Prevx age/population heuristics - disappointment

Does Prevx implement proprietary encryption on top of standard encryption measures?
If the answer is Yes, please elaborate, when you have the time.
If the answer is No, please elaborate, when you have the time.


HKEY1952

 

Yes I can't elaborate much, of course, for privacy and internal reasons.

 

Okay, sort of my fault, I should have been more clear.
What I meant to ask was:
If Prevx uploads say an Excel Spreadsheet to scan in-the-cloud, is this communication encrypted?
Also, what reassurance does the client have that Prevx will not store the file/s?


HKEY1952

 

Prevx doesn't upload information about documents/images/non-executable files at all - the cloud protection focuses entirely on executables. You may see files being scanned locally in the scan dialog but that is just because we need to read the files to determine if they should be scanned/perform any local checks.

 

Okay, if an spreadsheet contains an Macro Virus, please explain step by step how Prevx will handle this.
I know this is an challenging question, but now is the time to convince me, and perhaps others.
I am not asking you to reveal trade secrets, or reveal inter workings, just explain on the surface the overall procedure.


HKEY1952

 

We don't focus on detecting macro viruses (being that Microsoft's measures to prevent them within Office have killed them) or other dead malware (i.e. DOS viruses) but we use local logic to detect them when needed that doesn't require a trip back to the cloud to scan.

 

The hilighted part does not make sense, please elaborate!


HKEY1952

 

Just because we are cloud AV doesn't mean we can't have local signatures/intelligence We scan for certain threats without using the cloud by using local logic (logic meaning signatures/checks/heuristics/etc.)

 

I see, so executables will be uploaded for scans and non-executables, images, and documents will be scanned with local logic. The uploaded executables will be encrypted during transit. Is all of this correct?


HKEY1952

 

Yes that is correct, except that very rarely do we actually upload the entire executable - uploading that much data is a big waste of bandwidth/resources so we resort to much more heuristic means via behavioral analysis locally (and then sending up those behaviors) or using our specialized signatures to identify files and the intent of files without needing the contents themselves.

 

Very interesting, my overall idea of the concept of Cloud Technology was wrong. For example, I always believed the entire executable was uploaded.
So most of the work is done locally and the Cloud only kicks in when needed or necessary, correct?
I am almost through hammering you


HKEY1952

 

Yes, a sizable amount of the work is done locally, but the real timeconsuming work is done in the cloud. Comparing against hundreds of millions of database entries locally is not a great way to spend the user's CPU time The other benefits of the cloud are that it is always up to date (no need to download signature updates), and that the intelligence gathered from the behaviors of other programs helps feed and improve the detection of new programs.

Keep 'em coming

 

But are the local signatures updated at all?


HKEY1952

 

Yes, but they are much, much less prevalent so updates are only required periodically (and come alongside the other cloud communications so the process is seamless). Most threats exist for less than 24 hours and that is where our benefits show as we're able to block new threats immediately as they start spreading rather than requiring the user to update and rescan.

 

Okay Sir, thank you for your time and patience, I commend you on your dedicated work here on the Wilders Security Forums.
I really learned quite an bit form our conversation, you almost have me convinced.
I believe I underestimated you.

I have to go and think now!

I look forward to having another conversation with you.....


HKEY1952

 

You're very welcome and thank you

 

Guess we can sleep now.