Prevx1 - Is it enough?

Discussion in 'other anti-malware software' started by dja2k, Sep 30, 2006.

Thread Status:
Not open for further replies.
  1. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Is prevx1 enough to cover what others like ProcessGuard or System Safety Monitor cover? Is there an advantage to add PG or SSM to Prevx1? Some people us both PG and SSM, isn't that an overkill? Could someone add PG and SSM to Prevx1 lineup? What other info about this can anyone provide?

    dja2k
     
    Last edited: Oct 1, 2006
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's what I like to know too. I have already the best method for removal of malwares, now I have to find a solution to stop the execution of malwares.
    Possibilities are :
    1. Prevx1 and/or
    2. Online Armor and/or
    3. System Safety Monitor and/or
    4. Anti-Executable
    5. ... who knows.
    I can't use ProcessGuard, because it doesn't like FirstDefense-ISR.
    Which one or which combination is able to stop most malwares of doing their evil job and is suitable for less-knowledgeable users ?
     
  3. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Yeah I know that we can't use ProcessGuard when using FD-ISR. I am leaning towards installing System Safety Monitor at the moment, but not sure.

    Prevx1 and Online Armor are not enough for certain type of attacks in my view according to some leaktests.

    I still don't really know if SSM is better than APPDEFEND part of GSS with REGDEFEND.

    I am sure that soime of the new firewalls have some type of HIPS, but all new firewalls are giving me BSOD errors and Look'n'Stop has never giving me any errors.

    dja2k
     
    Last edited: Oct 1, 2006
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Are SSM, APPDEFEND, REGDEFEND userfriendly enough or can they be used as userfriendly enough o_O
     
  5. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Well not to sure on how to answer, but they are mostly user interactive programs, not set and forget. I have not used SSM to really know how good it is. I do however remember how APPDEFEND was and it was fairly easy for me as well as adding REGDEFEND rules from TonyKlein. APPDEFEND still needed work as it was left in beta (few problems with some protection, nothing big) and new APPDEFEND in alpha at the moment. Online Armor is great, no conflict with other HIPS, good anti executable with reg protection tracking of executables to undo changes if you let the wrong thing run. Online Armor as far as my opinion goes, is the best anti-executable protection and the easiest user freindly program of all, but doesn't not cover exactly what SSM and GSS cover.

    dja2k
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050
    Right now the most user friendly is SSM in my opinion. As to registry protection, I think Regdefend is far more comprehensive, however saying that, I never get an alert from Regdefend that I didn't get from SSM.

    With SSM you can make things as tight or easy as you want. I lilke it cause I can keep it out of my way. When I uninstall something, I just right click on the systray and click exit. Then it's out of the way for uninstall. For install of trusted programs, I first click on learning mode, then exit. That way it's out of the way when the installer runs, and is in learning mode on reboot so it picks up the startup. To go into depth with the program will take some study.

    Support with SSM is excellent. Comparable to Raxco, and Online Armor

    Pete
     
  7. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Dja2k .I don't understand why you can't use PG with FD-ISR. I have been using both for a long time. I make a secondary on my C drive and archive a copy to an external drive. I disable PG to copy then re-enable.
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Not every user has the SAME computer and several FDISR-users, including me, had errors with copy/updating snapshots, when PG was installed. Other users told me that PG was working fine. That happens with most softwares, they like you or they don't like you, same with people.
    Since copy/update is the most used function in FDISR, I decided to ditch PG, which I didn't like anyway.
    This is another computer gremlin.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050
    William, I did that, and aside from the fact it was a pain, I still got errors when updating archives. PG just wasn't worth the hassle.
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Maybe I can use Online Armor and SSM together to stop most executables.
    I don't think, I will ever have a 100% Anti-Executable software(s), but I have at least a 100% removal method in my frozen snapshot.
    If a malware is really dangerous, like KillDisk Virus, I think that most anti-executable softwares will handle these malwares as fast as possible.
    If one of the less dangerous ones isn't stopped by Online Armor or SSM, I can live with that because they will be removed anyway during the next reboot.
    I only need an anti-executable software to survive a maximum period of 8-16 hours, the rest is for sleeping. :)
     
  11. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Ok, Pete You win .I am dumping PG and going with SSM. Support for PG is gone.
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050
    Erik. OA stops exe's and drives on a basic level. It also is very good at controlling the bad stuff that can happen with Internet Explorer, like Active X. Sure I use Opera, but there are times you need IE and OA is good protection. SSM is great because you can do more than basic control. For example you can control whether and exe just is allowed to run, or you can control who is allowed to run it. Same with drivers. Not only that they can be installed, but also who can install them. In many cases you can actually specifiy only with the given command line, which is great for Rundll32.exe or services.exe. Obviously this takes a bit more care, but you can really protect your system very well.

    Pete
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    At first sight, SSM looks CHINESE to me. SSM is most probably a good software, if you know HOW to work with it.
    I only want to run my legitimate applications and the execution of anything else needs to be blocked. So my wishes are simple and clear.
    I think SSM will take me a very looong time, before I understand what I'm doing. Usually I avoid such softwares, because they are more dangerous for me, than safe.
    I've downloaded the manual, I better start reading that one, before I start firing questions at Wilders.
     
  14. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Erik,

    I think Prevx1 or OA will be much better for what you want than PG, SSM, AD, or AE.
     
    Last edited: Oct 1, 2006
  15. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    Agree with you Devinco. I have a liscence of PG and I ditch it mainly because it was interfering too much with my work. But also because OF incompatibility with
    FD ISR. I also had OA installed for one year and I did not renew the liscence.

    Lately I've been trying SSM and Prevx1 and of the two, I definitly prefer Prevx1.:)
     
  16. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I have Prevx1 and Online Armor installed together with no problem, but there is still something missing there that PG, SSM, and AD\RD can offer.

    dja2k
     
    Last edited: Oct 1, 2006
  17. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Hey Pete, do you think that SSM Full Version offers more than AD\RD (Ghost Security Suite) and PG once it is setup correctly? Does SSM conflict with FD-ISR in any way?

    dja2k
     
    Last edited: Oct 1, 2006
  18. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Anti-Executable is the simpliest of all. Is it as good as the rest ?, I don't know.
    I like Prevx1 and my computer is powerfull enough to handle it.
    Don't know much about Online Armor yet and I can't give SSM to housewives. :)
     
  19. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    So I see you have System Safety Monitor + Online Armor in your sig, but do you have prevx1 running along side that as well?

    dja2k
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050
    Erik. You can start with SSM, by using learning mode to get started, and then when you get pop up's read them. You will easily start to get the hang of whats going on. I am problably only getting 50% of what can be had, but I still think it's great. Look at my example below.

    Pete
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050
    First, absolutely no conflict between SSM and FDISR. I don't disable SSM or anything like that. SSM and Ghost are very simliar, it's a tough call, and I know Jason is busily working on Ghost, as are SSM. It's a horse race. Frankly I think PG is back in the pack. Other than the window stuff which never bothered with, SSM does a much better job with things like Rundll32 and services.

    Let me give an example of what I really like about SSM

    I use Intuits Quickbooks, and it has two exe's QBWQ32.exe is the primary one.
    Normally I click on the desktop Icon, open quickbooks and select the company file I want to work on.

    Having just reloaded OA and SSM here's what happens when I first start Quickbooks as described above. OA says QBW32.exe is trying to run. I give it permenant permission. SSM says Explorer.exe is trying to start QBW32.exe, and again I give it permenant permission.

    Now, for the first time, I start quickbooks, by double clicking on a company file. Doing this causes a program QBLaunch.exe to start and launch QBW32.exe. OA challenges QBLaunch and once allowed lets the whole thing go, it knows about QBW32.exe. SSM first challenges QBLaunch.exe, being started by explorer.exe and once allowed, SSM the challenges QBW32, because it is being started by something other than explorer. SSM also shows the whole command line being used and you can also check a box, which tells SSM to only allow this automatically if the command line is the same. This means something couldn't hijack the process and do the same thing with a different command line.

    Lot of words, but handled easily with check boxes on the pop up.

    Make sense?

    Pete
     
  22. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    Is the network stuff in appdefend better than SSM at the moment?

    SSM tracks disk access appdefend does not to the same degree?
     
  23. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Currently running both oa+prevx1.no conflics that i can see at this time.they seem to work very well together.
     
  24. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I have 6 snapshots in total, right now :
    1 off-line snapshot (which will be my rollback snapshot in the future)
    1 snapshot for rollback at this moment
    1 snapshot for online jobs
    1 snapshot with Anti-Executable (experiment)
    1 snapshot with Prevx1 (experiment)
    1 snapshot with System Safety Monitor + Online Armor (experiment)

    Since I don't get any clear answers at Wilders regarding anti-executable softwares, I don't have any real goal with all these softwares and I don't really know how to test them and keep these tests under control.
    My thinking gets better, when its colder outside. :D
     
  25. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Erik,

    What specific questions do you have? Bear in mind that many who will answer are not the developers of these applications,

    Blue
     
Loading...
Thread Status:
Not open for further replies.