Prevx age/population heuristics - disappointment

I've found the issue! The age/popularity protection is limited to certain areas to prevent false positives and to define which area we will apply the age/popularity protection to, we use a specific type of signature however this isn't working properly for some builds of Reader and apparently for the Foxit PDF reader as well.

We will need to issue a software update to correct this but this will definitely correct the problem and is the reason why you aren't getting the age/popularity detections.

Thank you for your patience with this and your testing We are moving slowly towards the next release but in the meantime I will send you over a new test version within the next couple days which will correct this issue so you can double check that everything is then working properly.

 

Hi!

Glad to hear that the issue has been found! I'm happy I could help and I'm looking forward to seeing the next version.

 

One more comment: is my case 3 (see post #1) explained by the same thing?
It is not pdf-exploit. (PM sent)

 

Could you give me some details on exactly how you tested the infection? It's hard to tell from the mini-Process Explorer window

 

Just executed from explorer address bar. (I tried other executables: same results )

 

Hmm... could you send me one of these files? There are other factors involved with the age/spread detection but they should be flagged from that

 

See PM

 

We've had this file as a known bad since December 2008. Age/Popularity shouldn't even have to come into play - it has been blocked in realtime on 916 PCs since then .

Executing it here, it is blocked immediately as "High Risk Cloaked Malware".

This may be a realtime protection incompatibility in the VM you have if the on-demand scan is picking these up. Would you be willing to have me remotely check in the VM to see what might be wrong? (See PM )

 

You took the words, right out of my mouth... hallelujah

 

Great post Page42. One of the funniest I've read.

HKEY, I understand there are forums where a developer/sponsor is always on the scene to mop up any spill. Some people can feel that is was their fault to begin with and not the product's.

But I have to agree that we're fortunate developers such as prevxhelp (Ilya, Stefan etc) spend their time (most likely free time) stopping by and helping users out. The alternative is users asking many questions without an answer and going around in circles.

Yes prevxhelp doesn't always have the answer and there will be faults with the program prevx from time to time (just like any program). But you have to give the company and support staff credit for all the effort they're putting in to resolve a problem and answer our questions.

 

When Microsoft releases Microsoft Windows 7 third party security vendors will start to be phased out so none of this really matters any way.
Security vendors have been warned to find another source of income with the release of the scaled back Microsoft Windows Vista.
When the 64 bit computing architecture is fully implemented there will no longer exist third party security venders as we know them today.


HKEY1952

 

Wow, really? I didnt know that.

I will tell some of the CEOs I know later today. They need to know this ASAP.

Puss

 

Yes! Really!
Microsoft has the right to protect their own Operating System and are going to do just that starting with the release of Microsoft Windows 7.
Just look at the shock wave Microsoft Security Essentials sent out. Some of the major security vendors are still crying.

So, having the following, what more does one need for security, or what third party security software is really needed?

01)- Firewall Router
02)- Microsoft Windows 7 with improved Limited User Account
03)- Microsoft Windows 7 with improved two way Firewall
04)- Microsoft Security Essentials free Antivirus and Antispyware
05)- Microsoft Internet Explorer 8 with improved security, Ad Blocking, Phishing Filter, and In Private Browsing
06)- Optional Open DNS Account

Answer = None


HKEY1952

 

I agree with you for the most part. I made a post here a few weeks back about MSE. The pathetic comments from some vendors about it being no good etc were an indication that they were worried. I have tested MSE and it is good and is all the average user needs. I would imagine the consumer AM market will be hit as a result of MSE and the other features of Win 7. a minority will use spacalised stuff (Wilders members etc), but there will still be the enterprise / busines market.

I test malware daily and can say that in my extensive testing, Prevx is the best at catching new threats and overall is only matched bt A2 in terms of overall detection. I think Vendors are going to have to look to new technology like Prevx to have an edge over MSE (because right now, none of them have anything to better it)

There are many environments, markets, situations, where MSE / traditional AMs are not well suited. There will always be a market for innovatibe 3rd party AMs and security apps.

I think MSE is good in that it will wipe out most of the also ran type AM / security products - as well as most of the snake oil AS/AT apps and leave the truly innovative products.

Time will tell.

Puss

 

true Puss, but the market will get smaller. Just the 2 in my sig, err, MSE and Sandboxie, are basically freebies and in reality provide you with plenty of security. There are others for different purposes to supplement them but the reality is, the day of the $50.00 + suite, will soon be history.

 

No offense trjam, but we all know you use different AV's so you should probably mention what the "two in your sig" are in your posts since soon they will be different.

 

thanks dude, as AppGuard is starting to look good after the write up kees did.

 

That seems a bit unlikely seeing as many vendors have created or are creating versions that work with Windows 7.

 

I do think as time goes by, it will be harder to market a product due to Microsoft feeling like they need to fill the gap. It is just the way it is.

 

Microsoft isn't new the AV field and I think they are only beneficial - especially with their malware removal tool distributed via Windows Update.

Will they single-handedly kill off the entire AV/security software industry: not at all, unless they prevent users from installing software or viewing/modifying/deleting files (granted, they could do that very swiftly with a bugged update patch )

 

I didnt say the whole market, but a good free AV will take its hits on some. The question is, no one knows, including Mr. Gates, the new ways malware will evolve. Thus a gap will always need to be filled.

 

I agree (and the whole market inference wasn't directed towards you - rather, a certain other post in this thread )

 

I agree, Microsoft will not single-handedly kill off the entire Antivirus/Security Software industry, however,
when the tide rolls back only the most innovative security companies will remain, and that is good news for some home consumers, no more snake oil and BS security programs.
Only the security programs that are truly innovative and actually secure systems against Internet threats will remain, sort of like survival of the fittest.
Sadly, the surviving security companies and their tools will not be needed by the home consumer. Security companies will profit more from the enterprise sector.
There will still be some profit from the home consumer market because not everyone is going to go all Microsoft with their security setup.

Now, the only problem that remains is the security issue of the Cloud Technology, not the vender, not the program, but the Cloud Technology itself.
There must be an more secure way to transmit client data over the World Wide Web other than the way it is currently implemented. Perhaps over an Separate Network.
Each vender can have their own private encryption and globally share an Special Network that is segregated from the World Wide Web mainstream.


HKEY1952

 

Well, you know the old saying, only time will tell.

 

Just a clarification - are you referring to the security of data used by in-the-cloud applications like Amazon's EC2 and Google Docs/etc. or in-the-cloud security vendors? From what I've seen, all of the independent security vendors using the cloud for security purposes all use proprietary encryption on top of standard encryption measures.

However, if you're referring to corporations storing documents online with Google Docs or similar services, I agree - I honestly hope corporations do not move to storing data in the cloud... they can't secure user data when housed within their own networks, let alone by a third party