Is Prevx good?

Discussion in 'other anti-malware software' started by truthseeker, Aug 31, 2008.

Thread Status:
Not open for further replies.
  1. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    You have my permission to release the beta to me. :D

    Hmmm, there is an idea....see if Prevx is a publicly traded company...buy 51% of the shares...release the beta to myself ahead of everyone else...and come here and tease everyone about it. Oh...an I wont forget a raise for Prevx Help & Eraser. :D
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    :D No complaints! :D
     
  3. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Me neither :D
     
  4. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Where can i buy these shares?
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We are privately held :D
     
  6. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    @PrevxHelp, out of curiousity, did anyone ever try/manage to replicate this?

    My interest is to know if I have deeper system issues :)
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes, sorry for not responding. We have reproduced a similar issue and this is the reasoning I've gathered:

    Our CSI self protection is quite detailed and protects against all known termination leaktests (SPT, APT, etc.). Because of the way it locks down its memory, it could interfere with memory scanners or programs designed to get around locked memory. Because KIS is most likely trying to analyze memory of running processes, we are interfering with it, either causing KIS to crash the system or CSI to crash the system (at that point, either could be to blame).

    KIS actually will not install if CSI exists on the system, so, its possible that they're aware of the incompatibility. However, we have been hardening the stability of self protection to hopefully defend against BSODs caused by unexpected access to our memory.

    We have a new build planned for late this week/early next week which should improve the interaction, however, self protection is the one aspect of CSI which would tend to be incompatible with other security solutions (as only one product can generally be completely protected on the system at once).
     
  8. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    :) Thanks for the info.
     
  9. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Any updates? :)
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    None yet - still working on everything :D
     
  11. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    Prevx2 needed a special rule in ISA Server to allow it access to the Internet. Without the rule, Prevx2 appeared very unstable.

    Will Prevx3 also need this rule?

    Has Prevx3 been tested in a networked environment with ISA Server?

    (Prevx reseller)
     
  12. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I'm not familiar with ISA server, but I'd imagine it would require a rule to allow it to get out, especially for updates to save the hassle of having to whitelist it every time we change the file.

    Our internet communication is really not much out of the ordinary compared to normal apps, so, I wouldn't anticipate "that" much difficulty to allow it to function normally (the communication is very similar to a chat program, sending small packets to the server).
     
  13. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    On a side note, Prevx3 prevented the infection (Gimmiv.A) that has come along with MS08-067 exploit ;)
     
  14. Nett0pp

    Nett0pp Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    71
    Location:
    Scandinavia
    @Dirty

    I can see u claim to have "enhanced" r00tkit detection.
    Does Prevx have major faults when it comes to buffer overflow expl0itz?
    I have tried Prevx on several pcz infected with primitive, and modified Rkits.

    NONE OF THESE have been detected by your @nti malware product...
    Thats not good, or is it?

    :thumb: :thumbd:



    TCSP
     
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Prevx2's rootkit detection is not as advanced as the detection in CSI. Have you tried CSI v3 against these rootkits?

    We have yet to come across a rootkit which evades CSI's raw disk scanning, so, we'd be very interested in what rootkits we are missing.
     
  16. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    And also, with regards to your buffer overflow exploit detection, what exploits are you using and what are we missing? It would be very helpful to receive a copy of the problematic samples so we can add detection if we miss them or so we can aid you to configure it to block the samples.
     
  17. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    i never got the chance to try this program is it a hips or regular antivirus with a black list of malware?
     
  18. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Prevx 2 and Prevx 3 (unreleased) both monitor behavior and analyze it centrally within our database. We blend a number of different strategies to detect malware, including whitelisting, an extensive blacklist, behavior analysis, static analysis, heuristics, and sandboxing.

    It isn't a HIPS and it isn't a regular antivirus - its more of a blend between the both, with an emphasis on new-threat detection rather than the antiquated threats most AVs tend to focus on.

    Hope that helps :)
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    ok i see so it is like Drive Sentry:thumb:
     
  20. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes, except, (correct me if I'm wrong), DriveSentry relies on the opinion of its users to block files based on the "community" - however, we do it automatically on the database end (e.g., even if 5,000 hackers tell us that a file is good, we wouldn't mark it good until we can prove it is through manual or behavior analysis). This prevents a lot of exploitation/abuse and our automated malware analysis blocks thousands of threats as soon as they're found, rather then relying on users to answer prompts about them.

    (Again, disclaimer: I haven't used DriveSentry so I'm not sure exactly how it works)
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    kind of but they also have a black/white list like prevx and about the community data base i am not to sure.
     
  22. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Ah ok :) The white/black listing only goes so far, however. We have literally millions of samples in our black list, and far far more in the whitelist, but conventional black listing is becoming less effective as the life cycle of infections gets smaller and smaller.

    The ones in the middle of "obvious bad" (via signatures) and good are the hard ones for conventional AVs to find, however, that's where adaptive automated analysis comes into play and that's where community-based products really help as it gives the antivirus company the ability to analyze everything at a global level to look at infection and how they behave across the community.
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    it is or sounds promising,thanks for the explanation,maybe i will give a try:thumb: to see how it really works.when is the version 3 be out to try?
     
  24. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    v3 is still undergoing changes (mostly surface level in the product, but there are a number of underlying changes going on in our servers/datacenters).

    Our current estimates peg it being ready early November, but we haven't set an actual release date yet. I will definitely be keeping Wilders updated as we progress to a possible public beta -> RTM :D
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Thanks for your good and fast info about prevx:thumb:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.