Prevx advantages over Microsoft security Essentials

Discussion in 'Prevx Releases' started by Retadpuss, Jun 24, 2009.

Thread Status:
Not open for further replies.
  1. Retadpuss

    Retadpuss Suspended Member

    Joined:
    Apr 4, 2009
    Posts:
    226
    This is more of a question for Joe I guess really.

    Given the way MSE works - that it has a local database of signatures, but also connects to the central MS signature base (which is being continually updated in real time) when it finds something it does not have a local signature for. It will also refer to the central server when the local agent detects suspect activity etc. MSE also uploads unknown malware to the central server for analysis.

    What specific advantages does Prevx have over MSE?

    I would imagine that within weeks, there will be millions of MSE users and after launch, tens of millions - serving as a huge net for MS to capture new threats as they appear.

    I have tested MSE and it is very good - not far off Avira on a good sample of malware which was less than 72 hrs old. This said, Prevx came out top - even beating A2 - so well done!

    I would be interested in your feedback.

    Puss
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    From what I've read, this is not how MSE works - it was a rumor which was started but was false (correct me if I'm wrong, however :))

    The difference between Prevx and other "in the cloud" solutions is the data which is gathered - we don't just use a simplistic checksum when sending up signatures, we send up complex behavioral maps and large volumes of contextual data which is analyzed and stored for current and future detections, not just for detections at that moment, and this sets us in an entirely different class from other products.

    While MS may gain some users, we don't perceive them as any different or more threatening as other free AVs. And for what it's worth, a million users takes quite some time to build up and I doubt the average home user will have any idea what MSE is for quite some time :)
     
  3. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    I don't feel to, or have any time to argue with this. Believe me - if I did, I would. :D
     
  4. dlimanov

    dlimanov Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    204
    I'll chime in here, as I've been playing with MSE for a while in pre-beta form. It's a good signature-based A/V, probably as good as many commercial ones, but it doesn't have extensive and advanced behavioral and heuristic engine, like Prevx, A-2 and few others. I actually ran it along with Prevx for a short period of time and two programs complimented each other nicely.
    So, it's a different niche, I think. Prevx has nothing to worry about just yet.
     
    Last edited: Jun 24, 2009
  5. benton4

    benton4 Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    158
    Location:
    Oregon
    Based on the way Prevx gathers and analyzes data, the competition first has to reach this class of product then they can compete.:D :D
     
  6. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    ... aaand the same goes here. :D :p
     
    Last edited: Jun 25, 2009
  7. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    You beat me to it... :D

    It seems you haven't read the official discussion-thread for MSE, or looked up information about it. Even here it's mentioned; Dynamic definitions. During short testing with a bunch of URLs of new malware by Matt Rizos (www.remove-malware.com), the Dynamic definitions would kick in on a threat that he was testing. It would ask that database what to do, or even create a definition right there, report back to his system what to do, and take care of the malware. If you want more information, I'm sure Microsoft is the way to go, and also that (lots of) articles are coming up. ;)

    Basic users probably won't have to bother with those dialogues as if malware occurs for them, it'll probably be in the definitions, or atleast be seen by more people than these new malware samples actually involve. Even if the basic user doesn't respond, they'll see the message, or ignore it - but will not be infected because the threat is always suspended. Then they might call for an experienced person to explain why nothing is happening with the thing they're trying to start. Still, no harm is done.
     
  8. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Or, maybe not.

    If I were Microsoft, I'd be advertising MSE in Bing.com. More and more users are using it. It would be a great way of advertsing it. (Just like Google advertises Chrome on their search engine.)

    And, looking at Prevx and MSE, well, one is paid and the other is free. A few tests show that, while still in beta, MSE already provides solid protection. This is what people want - free and solid protection. If there are free products offering a strong and solid protection, then why wouldn't they use them? Or, would they be using paid products? Maybe, if they're brainwashed to believe what is free sucks big time.

    I even would like to see MSE to be part of Windows 7, by default.

    Not to mention one other thing - When final release comes out, it will be available in every language Windows is. This, will make it stand ground. Not everyone in the world speaks english, or understands every sentence.

    To be honest, I hate to have applications in foreign languages in my system. If there's XYZ free application, that stands it's ground and is available in my native language, then I use it. As soon as it comes out, all my family will be using it, if Microsoft keeps pace with its evolution.

    As of now, their anti-malware solution is in our native language, but it lacks some quality.

    Please, don't see my post as something to be considered as bashing Prevx. On the contrary. There are great reviews for your product. But, between a great paid anti-malware product and a great (it seems to head that way) free anti-malware product, the latest would be the choice.

    Edit: MSE also has one advantage over Prevx, which is that it allows users to scan their systems offline. Prevx requires Internet connection. Without it, Prevx is as good as nothing. (Correct me if wrong, please.)
     
    Last edited: Jun 25, 2009
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Well I'll personally be sticking to using the Prevx free version and will combo it with MSE to see how 2 free apps get along with each other.
     
  11. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    On the other side of the coin, there'll be those users who know a bit more than the average Joe (not implying that PrevxHelp is average by the way! :D) and they may wish to stick with those security vendors who are more established even if it means paying for their services. That is not to discredit the seemingly good results of MSE so far, but to show that there is more than one group of users out there, and some of those will remain loyal to their software vendor of choice.
     
  12. dlimanov

    dlimanov Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    204
    I can't seem to get any real technical information on Dynamic Signatures, but in my test, MSE didn't catch some real 0-day threats via either signature-based engine or behavior one; Mamutu, that was on the machine at the same time, didn't catch it via the signature (as there wasn't one ANYWHERE), but identified potentially malicious behavior: trying to covertly download from the 'Net, hiding itself in Registry and few other tricks. So, I'm not sure how good MSE's behavior-based detection really is, time will tell.
    I also haven't seen a cloud-based detection mentioned anywhere. There's an ability to upload statistics, but it's not clear whether this gets entered into a cloud for future detection.
     
  13. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Yes, I get what you're saying. I've only seen a small fraction of it, and know that behavioral protection, preferably for me with white- and blacklists and not community based, are often superior in many ways for new malware. ;) I hope and am pretty sure that this type of cloud-based security - which they do call it themselves, seen somewhere on one of those links, don't remember exactly, but I think they were the ones calling it cloud-based - will certainly improve. It showed a positive side in Matt Rizos small review where it caught all I think, with Dynamic Signatures indeed being involved as I mentioned previously. :)
     
  14. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Could you elaborate on what you feel the benefits are of a non-community solution?
     
  15. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    If we begin with for example Mamutu, which is community-based, or COMODO's ThreatCast, those results are not based on what the developers say, but on the user's votes. This means that if new malware comes into someones system - say, an average Joe downloading some keygen for a game, and that keygen is infected, another average Joe comes along and downloads the same thing, the file has got allowed by the other user, this other user sees that statistic and goes like "okay, this doesn't seem to be bad" and allows it too.

    What I'm trying to say is, a community-based system can sometimes or often mislead the user that comes next, where in some cases some have allowed the action occuring, whatever it's, and some have not. The dilemma is "is this really safe or not". The other problem is, which I'm facing with Prevx - I download a new program, and it goes on it for being new, and seemingly not for what it actually does. I then get a prompt that this is bad. Now, I would know that this is an FP, and all the average users would probably, as you've said, not encounter these new things - but it gets annoying for me to get such a prompt when no harm is actually done by what I run anyway.

    That's where pure white- and blacklist based BB software comes in... Here, it doesn't care about how old, or how new something is. All it cares about is "what are you doing, right here, right now". Nothing bad? Okay, you can move on. If it indeed does something bad, which for example a new installation (version) of SpywareBlaster doesn't, it'll first check against its white- and blacklists. If it's found on one of them, it can even go forward and without interrupting or asking/prompting the user. If it's not included, it'll ask the user, but it'll still only be because it saw that something was doing bad things.

    It all comes down to that, if it's community-based, all users can sometimes make it go really bad for the one who comes next. If it's pure white- and blacklist based, only the company behind the software manage what should be allowed and what's not, and things that don't do bad things, are simply left alone and not a burden for the user to handle.
     
  16. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    @ raven211

    I entirely agree with you. Not only because of that, but also do to the following:

    1 - I download VLC Media Player.
    2 - I install it.
    3 - I make some rules to specify what I want to allow/block.
    4 - I blocked VLC Media Player from connecting to the Internet.
    5 - My option will be shared with others.
    6 - These other users, when seeing a prompt from VLC Media Player, will see that I blocked it from connecting to the Internet.
    7 - These other users, may have installed VLC Media Player, because someone told them it is a great media player.
    8 - These other users are like: "What the heck? Should I allow or block? Am I in danger if I allow it?"
    9 - Then, there could also be the chance that, so far, 15% of users allowed it and 85% blocked it from accessing the Internet.
    10 - Now, these other users (new users) will see that most people blocked it, so, something must be wrong with this application.
    11 - They will, either allow it, because they want it so, block it, because that's what most did, and then uninstall it, because it may be a dubious application, after all.

    I hate this community-based alerts. They mean nothing, and I highly doubt that a security vendor will be verifying each answer that is given by their users.
     
  17. PrevxWebDesigner

    PrevxWebDesigner Former Prevx Moderator

    Joined:
    Nov 13, 2008
    Posts:
    89
    You probably already know this, but I'd like to clarify that Prevx does not take into account any user "marking" of files. If one person lets a bad file through - this action is not replicated for the rest of the entire Prevx userbase - or it would simply be open to malware writer abuse.
     
  18. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Well, and I'm being a bit pedantic here, we don't actually say that it is bad - we say it violates your Age/Spread Criteria. You may want to try it again to see if the detection is any quieter for you now since the last time you've used it, but you can also always just disable Age/Spread and it will not affect the other detection engines at all :) (it runs entirely separately from the rest of the system).
     
  19. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Thank you, you probably understand that I like that answer. :D Don't get me wrong - I can see how Age/Spread criteria is just excellent against zero-day malware - it's no secret at all, we all know this as it's pure logic - but I like to think about using a pure behavior blocker, that the heuristics of yours in this case would do the job, which leads me to indeed disable the Age/Spread heuristics and count with the behavior heuristics kicking in when new malware sighted and improving as Prevx moves along, like they ofc should do - as this would save me lots of troubles, since, as you know by now, I'm always running and testing the newest software with betas included. ;)
     
  20. dlimanov

    dlimanov Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    204
    I'm pretty sure you're grossly oversimplifying the process. It would take much more then one, two or dozen of users to "allow" or "deny" particular process/application to have the "score" reflect it. Otherwise, people would get infected all the time, all because two retards allowed keygen they downloaded from cracks.am to modify their system config.
    Also, I think the "score" is analyzed by the program developer, so, in your case, based on prevalent "score" of 85% people allowing (or denying) VLC player to connect to the Internet, this will be a default action right out of the box. If you're in 15% minority, you can override this manually.
    White/blacklisting is a good idea, and I think it should be available as an option on top of whatever else the product offers.
     
  21. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    True - I oversimplified it. That doesn't mean - IMHO - that it can't be flawed or confusing for the user, depending on the case and also depending on the user ofc, and either if it can be or not, I still find it more effective and assuring with going the white- and blacklist way, as long as the developers of that type of approach do their job effectively.
     
  22. dlimanov

    dlimanov Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    204
    Came across these items that Prevx didn't detect during its scheduled scans, not sure why. These are relatively old viruses from my test collection.
    http://i40.tinypic.com/29ghn2o.png
     
  23. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Replied in the other thread but to clarify here - we don't detect files which are not threats to users (i.e. 20 year old DOS viruses :))
     
Thread Status:
Not open for further replies.