Prevx vs. COMODO IS - Keylogging

Discussion in 'other anti-malware software' started by raven211, Jun 22, 2010.

Thread Status:
Not open for further replies.
  1. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Lock this if it's not permitted to ask, but I've been wondering this for a long time.

    I want to use only CIS, but my fear for keyloggers has made me always run it in conjunction with Prevx cause of its SafeOnline. Referring to v4.1 (latest) of CIS, is it able to handle keyloggers on its own with (a; preferred) only its Sandbox or (b) Sandbox and D+ at the same time?


    Thanks
     
  2. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,066
    With both options a) and b) you will get a protection from keylogers using CIS, you can test it with zemana test for example.
    But the best and the natural way of comodo is use it with D+ and the sandbox active and the Proactive settings. You will notice that the poups of D+ have been reduce dramatically, maybe 8 or 9 after the first reboot, and then 0, 1 or 2 each time that you try to install a new app.
    Also they are going to increase the whitelist soon: https://www.wilderssecurity.com/showthread.php?t=275385

    I use comodo but also I use keyscrambler free, just to be sure :D http://www.qfxsoftware.com/ks-windows/which-keyscrambler.htm
    The impact in the computer performance of keyscrambler is inappreciable and as far as I understand is the best way to protect your computer from any kind of keylogger method.
     
    Last edited: Jun 22, 2010
  3. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    and here's some info about how Prevx SafeOnline keeps you safe online:

    the full Prevx SafeOnline can be downloaded for free..
    http://prevx.com/safebook.asp


    my reason for using prevx is its MITM protection aside from its antikeylogging protection it offers antiphishing/pharming method and protection against cookie stealing and browser process manipulation.

    Also this:

     
    Last edited: Jun 22, 2010
  4. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,066
    I have remembered now that there is a free product similar to safeonline.
    http://www.trusteer.com/node
    I have never use it, so I can't tell you nothing about it.

    Check this extension for firefox: https://www.eff.org/https-everywhere

    Also software like safeonline or trustport are useful when your computer is already infected, if your computer is clean they are not very useful, and the protection offered can be easily replaced by other software.
     
    Last edited: Jun 22, 2010
  5. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Looks like I'll be running both Prevx and CIS once again, CIS only having its sandbox enabled. Thanks for the answers so far.
     
  6. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,066
    I dont understand what is adding prevx online to your security.
     
  7. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I'm running PrevX SOL alongside CIS 4.1 on this particular box at the moment.How much (if any) additional protection Prevx offers in this scenario I'm not sure,but there's no discernable impact upon resources in doing so.
     
  8. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Have you read my post above?
    Are you concerned about the lack of malware removal of Prevx CSI FREE?
     
  9. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,066
    Yes, and as I said before you need to be infected make SafeOnline a bit useful.
    But if your computer is infected you will notice, and then you will clean it.

    DNS level hijack/Pharming: if you write google.com and the browser redirects you to givemeyourbankaccoount.com or any other website you will notice that you are infected without using SafeOnline.
    Antikeylogging: already covered by CIS and more amply. (keyscrambler)
    Phising: internet is plenty of free antiphishing filers as good as safeonline or even better. Every broswer has a phising filter.
    http://antivirus.about.com/od/freeantivirussoftware/tp/phishingfilter.htm
    Browser process manipulation: Covered by D+
    Cookie stealing: Covered by any broswer (Private broswing included in every broswer), even extensions of firefox. Also you have to be infected again so D+, an AV, a firewall, the sandbox wont allow this.
    https://addons.mozilla.org/es-ES/firefox/addon/722/
    https://addons.mozilla.org/es-ES/firefox/addon/2497/
    https://addons.mozilla.org/es-ES/firefox/addon/6623/
    https://addons.mozilla.org/es-ES/firefox/addon/14217/
    ...
     
    Last edited: Jun 22, 2010
  10. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    That's not the DNS level hijack that I'm talking about. Your example are just simple redirect and is more like phishing.
    This is pharming: http://www.youtube.com/watch?v=1d1tUefYn4U

    Although this threat is very unlikely to occur...
    I'm quite afraid of it and I have yet to find a program that can do what SafeOnline does.
     
    Last edited: Jun 22, 2010
  11. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,066
    Ok but this kind of DNS hijack have ever happened?, I mean somebody have been able to make this attack successfully? because is a security breach in the DNS server and not in your computer.
    Anyway your phising filter will protect you, you can check if the website have SSL or not (very easy to identify) and also is quite easy to notice the differences btw the fake and the real websites, they are never exactly the same.
    Maybe SafeOnline add something but I think that is quite paranoiac o_O
     
    Last edited: Jun 22, 2010
  12. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559
    If running full CIS, Prevx free doesn't really add much if anything. I would just do periodic scans using Hitman Pro or Malwarebytes (which everyone should probably do anyway). Then you have one less memory resident program running 24/7.
     
  13. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,066
    http://www.zdnet.com/blog/security/...tch-coming-details-at-black-hat-vegas-08/1460
    http://unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
    http://www.linuxjournal.com/content/understanding-kaminskys-dns-bug

    I have been reading about the DNS Spoofing and DNS Cache Poisoning and this have never happend in wild.
    This vulnerability was discovered Kaminsky 2 years ago and all the DNS servers have fix this issue so this can not be exploited nowadays.
    Anyway you can test if your DNS are vulnerable here:
    https://www.dns-oarc.net/oarc/services/dnsentropy

    So I if I am not wrong I think that this feature is quite useless.
     
  14. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    1. There's a version on Facebook which includes SafeOnline for free. 2. I also got a license for the whole program.


    I really hope you understood this and not just read a topic title.
     
  15. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,066
    Well then, prevx will help but safe online wont make any difference.
     
  16. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559
    Yes, I do understand this, but thanks for your concern. All free versions of Prevx, including safeonline are pretty worthless IMO. If you have a paid license, use it.
     
  17. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Oh yes?. How could I notice that an info stealer rootkit ¡s in my computer if my antivirus doesn't detect it?. I'm interested, this is an important point.
     
  18. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,066
    Could you tell me where I said that if you are infected with a ROOTKIT you will notice? I'm interested, this is an important point.
    You took the phrase out of context :p read it again.
     
  19. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Thanks for clearing that up. :D
     
  20. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Is this what I need to read again?:

    I'm still reading the same: Safe Online is not useful because if you are infected you will notice.

    If we are to measure the usefulness of a security product, we should take every kind of malware into account. Maybe you don't do online banking or shopping. I do, and so, a product that claims to protect you from hidden malware trying to steal your data is worth checking, at least for me.
     
  21. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,066
    I am going to try to make it more clear.
    I said :

    Due to the DNS hijack will redirect to any other site if you write google.com you will notice that you computer is infected because the broswer will redirect you every time to other webs. Is so dificult for you understand that?

    and when i said:
    I was referring to if you are using it with comodo (we are talking all the time about comodo+prevx safe online) the only security added by safeonline is the DNS hijack and in this case you will notice (as I explained before). In all the other cases you are already protected by comodo or your broswer.

    And as I said here: https://www.wilderssecurity.com/showpost.php?p=1699416&postcount=13
    The DNS protection of safeonline is completely useless.

    I found this that can be interesting for you: http://malwareresearchgroup.com/?page_id=2
    Check Trusteer Raport that is free and have the same useful features than safeonline
     
    Last edited: Jun 23, 2010
  22. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    It's very easy for me to undestand that. That's the reason why I've said absolutely nothing about this.

    First, you dismiss Safe Online because you say it's easy to know if your computer is infected and now you turn the guns towards the DNS protection, as if it was the only thing important about Safe Online.

    Well........having info stealers inside your computer is not a trivial thing. Even if you have Comodo or any other AV or suite installed, the risk is too big: losing a lot of money. If SO or any keylogger can help reducing that risk, they are worth it. I understand that they do nothing for you, but that doesn't mean that they are useless or that they don't add anything positive to Comodo or other apps.
     
  23. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,066
    Did you understand something?
    Could you tell me please how can help safeonline to my security if I already have installed comodo?
    Tell me a case with comodo and safeonline installed where safeonline will save me.
     
  24. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    If you don't correct me (I may be wrong, indeed), this is Comodo plan against keyloggers (from their site) : "Online depositors should protect their personal computers from malicious executable files, otherwise known as malware, by using top-quality firewall and antivirus software. Such software should prevent software such as keyloggers from installing itself in a computer."

    If the AV fails and the keylogger is able to install itself in your computer, dedicated anti-keyloggers claim to offer more protection to what happens inside the browser (bank transactions, for example) than that supplied by AVs. You believe that Comodo is enough because it pass the Zemana test. I don't believe that's enough. This has been released today, maybe you already know about it:

    https://www.wilderssecurity.com/showpost.php?p=1699873&postcount=1
     
  25. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,066
    Ok, so I see that you dont understand how Comodo works.
    If the malware is not detected by the AV will be executed inside the sandbox, so will not infect your computer.
    If the malware is not detected by the AV and you force it to run out of the sandbox once the malware tries to modify somehow the broswer process D+ will alert and block this, if the malware tries to capture your keystrokes D+ will block it...

    I have already seen this comparative, I fact I post it before for you: https://www.wilderssecurity.com/showpost.php?p=1699913&postcount=21
     
Loading...
Thread Status:
Not open for further replies.