Prevx needed with process guard?

Discussion in 'other anti-malware software' started by Matt_Smi, May 6, 2005.

Thread Status:
Not open for further replies.
  1. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    I was wondering if Prevx (free) is needed if you have process guard? I am probably going to buy process guard this summer and I understand these two programs do similar things. I really plan to have no more than 5 security programs running real time (AV,AT, firewall, PG, RD) so if it is un-necessary I would rather not add it. I guess what I am asking is does it protect any areas that PG does not? Also what is the deal with un-hackme? I am unfamiliar with what it does, is it free? Just another program I was thinking of adding, thanks.
     
  2. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    ProcessGuard and Prevx Home have the same goal but use different techniques.

    ProcessGuard protects your system from unauthorized program execution as well as installation of rootkits and programs like keyloggers. It does this by trapping programs before they have a chance to execute and ask you, the user, whether you want to give it permission. You have a chance to allow always (your safe programs), allow once (those programs you would like to monitor - e.g. I watch rundll.exe), and deny once or always.

    A very good companion to ProcessGuard, I believe, is RegDefend which protects the registry in the same way ProcessGuard protects your system from program executions. It is a very simple program to install and provides excellent protection.

    Prevx Home guards your system from different types of events - e.g. modification of system or program files, as well as registry modifications. It is more "talkative" than ProcessGuard or RegDefend, because there are more alerts generated by Prevx Home event monitoring, but you can tune the software to your liking.

    My own feelings about Prevx Home are very mixed. When I originally installed Prevx Home several months ago, it caused havoc with my registry and I had to do a complete re-install (it is good to have an image copy of your system - I use Image For DOS). I installed it a few weeks ago with no problems, but you should look on their forum since other users still seem to be having some problems with it. I never got the Prevx Pro version working on my machine (there is some conflict somewhere), and when I tried to uninstall it, it left some remnants on my system which I was never able to get rid of via normal means. There was this "ghost" pop-up that kept appearing and disappearing on start-up and I had no idea what it was or what it was doing. Eventually, I did an image restore to clean my system.

    There is a detailed discussion of my thoughts on Prevx Home here:

    https://www.wilderssecurity.com/showthread.php?t=76359&highlight=prevx

    so you might want to look this thread over and draw your own conclusions.

    UnHackMe is a program designed to inspect your system every so minutes looking for possible rootkits. Others may have some details about its actual architecture. It is probably redundent with ProcessGuard, (after the PG is installed on a clean system), but I like Greatis - so I purchased the product.

    Right now, I protect my system with KAV 4.5, ProcessGuard, RegDefend, ZA Pro, UnHackMe, Ewido running in real-time and various on-demand programs, e.g. Ad-ware. This, I feel this is a very strong defense, with some backup redundancy that is much more than adequate.

    Let me know what you choose and how things go.

    Hope this helps,
    Rich
     
    Last edited: May 6, 2005
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    I am currently using Process Guard and Regdefend, but I also use Prevx 2005. It does have a few querks, and slow thing down in a couple of places, but I do like the over lap it provides, and if I leave things alone, it is working fine. I am looking forward to their next version.

    Pete
     
  4. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    Forgot about this thread, thanks for sharing your detailed feelings about Prevx rich, it sounds like with PG plus RegDefend (another program I was to add to my setup soon) that Prevx just provides unnecessary overlap and uses more resources, also un-easing to hear that it caused a bunch of trouble on your system. As for UnHackMe, its sounds like a good program, but like you said if PG blocks the install of rootkits in the first place than having another program that does the same is not needed IMO.
     
  5. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    As to the troubles PrevX caused for Rich, it caused none for mine (in installed the Pro version). But things like Safe-n-Sec did me troubles (my comp froze on reboot- found out its a conflict with ZA) -but SnS did not cause troubles for others. I think it comes down to what applications you have on your computer, so you are best off to test them first.

    PrevX and RegDefend work in a similar way from what I can tell (prevX doesn't tell you exactly when it intercepts reg changes, but fairly sure it's at kernel level, just like regdefend.). Also can't find a comparison between how much of the registry is covered (can anyone out there help?). PrevX does cover more of your system than Regdefend, but it also puts a heavier workload on your comp.

    Having said that, I currently run ZA, PrevX Pro, MS Anti-spyware, TrojanHunter, PG, and NAV with no performance issues on my comp (I can play MMORPG's with no lag), and I'm only running a AMD 2.8GHz machine (I just did a reformat, and it's certainly working much smoother now)
     
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I've not had any problems with Prevx, and don't often hear of many other people having problems, but there will always be some people that have problems with any application. The likelihood of encountering problems does rise as you install and uninstall more apps, though, especially those that use drivers (including most security software.) You can, however, reduce the chances by using something like Total Uninstall

    The current version of Prevx doesn't cover much of the registry, mainly just startup areas. Prevx' main focus is on the file system, alerting you to anything trying to make changes to the Program Files and Windows directories. It will also alert you to anything trying to start from the temp directories or browser cache, trying to modify Internet Explorer, and some buffer overflows (nothing can stop all buffer overflows, not even XP SP2 w/ hardware support.) There is actually very little overlap with Prevx, RegDefend, and ProcessGuard, and you can always disable the settings in Prevx that do overlap (7 out of over 70 settings, 6 of those are the registry protection.) I consider the 3 together to be an unbeatable combination :)
     
  7. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Notok et al,

    While there may not be technical overlaps between the three programs, there are logical overlaps, if the goal is to stop unauthorized progrmams from executing. So, when I had all three running on my machine, the sequence would often be: 1) Alert from ProcessGuard, followed by 2) Alert from either RegDefend and/or Prevx

    or

    1) Alert from RegDefend followed alert from ProcessGuard

    when system files were being modified, I would get alerts only from Prevx if and only if I had allowed a program to execute - e.g. KAV 5.0 with ADS.

    So, from my experiences there was always "logical overlap" (i.e, PG, Prevx, and RegDefend were alerting on a given program execution at a different temporal times). I feel that this is O.K, since if I accidently allowed a program to execute, RegDefend or Prevx would catch it either when accessing a registry (RegDefend was terrific at this) or accessing the program and system files (Prevx's forte).

    Of course, I might add, that all of these alerts never had anything to do with malware. KAV catches everything before it gets started. At least so far. Knock on wood. ;)

    Rich
     
  8. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Thanks for the info Notok. Have been tossing up whether or not to get Reg Defend....still am, but every bit of info helps :)
     
  9. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    I myself go on the Layer Defence Outlook on Security and I have no problems with any of my Security Software they get along Quite good!!


    HTH

    Cheers:D
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    Actually Process Guard,Regdefend, and Prevx compliment each other nicely. On registry items, Regdefend is always first on the scene with Prevx right behind. On file protection, PG can't be beat for preventing stuff to run. What Prevx does is hollar when something tries to install exe's and dll's anywhere. So on the non registry items you have 3 layers. 1) Prevx warning on the install. 2) PG warning on the exe execution, and 3) PG blocking services, hooks, etc.

    Neat
     
  11. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    There is some "logical" overlap, but still not that much, each will handle types of threats that the other will not. PG, for example, won't do anything about scripts, mobile code, some worms (or at least the worms warhead), home-page hijackers, activex components, etc, where Prevx will. Not all of those kinds of threats make registry changes, either, but a good registry guard can go a long way towards preventing infection that may slip past you with the other programs. A registry monitor can also be very handy if you install a lot of software and want to keep it from doing things like running at start-up.

    Even if you don't go with RegDefend, I would still recommend a registry monitor of some sort. MJ's Registry Watcher & WinPatrol are a couple good freebies, but there are others. I personally use RegRun because I was using it before RegDefend existed, and keep it because it does a lot more as well. I like using a registry monitor, that watches the registry for changes rather than intercepting attempts, along with the limited registry protection offered by Prevx. The extended registry protection offered by RegRun is, for me, better handled by a registry poller that reports a max of once per min, rather than as soon as the attempt is made. When installing programs, I like having RegRun show me all the changes at once, rather than one at a time. That's what works for me, there are advantages to both. Prevx also promises to have a full fledged registry monitor in the next version, with customizable entries.
     
    Last edited: May 13, 2005
  12. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Notok,

    What I was aiming to say - and doing it very poorly - is that it would be difficult to create a scenario where some malware could get past both ProcessGuard and RegDefend and cause some permanent problem on a machine.

    I asked this question previously, and these are some of the thoughts on the matter:

    https://www.wilderssecurity.com/showthread.php?t=76978&highlight=ProcessGuard

    So, it would appear, that if one's goal is to stop malware from a system, the best defense would be to stop primary execution with ProcessGuard and Registry changes using a good registry protector (I prefer proactive protection) a la RegDefend:

    https://www.wilderssecurity.com/showthread.php?t=79803&highlight=ProcessGuard

    Both of the applications would then stand behind KAV, acting as a strong shield against any malware that might get past KAV (I also have Wormguard, Ewido, but I consider them luxuries that I had already paid for).

    This setup appears to me more than enough from a theoretical point of view as well as a practicial point of view.

    So if the question is whether Prevx is needed with PG, then my answer would be Yes, if there is no other Registry monitor on the system, but instead of Preevx, I would recommend RegDefend as a product that better seals the registry at this time.

    From a practical point of view, during the time I was using Prevx Home, I found myself very often disabling Prevx since it seems to be the most "talkative" of the group of proactive programs. It was no big deal to turn off Prevx since I always had RegDefend and PG running which I considered sufficient.

    Rich
     
  13. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Yes, richrf, I understand. You are addressing one part of the question (do you need Prevx w/ PG and RD), where I'm addressing the other (does Prevx cover things that PG and RD do not.) Prevx does indeed cover things that the other two do not, as to whether it's needed, I'll leave that up to individual choice.
     
  14. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Notok,

    Yep, it is what ever makes someone feel comfortable with their state of security. The usual sequence of events on my computer was:

    1) PG alert (I would usually give Permit Once permission)
    2) RegDefend alert (this may happen more than once on a given execution depending on how may times the registry was being updated)
    3) Prevx Home alert (this would happen many times depending how many times the registry and file folders were being accessed)

    It certainly was comforting knowing that there were so many barriers. :) But honestly, I don't think it would be something I would recommend to a friend, unless they were absorbed in the game as I was. ;) Especially since any malicious piece of malware I have come across has been blocked Kaspersky (and this will probably be even more so when 6.0 becomes available.

    So my short answer is that of extremely good protection with a minimum amount of "noise" on a system, probably one excellent AV and possibly one excellent AT is enough. For those who feel that they want some additional layering (over and above the AV/AT) combination, then probably an additional on-demand AV/AT is good enough - even one of the online AVs (I have a particular fondness for either Kaspersky's or BitDefender's online AV at the moment).

    Now, for those who are not particularly good about safe hex, or just want an additional real-time monitoring, I think ProcessGuard is a great addition with a minimum amount of additional "noise", though the additional noise may require a little getting use to. Beyond, this then RegDefend plugs an additional hole. This is already becoming a tremendous shield.

    To go beyond this (e.g. monitor system and program file changes), the Prevx does do this with lots of additional noise (it was the only real-time monitor that I was constantly turning off), but if one is interested in observing how programs behave, Prevx's alerts certainly created an interesting paper-trail.

    And then, for those who are doing it more like a way to spend time (as I do), then there are a whole host of real-time and on-demand programs to play around with. Some are great to get to know in case there is ever a real problem (I use almost all of these tools to clean a computer), but in the normal course of events, they are rarely needed and I am not sure it is worth the time and effort.

    That's basically what I am recommending to friends nowadays. Most do not have the inclination to go beyond Step One (excellent AV), but if they were interested, this is the path I would recommend.

    Cya around,
    Rich
     
  15. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    I get about the same amount of noise from PrevX as I get from PG.

    The only difference is that one event (eg updated an AV) can create multiple popups in PrevX...but once you've learned how to add rules for such things, PrevX creates almost no noise at all (except for new program installations, which every one of these programs creates noise for if you keep them running).

    Basically, neither PrevX nor PG create much noise at all on my comp....errr...hmmm...I think the rules ability is only available in the PrevX Pro version, so probably is quite a pain for the free home version.
     
  16. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Vikorr,

    I never was able to try out the Pro version, so thanks for the added info.

    I do remember usually getting one or two pop-ups for PG (the most usually came during an MS Windows XP update), maybe about the same or a bit more with RegDefend, and a ton with Prevx Home depending upon how many times a given folder was being accessed. Most of the time, I would shut down Prevx when doing a "safe" install or update and then it would be relatively quiet most of the other times. But my experiences was it was a lot more talkative than the other software but I am sure there are ways to cut it down using the methods you have indicated. I was not aware of them.

    Rich
     
  17. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Welcome.

    Had never thought of how much noise the free version would create without the ability to create rules.
     
Loading...
Similar Threads
  1. koliko
    Replies:
    19
    Views:
    1,068
Thread Status:
Not open for further replies.