A CHX-I outbound solution! FINALLY!

Discussion in 'other firewalls' started by squash, Dec 25, 2005.

Thread Status:
Not open for further replies.
  1. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    The answer is: Prevx1
    I downloaded the "free" Prevx 1 "R" edition then Went to "Preferences" then enable the Advanced options then choose the "Prevx1 Expert" mode.

    All the sudden to my suprise and amazement, it asked me if I want to let Firefox and any other program outbound access. I went to the personal rules under the Advanced tab/button and saw all the programs that are allowed outbound access.

    Prevx does not protect you from inbound but outbound only which shows that this is probably the best solution to the lack of CHX-I outbound protection, unlile using another firewall which is redundant in inbound blocking capabilities. As a bonus it can also protect your system too.

    It's stable as a rock. and I have no problems so far ;)

    Here a screenshot of MSN Messenger trying to access the net:
    http://img422.imageshack.us/img422/3179/untitled9as.png

    Prevx: http://www.prevx.com/
    IDRCI (CHX-I makers): http://www.idrci.net/
     
    Last edited: Dec 25, 2005
  2. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Not for me :)

    It is a free program that can have serious bugs because they test the features on the free users, so...

    I'm still waiting for a better free solution, or don't use any outbound protection...
     
  3. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    I'm a little leery of running beta versions of software. That's why I haven't installed MS Antispy yet despite generally good reviews.

    Is the "r" version of Prevx time-limited like MS Antispy? It doesn't say on the website.
     
  4. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    Have you a link for that edition: free" Prevx 1 "R" edition ?
     
  5. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
  6. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    cheers phantom!
     
  7. squash

    squash Registered Member

    Joined:
    Mar 25, 2005
    Posts:
    313
    No despite the "beta" and "Research" names or "R".
    Prevx1 is fully polished (GUI has no bugs and looks beautiful) and has no bugsn (under the hood) whatsoever.

    I installed it twice to make sure, too.
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    It looks intereting and promising.. Particularly as you say for CHX users or even router users wanting just some app control and other protection. Will give it a try soon myself.. Thanks for the post. :)
     
  9. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    Well, I did try this for a day here and it has some useful features. The outbound app control seems to work fine as far as it goes. In fact seems a little more thorough than your average firewall in terms of just basic on/off app control.

    The interest thing is, on the web site and in the FAQs, they bill Prevx1"R" as being an all-in-one solution, acting as a Firewall, AV, Anti-Spyware/Malware and so on. It supposedly uses both signatures and heuristics to catch everything. So I downloaded just the simple Eicar test virus file and opened and executed it, and Prevx didn't so much as hiccup. Nothing. So I would be very wary of using this product as any kind of AV solution.

    I think it might be good as a malware protector/detector combined with a little outbound app control for those using CHX or a router. But I would not rely on it as my only source of protection for everything. Their claims seem to be a little overly ambitious or optimistic. :)
     
  10. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    ok, I've uninstalled prevX1 and installed the free" Prevx 1 "R" and it's running just the same as the paid version and with no problems whatsoever, and I also have Jetico, processguard free and antihook!
     
  11. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I dediced to give it another try to see if it runs fine and without serious bugs...
     
  12. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    Of course you don't mind that it sends any time it wants all of your programs catalog to the prevx server. and you can not stop this.
     
  13. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    What is the problem of share the programs that we use?
    It is a new way to protect our system by knowing and sharing our files to check if they are infected or not...

    What matters is that they don't sent personal info...
     
  14. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    there is no problem for me if its just this info sent.
     
  15. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    From their FAQ: http://free.prevx.com/faq.asp#14
     
  16. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    thanks.
     
  17. Arup

    Arup Guest

    V_C,

    Keep us updated on how it handles under heavy load, for instance, how about P2P where 500 connections can be established, would PrevxR see it as a buffer overflow attack?
     
  18. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Will it tell you when malware is using Internet Explorer to call out? In other words, does it stop most (or all) leaks?
     
  19. Arup

    Arup Guest

    Interesting point Diver, has anyone tried out the so-called Leak Tests with this.
     
  20. PrevxR?

    At ABC and Pro modes, it will never alert even if it monitors the right behavior. This is because most leaktests are wellknown to be harmless and they are classified as known 'good' on the online database and in these modes, it will never warn you about the actions of known good programs.

    Even at expert modes (where known good programs can cause prompts) , it stops some but not all. Some is due to lacking of monitoring of the right areas, others is due to being set only to heuristical checking even in expert mode.

    I didn't borther to take down exact scores, but i remember it's performance was medicore about the range of a middle of the road PSF. I have a machine setup for this, i can easily rerun the results if you like.
     
  21. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    Perhaps that is why it didn't say anything about me executing the Eicar test virus, it knows it's harmless due to the database entries on it. I am very curious why they bill it as an AV also. On their site in the FAQs they seriously imply that you can run their product as an all-in-one solution, AV, Firewall, etc. But I am not quite willing to trust it as such..
     
  22. Well yes, the only way to test prevx is to turn on to highest expert level. And even then I suspect it still won't detect eicar (other than alerting you to the fact it starts), because fundmentally eicar doesn't do anything that will flag an alert.

    But IIRC testing stuff like Regtest (from ghost security) works, if you set it to expert mode.

    Well Notok's the Prevx1 +DF guy here (not to mention the official reps that popup here occasionally) , but Prevx1 also has a known database of bad items, so this includes i suspect common worms, trojans, viruses , spyware etc.

    It will automatically stop those from running, so in a sense it works like a antivirus. How complete it is compared to traditional AV signatures I don't know, but logic (and some hunches about the way Prevx Indentifies bad guy vs traditional AV) sugguests that AVs will still be better in this area??

    And of course Prevx1 does have heuristics, but like all laypersons, when i see the word heuristics I have no clue (except in the broad general sense that's its not 100% accurate but then again neither are signatures!) what it does. It seems everything can be described as heuristics. At least when AVs talk about heuristics i have read some material about what they mean, but when other classes of security software talk about heuristics, all bets are off.

    But I think a careful and skilled user can probably surivive without a AV.
    I'm not too sure about going without a firewall, unless you have NAT/XP ICF/ or a router filtering inbound.

    At least I don't notice Prevx1 having inbound protection yet, does it? Or is PrevX1 so confident in its other mechanisms that attempted inbound connections are not a problem?
     
  23. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    I was unclear about it's inbound capabilities also, in the options and setup it appeared to ask on all outbound, but it looked like it just alerted or reported on inbound, but I am not at all sure. I didn't test that aspect of it being behind a router here.

    I have gone without firewall and AV both for a short period when I felt daring. Just the router. However, I have to say that it's just so much easier to run an AV and eliminate the worry about having to be hyper vigilant about everything you download etc.

    I suspect Prevx1"R" catches known malware and nasties, however I would hesitate to rely on it as an AV. I think your traditional AVs probably do a much more thorough job.

    As pure outbound app control, it seems pretty good, however, I have not run any of the so called leak tests against it either, so it might not be enough for some people.
     
  24. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    The network control aspects are made to be used in conjunction with something like the XP firewall, so CHX-I is perfectly in line with that. It's not meant to be a true firewall, but rather give you application control that you might not otherwise add. It will also give you specific alerts for things trying to act like a server, etc., which just goes into generic protection.

    As for the database; 1) It's an online database.. instead of downloading updates, Prevx1 has access to the good and bad signatures in realtime. That's not exactly the same as the kind of "phone home" that we think of here. It has a local cache that gets auto-updated as well, for those on dialup, but the main strength is the realtime capability. If you look at the virus center, you'll see that there are some malware files that are pegged within 5 mins of the time it was very first seen.. compare that to any traditonal file scanner. 2) The database is closer to that of an anti-trojan or anti-spyware. You'll notice in the FAQ that they recommend that you use something like AVG in conjunction, but they also have some customers that use it as their sole defense, so they treat it as if everyone was doing that to make sure those people have adequate protection as well. I still use NOD32 and Ewido with it, and have no plans on changing that. Of course the product is just a few days out of beta, we'll most definitely see improvements as time goes on.

    It does montior hijacking of key apps, like IE, and the Keylogger protection also includes things like DLL injection. Things have to be unknown before they'll alert, though. Some of the things set to "Heuristic Reporting" won't alert even in Expert mode if they're known to be good.. only if they're unknown. This prevents system instability issues if someone makes a wrong decision. Hopefully they'll change the various test files so they're not marked good sometime soon.

    It actually has a "virtual pc" sandbox type of setup, much like many AVs. It will run anything in that before allowing it to continue. This is how it's able to make automatic determinations before it even asks you if you want to allow it to run.. user alerts are basically the last resort.

    Hehe, well for now anyway. You can ask me about a lot of different products, so I wouldn't limit me to just those two ;) I've always been a supporter of Prevx, though, and gained a lot of insight about how Prevx1 works.
     
  25. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Prevx1r is very good complement to an AV and a Firewall.

    It covers a lot of areas that can be useful like the Network Protection, but I would like to have the option to choose the Mode for each area instead of have one Mode for all.
    Maybe Expert Mode for all, except in Network that I prefer the Pro Mode...
    Currently I use in Pro Mode to avoid the popups.

    About the resources isn't bad at all, but they should improve a bit the CPU usage...

    The rest is very nice because it's very easy to use and understand.

    I'll continue to run it until I find something wrong in it, or find a better solution...

    Regards
     
Thread Status:
Not open for further replies.