Possible Security Issue with SafeOnline?

Discussion in 'Prevx Releases' started by Muddy3, May 31, 2010.

Thread Status:
Not open for further replies.
  1. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    243
    Location:
    Belgium
    I have been using Prevx for a few years now, and have found it to be a very solid secondary line of defence to my AV programme.

    This afternoon I came across this YouTube video: -http://youtube.com/watch?v=snWX0SGay90- appearing to demonstrate a security flaw in Prevx SafeOnline. Is this a false alert, or should I treat it as a genuine concern?

    I am afraid that I am not very computer-savvy, and therefore would appreciate any comments as to whether this should be taken seriously.
     
    Last edited by a moderator: May 31, 2010
  2. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    in the newest beta prevx will pass this test.
    but not forgett, this is not real malware. most important is blocking data stealers
    and i think and saw in my own tests, prevx makes most time a good job.
     
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  4. PC__Gamer

    PC__Gamer Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    526
    Not sure about this, but ive always viewed posts like this as the following:

    SafeOnline is browser protection, this software is already on his machine so it has no relevance to the actual browser security, SafeOnline is there to operate and keep the browser safe from the WWW using known attacks and methods to grab the screen/keylog etc,

    Like i said, i aint sure myself so would like clarification, but im sure this isnt a failure from PSO, as ive seen posts and threads like this before.

    unless im mistaken, looks like False testing and understanding to me.
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Exactly true - the user would have to actually allow the SpyShelter test through the Prevx protection first. We've since changed our protection and the current beta version will block the SpyShelter tests so it is not an issue. We've also looked at the technique used by the new SpyShelter test and it is used by zero pieces of actual malware in the wild :rolleyes:
     
  6. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    243
    Location:
    Belgium
    Thank you for the comments guys. Thank you also Cudni: you are right that this has been picked up and more fully discussed in https://www.wilderssecurity.com/showthread.php?t=273797 . I was in a hurry when opening this thread and didn't notice that there was already a thread started earlier today where the maker of the YouTube video had raised this issue.

    An interesting point in this other thread is the comment from Prevx Moderator (aka Joe?), and repeated by him in a post just added above, that Prevx's latest beta version has addressed this issue. But most important of all, if I understand correctly, is the general consensus from Wilder posters and from Joe again in his latest post above that the issue raised in this video can be considered a non-critical security issue. (please correct me if I have misunderstood o_Oo_O )

    Thanks for the help anyway!
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes :)

    You've understood correctly - SpyShelter has been making a few leaktests like the one in the video over the last few months. They demonstrate only one very minor aspect of the full protection of browser security products and the latest SpyShelter test got past every browser security product because it was designed to only view screen contents - an act that is not directly malicious. We've since added the different technique that they've discovered and can easily see that no infection has ever used that technique. While it is helpful to stay ahead of the malware authors like this, it is a bit of wasted anxiety as it took less than 15 minutes for us to provide a full generic patch for the technique but still have not seen any real malware using it (which is why we've only included it in the beta version for now :))

    Hope that helps!
     
  8. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    243
    Location:
    Belgium
    Yes it does! Thanks.
     
Thread Status:
Not open for further replies.