Introducing, The New Prevx Edge.

When will be done some serious testing of Prevx 3.0 ? (like AV Comparative,av-test.org.....or something like this on tons of malwares,new samples )

What testing is done by now on Prevx ? Can we see that links to compare with other products please....All I know are some stories from wilders forum(bad and good),PC Mag award,and youtube test on few samples.......I think lots of people are interested,and want to see some serious test results before they pay for protection.

 

You can read some reviews from this thread: https://www.wilderssecurity.com/showthread.php?t=244969

We disagree with the testing methodology from AV Comparatives/AV-Test.org so we are currently not participating in their tests.

 

Thanks

1.Trojans and other malware via USB and autorun.inf Prevx can block ,it's some stuff about this on page 172,o.k.,but can stop them without internet conection ? (Only with prevent execution capabilities of prevx ? -without base in the cloud) Can prevx stop some basic stuff without internet connection?

2.I don't see the download and upload ratio when i scan PC with prevx ,how then prevx contact net base ? it's not depending on fast or slow internet conection,prevx will do it right?

3.Prevx free has detected hook.dll in my pc (1 file)and said :''High Risk Cloaked Malware''...but it's not in system32 ,not in partition where are windows....the risk file it's from camstudio 2.5 beta portable...i have read some about that file on the net,thing is dangerous if it is in system32 folder.

 

The protection when entirely offline is currently limited to being against threats and derivatives of threats which the system has seen before but we will be including additional functionality to lock down areas (like USB-borne malware) soon

The communication between the agent and the server is designed to be as small as possible and the roundtrip time is quite short so you shouldn't see much of a load at all.

If you could click Tools > Save Scan Results and email the log to report@prevxresearch.com, we'll analyze it there. I suspect they're using a hooking library which is used by malware as well and it will be best to fix it by getting a scan log

 

"soon" sounds very good...

 

Done.Log sent
I'm testing free version of Prevx....hope that paid version has not stronger system impact(pc slowndowns) than free

 

FP fixed And the system load of the paid version is exactly the same as the impact of the free version

 

Does Prevx safeguard against something like this?

http://www.broadbandreports.com/forum/r22653931-Cloudbased-computing-will-be-extremely-dangerous

 

That sounds more like the need of network security on web admin's side.

While we can't directly protect against an admin using an insecure password, our research helps organizations improve their security: http://www.thetechherald.com/articl...p-discovered-with-over-74-000-FTP-credentials

 

So this doesn't have to do with in the cloud AVs and software like Prevx?

 

No, from what I got from the article, he's just saying that because companies are moving all of their data online (like online document editing), it makes it easier to attack it as before it was already easy when it wasn't online.

 

Another question: would Prevx along with NIS 2010 be too much overlapping "in the cloud" technology?

 

No, NIS' cloud technology is significantly different from ours so you can use them alongside each other (and neither is perfect )

 

Please elaborate - I'm completely open for a good explanation (and eventually discussion...). I don't mean just Symantec ofc.

 

The fact that NIS2010's installer is 88.49 MB and ours is .8MB pretty much sums it up (and from what I can tell this does not contain their signatures, etc.)

The only benefit users of Prevx would have with a local signature database would be to have protection when offline. Granted, we're adding this into v4 (and it will be optional and non-default), but there is no other benefit from them.

Symantec/other "in-the-cloud" companies are all using the cloud as a supporting means of protection. Their cloud technology is not intelligent enough on its own to sustain a reasonable level of protection while ours is because of the vast differences behind the hood. We've spoken with many of the cloud vendors and compared technology and while we all may use the same overused nomenclature of CLOUD CLOUD CLOUD, the approach is the polar opposite (and for confidentiality reasons/IP reasons we can't go into too much detail here I'm afraid).

 

Small addition to my previous post:

To be fair, I'm not trying to slight Symantec here. They have come a LONG way in the last couple years - honestly much farther than any most companies I've seen and I commend them for that.

I think their "in-the-cloud" offering will shape up to be one of the more fully featured than some of the others but at Prevx we really don't feel any more threatened by their position in-the-cloud because we have a trick up our sleeves for every trick they do (and we do have quite a bit more experience in this realm of cloud protection, since long before it was called "cloud" )

However, I do hope that consumers who are long-time haters of Symantec products try them again because recently they have made a 180º improvement over their previous products and we will work adamantly to coexist peacefully with them as well

 

I respect your comment, and have read the post after the one that's quoted here, but I think you said why the installer is so big yourself; the other components. Sure, it might seem big, and I think this is improved all the time - but PLEASE keep in mind that this has NOTHING to do with the software's effectivity and the technology that's inside it. It was a bad move by you to make to be honest. I should also note that I believe even NIS, which is the "biggest" product using Quorum, is not that big too. I think 60 or 70 MBs to be fair, but I might be wrong on this point. What I'm saying is that has nothing to do with the subject, so don't go there.


I know you as a different company can't say "we have no chance against this company, so you choose", and by that I'm obviously not saying that this is the case, I simply mean I know you can't - but you gotta make a thorough analyzis on their technology if comparing before making claims. You could do that analyzis, and THEN prove why your software is better on this point, on that point - etc. THEN I would respect your reply. Now with only claims, I'm not at all. In your PM to me you made claims about the pop-up when I sort of proved you wrong; it's not even NEAR the same pop-up that you get from a known threat, it's being very clear that what the user sees is a new file, and that he or she should choose carefully what to do with it next.


"Their cloud technology is not intelligent enough on its own to sustain a reasonable level of protection while ours is because of the vast differences behind the hood. We've spoken with many of the cloud vendors and compared technology and while we all may use the same overused nomenclature of CLOUD CLOUD CLOUD, the approach is the polar opposite" - I suggest you explain why very firmly, cause this claim could backfire really quickly if not. It's a very aggressive claim.



I mean no offence by this message. All I mean is aggressive claims should be thought through VERY thoroughly - and not only that; explained with reasons, a really big why this is. The more aggressive or big the claim, the better explanation for it's needed.

Best regards...

 

I think you've misunderstood my comment (or the progression of comments):

"Another question: would Prevx along with NIS 2010 be too much overlapping "in the cloud" technology?" - mvdu

"No, NIS' cloud technology is significantly different from ours so you can use them alongside each other (and neither is perfect )" - PrevxHelp

"Please elaborate - I'm completely open for a good explanation (and eventually discussion...). I don't mean just Symantec ofc. " - raven211

"The fact that NIS2010's installer is 88.49 MB and ours is .8MB pretty much sums it up" - PrevxHelp

You requested elaboration on my previous point, "NIS' cloud technology is significantly different from ours" and the fact that our software is 100x smaller shows that it is significantly different. I never said it is less effective because it is larger

We have - but I don't think it is legally a good idea to go into technical details about another company's product on a forum. If they wanted to release more information about how their software works, they would have said it in a press release or in a whitepaper somewhere.

pbust's post here: https://www.wilderssecurity.com/showpost.php?p=1499228&postcount=12 goes into a bit more detail but he is still being intentionally cautious.

Sure, and we will be improving this in the future. We wagered on users reading through a prompt when shown to them which forces them to make a decision, but we will be lightening it up in Prevx 4.

Again, I'm just stating it logically, not aggressively. If their cloud protection provided all of the protected they wanted, they would do away with the other protection elements as they would be redundant. In Prevx, there is no reason to include a local database if you have at least a semi-reliable internet connection. Symantec's cloud protection does not duplicate the strength of their local database - it is an added layer.

 

"Another question: would Prevx along with NIS 2010 be too much overlapping "in the cloud" technology?" - mvdu

"No, NIS' cloud technology is significantly different from ours so you can use them alongside each other (and neither is perfect )" - PrevxHelp

"Please elaborate - I'm completely open for a good explanation (and eventually discussion...). I don't mean just Symantec ofc. " - raven211

"The fact that NIS2010's installer is 88.49 MB and ours is .8MB pretty much sums it up" - PrevxHelp

You requested elaboration on my previous point, "NIS' cloud technology is significantly different from ours" and the fact that our software is 100x smaller shows that it is significantly different. I never said it is less effective because it is larger


- Okay, sorry for that misunderstanding. What I meant was exactly that its size doesn't have anything to do with its effectivity. And to be fair, since the cloud is about having things on the internet, the size of the installer shouldn't have anything to do with Quorum at all if I'm not mistaken. I hope you see my point on this.



We have - but I don't think it is legally a good idea to go into technical details about another company's product on a forum. If they wanted to release more information about how their software works, they would have said it in a press release or in a whitepaper somewhere.

- Some more information can be found here: http://community.norton.com/t5/Nort...et-Security-2010-Download-Insight/ba-p/113827 - you could probably refer to that on a couple of things when we discuss.

The best source would ofc be the official forum, and specifically the following topic: http://community.norton.com/norton/board/message?board.id=nis2010_pb&thread.id=310 - Jesse Gough, one of the engineers of Quorum, is there to firmly explain the feature and how it works - and how it works with the other components. This among other employees who also provide information. I'm ofc there too. (RavenMacDaddy) Look it through to see what you can find out.

pbust's post here: https://www.wilderssecurity.com/showpost.php?p=1499228&postcount=12 goes into a bit more detail but he is still being intentionally cautious.

- And I've ofc replied to start a discussion on the subject and specifically Norton - the reason being nothing more than that's what I use.


Sure, and we will be improving this in the future. We wagered on users reading through a prompt when shown to them which forces them to make a decision, but we will be lightening it up in Prevx 4.



"Again, I'm just stating it logically, not aggressively. If their cloud protection provided all of the protected they wanted, they would do away with the other protection elements as they would be redundant. In Prevx, there is no reason to include a local database if you have at least a semi-reliable internet connection. Symantec's cloud protection does not duplicate the strength of their local database - it is an added layer."


I know you meant that, but dragging Symantec into the "CLOUD CLOUD CLOUD" thingie and so on made me understand it as aggressive, so I probably got a little aggressive in return. - This is the big problem with communication with text, so I try to steer it up as good as I can when I reply.

True, it's an added layer like you said. I think that is because definitions for example are simply a great thing in certain situations. Generic sigs and heuristics are there. A defintion is just that; a definition, tells the program EXACTLY what to do with certain malware, which is important for various types of malware, even if not for all.

You have it "in the cloud"; on the internet, which is an excellent idea, but also has its backside; it leaves the software to always communicate and upload/download data from the internet too. We have discussed why this is a problem atleast to me previously - no offence. (Slow process to open (new) programs, or newly installed programs, because Prevx has to communicate with the server to transfer and analyze data.)


Then we have the other components who're partly communicating with Quroum - partly handling their own bussiness. SONAR for example provides its behavior analyzis, which it then adds to what Quorum has to say to come to a conclusion. The whole suite and its components working as a whole.


Thanks for your reply, and I'll happily discuss this further!

 

Indeed it doesn't

My comment was: "We've spoken with many of the cloud vendors and compared technology and while we all may use the same overused nomenclature of CLOUD CLOUD CLOUD" - With we all I was commenting on how overused the word "cloud" has become - not in AV alone but everywhere. Rather than calling something an online service, everyone is just throwing the word cloud around. At the rate it's going, soon Youtube, Google, and Facebook will all call themselves "cloud" applications. Yes, its true they run on a server, but then should we just rename the internet to "the cloud"?

This is the difference between Prevx/Symantec - they still have local technology which provides an additional layer on top of what they provide in the cloud - we've been able to centralize everything with centralized definitions/generic signatures/and heuristics exactly as we would if we were to have a local database - it's just far faster to run it in the cloud and keeps it immediately updated.

I agree, and this is why we're going to have a local database in the future - it won't provide any additional protection, but it will provide "easier" protection.

The issue you had with opening new programs or newly installed programs will be entirely addressed in v4 - it isn't the communication with the server that is the slowdown for you, it is the fact that Windows opens each component of a program synchronously which makes any form of analysis a big drain on new programs.

 

"My comment was: "We've spoken with many of the cloud vendors and compared technology and while we all may use the same overused nomenclature of CLOUD CLOUD CLOUD" - With we all I was commenting on how overused the word "cloud" has become - not in AV alone but everywhere. Rather than calling something an online service, everyone is just throwing the word cloud around. At the rate it's going, soon Youtube, Google, and Facebook will all call themselves "cloud" applications. Yes, its true they run on a server, but then should we just rename the internet to "the cloud"? "


- Good point - I can't more than agree that it should be avoided to be used when it's not the "real deal".



"This is the difference between Prevx/Symantec - they still have local technology which provides an additional layer on top of what they provide in the cloud - we've been able to centralize everything with centralized definitions/generic signatures/and heuristics exactly as we would if we were to have a local database - it's just far faster to run it in the cloud and keeps it immediately updated."


- Credits goes to fellow member Pleonasm ; "FYI -- Readers of this thread may be interested in the conversation occurring here about changes in scanning in Norton Internet Security 2010. It appears that NIS10 will by default will only examine files that are unrecognized by Quorum, greatly speeding a system scan." Then you take that together with Auto-Protect with its generic-detection and so on, and SONAR which cooperates with Quorum with its behavioral protection. Already there we've the "circle".


"The issue you had with opening new programs or newly installed programs will be entirely addressed in v4 - it isn't the communication with the server that is the slowdown for you, it is the fact that Windows opens each component of a program synchronously which makes any form of analysis a big drain on new programs."

- Thanks for that information - it indeed explains and helps a lot.


Best regards, and I'm looking forward to hearing from you soon.

 

Has there been any resolution to the Vipre compatibility issues talked abouy earlier, ie quick scan and roolit?

 

It may be worth trying it once more as Vipre has released some updates and I know there are a few users here who are using both Vipre and Prevx 3.0.

Let me know what your results are

 

Vipre still hangs during rootkit scans on my system. Runs fine when rootkit scans are turned off.

Also was having trouble with OA3.5 somehow disabling Prevx ability to run. There were some test files on the OA forum site and Prevx allowed them to run. Had to uninstall and reinstall Prevx. Seems to be running fine after that but I have not retested.

 

We're looking into the Prevx/OA incompatibility as well as a few other beta testers now and hoping to have a solution shortly with the next upgrade. For now uninstalling/reinstalling does seem to solve it but we'll have more details as soon as we've distributed test versions after they're finished.

Thanks for the information