Prevx Home calling home

Discussion in 'other anti-trojan software' started by richrf, Apr 20, 2005.

Thread Status:
Not open for further replies.
  1. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi all,

    It seems like Prevx Home is connecting to its home server about every 15 minutes or so. Has anyone analyzed the packets to see what information Prevx is sending on such a frequent basis. It seems excessive - as well as annoying. There doesn't seem to be any way to turn this off in the Home version and I cannot get the Pro Trial to work on my system (maybe because of ProcessGuard). Any ideas? I've uninstalled Prevx Home until I undestand this issue a bit better. Thanks.

    Rich
     
  2. Arup

    Arup Guest

    PrevX Home send port activity messages to their database, this is to facilitate their research and devise a IPS which can tackcke newer and future worms and Trojans, this is already declared in their statement on their website.
     
  3. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Arup,

    Thanks for the reply and info. Does this mean that they are monitoring which ports are being used by which programs on my system - even if no trojan or other type of malware is active? Also, have you actually looked at the messages. Thanks again for your help.

    Rich
     
  4. downtime

    downtime Guest

    Why not just block it with your firewall? I don't think you have to let it call home everytime, only as often as you like.
     
  5. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    It goes a little crazy with the firewall blocking it. It starts trying to call home every second or more. Frankly, Prevx is quite expendable with ProcessGuard and RegDefend on my machine, so I'll just take it off.

    Rich
     
  6. Arup

    Arup Guest

    Process Guard is good enough, but PrevX is like an IPS so they kind of compliment each other quite well, the information taken by Prevx is in no way sensitive, just related to Prevx and ports, no other data is taken.
     
  7. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Arup,

    Sensitive enough for me. I can't believe I installed some anti-spyware that was actually spying on me. For now on, I am sticking with products that are supported on Wilders like the DiamondCS and Ghost Security software. Can't trust anyone anymore.

    Thanks for the help Arup.

    Rich
     
  8. Rich....Just set Process Guard to deny always Pxagent.exe.
    Prevx works fine ....and I get no FW alerts now.
     
  9. OOOPS ....I meant pxl1.exe.....Sorry
     
  10. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    Thanks for the info.

    Rich
     
  11. Arup

    Arup Guest

    richrf,

    Prevx indicates this privacy issue explicitly on their web site for Prevx Home.
     
  12. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Arup,

    This is what I read:

    "Prevx Home anonymously and automatically sends us threat data each time an attack is made on your PC."

    This is decidely _not_ what Prevx is doing. It is sending messages every 15 minutes. I have no idea what type of information Prevx Home is collecting and who else is seeing the information. I have been told on their own forum that Prevx is selling the information. But I don't know for sure. All I know is that they are monitoring my habits and collecting information. That sounds like spyware to me. Others can make their own decisions. As for me, I am trying to install programs to protect me from this kind of behavior.

    Thanks again for the follow-up.

    Rich
     
  13. AShaR

    AShaR Registered Member

    Joined:
    Jul 31, 2002
    Posts:
    91
    Well maybe there's wisdom in that old saying "There's no such thing as a free lunch". ;)

    It's on my pc but I don't like the idea that they are selling information either. You can't really complain about any product you don't pay for though so I guess it's just down to each individual how comfortable they are with the monitoring business.
     
  14. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi AShar,

    I agree. But what I do feel bad about, is that I was recommending Prevx Home based upon their misleading claims. Who knows how many people (such as myself) placed this product on their system, believing that they only report "attacks". Now I find out that they are calling out all the time (almost literally) and are scanning my port usuage (whatever that means).

    This is more than just a breach of trust by a spyware maker, this is a breach of trust by a "trusted" source. For me, the question is, who can I really trust to have access to my system? DiamondsCS? I hope so. Ghost Security? Ditto. Greatis? I would like to purchase UnHackMe, and it doesn't look like they are calling out like Prevx does. But this certainly puts me on the alert.

    Rich
     
  15. Arup

    Arup Guest

    I agree, Zone Alarm too had started doing this phone home thing, takes the trust out of an app we are supposed to put our faith in.
     
  16. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Attached is what you see when you disable the reporting function in the Pro version. You can also go to the Prevx website, click FAQ (frequently asked questions), and read: "Q. Why does Prevx software ‘phone home’? Why is it sending data, what data is it, and where is it going?" (http://www.prevx.com/prevxhomefaqs.asp#q5) for more details. Check out the PDF, too, it gives a lot of specific details. Also, when you go to the download page for Prevx home, the bulk of the information on the page about Prevx is:
    So I don't understand how one's trust could be broken here, it's not like they made this info hard to find or understand.

    Prevx is not, however, network aware yet. The next version is rumored to have a firewall. Maybe it'll collect that kind of data then (if it's even available in the free version), but right now Prevx is just a high level file system filter driver.. it only handles access to certain areas of files on your harddrive. The closest it gets to being internet aware is detecting a file executing from your IE cache or temp directory. I think people just get confused by the table on the homepage that states that Prevx protects against backdoors and IE vulnerabilities- it handles those things indirectly, the same way your registry monitor prevents infection from the same things (the next version is supposed to have that, too.)
     

    Attached Files:

  17. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    In the Pro version you can also click the "PAWS" button on the console to see some of how the data is aggregated. Here's a screenshot of today's most malicious threats detected...
     

    Attached Files:

  18. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Notok,

    You are entirely correct that in their faq they make it perfectly clear that they are compiling and selling statistical information to commerical third-parties for a subscription fee. This is much clearer than their home page, where they only talk only about reporting "attacks" (there are no attacks on my system).

    I'm glad that Kaspersky is coming out with similar protection in their version 6.0. As a user of KAV, I will be considerably more comfortable with KAV on my machine than with Prevx.

    Rich
     
  19. pIMp

    pIMp Registered Member

    Joined:
    Nov 7, 2004
    Posts:
    13

    Hehe ofcourse it 'watches' all programs - if it would just watch known trojans and malware then they wouldn't be very good against 0-day and not much better then every virus scanner eh? :) What would be the point of watching behaviour of trojans/malware which are already known?
    They watch all programs in order to recognize new malware/trojans via their behaviour - thats what behaviour based IPS are doing. Send them to a central database ofcourse makes sense in order to get a more 'global' picture and to compare and sure, to pre-warn 'paying customers' when new, 0day treats seems to emerge.

    Btw., you can sniff all traffic they sent in case you're interested.

    Regarding ports - as Notok stated, Prevx is not network aware - it does not monitor any ports - it monitors areas protected by prevx security settings (Filesystem and registry) and which are violated by 'programs', whether they are known or unknown.

    just my 2 cents..

    The pIMp
     
  20. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    Thanks for your comments and additional information.

    While Prevx's software and company may require continual 15 minute updates (or so) of my system's behavior in order to improve their product, I am glad that KAV, NOLD32, ProcessGuard, RegDefend, an Ewido do not. I am also glad that none of the other products that I use (even the free ones) do not collect and sell this information related to my system's behavior to third parties.

    Usually, companies and software that collect information about user's systems and sell it to third-parties are called spyware. I guess, because Prevx puts this information in a faq and says that it is "helpful" to their efforts (most spyware companies would also affirm that collecting data about users is helpful to their efforts), it is instead called __________ (fill in the blank). I think that this piece of software is quacking, so I'll just call it a duck.

    Rich
     
  21. pIMp

    pIMp Registered Member

    Joined:
    Nov 7, 2004
    Posts:
    13
    Filled in blanks: _One__of__the__best__free__IPS_
    IMHO - ;)

    Seriously, I think everyone needs to decide whether one feels comfortable or not. I personally do, they got audited about that (which report you can request and read), I sniffed their traffic and they dont hide anything and Im very happy with helping other, not so experienced users to make their choice to a prevx queries by reporting my alerts and decisions.
    The other option is Prevx Pro where you simply can turn it off.

    pIMp
     
  22. AShaR

    AShaR Registered Member

    Joined:
    Jul 31, 2002
    Posts:
    91
    rich, if you have got ProcessGuard and Regdefend along with other paid products then I think you can do without PrevX anyway. At the moment I can't afford to pay for the full version of PG although it is high on my list of priorities. Until then, PrevX is providing me a decent additional layer of IP security. I can live with them compiling data and selling it on although I would prefer they didn't , it goes without saying. My main concern has always been that my personal informatrion is safe, like passwords, files etc from malicious attacks. If PrevX can help secure my pc against this type of threat that is my priority rather than the collective data they gather from users around the globe.

    If I was in your position of having PG and Regdefend full versions I don't think I would have installed PrevX anyway. For free though, it does seem to be a great piece of software of it's type and I guess there will be other people like me who will give up a certain amount of privacy for the extra protection we get without costing an arm and a leg.
     
  23. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi all,

    I totally agree that each person should decide for themselves. The real surprise for me was to learn that they are sniffing constantly and sending out data every 15 minutes. This is definitely not made clear on their home page and is only alluded to in their faq. It talks only about sending information back concerning "attacks". Clearly, much more is being transmitted back since there are zero attacks on my machine. No doubt all of this sniffing and sending adds to the sense that Prevx is "heavy on a system" - because it really is.

    I also agree it is a very good program for what it does. ProcessGuard acts as a first line defense and stops any program from executing that I may think is suspect. But suppose I inadvertently give permission, well RegDefend will block the registry access and Prevx blocks the file access. Sort of giving me a second chance at "life". I read all of the messages and it helps me really control what is added to my system. I like this two lines of defenses, and I was going to purchase a Prevx license whether I used the Home or Pro verson because I like to support companies that are protecting computers in general. The less chance malware has to propogate, the better it is for all of us. (I just purchased a license for UnHackMe though it is probably redundant with PG).

    But, in the case of Prevx, I think they are walking a very thin line between "spying" and protecting. But users should decide for themselves - as long as they have all of the information available to them to make a decision. I wonder how many users remove Prevx Home (or never put it on) when they realize _all_ that Prevx is doing.

    Thanks a lot guys for sharing with me your experiences and opinions. Let me know if you come across any good software. I am always here to support vendors that help keep my system (and my life) clean. :)

    Cya,
    Rich
     
  24. AShaR

    AShaR Registered Member

    Joined:
    Jul 31, 2002
    Posts:
    91
    Well it depends really on what "Prevx is doing". I have been hit by a virus in the past which wiped out my system despite the fact I had protection at the time from one of the leading corporate AV's, Sophos, which was - and still is a leader in it's field. Updates were sent out on a monthly cd at the time and I got zapped because being a month behind wasn't good enough. As a result, these are the kind of threats I worry about. I weigh protection value higher than anything else and at the moment I am more concerned that I have a tight defence against malware than software phoning home for commercial purposes.
     
  25. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    Yes, I understand. In my case, I believe the combination of KAV 4.5 (which is updated hourly), ProcessGuard (which protects against dll injections, rootkits, keyloggers, and installation of services), and RegDefend (which guards the registry), and UnHackMe (which detects keyloggers and rootkits) is a very tough defense to penetrate - especially if continue to be a well-behaved surfer. Prevx, for me is an added layer, but probably not necessary - a backup if a make a mistake. Personally, given what I have (which is designed to protect me from programs like Prevx), I would rather do without Prevx. KAV 6.0 will shortly give me an equivalent, and I will wait.

    For those who cannot afford to purchase ProcessGuard and RegDefend, Prevx is clearly an alternative - albeit a rather clumsy one in my view. Trading one kind of spyware for another. There probably are lots of spyware out there that are actually less intrusive than Prevx - only they are not hiding under the cover of being "security software". Do you realize how many companies would love to be collecting information about my habits (even anonymously) every 15 minutes in real-time? They are probably lining up right now at my port address. :) And I am sure they would all thank me for "helping them out".

    I think all points are valid, and I am glad that this issue is being fully discussed for all forum members to share.

    Rich
     
    Last edited: Apr 21, 2005
Thread Status:
Not open for further replies.