Is Prevx an antivirus?

Discussion in 'other anti-malware software' started by jm0307, Jun 22, 2007.

Thread Status:
Not open for further replies.
  1. jm0307

    jm0307 Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    77
    Dear members,

    I uninstalled my antivirus and was about to try a new one. Upon restart I noticed that the usual Windows Security Center warning about the absence of an AV had not popped up. I thought that the uninstallation might have been incomplete, with the Security Center still mistakenly recognizing the old AV. So, when I checked the Security Center, it confirmed Prevx as my antivirus...

    My question is thus, is Prevx an AV in the proper sense, or, better, should I forget about installing an AV and trust solely in Prevx?

    I was under the impression that HIPSs and AVs were different layers of protection. My pc seems a little faster, but I am weary of abandoning the use of an AV. Should I make this leap?

    Thanks, and best wishes,

    jm0307
     
  2. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    I for one would not go without an anti virus. I don't know what else you are running for protection whether realtime or on demand but I would never trust just one app to keep me safe,I believe a layered defence is the best way to go without overlaping.True it may look like I have a lot in my sig but each one does it's own job with little or no overlap and all run well together for me.

    Is Prevx an anti virus?
    I don't think so.
     
  3. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Exactly my opinion, good explanation.

    Beside be careful trusting Prevx, in past I could follow many false positives, the same with Avira and dr.Web, full of false positives. Do not trust it, one AV you can trust is Kaspersky, they have the fewest false positives I have experienced so far. Very reliable.
     
  4. jm0307

    jm0307 Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    77
    LoneWolf and SystemJunkie,

    Thanks for your replies. I must say that, bearing in mind both your judgements:

    PrevX should not be recognized by the Windows Security Center as an AV if it is NOT an AV.

    To classifiy PrevX accordingly gives a false sense of security, and could cause many novices, such as myself, to abandon the use of properly layered defence.

    Luckily, due to the wealth of information in this forum, I had learnt enough to at least be suspicious of this mistaken classification, and your replies seem to have confirmed my suspicion. With due caution, I have reinstalled an AV.

    Best wishes,

    jm0307
     
  5. ghiser1

    ghiser1 Developer

    Joined:
    Jul 8, 2004
    Posts:
    132
    Location:
    Gloucester, UK
    Prevx 2.0 is far more than an AV, it is anti-malware. It incorporates elements of AV, AT, AS, HIPS, CIPS and AE. That is why it is registered with windows as an AV. You may of course choose to run any other security product along side it if you choose. A layered defense is always preferable.
     
  6. Pulsar55

    Pulsar55 Registered Member

    Joined:
    Jun 22, 2007
    Posts:
    8
    Location:
    KY
    Hopefully Prevx2 will soon have lots of backup (evidence) that it can replace a tradional AV if so desired!
    Pulsar55
     
  7. interact

    interact Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    121
    Location:
    Paris
    I'm still testing PrevX 2.0 but in my opinion I would strongly advise that you use an AV product. PrevX has failed to detect a number of PE based viruses that I have ran and didn't detect a number of system settings changes that are known vulnerabilities to spyware. A considerable number of virus are script based which a tool such as PrevX will not protect against.

    ~interact
     
  8. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Damn, that´s so true, it´s very dangerous to only rely on prevx.
     
  9. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Yep.:rolleyes:
     
  10. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    sadly, i am beginning to believe i must concur. i had high hopes for Prevx2.


    Mike
     
  11. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Do you have it configured to query or block all unknown executables? That would be the minimal configuration to use in this context.

    Blue
     
  12. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    i have it set to Query. my opinion reversal is more than an configuration issue. Prevx knows. i have had a Support Ticket in since June 05. i will not elaborate further at this time, but i am very disillusioned right now.


    Mike
     
  13. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    June 5th or June 2005? :blink:

    After tests of Prevx & other anti-spyware software I've come to realise that the anti-spyware market is still too new, as distinct from the anti-virus market. With many immature & unstable anti-spyware products on the market that I can't risk running on my own computers - let alone customer sites. :(
     
  14. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Forget high hopes, Prevx is a total disaster, shameless that they want money for such a inadequate product. I tested it on two Computers, it was incapable to remove a test set of Elite Keylogger, turned the whole system into a reboot loop, had to use last known good.
     
  15. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    @simmikie

    Sounds like a big turn around for you :( : care to elaborate any more than this thread.

    I have PX2 and AV and FW
    Some of these posts sound ominous.
     
  16. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    I too have been running Prevx 2 without any troubles, and never had any with version Prevx1 including when it was updated from version1 to 2. There are some people with troubles over in the Castle Cop Forums however.
     
  17. Riverrun

    Riverrun Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    376
    Location:
    ~
    I trialled Prevx 1 two months ago and it ran well for the first few hours and then it froze my computer. I had to use the power key to shut it down. I rebooted and it did the same thing. Needless to say, I removed Prevx 1 fothwith and things returned to normal. I haven't tried Prevx 2. I'm not sure if company policy will allow me a trial even if I wanted to try it. Once was enough. There are better solutions available IMO such as the highly effective and user-friendly DefenseWall.
     
  18. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    hey longboard. this thread may shed some light on my present discontent with Prevx2. hopefully the beastmasters will choose to engage and clarify any misconceptions.

    http://www.castlecops.com/postx184600-0-0.html


    Mike
     
  19. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Ahh
    I missed that thread while lurking.

    There are a couple of users there who have had some "unsettling" experiences with Px2.

    I dont doubt that they (PX) are busy: The failure to detect Morguds test file is an eye opener. This is a simple click and 'oh **** no, what have I done' simulator.
    And as such a good reality simalcrum.
    It's been around for a while :(

    I think the three week delay is not ...tooo.. :doubt: bad as there seems to have been some action along with the various rollouts of the new versions.

    Still, very frustrating when you ( we ) are trying to help, as per the affirmations from the users and the "blue sky" to come _ we hope_

    Good posting by you.
    I would have thought some response from PX might have been appropriate.
    Still waiting for their forums.

    Nice to see OA doing a job there.
    Regards.
     
  20. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    yeah, well what is particularly vexing to me is if one breaks down the internals of Prevx2 workings, it is totally confounding as to how it missed. for instance:

    7 Signatures according to Prevx documentation, 3 of the 7 Sigs are dedicated to detecting new malware (what these signatures are comprised of and why 7 total, i don't know) and 4 are dedicated to discovering 'family ties' ie variants.

    so if DFK's winllogon.exe was in the Prevx database and marked as bad, then why did Prevx2 not immediately Jail it? btw it now does. Prevx's official correspondence to me was that the DFK version of winllogon.exe was marked as unknown and is different than the executible marked as bad.

    well, a couple of things. first the 4 Signatures dedicated to exposing variants seems to have failed in this case. secondly, what about the malware real-time intelligence gathering? Prevx claims one of Prevx2's advantages is real-time intelligence gathering and malware determination, where behavours are monitored in real time and are usually determined within 24 hours. i have been running DFK for months! at least a dozen times or more since i first installed Prrevx1.

    300 Behaviours. Prevx states that Prevx2 is designed to monitor at least 300 distinct malware behaviours. what installing a rootkit, hiding a file in ADS, utilizing dropper technology, opening a backdoor, shutting down security apps (including Prevx2, in 2 builds of Prevx2 DFK was allowed to run from start to finish installing a rootkit [vanquish.dll] and an ADS stream for the first time), installing spyware and a keylogger is not included in those 300 behaviours?

    Emulation. Prevx2 has a new software emulation capability, which in essence 'previews' unknown objects to ferret out hidden behavours, and then compares it's findings to a Community database of 100 MILLION other objects. that's a lot of objects. while i may not fully understand what Prevx may classify as an 'object' but surely something that makes up DFK should be in there?!?

    so that's my frustration with Prevx2. with all of these tecnologies and safeguards, how did a nearly 2 yr old blended attack simulation get through to one degree or another? especially if one factorsd in that the major 'players' of DFK; playmovie.exe (which was always jailed by Prevx1 and almost always Jailed by Prevx2 except during 2 builds) winllogon.exe, ipod.exe (i may have this file name wrong) and a couple of others i don't recall the file names of are marked in the DB as bad.

    to be clear my intention is not to damage Prevx, i am not angry with them, in fact we are working together on another issue through support in a cordial, cooperative, professional dialog. i will do whatever i can to assist them in addressing this issue, if in fact an issue exist. i am perfectly willing to be wrong in my understanding of how Prevx2 works, and if my expectations of Prevx2 are outside of the scope of Prevx2 capabilities. but that requires communication, which to date Prevx has chosen not to engage in. and being silent and allowing speculation to ferment, when misconceptions (if that is the case) can so easily be dispelled, serves no-one.


    Mike
     
  21. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Yes, I was reading an old whitepaper for Prevx1 and it was amazing on paper, they pretty much have all the bases covered. By far compared to their competition (at least on the home user market), they cover the biggest area, but implementation wise they seem to be a bit off.
     
Thread Status:
Not open for further replies.