Offline database?

Discussion in 'Prevx Releases' started by skylite, Dec 29, 2009.

Thread Status:
Not open for further replies.
  1. skylite

    skylite Registered Member

    Joined:
    Dec 24, 2009
    Posts:
    31
    I just noticed lol prevx is pure cloud based HIPS?is there anyway to use it on offline environment?what if the malware disconnect the network,how prevx will be able to detect and remove it?using cache?
     
  2. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    My understanding is that Prevx doesn't have offline capability. As for malware disconnecting the network - why would it do that? Most everything is written these days in order to get money, or your ID (which is then used to get money)...both of which require the malware (or you) to be online.

    ie...keyloggers want to be online, rootkits want to be online, screengrabbers want to be online, rogue antispyware wants you to be online, phishing scams want you to be online, etc etc.
     
  3. skylite

    skylite Registered Member

    Joined:
    Dec 24, 2009
    Posts:
    31
    because they can,the virus/malware coder doesn't use common sense for their 'baby' protection :D,just like few years ago when people still 'worshipping' nod32 as the best :D,why their 'common' sense in their old protection getting beat up by new comer like pc tools?because malware coder actively change their 'protection',

    well just think if the malware protected by rootkit,it would be able to disable certain access for certain application,so only their product would be able to connect,and your common sense is wrong,if keylogger/zeus/etc always trying to update for every user's keystroke it would be draw attention of the user,instead as i am software developer myself,if i am in their position,i would make it wait for couple days and compress & encrptyed it in un-recognizable file archive and send it by leaking process into browser into the server :),only few people run zeus,most of this kiddies are goes into bot network for the sake of booting people of the game,ddos hated website,etc2,the 'feature' of the malware itself is REALLY flexible dependable on the coder itself how he wanted to behave/protect/react/attack/exploit/etc,in this post i just mentioning possible scenario by the coder!yes it's a bot but this cloud scanner have one weakness,always in need steady internet access :/,the new provider should think a way to prevent this,maybe light database or anything or will become like nod32 after few years.
     
  4. DavidCo

    DavidCo Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    503
    Location:
    UK
    Wait for V4 and let's see:)
     
  5. Phantasm

    Phantasm Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    87
    Maybe v4 will have some behaviour stuff built into it, who knows. But it's rare for malware to disconnect your connection, but it defenently does happen everyday.
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello all,
    Prevx 4.0 will indeed have a subset of the community database held locally but the benefits are marginal due to the extremely fast nature of threats spreading today (most threats survive for less than 24 hours). As for malware directly blocking Prevx from connecting - this is generally not the case: if the user can get online and download Prevx, they can scan with Prevx. If there is some infection which is directly interfering with the internet connection, blocking Prevx (or other AV) specific addresses, Prevx will correct these issues in most cases, allowing the user to connect out to continue scanning. It isn't perfect, but it does work for most infections that either use the LSP chain, HOSTs file modifications, or other winsock hooking methods.
     
Thread Status:
Not open for further replies.