No News Is Good News For Prevx2 ?

Discussion in 'other anti-malware software' started by Perman, Dec 20, 2007.

Thread Status:
Not open for further replies.
  1. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks:

    I have not witnessed any news at Prevx front; program still stalls at v.1.0.2. B 123 for a good long time.

    Although database may increase from time to time, how about other features ? Nothing worth improvement at all ?

    Holiday season is around the corner, I guess any good news would have to surface after the New Year, Unless some one from there delivers us a surprise in time !
     
  2. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    You don't see lot of new updates because Prevx 2.0 has reached what you can define as "mature age". What does it mean? Basically that the software is stable and our efforts are focused on developing new technologies and improvements of actual ones.

    We have less bugs to fix for Prevx 2.0, that is the reason we are working more "silently".

    You can see, for example, that we've released new Prevx CSI, a powerful and user-friendly malware scanner (here for press release) with advanced cleanup routines.

    This is only one of new technologies we're developing, but be sure Prevx 2.0 will be updated if necessary and you're always covered by our up-to-date malware database.

    And, moreover, just for Christmas, we're going to offer something, just stay tuned on our blog.

    Cheers :)
     
    Last edited: Dec 20, 2007
  3. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    prevx 2.0 is outstanding, im glad im a customer.

    works flawlessly with drweb, i find it a great setup and can already see me renewing when the time arrives.

    :thumb:
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I just ran Prevx CSI. Pretty fast scanner.
    It didn't detect anything, not even a false positive. Which proves that my Anti-Change Scanner is as good as Prevx CSI. :)
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I agree Chris.. It is a very good product.:thumb:
     
  6. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    20% discount, but i already have the software and its valid for another 11 months.

    is there a discount on renewal?
     
  7. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    that is 20 percent of the purchase price. There is a discount given on renewal I just am not sure what it is.
     
  8. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    apparently i get the honor of being the lone dissenting voice. imo Prevx2 is bugware. while the concept and technology are cutting edge, the implementation from my experience has been and still is buggy.

    the scanners:

    file scan is horrendously slow on my box P4 3.0 ghz 1 gig ram XP Pro SP2. in one scan episode Prevx2 file scan took 7 hours and 42 minutes to scan 3 250 gig HD's (one USB external) around 35k files scanned. what is interesting is Online Armor AV+ scanned the same three drives, 35k files approx. in 29 minutes. not only was OA's scan a file scan it also scans for viruses using Kaspersy engine ver 5. oh and that copy of OA was a beta build. shame when beta software pummels 'mature' software in head to head performance isn't it? this took place in October, i submitted a ticket, the answer i recieved was in essence, works fine on my machine. well it doesn't on mine. and lastly on the file scanner, try aborting a scan, Prevx2 crashes. abort a scan on lowly beta build OA, it aborts, just as it's supposed to....no drama, no crashing.

    archieve scanner, when it was first implemeted crashed repeatedly when encountering an archieve. a little better now, but will still crash often enough that i no longer check that box.

    oh yeah file scanner again, i had 6 various malicious files unzipped and setting 'naked' in folders. file scan missed them ALL. after that i decided to submit these samples to an online service (Jotti) just ensure they were in fact malicious code. oh yeah, they were really bad stuff! with around an 80% hit ratio with the virus engines Jotti utilizes. again, a scan with immature/nonmature beta software Online Armor with AV, all of these files were detected and cleaned. the temptation may be to use the Prevx2 only detects running viri, i beg to differ. there have been many times when i have simply unzipped malware samples and Prevx2 jailed them....before execution.

    the simple things:

    simply from time to time the act shutting Prevx2 down causes a hang and a crash.

    not recognizing or forgetting the designation of trusted apps. for example i use Dtaskmanager as my default process manager. Prevx1, and for awhile Prevx2 green-lighted DTaskmanager, then for some reason, Prevx2 began orange lighting it. the same executible, from the same location?!? and it's been running orange for several months! when is the real-time monitoring supposed to set in and change the disposition of this fileo_O today running SafeSpace, which loads a file called wavehost.exe. prior to this afternoon, Prevx2 would authenticate the file, and green-light it. now for some reason it's orange-lighted after authentication.

    uninstalling/reinstalling Prevx2. i recently had an episode with reinstalling Prevx2 after uninstalling it with a 3rd party uninstaller, which probably corrupted something. not Prevxs fault per se and btw Prevx Support really stepped up in attempting to help me resolve this. but i used this same 3rd party uninstaller to uninstall Drive Sentry 3-4 times..no issues, Threatfire, again 3-4 times, i am frquently uninstalling/reinstalling OA using the same app, and the only one that breaks is Prevx2.

    not being mean spirited in posting this. i have been for the most part a loyal Prevx user for nearly 2 yrs, but to read that you believe this app is stable and not in need of further development is shocking to me. at least from my most recent experiences with Prevx2, i think it could easily be classified as beta software.


    Mike
     
  9. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    sorry to hear for your issues, but prevx 2.0 is very stable and fast here.

    prevx 1 was a different story, i found it slow, buggy and basically a system drag.

    scans are fast on 2.0 and they detect and clean fantastically (although removal can be slow).
     
  10. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Hello,

    I regret to read your bad experience with Prevx 2.0. I would firstly better explain that I've never written Prevx 2.0 is stopped and anymore developed. I only said that actually we have less bug reports from users and we haven't detected any major bug.

    This of course doesn't mean that every PC in the world won't have problems. Indeed there are so many different factors that could make problems arise. Anyway, the important thing is that every single user that detects a minor or major bug and/or a strange and unexpected behavior should send a bug report through our tickets to support team. I'm sorry to hear that your first attempt to contact our support team hasn't been good, but I invite you to try again, reporting every bug you detected.

    This will help us to fix any major bug that we haven't yet detected.

    About malware undetected, did you know if Prevx should have detected them? I mean, have you tried scanning them on VirusTotal so that you knew Prevx should have detected them?

    Because if they weren't detected at all, you can send me those files so that I can analyze them and add to our database. Malware is always evolving so we have to continue evolving our detection strategies.

    All the best,

    Marco
     
  11. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    hey Marco,

    does Virustotal do anything that Jotti doesn't, or is it just you are familiar with Virustotal? add to the database?? what about the 7 sigs, the 300 behaviours, the Prevx2 file preview/software emulation/sandbox, that is supposed to "look into the guts" of a file before it's executed to see if it's malcious? if simple virus, basic scan engines like Kasperskys, and in fact while i was typing this, i was running a Panda totalscan via IE7 browser. it detected the malware that is still in my zip file, and did so in under an hour.

    btw something i had forgotten to mention in my original post, the Prevx2 clean-up routine is buggy as well. it hangs at "Registering Files" (i believe the process is) and if i attempt to abort, it does what Prevx2 probably does better than anything else...it crashes. i have submitted 2 tickets, once in October (responded to but not resolved) and again about 2 weeks ago, not responded to.

    in spite of what is in my experience, buggy, wobbly software, i continue to use it, and continue to purchase licenses. why? because i do believe in it's cutting edge philosophy and concept. i only post this because i was very alarmed to read that to a large degree, your organization appears to believe Prevx2 has arrived. my experience with it says it certainly has not.


    Mike
     
  12. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321

    well that's nice, but unless we can figure out a way for me to use your system....:D

    in all seriousness C.S.J it's especially confounding for me as there is nothing exotic about my computer. my system is very straightfoward, software wise, and configuration wise. there is no reason that i can see for Prevx2 to be so problematic on my system. but at the end of the day, it is what it is, and that for me has been buggy and fairly unstable.

    and yes when it works, it's awesome to watch.


    Mike
     
  13. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    it does sound like your machine and not prevx2.0

    i may only have 2 machines, but it works fine on both and i havnt heard these comments about prevx before.

    surely a 7+ hour scan is not prevx's issue, its usually about 10mins on my machine (full system scan)

    as for detection, of course it will miss detections but hoping to catch it on its behavior if he excutes, however it can still miss those as nothing is perfect.

    * also, its nice to see staff members on here for the software used


    maybe its conflicting with some other 'scanning' that may be happening on your machine?
     
  14. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    i have no other real time scanners for it to conflict with, but i do use a couple of on-demand scanners. SAS is one, CSI is another, and lastly there is the file scan in OA. none have any problems scanning this machine, nor do online scans. it's Prevx2. it's buggy.


    Mike
     
  15. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    I tried on this box:

    OA (+Kasp.) + SAS Pro 4 + Prevx2, all realtime and the latest versions. I didn't observe any issues and no scanning probs.

    Gerard
     
  16. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,

    The battle field featuring the debate between Simmike and Prevx folks appears to have been moved from other forum(official) to here(wilders).

    That was an endless dispute, going around and around never ending, some of those have been archived.

    perhaps this is the kind of news we all have missed out, still a good news though ?

    IMO, Prevx2 in its present form, is a very stable app, can't say is flawless, but reliable is the key word.

    Folks, enjoy it while we can. Take care.
     
  17. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    maybe the software is just not for you ;)
     
  18. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Virustotal implements Prevx engine scanner, Jotti no, because is linux based. Simple.

    Every heuristic approach need to be tuned and updated to work as best as it can. It is not possible to develop an antimalware solution which causes malware authors to just give up and say "Ok, we lose. They defeated us." As long as a user is given the possibility to install programs, there is always the possibility of getting infected. Because the malware authors have copies of the antivirus programs, they can easily tweak their malware to get around any antivirus solution, and this is the conundrum which we face when trying to develop heuristics.

    It appears that you don't clearly understand how Prevx works. The 7 main signatures are very useful if we already have similar samples in our database. The signatures allow us to correlate malware together by families to automatically write generic definitions. If the sample is totally unknown, our sandbox technology tries to understand as much as possible from dynamic analysis. Then, the behavior analysis starts only if nothing was already detected. An inactive malware doesn't need to have behaviors monitored, just because it isn't doing anything.

    As I've said before, we are developing new technologies and improvements of existing ones. Our signatures are self-tuning, meaning our database adjusts itself as we get more samples to best detect new malicious code.
    We have definitely not stopped working to spend summer days on the beach :D

    If you let me know thru PM your email address, I'll address your ticket.

    Best wishes,

    Marco
     
  19. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Does this mean that Prevx doesn't do static heuristics?
    So, before a file is loaded, Prevx analyses it with signatures and the sandbox (dynamic heuristics). Then, when the file is loaded, the behaviour blocker/analyzer kicks in, right?
     
  20. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    sample

    checked via signatures:

    if known - block/allow
    if unknown - sandbox technology/query event.

    still nothing detected:
    behavior based technology kicks in :)

    something like that lucas i think. :)

    its complicated technology, but vry easy/great software to use.
    all checked within a few seconds, it sounds slow when you put it into stages like this, but its not :)
     
  21. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Got the idea :)
     
  22. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    well, support is great.

    drwebs on-demand scanner was not recognized with the online database, so it set my status to orange for caution.

    'about 30 mins' (maybe sooner and on a sunday) after reporting this:

    Dear Prevx User,

    Prevx Technical Support have responded to your query.

    Here is the message that has just been posted:

    ***********************************************************************************

    Subject: DISAGREE : PX5=11C4A684F05A04C5940017B48130C500E9D472B6

    Hi,

    This item has now been marked as good.

    Regards,

    Prevx Support

    ***********************************************************************************
     
  23. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    so does that invalidate Jotti? i think not. the point was and still is that the files were flaged as malicious by 80-90% of the engines they use. good enough for me, and as you say....simple.

    well i feel you are doing a little deflecting here. i never inferred Prevx2 is impregnable. my sole point is that an outdated virus scanner, that is not even implemented for real time scanning, found confirmed malware, that Prevx2 with it's much heralded cutting edge technology, did not.

    of course not. i don't know if anyone outside of the development folk have a clear understanding of Prevx2 workings. and for good reason. sure would make your jobs a lot tougher if intimate knowledge of Prevx2's inner workings were public knowledge, wouldn't it? as i have indicated i am aware of Prevx2's main technologies. i know a little about the CWC. i know that Prevx2 is configurable from your servers, and what the end user sees is an agent that 'answers' to regional CWC's. i know that in spite of all of that great stuff Prex2 missed every sample of confirmed malware that a lesser pedigreed simple little AV scanner found, quickly and easily. it cleaned those samples up without crashing. yep, i know the stuff that counts. brand y did what i wanted it to, brand x did not.

    and as far as the latent/executed discussion. i was right with you until i, in testing Prevx2 with live malware (we know how badly Prevx1 & 2 test with POC's and such) that upon unzipping the little baddies, Prevx2 jailed some of them immediately. the point? Prevx2 is capable of of detecting malware, even if it's doing nothing. and what i found interesting in some of ths testing i did, was that if Prevx2 did not jail upon initial execution, the malware would run without further intervention from Prevx2. for example, i ran spyware quake against Prevx2. it was nailed upon execution, but i wanted to se if Prevx2 would take an aggregate of it's behaviours, and redetermine it. didn't happen it installed and ran. i was hoping to observe Prevx2's other technologies kick in, other than merely the white/blacklist.

    and as i have said before, the reason i initially responded to your post is because i percieved your organization believed Prevx2 has somehow arrived. all are of course entitled to their individual perceptions, but i wanted to relate my experiences with Prevx2, and despite the prtestations of the 2 others who have chosen to engage in this dialouge, i do not believe my experiences, negative or positive are unique.

    and thanks for the offer of direct intervention.


    Mike
     
    Last edited: Dec 24, 2007
  24. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    with respect to scanning, i never did either. c:\ drive Prevx2 scans quickly, d & e, slow as stink. retested a couple of days ago to see if it was perhaps an abberation. it wasn't. after 3 hrs into scanning drive d, i decided enough is enough, attempted to abort the scan (it does have a button for that)...Prevx2 hung, had to reboot. i wish i knew why.


    Mike
     
  25. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    not a battlefield at all. my main contention with Prevx at the time was their lack of participation in their own forum. many legitimate questions were going unanswered. it seemed to me they were costing themselves the goodwill of the very consumer they were spending a lot of time, and presumably money to earn.

    it is/was of course truly none of my business. Prevx can run their forum in anyway they see fit. at the time i really liked the product and the organization. i felt a little more effort on their part in this area would go along way towards generating goodwill from end-users.

    you can put your mind at ease Perman, there is no transfer of battlegrounds from there to here. i wish Prevx good fortune, but i am testing other behaviour blockers, and should one work-out i am removing Prevx2 from my system. while i hate to see it go, the benefit i have received from this thread is it is apparent that Prevx2 is conflicting with one of the 3 security softwares i presently have onboard. Prevx2 is the most expendable. thanks for your input.


    Mike
     
Loading...
Thread Status:
Not open for further replies.