PrevX 2

Discussion in 'other anti-trojan software' started by Hyperion, Nov 5, 2004.

Thread Status:
Not open for further replies.
  1. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Anyone uses it?I downloaded it today and i was a bit disappointed by the resource usage.Otherwise i m sure it's very nice,although i don't like this need to update.I used to have the beta 1 version for a while,but this one uses min 3-5% of my CPU with peaks of 13% (Athlon 2500+) which for me are unacceptable for a second layer of defence programme.The protection options are wonderful,but it became a resource hog.

    Anyone else had better luck with version 2?
     
  2. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    HI Hyperion,

    I just installed Prevx 2.0. I think it is extremely well done. I'm waiting to see how stable it is on my system. So far, so good. The prior version caused to many crashes. Process Guard, in contrast, has run withour causing any problems except that I always get explorer.exe errors when I close down the system. I am pretty sure it is somehow related to PG, since I have not had this problem together. Other than this, both programs are cooperating with each other nicely right now.

    As far as CPU is concerned, I am running a scan of my system right now and Prevx is the least of my worries. In order of resource usage:

    KAV 4.5 (by far the)
    Giant AS (also quite substantial)
    Ewido (about the same as BOClean)
    BOClean
    Prevx (a bit more than PG - at about 2 -5%
    ProcessGuard

    I am not going to keep all these safeguards running long term, but I am running them side-by-side to see which programs provide the best protection over a protracted period. If they behave well, and they do not impact my browsing, then I will keep them all since each has its individual strengths.

    Rich
     
  3. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    I was just wondering if u can supply a link to prevx 2 for me.

    Many thanks

    THE MUL ;)
     
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    It is posted in the updates forum ;) ...
     
  5. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    Thanks for the help, sorry but I never looked in the updates today.

    Your friend

    :D THE MUL :D
     
  6. Weber

    Weber Registered Member

    Joined:
    Jun 16, 2003
    Posts:
    107
    Location:
    Porto Alegre - Brazil
    doh, i keep getting "Internal Error 2738" when i try to install the new version.
    i already uninstalled the old version before, but it's not installing

    edit: does any one know if it needs some windows services to run? because i use nlite to customize my windows
     
    Last edited: Nov 5, 2004
  7. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    I think something is wrong here. They are giving this away? It sounds like the solution that everyone has been looking for, for a long time, almost the perfect security solution. Yet they are giving it away to home users, to ISP's and to Enterprise businesses in 25 users blocks(22 clients and 3 servers). It sounds to good to be true. It must connect to THEIR server to identify attacks and see how to handle them, aloowing you to see what other users did with the same program. To me this sounds like a trojan, maybe someone with much greater knowledge than I sould take a look with a packet sniffer or something and see just what Prevx sends back HOME. For now I think I will stay with version 1. Maybe I am just being paranoid but this just sounds to good to be true and my mother taught me that when something sounds to good be true and it's free, there is usually something not up to snuff. Just my two cents.
     
  8. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    chew,

    I split off the posts dealing with your possible update problems to HERE. We basically had taken over this thread :cool: .....
     
  9. chew

    chew Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    515
    Location:
    GeordieLand.
    Thanks Puff-m-d

    I didn't want to start a new thread just now thinking that I might as well stay with the same thread.

    New thread is better now.

    :)
     
  10. Meltdown

    Meltdown Registered Member

    Joined:
    Sep 17, 2004
    Posts:
    299
    Location:
    Babylon
    I’m far from convinced about this upgrade. Firstly, what does Prevx2 offer that Prevx1 doesn’t? They’ve ‘extended’ the buffer overflow protection, and introduced protection from ‘Uncontrolled Program Execution’ – you get the same from the free version of PG3 – and ‘Process Hijacking’. No idea what that is, and I’m not about to install Prevx2 to find out. Like flyrfan111, I think there is something wrong here.

    On the Prevx website there’s a report, available here in PDF format, which among other things details what Prevx sends home. It points out that Prevx does not store any information that can identify individual users; each individual Prevx installation can be identified for regular monitoring, but no data that would identify the user is retained. However:
    There’s some irony in the fact that something that presents itself as ‘intrusion prevention’ software is so intrusive… and then there’s the question of what Prevx does with that data. Their website says:
    Which sounds reasonable. But that is followed by the vaguely worded information that
    Does that information include your ‘currently executing processes’? Who are these corporate customers and ‘other interested parties’? And how happy do you feel about contributing to commercial market research services?
     
  11. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Yeah meltdown, I sure do want to know what those guys at Prevx want to do with the information that they collect.
     
  12. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Thanks to everyone for the reply.I too don't like the fact that wants to dial home.Added to the fact that it's heavier than my antivirus and firewall put together for the CPU, made me drop it.

    About Process Guard,unfortunately,it seems that even version 3 causes trouble to my PC.

    I m back to WinPatrol,which is much less than the previous too,but works smoothly and with minimum resources.If i get paranoid i ll put back Abtrusion Protector i guess...
     
  13. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Thought of something else that bothers me about this; Why did they make a NEW site just for this upgrade? They redirect you to a new site. Wouldn't it be easier to just update the old one? It seems maybe the intrusion prevention company wants to get into the marketing/advertising sector as well. Is it only the three of us that think this is strange? Anybody with more technical knowledge take a look at any packets? Anybody with some hacking skills try to test this out and see just how preventative this intrusion software is?
     
  14. pIMp

    pIMp Guest

    Here we go, wouldnt call myself someone with hacking skills, but I know
    how to turn on Etherial and to spy on the HTTP traffic of prevx :)

    Ok so far, they changed from encrypted HTTPS to HTTP in version 2, otherwise I wouldnt be able to spy easily on their traffic.
    It is not sending any binary data - its all readable text and numbers in those HTTP traffic.
    I recognized a couple of process names in the traffic, currently running on
    my system as well some data which I saw in the Event Details of some alerts.

    It seems they are connecting several times their webserver in order to report
    collected alerts. Such an option already existed in version 1 as "Send To Prevx". This option is now gone and seems to be automatically active.

    I cannot tell more at the moment, but given the fact they are not even
    encrypting the traffic and given the stuff I've seen, it seem's not to contain
    any personal information. Ive got it installed on a clean machine as well on my working machine - the data on both machine are identically. I would have suspected it sends more stuff from my working machine - but it doesnt.

    On their page they are stating they are using the event data to help the user
    when pressing "Get Advice" on an alert popup. They would show some statistics obout how many users denied it and how many allowed it, makes sense, however, atm there is not much to see when ya press the button, but then also on the other hand, they released it yesterday.

    needs further checking...
    maybe someone else wants to join in to check out what they are sending?
    4 eyes see more then 2 :)
     
  15. Unity

    Unity Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    112
    Location:
    Toulouse ~ France
    The main problem for me with this version is like Hyperion , the ressource usage.

    Prevx 1.0 : 0 CPU%
    Prevx 2.0 : 2-5 % CPU

    I've installed the 1.0 version again.
     
  16. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    I'm sure some of you here may remember Aluria's partnership with WhenU.
    If prevx gets from anti-spyware to spyware, just block 'em.
     
  17. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Prevx said:
    Prevx plans to market a range of services providing information on Internet Threats to corporate customers, ISPs, security vendors, rating organizations and other interested parties.

    Indeed, who are those corporate customers , rating organisations and other interested parties?

    Corporate customers could be other companies, who knows, what if they secretly send the information to a spyware company?
    Then, rating organisations!? What the heck are these rating organisations anyway?
    And other interested parties, could they be spammers, marketers or advertisers?

    On the internet, you can never trust people completely.
     
  18. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
  19. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    In that pdf, art 6. practically says that it could be used as Trojan ,but this isn't possible to verify because the source code should be analyzed in order to see this.ALso says that this is theoretical possibility that exists with many other software like antivirus programmes,so basically,it's a matter of trust.

    Well,at least as far as i know ,my antivirus doesn't try to upload any info about my system ,it just tries to download signatures.

    I think i can live without PrevX. :)

    Nadirah's comments are also correct.The whole situation is a bit too vague for my tastes.The fact alone that in version 2 you have no control on when you send the report is preoccupying.

    Also somewhere yesterday i read that they "purged" their database with the info about the users of version 1 and beta testers.Today i can't finda where i read this but i m positive.In fact while for version 1 they were requiring registration,for ver 2 you just click and download. All these things seem weird.
     
    Last edited: Nov 6, 2004
  20. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,798
    Location:
    Texas
  21. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    I liked the first part too but this new one is uninstalled. I can live without prevx too...and all those things about their eula isn't giving me headaches in the beginning but now when I think of it...well like I said, uninstalled it.

    I am glad I am part of this forum: the times I have changed my mind here is ... lets say: a lot...lol... in this I must admit I was a bit naive , I still believe it is a good prod. but their policy is like you all said a bit vage and can be interpreted in many ways and that opens the door for other things...

    thanx for pointing this out.

    have a nice day you all!!

    Opt.
     
  22. BrainWarp

    BrainWarp Registered Member

    Joined:
    Aug 26, 2004
    Posts:
    287
    Damn--i hate to see that prevx has taken this route.I really like prevx 1 running on my computer ,but it's a little wierd how 2 version needs to call out to net.I think i'll stay with the first version.It serves me well for now.

    I had high hopes for this company,but in the end money always corrupts
     
  23. QuoiQuel

    QuoiQuel Registered Member

    Joined:
    Nov 18, 2004
    Posts:
    3
    pIMp: "needs further checking...
    maybe someone else wants to join in to check out what they are sending?"

    Well, I did some checking on what they were sending. I liked PrevX Home, but the latest update got me a bit worried. And not only the bit about Ask the audience or Get advice. I use Sygate Personal Firewall and checked if PrevX was accessing the internet without there being an Event, as they call it. And PrevX did. My Event History list is empty but every 5 minutes or so the programma accesses wip6.prevx.com [IP 213.52.140.88]. Backtracing and Whois brought me to companies called Globix [http://www.globix.com] and Probet Technology Ltd. I enabled Packet Logging (which captures every packet of data that leaves - or enters - a port) in Sygate and checked what exactly PrevX Agent was sending: Packet Dump 463 bytes, the Packet Decode window showed a detailed inventory of (active) applications and executables on my computer. Now why is this, I wonder?

    I denied PrevX Agent access to the internet and asked PrevX, per e-mail, to explain the reason for letting PrevX access "the boss" at frequent and regular intervals. No reply yet.
     
  24. pIMp

    pIMp Registered Member

    Joined:
    Nov 7, 2004
    Posts:
    13
    Yeah, I reliazed that too.
    Prevx seems to run periodically in the background checking for new alerts to be reported, whatever.
    They state something like that on their website.
    It also does that IP lookup, however, it does it only once on my machine !?

    Like in my post, I saw also a few process names going out and wild numbers.
    Anything else you spotted?
     
  25. QuoiQuel

    QuoiQuel Registered Member

    Joined:
    Nov 18, 2004
    Posts:
    3
    Nothing much. I just let it have its way and access the internet, but nothing spectacular this time. No inventory of process names, just a garbled e-mailaddress, the IP-address of my modem and a set cookie (which I can't find anywhere). As long as I deny access, it keeps trying to access the internet (about every 5 minutes or so), but now that I've let it, it keeps quiet. I told Sygate to ask me whether I want to let PXagent access. We'll see what happens next.
     
Thread Status:
Not open for further replies.