Experiences with "Pro-active" Software

Experiences with "Pro-active" Software (ProcessGuard, RegDefend, Prevx, etc.)

Hi all,

With KAV 6.0 adding Pro-Active Defense, I thought it might be interesting to set-up a thread to discuss experiences.

My own set-up includes ProcessGuard 3.0 which I have been using for several months (maybe a year), RegDefend which I have in place since it was released, and Prevx which I have no uninstalled.

Briefly this is my experience so far:

1) All are excellent programs that perform their job as advertised.

2) Not all programs trap all events - though there is plenty of overlap. So, most of the time that I install or update a program, I will receive messages from alerts from all three programs usually in this sequence: ProcessGuard (upon execution), RegDefend (on access to the registry), Prevx (on access to the protected directories - Program Files and Windows).

3) There are times when I will receive an alert from only one of the security programs, depending upon whether a user program has been given certain "rights" to one or more of the security programs, or depending upon what is being accessed. There has not been a time when a new isntallation or update has gotten passed all three programs. The overlapping coverage is excellent.

4) All three of these programs seem to be cooperating very well on my machine.

5) I have not seen a circumstance where ProcessGuard + RegDefend did not catch something that Prevx did. In other words, PG + RegDefend, so far in my experiences, have covered all situations. Prevx was an excellent second line of defense.

6) At all times, KAV 4.5 has caught all malware before my pro-active defenses have been activated. So the pro-active defenses have so far only alerted me when good software was being installed or updated. This is fine with me. I am happy to see all defenses working so well. KAV's malware detection on download appears to be excellent.

7) System resource usage has been very good with these programs - even with Prevx Home's quite substantial spikes. I do not know what Prevx Pro behaves like, especially with PAWS turned off, since I was never able to get the trial version running on my machine.

I would grade support for ProcessGuard and RegDefend to be excellent. The best that I have experienced of all security products that I own. I judge KAV to be very good. Prevx fair to poor. They never responded to my problem with their trial Pro package, but admittedly I have had only a brief experience with Prevx Home.

Hope this helps other users who are looking into the pro-active defense market. It will be very interesting to hear what KAV 6.0 users have to say about the new capabilities being built into the KAV package.

Cya,
Rich

 

Hi Peter,

Thanks for the additional information.

Yes, I do not use IE, I use FireFox, which mitigates this particular issue. However, it is interesting that ActiveX can get best ProcessGuard and RegDefend. I wonder what are the reasons, from an architectural perspective. Is it because ActiveX programs are running is a space that is completely hidden from ProcessGuard. If so, this sure looks like a great place for a rootkit to hide. Could it get passed RegDefend also? A good reason to get Prevx Pro if someone is using IE.

This Windows XP architecture is a gold mine for hackers. Not just one door - but millions of doors that have to be guarded. Who ever dreamed this up?

Rich

 

I wanted to add that there have been times that RegDefend has alerted when Prevx Home has not. I seem to recall the reverse happening but not recently, ever since RegDefend increased its coverage, and I added the RegRun extensions that are stickied on the RegDefend forum. So its would seem that adding RegDefend to Prevx Home closes some potential holes in registry access.

Rich