Radical Proposal for Improving the Security Industry

Discussion in 'Prevx Releases' started by Pleonasm, Mar 4, 2010.

Thread Status:
Not open for further replies.
  1. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Congratulations to Prevx for pushing the industry forward for the benefit of all!
     
  2. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    This I would like to see. We would all benefit from it.
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Thanks! :) We're definitely trying to start a shift of legitimacy in an industry that has long been reliant on misleading users. The discussion we had with Neil was very candid and we are definitely keen on upholding our request for a mutual "penetration testing circle" in the industry.

    It will definitely be interesting to see what comes of this :) I personally think it will result in a massive improvement across all of the products involved.
     
  4. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Has Prevx been able to advance this initiative?
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Unfortunately no - and we have been quite adamantly trying to do so :doubt:
     
  6. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    LOL, not sure how to interpret that ...:cautious:

    I salute you for wanting to improve what's available through any means: not really sure that Symantec, Sophos, Kaspersky et al would be thrilled with that description of their business model ??
     
    Last edited: May 12, 2010
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It isn't picking out any vendor in particular - it is just trying to outline conceptual issues in how security products are portrayed to the end user. Pitching a product as "Total protection" or blatantly saying that the user needs no other security is misleading as no security product is perfect.

    We're hoping that some of the other vendors will agree and start either adjusting their messaging or improving their products as a whole - we also do not like the scenario which users find themselves in frequently where security products end up resulting in a net lowering of protection because of holes, which is one of the key attributes of what we're looking to do in the security testing we've posted about on our blog as well :)
     
  8. pkidza

    pkidza Registered Member

    Joined:
    Oct 27, 2009
    Posts:
    26
    I am sorry but there is more to a security suite than its detection rates. My experience this year has been a terrible one. From small annoyances like Norton interfering with my screensaver to Prevx breaking my keyboard it has been a rough one.

    If you have 100% detection rate but your product silently uninstalls itself or breaks the user's keyboard in my opinion it is not worth much. I would rather have 95% detection rate with no problems from the software.

    I would like to see a bugs measure introduced in testing security products. So you would get rated on your detection rate and the number of bugs your software has. That would really change the security industry.
     
  9. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    I do agree that misleading advertising is an abomination. I would respectfully caution Prevx, however, that it is perilously close to committing the same sin when it puts forth claims such as being the “world's strongest, fastest, most powerful security solution;” or stating that the product provides “max protection” or “ultimate security;” or that the product has the “exceptional ability to protect, detect, and remove rootkits and ‘early life’ malicious software.” Viewed in total, it would be easy for a casual reader to incorrectly infer that a Prevx user "needs no other security,” in my opinion.

    P.S.: Please interpret my comments in the spirit of a "helpful suggestion" rather than a "criticism." :)
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I understand these complaints but unfortunately we can't understate ourselves too much :) We quite honestly do have the largest cloud database (and therefore most breadth of protection) and the fastest/smallest agent out of any significant vendor (with it being less than 1MB in size and taking < 2 minutes to scan).

    However...
    Could you let me know where this exists on our website? I do agree that this is a bit much in terms of positioning.

    Note that we do blatantly say that the user can/should continue to use other security products as well:

    "People are often told they should only run one Antivirus program on their PC in order to avoid any compatibility issues - but with Prevx 3.0 we have removed that limitation.

    Prevx 3.0 was built with compatibility in mind - therefore you could safely run Prevx 3.0 alone, but there's really no reason why you couldn't also run another security program alongside if you wished, which gives a deeper and more layered overall protection."
     
  11. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Note that “largest cloud database” or “most breadth of protection” is not one of the components of the claim “world's strongest, fastest, most powerful security solution.” I do agree that “fastest/smallest agent” is an assertion that can be reasonable defended by Prevx. However, that still leaves the issues of “strongest” and “most powerful” generally unsubstantiated, because these assertions are comparative in nature and would require an independent evaluation of the anti-malware protection provided by Prevx against that of the major competitors.

    The phrase “max protection” is the bold heading of the box containing the text “Full real-time protection, automatic cleanup and comprehensive SafeOnline™ security for banking and shopping online” on the home webpage.

    The phrase “ultimate security” is contained within the sentence “Combines antivirus, rootkit, antispyware, and zero day heuristics for ultimate security” (see http://www.prevx.com/products.asp).

    To be clear, Prevx states that a user could run another security product in addition to Prevx -- which isn’t the same as saying that a user should run another security product. Editing these statements to substitute or include "should" in place of (or in addition to) "could" would be an improvement, in my opinion.

    Nonetheless, in fairness, I do applaud the forthrightness of Prevx when it explicitly says that “all vendors miss threats.” I am unaware of any other vendor that puts foward such an honest statement.
     
  12. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    That's really amusing, a security vendor that states "you should run another security product alongside ours". I'm sure that will increase sellings enormously.

    BTW, did you make the same suggestion to Symantec?. Aren't you worried that your security vendor of choice explicitly warns against running their products alongside others?. You know, I don't follow symantec forums that much, even if I do run NIS in my system. Maybe you use to patronize them too, I don't know.
     
    Last edited: May 13, 2010
  13. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Vojta, it would be beneficial if you interpreted my comments in context. To review, PrevxHelp began by saying that “we do blatantly say that the user can/should continue to use other security products”; to which I replied, arguing that in fact Prevx doesn’t state that a user should employ other security products -- only that a user could.

    While I am unaware of any anti-malware vendor publically stating that users should employ multiple layers of protection, making that recommendation is a honest piece of advice, in my opinion. Call me “old fashioned,” if you like; but I sincerely believe that honesty is appreciated by customers and is actually good for business in the long term.
     
  14. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    And I say that it would be more beneficial if those security vendors that completely deny the possibility of using their products alongside others are the ones that change their stance.

    I can't understand why you want to push Prevx to the limit of maximum humility while others keep claiming that they should be the one and only and everything you'll ever need. Wouldn't it be better to try to improve Symantec's honesty than keeping asking Prevx to deny themselves as a standalone solution?.
     
Thread Status:
Not open for further replies.