Prevx1 ABC Mode vs. Antispyware in Residence

I've added Prevx1 to my setup & removed my real time antispyware.

I'm using it in "ABC" mode because technically I fall into the preschool block arena.

I can be blindsided by a Comodo alert (change in cryptographic signatures, odd parent child relationships, OLE etc "which could be a sign of trojan activity"). And I know ultimately my system is as secure as its weakest link.

**What I'd like to ascertain is the added benefit of the application in this mode.**

How does it compare with traditional real time antispyware? Have I truly strengthened security? I have kept a layered approach--AV, AS & AT(the two latter on demand), MVPS Hosts.

Thanks in Advance!

 

Without a doubt
HIPS covers more areas than AS. PrevX ABC mode gives you a smart opinion in a particular file (if it´s in the PrevX database). Also, its heuristics always monitors the behavior of unknown files.

 

If you are using a reasonable quality general AV, it's probably less that you've truly strengthened security per se (it should be quite strong with a decent general AV) and more that you've significantly enhanced your backup protection.

As a simple test I've been running a couple of AV/Prevx1-ABC mode machines for a while. My experience is that this appears to be a quite stable configuration, about as extensive coverage as any user should ever require (one machine is my wife's online banking/bill paying/finance/etc. platform), not onerous with respect to machine load, easily managed, and very suited to a casual user desiring extensive protection.

Blue

 

I'm glad to hear your response, Lucas. Although I believe that Prevx1 ABC HIPS is off. Isn't the product essentially CIPS at all levels. Marketing on this one is over the top! In my gut, I don't feel less protected.

Blue, could you explain what you mean by not strengthening security but enhancing backup?

 

And maybe give us an indication of memory usage as well. I pm'd Notok about this but never heard back.

Thank you.

 

LaFemmeMichele,

Sure.

The decent top tier AV's are very good at handling almost everything that comes one's way in typical to moderate risk of exposure settings. Yes, there is always the possibility of some zero-day exposure, but one does need to use a bit of operational judgement in assessing the pragmatic risk at hand. For example, during the past 3 years I have sampled a large number of risky exposures either examining or validating whether links posted here at Wilders have the potential to expose readers of this site to malware. While the likelihood of someone posting an active malware link seems to be much less frequent these days, but there were periods when many of the sites that I visited did attempt to actively foist malware upon my PC. All of these events were flagged by the AV's I had in use at the time. Upon an effective off-line scan performed via booting from an alternate system drive, or manual inspection, or from a scan using an on-line scanner or an alternate product I've not uncovered one case of a missed piece of active malware. Occasionally some irrelevant or nonoperational residue was noted, but that's it. In other words, the current AV products are rather good at identifying malware and dealing with it. As detection rates reach close to 100%, the incremental steps become increasingly harder to achieve and you're not going above 100% anyway unless you consider false positives a good thing

However, I have experienced instances with other family member machines during which an AV update process failed for an extended period of time (1-2 weeks) and it was not noticed by the primary user. I've also seen an occasional crash of the AV that was also not noted by the user. In both instances, it would seem that some level of active backup in the event of unplanned and/or unnoticed failure of the primary security measures would be of use, as would a sharper set of eyes on the part of the user. Prevx can readily serve in the former type of role since it is compatible with the major AV offerings. There are other approaches as well, this one simply happens to be an easy one to implement and is the focus of the current thread.

I focused on the backup aspect since it would require failure of two distinct applications to leave you somewhat more exposed. Does it strengthen security? Well, yes, but really only in the context of your primary measure coming up short so that a secondary approach (i.e. backup) is needed. Overall, the two products cover very similar ground. In that sense there is a high level of duplication, again emphasizing the backup aspect of the coverage.

Sure, but to give you some idea that you shouldn't necessarily focus too heavily on the specific numbers, I'll quote what I see on two different systems:

System A - 3.0 GHz P4-HT, 3 GB RAM, under high load for ~ 5 days (commit charge of ~ 0.75 - 1.0 GB RAM): AV is Dr Web (drwebscd.exe (5.47 MB), spidernm.exe (14.6 MB), spidernt.exe (2 instances: 3.2, 2.8 MB). Usage for Prevx is as follows: PXAgent (32.4 MB)/PXConsole (14.4 MB)

System B - 2.8 GHz P4, 1 GB RAM, under moderate load for ~ 2 days (commit charge of ~ 0.35 - 0.45 GB RAM): AV is KAV WKS 5.0 (kav.exe (1.7 MB), kavsvc.exe (11.6 MB), klswd.exe (0.08 MB). Usage for Prevx is as follows: PXAgent (18.8 MB)/PXConsole (11.6 MB)

In the grand scheme of things, RAM usage is modest.

Blue