.

Rich

 

Considering that there has been some scrutiny regarding Prevx's privacy policy, I thought I'd post this as an FYI...

 

I'll concede that I did miss that $40 still isn't that much, IMO, considering it's IDS and signatures.. same with Online Armor.

According to the lead developer, this is only for malware analysis. Prevx will analyze the process' behavior to help the Prevx folks determine if it's malware and what it needs to stop, and expidite the process of putting out a signature for it. The statistics would be the same as any other anti-malware vendor would gather, the program just makes it easier for them to respond quickly. This would be along the lines of the old Prevx: writes files to system directory, writes files to program files directory, installs driver, etc. Some may also be interested in knowing that they never actually sold any of the PAWS data, just gathered statistics on what kind of attacks were prevalant and what they needed to do do to make their program effective (tons of people were allowing malware to infect their system).

Here's some screenshots for the curious..

Main console:

 

Options:

 

Unknown program query:

 

After clicking "I am not sure" (this is actual malware):

 

Execution notification (middle right hand side of the screen, if the process has a window it attaches to the middle right hand side of that window) :

 

Personally, I think PrevX is taking a step BACKWARDS. Adding "anti-virus", "anti-spyware", and "anti-trojan", signature and update dependent programming to their software! Wow, what a concept...none of us have THOSE areas covered

They are simply wanting to be an all-in-one security suite....which flies in the face of CHOICE. Most of us have liscensing with various anti-virus, anti-spyware, anti-trojan products OF OUR CHOICE ranging anywhere from a year to a lifetime. Rather than concentrating on and expanding cutting edge technology that relies on behavioral based technology to counter zero day attacks, it looks like they've spent their R&D time incorporating products that most security conscious computer users ALREADY have covered. Way to increase the download size, increase memory and CPU usage, rely on more frequently updated software, AND take the choice away from the consumer, PrevX

Bad move, IMO (and ESPECIALLY if they plan to "weed out" the current versions, like Pro)

 

No, it does do this, you just don't have control of it right now. They've stated, however, that that will change in future releases. I would imagine they just need to fine tune it as it is now for those that can't manage the decisions on their own. I fully understand what you're saying though, JRCates, but that technology isn't totally disappearing, it will just take a little patience.

I think it bears repeating that most people were allowing malware to infect their systems with the old Prevx. I loved the old design, but what can you really say about it's effectivness when most users are blindly allowing everything? Adding signatures to the mix, as Prevx and OA both do, will take a lot of the guesswork out of it.

A lot of us here have stated that if you don't know how to use your security software that it will be no good, but until the PAWS information came along, I don't think many of us realized just how common a problem this really is.

I was at least cautious enough to try to make a point of saying that it was effective when used properly as much as possible, but I'm glad that products like OA and the new Prevx are coming along and incorporating signatures to help out the less knowledgable users, who are the ones that need it the most. Most of us here are interested enough to devote lots of time to using these things to their fullest, but most don't have the know-how or time.

I think it also throws a positive light on these companies that they are actually paying attention to whether their products are actually working, and not just pushing their current idea and saying "user error" to excuse it, which I see with all too many companies with all types of software.

 

Prevx's privacy policy leaves a bad taste in my mouth. From my perspective, it is far too intrusive for a security product. What's more, I don't "buy into" their "rationalizations". It seems to me that their marketing department was working overtime to justify their "community database" (which is another source of revenue fo Prevx - not unlike the information that Google is apparently collecting nowadays and reselling or re-using for their own benefit).

However, I understand that a company needs to create a "marketing pitch" that justifies certain pricing models and revenue objectives - so, of course, Prevx has to do what it has to do. But personally, I am not buying into it. There are many good products already available, and coming on board, that do not have this level of intrusiveness (intrusiveness from my perspective), so I'll pass. There are others who most probably agree with Prevx, that collecting information is necessary for the product's development and proper functioning, and so, unlike me, they are more likely to purchase the product. Different strokes for different folks.

Right now I am standing pat with ProcessGuard and RegDefend, but I am keeping my eyes on how products like Prevx, Safe N' Secure, Online Armour, AntiHook and the new ZoneAlarm 6.0 develop. This is going to become a really crowded marketspace very quickly. I think the competition will benefit everyone.

Rich

 

Prevx 1 Beta considered SpywareBlaster's auto update as malware
SBAUTOUPDATE.EXE 988 KB Malware C:\PROGRAM FILES\SPYWAREBLASTER\SBAUTOUPDATE.EXE

I guess that must be a beta mistake

 

upgrade?

Have any prevx pro users tried the beta? I "updated" my version but upgrades weren't mentioned. The new prices do seem iffy! I was wondering if registered users of prevx pro might be offered a better price.

 

I'll pass on this one. Both Prevx and OnlineArmour are way way over priced imo. I think programs like ProcessGuard are a much better deal than these over priced behemoths. It seems like both Prevx and OnlineArmour are just in it for the money with prices like that. Thankfully, there are some reasonably priced, or even free IDS programs still available. You money hogs won't be getting one red cent from me. I'm sticking with honest companies like who don't overcharge their customers.

 

I am also wondering whether the incremental protection offered by these products are worth the cost. The way I look at product pricing is like this:

1) The actual price that vendors can get for a product is determined by a) the "pricing elasticity" in the marketplace (i.e. what users are willing to pay) and b) what vendors need in order to receive a desired return on investment (the ROI). Often, investors in a company (e.g. a venture capital firm) will be seeking extraordinary ROIs (in order to justify the risk being taken) and because of this, the price of the product must reflect this higher ROI objectives.

2) In order to justify higher prices vendors must a) differentiate their product from others, and b) create a perception that the incremental product value in their product is worth the incremental cost. Here lies the big problem for vendors of HIPS at this time, because ...

3) The actual incremental value of HIPS is, in practical terms, probably quite low. A top-rated AV, (e.g. KAV), according to the AV-Comparatives test, is catching 99% of the viruses and 98%+ of the the trojans. It is tough to add much value to that score. Even less incremental value can be achieved, if a user has also already purchased licenses for both an on-access AV and a memory processing scanning AT (e.g. Ewido, BOClean, A-squared). How much more real protection can an HIPS provide if the combination of the two products (AV +AT) are already catching 99%+ of the malware that may be encountered? Bottom-line, HIPS, at this time, are offering users further peace-of-mind (that is why I purchased ProcessGuard and RegDefend), but "peace-of-mind" is a "nice-to-have" not a "must-have". Which brings us to ....

4) In order to fully justify a higher price point, products such as Prevx must not only provide "incremental value", they must display the ability to fully replace AVs, ATs, and ASs. If they are able to achieve this then, they would be actually saving users money (even at the higher price-point). But to achieve this savings users will have to replace their current security products, which they will not do unless products such as Prevx can demonstrate that they can provide protection either equal to or greater than the current crop of top-rated AVs. This is indeed a large challenge. But clearly that is where Prevx is headed with the announcement of their new product which is being marketed as having the ability handle all types of malware.

Of course, the AV, AT, and firewall vendors are not standing pat. They are all adding functionality so as to maintain their marketshare. Each product is bleeding into other spaces as each product seeks to maintain its presence and pricing strategy. In many cases, these new "suite" products will not be what users are looking for - especially those users who have a clear-cut strategy to purchase individual "best-of-breed" products (e.g. firewall, AV, AT, HIPS). Products that bleed over lines may cause technical conflicts, unnecessary functional overlaps, and potential new and higher costs.

This whole thing looks very, very interesting and I expect that there will be lots of new discussions on Wilders concerning product mixes, as the new lineup of products becomes available. For now, I am standing pat, but I am always willing to switch if I see a clear value proposition.

Rich

 

More than likely - unless something sneaked in under the hood
Pass the details on through the products support link, but do the following first:

In the Jail screen in the console, double-click on the SBAUTOUPDATE.EXE entry. That will open up a browser and show you what Prevx curently has on that file in the community database - Yes guys the PAWS data is accessible to users of Prevx 1. (By the way, this works on the recent activity list too)

Grab the URL from the address bar in that browser window and paste it into your support message. That allows exact identification of the file that you have - the name of the file is not enough.

Prevx 1 will tell you when you have an answer back from support.

 

Should note that this also contains information on what the process does.. that's the type of info it "collects". This has allowed them to quickly and easily adjust the program settings to fix a whole slew of problems I was having in just a day or two, because they were mostly due to internal rules being set to strict. I also imagine that this would allow them to easily tell you how to disinfect your system, and block future attacks (for everyone) that are similar, without signatures. This way they can easily keep up with malware trends to keep you protected.

It does not, however, "watch" how you use your system or capture any of your data, just records how processes behave on a technical level (what APIs it calls, if it adds itself to startup, if it installs a driver, etc. For example, the info it collected on the SpywareBlaster auto-updater is: scan (1) px5create (2) exec (2)", then lists filenames.. see attached image). These are the same things you expect from any of your other IDS apps, Prevx just adds the dimension of being dynamic.. it's easy for them to add new blocking features as soon as they start to be used by malware. If they started using some kind of hook tomorrow, that nobody knew about previously, Prevx could potentially add protection for it the same day, where your others could take quite a bit of time (considering) and require a full install of the updated version. How long did it take for PG to reach the level it is now, and how long has it been taking for TDS-4? Hope that helps to clarify things a bit. (All due respect to DCS, I still use and love their apps.)

 

I wouldn't know if it's compatible with the ZoneAlarm beta, but they seem to be doing quite a bit to make sure it's compatible with just about everything.

It will also not give you as many alerts as the old version, if that's what annoyed you

 

I am absolutely underwhelmed by this product.

I installed it, and it seemed to slow down my boots by 100%. I can live with that, however I can't live with the 7 false positives it started raining down on me. Everything from my Creative Audigy Drivers, to my Network Traffic Monitor.

Worse, it completely ignored 3 well known products for testing AV vulnerabilities, and failed every single test.

It doesn't protect your registry, it doesn't block DLL injections, it doesn't even block new services or windows directory tampering.

I'll stick with Safe'n'Sec.

 

Hi,

As Notok will tell you, we'll do our utmost to resolve these issues if you let us have the details. Please pass on details of the false positives and the tests it has failed to Prevx support, and we'll get it sorted out - use the link on the Prevx 1 GUI - or through http://shield.prevx.com/support.asp

Many performance issues have been fixed and will be covered in the next update release (coming over the next few days).

It's worth pointing out one of the ways that Prevx 1 reduces false positives though. Any software that is currently unknown to Prevx that is already installed on your PC when you install Prevx 1 will continue to be allowed to run on your machine. Only software that is already known to be bad is blocked immediately. Any new software that you install that is unknown to Prevx will be blocked unless you approve it to run. So, if your favourite test tools were already on your PC when you installed Prevx 1, they will be allowed to continue to run.

If you install new test tools and choose to allow them to run, they will be allowed to do as they wish - as you have chosen to run them. Prevx 1 (in its current release at least) is essentially a program execution filter with community backup.

If you choose to run software that you know will compromise the system you should expect it to compromise the system. Prevx 1 is designed for the home user who knows nothing about computer security. Such users do not run such tools. They expect software to run as it is designed.

BTW, you shouldn't be able to inject a DLL into the Prevx 1 components themselves - PXAgent.exe and PXConsole.exe. We just haven't turned it on for other applications yet. We're easing the beta functionality out a bit at a time fully assess the impact on the user base.

Please stick with us during this beta phase, there's much more coming...

Hope this help

 

thanx ghiser, I'll be following this closely but it reasuring that you're here, listening and answering.

hope it solves out the way you want.