Maybe it is the right time for Prevx.

Never used MalwareAlarm myself, but am very interested to try it out. I read very recently (this week?) that they had released a new version of this, but I see you have to go through a registration screen to use it? At first I thought it may be vapor-ware which Panda were simply researching interest in - but if there's actually a real product behind that then I may well give it a go now.

What are your impressions so far of it? Does it strike any similarities to Prevx or Threatfire?

[EDIT] Hang on - I think I'm getting confused with Panda's "Malware Radar".

Isn't Malware Alarm a rogue anti-spyware!? :S

 

Ahem... well. MalwareAlarm.com is a web site that pops up from time to time and it's a bad one.
Sorry to bust yer enthusiasm.

here I just did a scan of it for ya's..

 

@ErikAlbert: But the price you pay to maintain your methodology is a strict discipline that isn´t practical for everyday use for either Joe, Jane, grandma and many others. But I´m glad it works for you!

/C.

 

Go back and read my edit

By the way - I wish edits had time stamps no matter what, as I added that edit before your reply - honest

 

Simple. It's in his signature. RIPS...

 

Sure! But I couldn't help but laugh over this one!

 

I'd hope the fact that I went on to mention "Malware Alarm" as a Panda product puts me in the clear here!

Leading on from this - has anyone actually used Panda's Malware Radar?

 

I don't know what drive-by-malware-installs are, but installs means, that they have to "change" my system partition.
Two possibilities :
1. My security software stop them and if they don't, which wouldn't surprise me.
2. My boot-to-restore will remove them, no change = no change.
They can't infect my data partition, because that partition is locked, while I'm on the internet, which means no reading, no writing, no stealing, no nothing.

 

Your mistake was pretty obvious...

 

Drive by installs usually refers to some type of server cross scripting event over a web browser either direct or via Iframes imbeded into a web page, which usually are simple statements that invoke scripts or executables from other points in cyber space to interact within your web browser and infect you with some exploit or install a download.

About your security:
This re imaging appears to be effective as a restore to an original configuration. However it does appear to be rather tedious having to re image the disk after each session... Unless this is some type of full system virtualisation a la sandboxie?

 

My boot-to-restore takes less than 2 minuts (1m42s) from desktop to desktop and during that reboot any change on my system partition is removed.
Is the total scan time of all your scanners faster than 2 minuts and is it really clean after that, no missing signatures ?
That is just my first defense, I have other methods, which are even more effective.

 

I'll have to admit that your style of PC protection sounds most interesting, and is another one I have yet to try.

The only other scanner I have run that takes under 2 minutes is the Prevx CSI scanner - but that doesn't actually remove malware - just tells you whether Prevx recognise active malware resident on your PC...

Having checked my clean status last week, I can tell you how annoyed I would get having to sit through 1 hour+ scans every week that the majority of vendors seem to take. Checking your PC with 5-6 products can consume the best part of your entire day these days - whereas being able to simply delete any trace of malware you came across and start afresh within 2 minutes is most appealing...

 

Back on topic . I tried Prevx2 for about a month and was surprised that it worked fine. I've read about many problems people were having, but it ran ok on my machine. The only thing I didn't like was the constant internet communications and the fact Prevx didn't know what to do without a connection. I still think there are a few bugs to be worked out, but the idea is a good one. FWIW, I ran it with an AV and HIPS/firewall. I think that was before I was using Sandboxie .

innerpeace

 

I'll have to agree.

I have spent much time lurking and reading the Prevx forum over at Castlecops, and from the majority of posts, you'd imagine Prevx basically bricked every computer it was installed on!

But then maybe I'm one of the lucky ones? I've installed and re-installed on many occasions with no issues - yet I regularly read that people are unable to remove it from their PC, so there must be an issue somewhere they're missing.

I cross my fingers that I remain untroubled, and i have to admit that I'm surprised I have managed to stay clean with only Prevx installed - even though I have the huge benefit of being a knowledgable internet user. Goes to show that maybe not all of us need 8 layers of protection to ensure you're safe?

 

I'm glad you mentioned that. Prevx uninstalled rather cleanly here. I was pleasantly surprised to see it go away easily. I try to make sure a programs processes are disabled before uninstalling. I've also read the forum at CC's and seen the horror stories. Perhaps I got lucky too.

I do think Prevx and Sandboxie would make a good combo along with a little common sense. If Prevx doesn't catch it, then emptying the sandbox should take care of it.

 

I don't pay any price. Do you consider a simple reboot as discipline ? Everybody reboots his computer.
I also do "dangerous" stuff in my system partition, just like anybody else.
Restoring my system partition is peanuts.
I only care about my data partition, which is locked when I do "dangerous" off-line or on-line.

I also used Prevx, even the paid version, because I liked the idea behind Prevx.
But Prevx, how good it may be, remains a protection that is based on blacklists regarding malware and needs to be updated.
Prevx is always too late, because new malware needs to be discovered first and then they have to write an anti-dote and store it in the community database.
I don't need all that, because each malware = change, I don't remove malware, I remove changes and I have no false/positives.

 

Watch this space... cleanup is coming...

 

of course people complain about the negatives of a product, its human nature. Well I put the desktop through everywhere last night and the kids put the laptop through hell, and Prevx does very well. There are no slowdowns. But in the past it was always mentioned to let it "compliment" your AV product. Well, now is the time to let Sandboxie "compliment Prevx.

 

Just a quick clarification... Prevx does not need to "write an anti-dote" or store it anywhere. The Prevx community database contains data about each unique program that has been seen by a Prevx product. One field contains its determination - that is: whether the program is good, bad or undecided. As soon as that field is set to Bad (usually automatically by the database itself), any Prevx program asking about that program will be informed of this status. The malware removal performed by Prevx is completely generic; no instructions or anti-dote is required.

A program can be marked Bad on the very first interaction from a Prevx product - before any behavioural data is captured for it. That is, even though a program has never been seen before, the Prevx database may still automatically mark it Bad before it runs on any PC in the community.

 

So each little virus, spyware, trojan, worm, keylogger, etc. ... program is marked as bad in the community database, no signatures or heuristics needed ?

 

Correct that each program is marked individually. No signatures are required in the traditional AV sense. Heuristics may be involved in determining whether a sample is bad or not, but not always.

In the Prevx database, each program is uniquely identified using a suite of identification signatures. Some of these are traditional hashes like MD5 and SHA1 so unique identification can be made. Others are "family" related - we often find that one or more of these will be the same for a whole family of malware. Or that one or more are the same between two families which at first glance don't appear to be related at all.

 

Such are any scanners, even the Online Community connected ones like PrevX although useful for many, I simply don't use them anymore.
My dual Boot-To-Restore is instantaneous and fail-proof. I can virtualize my entire drive of FD-ISR Snapshots with Power Shadow while the browser also is trapped courtesy SandboxIE plus with PC Security my data partition is "hid & locked" from both system & internet. As a bonus if i use FREEZE feature of FD-ISR then everything that WAS anything including my surf history is dropped from disc, but Power Shadow does that anyway. After Boot_To_Restore theres simply nothing anyway whatsoever to detect, and as such theres nothing to become alarmed of either. My disc retains it's "clean" pristine state after one press of the mouse button. That only takes seconds. I don't have to wait for something to happen because if it does it can't operate anyway with EQS. That HIPS is a basic shield w/ file protections & rules that are local. No extra resources or drive space, no "live" internet connection to blacklists/whitelists which on dial-up can make for delays anyway. Everything is machine based.

Isn't it better to prevent BEFORE the fact then AFTER? I don't have to wait for malware either, or an alert that malware is present, because it simply has too many screens to cross in the first place, and if they can get thru all those, my Boot-To-Restore will just cancel them anyway and flush them away.

 

Everyone is going to ultimately decide what to use. I am happy for you Easter that yours works. If mine does to, then there isnt a difference. If a plain AV and firewall works, then there isnt a difference. Individual setups, Individual results.

 

My boot-to-restore would indeed remove what passed through Prevx.
It's hard for me to believe that Prevx will protect me against any possible known and unknown infection, no scanner gives that guarantee.
Scanners give you the illusion in your mind, that your computer is malware-free by telling you "Congrats, no threats found", that message wasn't enough for me, because it isn't always true.
I'm not even aware, if my system partition is infected or not and by which malware. I just remove any bad change and any good change, because I don't need these good changes as long everything is working fine. If I want a good change, I do it myself.

 

Hi, folks:

Technical comparison between Prevx and Boot-Restore could be very profound and detailed, but I would look at it from this perspective:

Prevx is your 24 hr surveillance mechanism, while
Boot-Restore is your comprehensive Home Insurance with total replacement cost option.
Prevx can spot any initial intrusion/violation, and deal with it right there. No further damage will subsequently develop.
While Boot-Restore option will let any, virtually any event to occur at its own pace. When it is time to clean the house, call insurance broker to claim damage-total replacement-rebuild.
Therefore, there are pros and cons here. IMO, no clear winner can be declared, just your own preference, that is all. Keep your option if it suits your need. Take care.