Dynamic Security Agent vs Malwares : A review

Discussion in 'other anti-malware software' started by nicM, Jul 11, 2007.

Thread Status:
Not open for further replies.
  1. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Hi,

    Here is a review I've made about DSA :

    http://membres.lycos.fr/nicmtests/Dynamic-Security-agent-tests/DSA_index.htm

    80 tests were completed, against a set of trojans (10), backdoors (5), worms (4), rootkits (27), keyloggers (22), and last but not least, 'unhooker' malwares (6), a new kind of bully I think, slowly spreading.

    Tests are either grouped together, either tested in their own page, and the last page has tables with every tests results.

    I hope this work is useful for people wondering about the level of protection offered by this program, DSA.

    I'm sorry for the ads, but this is a free host .

    nicM
     
  2. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    nice job nicM! i really like DSA and i hope it continues to improve. there really hasn't been an update to it since last summer no?
     
  3. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Excellent review and nice site layout nicM.:)

    Have been trying out DSA in an XP vm and am quite liking it and will probably use it on this Vista install when compatible.

    Never saw a single ad over there.

    Adblock Plus.;)
     
  4. wat0114

    wat0114 Guest

    Mighty impressive work nicM :thumb:
     
  5. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,736
    Location:
    New York City
    I have yet to see a satisfactory response from anyone at Privacyware regarding the EULA of DSA. So, it's a no go for me.
     
    Last edited: Jul 11, 2007
  6. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    oh i almost forgot to ask you nicM : did you send these results to the makers of DSA?
     
  7. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Would be interesting to know which other current HIPS offer better protection against the new malware threat of the SSDT restorers/kernel-hooks unhookers; the so-called "HIPS/Firewall killers".
     
    Last edited: Jul 12, 2007
  8. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Excellent review,i enjoyed it.Just a question.Was the "require user approval for each alert" enabled or not?Although i must confess i never quite understood if it's important or not.
     
  9. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    The "require user approval for each alert" setting gives an enhanced popup dialog with the option of temporarily allowing/blocking actions. Selecting Allow/Block with the regular popup dialog is equivalent to selecting "Remember this setting" with the enhanced dialog.
     
  10. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,736
    Location:
    New York City
    I just received an email from Privacyware support. Without giving the specifics of the email, there is no communication between their servers and DSA. The EULA for many of their products will be changed as their products are updated. nicM, please send your results of your tests to Privacyware. I would send them a link to this thread, but since you put the effort into the testing, it is appropriate that you send it.
     
  11. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    :thumb: Thanks,much appreciated.I think i will have another look at DSA soon.
     
  12. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Thanks for your comments. Zopzop, yes of course Privacyware is aware of these tests, since the publishing had to be approved by them anyway : The EULA of DSA, clause 'benchmark testing", requests Pwi approval before communication to 3rd parties. But these test are independant, and nothing had to be changed before to publish it :) .

    It's true that current version is almost 1 year old now, but I can tell they're working on future versions (improvements, Vista-ready, etc).

    Sure :D . I've already tested a few with these malwares, but tests were informal. Now that I have more time, I'll perhaps make another small review on this subject ;) .

    Heh, Thanks Franklin :) , as I didn't expect compliments about the site layout, indeed !

    Fuzzfas, yes, "require user approval for each alert" was enabled : You can see it with the look of the screenshots.
     
  13. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Looking forward to seeing these results, nicM ;) .

    Many members here always look forward to your thorough tests/reviews.
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    @Thankful & nicM -- Well done! Thanks muchly. :thumb:
     
  15. alfa1

    alfa1 Registered Member

    Joined:
    May 3, 2006
    Posts:
    61
    i don't linger too much over comment since i don't speak well in english :'( , anyway i express you heartfelt thanks for your splendid job! :thumb:




    PS: I hope in a similar test for ProSecurity in a near future....:D
    Txs again from Italy!:cool:
     
  16. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
    Very useful test/info. THANKS! :thumb: :)

    I have Nod32, XP Firewall and Cyberhawk Free. I tried DSA recently, and think I will install it again. With Nod32, Cyberhawk Free and DSA I dont know if I will continue to use XP Firewall or use Comodo PF.
     
  17. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Such a test on a single program, I do not think (not for now at least), but I'll try to make a small comparative on the unhookers, as mentioned in post #12 ;) .

    Thanks,

    nicM
     
  18. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Very nice review NicM. Posts like this are one of the reasons this is such a great site.
     
  19. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Excellent review nicM! :thumb:
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Nicm,

    Thx, I have a question does DSA detect dll file changes (e.g. the bpmdm32.dll) and registry change (of the BHO) by itself, or can this/do you have to configurate this yourself?

    The results of DSA are really amazing, DSA free + CyberHawk free + DEP for an ordinary XP setup will protect you against most threats.

    Regards Kees
     
    Last edited: Jul 14, 2007
  21. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Thanks a lot for your comments :)

    Kees1958, I'm not sure if I've understood what you mean, on the Trojan.SPY.Agent.IR.2 test : Do you ask if something had to be changed in DSA settings for it to detect it? If that's the correct mean of your question, the answer is no : DSA will prompt about these events by default, as these detections are the fact of the "application monitor" component, which can't be disabled unless you close DSA (unlike Process monitor).

    What DSA detects in this test is the access to the .dll file by the trojan, and the BHO creation. However, this is one of the very few .dll injection DSA was't able to block during these whole tests : The only way to prevent it is to prevent the file access, since BHO creation will work even if denied in the prompt about it. Dll is injected in IE/explorer as soon as file access is allowed.
     
    Last edited: Jul 14, 2007
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Nicm

    Thx, you guessed/interpretated my question right
     
  23. alfa1

    alfa1 Registered Member

    Joined:
    May 3, 2006
    Posts:
    61
    any news? :D
     
  24. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Don't rush him please. btw i mailed him the 1st day :p
     
Loading...
Thread Status:
Not open for further replies.