real time protection

Discussion in 'other anti-malware software' started by lodore, Jun 23, 2006.

Thread Status:
Not open for further replies.
  1. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    if you're a true HIPS believer .. chances are that you'll have to click double if you do not have the opportunity to create rules..

    I would rather click twice then nothing at all! for me, it all comes down to what is important .. do you want control over what is happening or do you let it tied away lol .. examples enough atm lol
     
  2. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    295
    Hi Peter, for example I had from my own trials not seen all the popups (that were supposed to show up) from ALL anti-malware + anti-trojan + HIPS programs (which claimed to detect such changes) ran by me when a registry key like the Run key was modified. HIPS program A might ask for my permission (and might be HIPS or anti-malware program B would do so too). Then programs C, D, E would all stay quiet.

     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I haven't seen that with my programs. One way this can happen if you've inadvertently given one of those programs an allow all permission. Then you wouldn't hear from that program again. This exactly why I do run a couple of programs. If I by mistake give the wrong permissions in one, I've got fallback.

    Pete
     
  4. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    Hi Lu Chin

    If the first program blocks the change, then subsequent programs will not see it. If the first program allows the change, then each program in turn would see it.

    Perhaps this would explain your results?


    Mike
     
  5. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Your virtualization apps, firewall, and scanners will use the same kinds of drivers and hooks as well, which adds to it (especially if the firewall handles any kind of leaktests). If you have on-demand only scanners installed that use drivers, then that's also more in the chain that can potentially slow things down, even if the apps themselves are not running, as some may still be active on a driver level; even if just to pass the call on without checking it. Prevx1 covers a lot of ground, virtually any security related software can potentially overlap to some degree. That's fine if you have a relatively average defense, but if you're a major tinkerer Prevx1 will be no small addition.

    Performance has been very much improved since you tried it several months ago (I'm sure that if you installed it now, you would see a difference), but with 6 or more of any security apps you're going to start seeing some slowdown. It's the boiling frog principal: When you add them one at a time, the slowdown for each is pretty low. Add them all at once and it's going to be more noticible. Back when I would install 10+ apps at a time I didn't think I was seeing any slowdown either, until I formatted and saw just how much faster the system was before I started installing all my resident apps (security related or not). Just consider how much of your system Prevx1 covers, and how many other apps you'd have to install to get the same. At this point, however, there are people with slow computers that are not seeing much slowdown with Prevx1 (unless there is some conflict) The exception will be with the first execution of a new program when it verifies the file online. If you've got a slow DNS server, or are just far enough away that it takes some time to connect, then it can take a few seconds to complete, but it will tell you that it's verifying the file and after the first time it's run it won't have to do it again unless that file changes.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I any way I can,t justify these all four at a time and don,t think they will not slow down a system.
    Others I agree that most security appliances slow down a bit but of course some more than others.
     
  7. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    295
    Thanks Mike. I had tried on different PCs with a multitude of programs and I was never able to get all the supposed warnings. I had tried both allowing and blocking too. I guessed I could never expect them to work like Winsock LSPs which passed bits along the chain. Another example was that some programs would silently affect the behaviors of others. For example, a sandbox program would need to open a process handle to IE when I launched IE but it was blocked by other security programs to do so (without warnings). I was never sure if the sandbox program's effectiveness was undermined or not. Sometimes, even shutting down a program would be prevented by others. It was funny to see AV applications "masking" the detections by AM/AT programs or vice versa when some websites tried to DL something suspicious to my PC.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Lu_chin

    There is your problem. Blocked without warning. One of more of your programs is setup wrong. If they were set to ask that wouldn't happen. Programs I trust I always give an allow always, but I never ever use a block always, in fact I almost never use a block.

    Pete
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Though they can be congigured but when more than one( and esp three ir four) software are trying to do the same thing using same resources, u can always expect conflicts.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.