Process Guard, Prevx, Online Armour?

Saint Satin Stain,

A little paranoia is a good propeller in life , but why not experiment by using 2/3 proggies:

*on your old laptop only Prevx1 or SSM and ZAP (and AV on demand), or

*on your main pc create a partition and put there a copy of Windows XP and have this protected by 2 or 3 security proggies

See how this works for you in your “real world”

 

I also use the Pro version but I think the Home version (at least on a stand-alone computer) can also be made safe. Some missing functions, like the security tab from the Pro version, can be added by applying Fajo XP FSE

There are some good hints. I'd like to add the steps I described in this post - they will block all autostart locations for any malware (as long as you are logged on as user).

 

I guess I'm not most people.

My insatiable hormones keep driving me back again and again to some of the nastiest places on the internet.

I’ve been looking at Prevx for a long time. Maybe it’s finally time to bite.

 

you are the right perv to test security software

 

folks,
tlu i guess you noticed in the picture that i have Autoruns. If Sysinternals charged for their apps i'd make 'em rich. egghead i am taking your suggestion. i'm uninstalling everything except Prevx1, ZoneAlarm Pro, and SpywareBlaster. I'm assuming that you weren't including Autoruns and Process ExplorerNT. I will use the uninstalled with licenses on the other computer with the beta Prevx until I can buy the full. I have a poetry reading in Decatur, Georgia at the Java Monkey Sept 17 at 20:00. You're all invited.
tlu that Autorun location is a good idea. I prefer locking down the OS over having programs to protect. Isn't that the complaint against Mikiesoft? They have a history of not producing secure systems.
My wife is on the phone -she's visiting the granddaughter- I told her what i'm doing now. (I have a headset for the phone). She just reminded me that I've been researching Ubuntu. I will use that on one. In some forum here I will tell you my experiences. Maybe call it the history of the Geek Silly States. Gotta go uninstall. Thank you for the advice.

 

A highly interesting reading in this context is this test of 16 security scanners. Especially enlightening is this conclusion:
"First, it's almost impossible to defend your PC from a modern malware program that is allowed to run on your PC with full admin privileges. The problem here is not with the security programs. The problem is with Windows."

 

I just forgot to mention malwarehelp.org, a website that provides good infos about computer security. For making Windows XP secure one should especially read this and this.

 

If Prevx finds something and you don't want to pay to get rid of it, what do you do at that point? Can you just use another program to get rid of the malware and then continue using prevx in a purely HIPS function with all the features (except cleaning)? And to confirm, it does have an outbound firewall as well?? This sounds too good to be true! Think I found my next security software.

 

After the 30 days it will tell you that you're infected, but won't do anything about it. Essentially it turns from an IPS to an IDS. You can then remove it yourself or get a one month license for $5.

 

What I read from the Prevx site was that after the trial period, the jailing function is disabled. So I guess that means when malware is detected, then you cannot do anything about it? Since it converts to a Detector from a Protector, does that mean it will only notify you of problems as they are being run on the PC and allow the infection to proceed?

 

Exactly. If your cleanup license has expired it will tell you you've just been hit but will not block the process or trigger cleanup. Any warning will include a link to allow you to purchase cleanup if you wish, but you are free to cleanup yourself if you choose.

 

Originally posted by ghiser1

Then that means the "watered down" version is similar to an antivirus/antispyware program that notifies you of something wrong going on and not allowing to you to halt or quarantine the activity. Then its sole function then becomes just a monitoring program to let you know of infections as they occur in realtime instead of after the fact (by way of post-infection scans). I guess that is of some benefit instead of being aware of an infection many days later.

 

I also came upon a blog about HIPS program and some interesting test results (some of the tested program versions may be outdated).

http://kareldjag.over-blog.com/article-3470338.html

 

brer mains, tlu brer main, I have already done this and this, I even did the registry tweaks to reveal even more, actually all of the extensions are exposed.
You can check out Kelly's; although I prefer to do it manually.
http://www.kellys-korner-xp.com/xp_tweaks.htm

Manually, go here 7. Removing the "NeverShowExt" Registry Entry
http://www.geocities.com/ResearchTriangle/Lab/1131/eng/safe.html

And do it manually. Do I need to tell you to backup the registry before you do this. You might also write down a list of where you deleted "NeverShowExt",

Also I believe that it is better to buy the Pro of XP than recommend to everyone to use FaJo; there are some with the requisite knowledge and experience to alter the Home version. I figure, maybe wrongly, that the folk with the requisite knowledge would have the Pro.

My poetry reading at the Java Monkey in Decatur, Georgia was a great success. Even sold some books.

 

This still doesn't show all extensions (how fool the design is, Bill Gates!).
The best way is to search for the key value of "NeverShowExt" in Windows registry, and delete every entry which contians this key.

If Windows didn't allow the use of "." (full stop) as part of a name, this trick would have been failed.

I think it comes with an uninstall script too.

 

OA for me mike has kept it simple i like simple..alot are to confusing for me not saying im simple but ya know..its nice to set and leave it, let it do its job in the background i like one suite if i can not to many all over the place, ..as i have my pc on 24/7 not to fussed about boot time, MD

 

I find it interesting that several security programs -- relatively new ones, at that -- are loudly proclaiming the use of whitelists, communities, etc, as though this were some new technology which they themselves perfected.

However, I began using OnlineArmor MANY months ago primarily because they were (and still are) successfully using whitelists (and blacklists) for quite a long time. Further, OA's protective mantle is VERY wide -- covering processes, applications, web surfing, keyloggers, antivirus (Kaspersky), and (in final beta stages) a full-scope firewall.

The title of this thread is "Process Guard, Prevx, Online Armour?" This is (in effect) a choice between security champions. You couldn't go wrong with any one of these 3 superb security programs.

But as to which one I recommend for my friends -- whether they are advanced computer users or computer newbies -- it is OA hands down.

 

I think the bottom line is, you cant go wrong with any of the three. Also that adding one of these three, is a must in this day and age.

 

Well i have a licence for OA and used it for about 9 months. I recently swapped to Prevx. Why? Because i didn't feel in control with OA and i also didn't like the slowdown it caused. Now to elaborate a little regarding not feeling in control. I'm not an expert, but i'm not a novice. I can't, hand on heart say that OA has an 'obvious' whitelist when prompting in realtime. I know it does a 'full system scan' and claims it is comparing it with a 'whitelist'. Fine. But after the scan it always left a lot of my apps saying it didn't recognise them and what did i want to do? What did I want to do? Well to be brutally honest, I didn't want to have to make that decision. So i need to spend 2, 3 or 4 hours, maybe more looking through Google to establish 'this list of unknowns' to decide whether i can say yes or no. Maybe OA's whitelist is not so big? I dunno.

Anyway, back to the realtime part of OA. If i ever installed anything or i launched a exe file that was not evaluated in the full system scan then OA simply pops up and asks what you want to do. Now my idea of a whitelist is that you run something, the app with the whitelist looks at it, puts it in 3 categories:
Known good = Go for it, no need to ask question's.
Known bad = Stop it, tell the user it's a bad boy.
Unknown = Ask the user.

OA alerts on everything i ran on my pc or installed on it. That's not how i want my HIPS to work. Prevx on the other hand does exactly as i said above. It appears to have an enormous database and i've been running it for 4 weeks now and only had a few popups. How it shoud be.

I don't know if it's simply down to the size of the whitlelist that they both have, but if it is then OA's is pretty none existant where as Prevx's is impressively large. I like both application's. I didn't like all the popups from OA. I do like the lack of popups from Prevx. If i wanted to answer to popups and feel like the pc can't even break wind without asking me then i'd install ProcessGuard or SSM. But the reason i went for the whitelist HIPS approach is so that the good stuff is simply allowed to run, install, change or whatever it's designed to do. The bad stuff gets eliminated, it's bad, that's what should happen! And the unknown stuff i have to look at. I'm fine with that. A popup a week is comfortable as far as i'm concerned. But popups for every little thing is nothing more than a nuisance!

muf

 

Is it due to the fact that Prevx has a central data base while OS has local mainly?

 

Prevx and OA both get their database from the same place - user machines.

The difference between them is that Prevx has a lot more users (based on a thread I saw on here - 500,000 downloads), and I believe they have a lot more cash than Tall Emu does which means that they can simply do more work.

I'm working on some things to try and get our database size upgraded - but it will take a little bit more time as right now the focus is on the firewall.

 

I did search the "NeverShowExt' or didn't you read it in my post.

I gave a place to show how. You read as well as do after two Guinness Stouts. Perhaps you thought I said just take the check mark out. Go back and read the post again, please. Go to the second link click it and read

This is where the old raving paranoid is now:
These are the active security processes

clamtray.exe (ClamWin) 17.86 MB
ewido.exe 9.72 MB
guard.exe (ewido) 9.84 MB
pxagent.exe (prevx1) 23.38 MB
pxconsole.exe(Prevx1) 12.88 MB
control.exe(Sandboxie) 3.20 MB
sandboxieserver.exe 2.00 MB
vsmon.exe (ZoneAlarm) 23.85 MB
zlclient ( " ) 4.55 MB

107.28 MB Out of 512 MB RAM

ClamWin does not have real-time protection, but you can schedule hourly, daily, weekday, and weekly scans. It updates signatures daily, sometimes more than once in a day. It doesn't need real-time because Prevx1,the antispyware module of ZAPro, and ewido do that. I schedule one scan a week with ClamWin. One for each drive, C and E. ZoneAlarm Pro scans e-mail attachments; it changes the extensions to prevent them from running. You download the attachments and scan them. JPEGScan, RootkitRevealer, CWShredder, and Trojan Remover are on-demand scanners. Trojan Remover can be scheduled to scan at boot. SpywareBlaster and Wormguard are passive protection. Sandboxie is used for exploratory surfing; it is just an added layer. Any viruses or other malware will disappear when the sandbox is closed.
I plan to use it only with the browsers as another layer. I use SiteAdvisor and SpoofStick on Firefox my default browser; I use SpoofStick on IE7 too.
On Firefox I have Adblock, CookieCuller, NoScript, Permit Cookies, and ClamWin Antivirus Glue for Firefox (this extension allows ClamWin to scan downloads). If you remember, I got Trojan Remover to act as backup for TDS-3. When DiamondCS retired it I got ewido. TR is a backup for Prevx1 and ewido now. TR doesn't use any resources until it scans at boot; it is also another on-demand scanner. I didn't mention them but Autoruns, ProcessExplorer, AccessEnum, and ShareEnum are security oriented programs from Sysinternals.

Prevx1 is the backbone that allows me to have a low impact security scheme. Online Armor and Process Guard are good, but because Prevx Ltd has corporate, small biz, family, and individual users they have an enormous database it is better for now. I use an old laptop now mainly for storage. Process Guard is good for that one; it changes little. Once it learned the all the few programs and processes it works well. My desktop main changes more often, so Prevx1. __________________
Mike Nash, Tall Emu Pty Ltd, I'll check out your firewall when it's done. Based on your Online Armor I will risk saying i'll be good one. We sometimes forget the best security program, when it's configured properly: the human brain. Peace and happy new year.

 

I am trialing Prevx1 right now. I did run Prevx a couple of years ago and notice a big difference (positive ) with this version. It seems very user friendly and doesnt slow down my system.
Couple of questions:

Does Prevx1 have execution protection? I ask because I dont get any popup asking me if I want to execute a file (I have GSS running along side and it asks for every new executable) I have tried to execute some really unusual (well, to my knowledge anyway) exe´s

 

check here http://individual.prevx.com/features.asp

 

Check the recent program activity log. Open up the Prevx main console by double mouse clicking the system tray icon. Look in the lower half of the window and it lists the program files that have been run recently. They should all have a green marker to the left of each entry. This means Prevx has checked the validity of the file, confirmed it's a good known one and not malicious and allowed it to run. The only time you will see prompts in ABC or Pro mode will be when it is unknown to Prevx's database or is malicious. I think you will find that everything you have run must be in it's database and confirmed as good and valid. If you want popups in Prevx then switch to Expert mode. But be warned, you'll get fed up with them pretty quick!!!

muf