Refactoring Prevx 3

I wonder how much Prevx 4 will be consist of refactored Prevx 3 code and how much will be written from scratch.

I feel that a lot of technology has been incorporated into Prevx 3 and it would be a pity to lose this in the new version. A lot of good refactoring has been happening over the last few months (judging by the change logs) so it would be a shame to lose the benefits of this.

On the other hand, there must be code in Prevx 3 which are just too difficult to live with and which Prevx would be better of throwing out and re-writing.

Just interested. Not after any trade secrets . Also, I would quite like to know what Prevx code is written in. Is it C++, assembler or what?

Also when is Prevx 4 coming out and will we be able to re-use our licence keys or forced to use Prevx 3 until renewel.

 

Hello
Definitely good questions to ask! To start with a bit of backstory, Prevx 3.0.1.65 was previously the "end" (barring any bug fixes, of course) of the "Prevx 3.0" line as we had planned it initially. Prevx 4.0 was to include SafeOnline and an improved protection engine with behind-the-scenes improvements but nothing in the forefront of the user experience. However, because of the explosion of banking malware and difficulty for any vendor to handle it using conventional techniques, we pushed up SafeOnline to be included in the Prevx 3.0 line.

SafeOnline was initially designed and existed in part even in 3.0.1.65 as a full-screen secure browser which prevented any other program from interacting with the browser, however, we felt that while it was relatively easy to isolate the browser in this manner, we weren't satisfied that the user experience was easy enough and our focus group testing indeed showed numerous usability problems. Because of this, we decided to completely change direction with the same goal - securing the user from all forms of identity theft/information stealing even if there are unknown infections on the PC, but allowing the user to use their normal browser within their normal session.

Understandably so, this technique is massively more difficult to achieve, especially when the goal of SafeOnline is to allow the user to use their browser without any modifications to their existing plugins. To do this, we needed to do some significant rewriting of the protection of Prevx, still focusing to achieve similar goals but doing so in a different manner which allowed us to leverage the behavioral information gathered from SafeOnline into the Prevx 3.0 antimalware engines (and vice versa).

Prevx 4.0 will be a massive step forward for Prevx both on the user side and in our central database. While Prevx 4.0 is being written from the ground up, we are retroactively applying all of the Prevx 3.0 idiosyncrasies that remain applicable to Prevx 4.0 as we make them so in no way will it be a step backwards in terms of stability or reliability across different platforms/setups. We never truly start from "scratch", per-se, when designing new products as we have learned massively from all of our previous products. For example, while Prevx 2.0 and 3.0 share not a single line of code, we learned a lot on user interaction, behavior collection, database design, and scan techniques from Prevx 2.0 and were able to leverage this intelligence in building 3.0. As Prevx 3.0 was quite ground-breaking in terms of new technology, we have been making changes throughout its life which, by the standards of many other vendors, would constitute another new release altogether. However, we've remained loyal to the "Prevx 3.0" name for quite some time now and are committed to continuing to upgrade it as best as possible.

Because of the level of stability of Prevx 3.0, we're able to take a step back and take our time in developing Prevx 4.0 from a viewpoint which allows us to anticipate exactly what we want to achieve in the product and execute it in a very optimal manner. Prevx takes a massively different approach in developing software from most companies - even though PCs are getting faster all the time, we are adamant about optimizing and improving every last shred of code in our products. All of Prevx is written in raw C with tightly controlled compiler optimizations with no higher level libraries or resources for dialogs - all windows/buttons/text is drawn on the fly which, while it is painstaking to write, provides massive performance and overhead benefits.

Our mentality is that all optimizations are key irrespective of how minor they may seem in the short term. Consider that Prevx is installed on more than 10 million endpoints, all running at least one full system scan per day and analyzing thousands of files in realtime every day. On an average PC, that would generally equate to about 50,000 files being analyzed or processed by Prevx on any given day. If we can optimize our scan routines by even 1/10th of one second per file, we just saved literally 1,585 years of computing time per day across our user base. These numbers become even more staggering when looking at the behavior monitoring/collecting engines of Prevx - analyzing upwards of one million events per user per day (whether it is just reading files/registry entries/etc.) across ten million users causes Prevx to process ten trillion events per day - any optimization results in massive improvements even though our scan times are already in the sub-two minute range and the product is well known for being one of the lightest/fastest AVs.

While optimizations are certainly one of our main focuses, we are also really pushing the envelope of what a cloud antimalware product can do. We have huge aspirations for Prevx 4.0 and while we know there is no silver bullet, we expect to up the game significantly. With Prevx 3.0 already being an industry-leading engine, we really want to bridge the gap as best as possible between where we are and 100% prevention.

We're still remaining somewhat tight-lipped about release dates/beta schedules/feature lists because we really prefer to perfect Prevx 4.0 as best as possible first. Licensing terms are not fully finished yet but Prevx 4.0 will have some features which will appeal to technical users that may end up falling under the umbrella of a "Professional" version but we haven't decided this.

As soon as we're farther along I'll be able to give more information on features and possibly screenshots but for the time being I'm somewhat forced to answer with generalizations unfortunately.

I definitely do not want to have the forum lose interest in Prevx 4.0 because of the lack of publicly available information but I also don't want to give unreasonable expectations about a release schedule. There is a lot to do to get Prevx 4.0 exactly where we want it and I know that Wilders members especially like to see new releases pounded out as quickly as possible but this is certainly not just a superficial new GUI We are taking all feedback very seriously and trying to get every suggestion implemented, as well as our own roadmap of goals to achieve protection that is as strong as possible.

I hope that helps and isn't too terribly long winded Let me know if you have any questions or comments!

 

Quote PrevxHelp

Glad to hear it, far too many vendors think that just because more people now have faster processors and more memory/HD, they can neutralise a lot of the benefits of that by bloated/sloppy coding.

Brilliant That's why is such a small footprint, and also makes it much faster. You guys are tops

 

Thanks for that useful information.

Out of curiosity, Prevx2 had configurable network control, which acted like an outbound firewall, which basically allowed users to just use windows firewall. I'm presuming that this sort of thing is 'under the hood' in Prevx 3 and therefore not configurable by the user, but will there b a return to a configurable version in Prevx 4?

 

Helllo . Thanks for your detailed response. Its very interesting. Sounds like Prevx 4 will be different in a number of ways to Prevx 3. From what you have said it sounds like you don't intend to reuse much of the old code but use all of the lessons learned about what works and what doesn't and fold these in somehow.

On the facebook download page it says you should have a version available soon (quarter 2?) of SafeOnline for the Mac. Is this still happening as well?

 

Thanks Joe for the info and the future of Prevx 4, very interesting read!

Cheers,

TH

 

Sounds good

 

Well, reading between the lines, I see more expense for us current customers, so I make the plea to charge new customers the extra as a lot of us have already pre-purchased a few years.

My licence is up in 60 days so I'm gonna definatly niggle you for more information by that time

 

It is way, way too early to speculate about pricing. There frankly isn't anything between the lines at all as we still have to write the lines of code behind the product before we can do anything with licensing Prevx 4.0 is still several months away and we will obviously ensure that existing customers won't feel cheated out of features or change anything that drastically to make any part of it seem like a bad deal.

 

lol joe, gotta keep you on ya toes.

In a way I'm glad its some time off, as I have other pc related problems to worry about lol

However, if you have experience of cpu water pumps, I'd be happy to hear.

As for prevx 4.0, I think you guys are developing a sandbox to edge yourselfs closer to 100% detection, which is why I wondered about a further price increase when you mentioned a 'professional' version.

Also I've wondered if you guys are implementing a firewall of some kind aswell, mainly outbound.

But, we shall are, be sure to get some screenshots posted as soon as the design is near-final

 

I had a thought that, as behavioural detection gets closer and closer to 100%, and as malware writers will no longer be able to simply test their malware against say Prevx, to see if it gets past it (because Prevx sometimes takes a little bit to classify something as bad...meaning it could seem like the malware bypasses it, when in fact it doesn't)...that it is behavioural detection that will push malware writers heavily towards rootkits.

This of course presents problems for sandbox solutions in a product like Prevx, because (as I understand it) driver based rootkits (the majority of them?) dont' work in a sandbox.

But that's just a guess on my part.

Then again...didn't I see something about Vista/7 x64 bit versions require a digital signature for drivers?

 

Malware is indeed making the shift over to rootkits but they still require the "jump" to kernel mode which is handled rather well within a sandbox. However, tracking events once they are in kernel mode is more difficult, although once they're in kernel mode, they can do virtually anything so the goal is to keep them out

You are correct - only signed drivers can be loaded by default on x64 OSs, but it is possible to disable this (it requires administrative rights) so Prevx will always have 64bit antirootkit functions just in case something get past

 

keep up the great work prevx.

any scheduled dates for release of prevx V4 ??

 

Four posts above yours...

 

do not forget, keyboard suport.
some avs are going backwards in usability**

for blind people. hope you will go forward :d

 

can we not have Prevx 4.0 at all, i want another quirky name instead.

I miss Edge

 

Will Prevx 4.0 alter the existing privacy policy and/or privacy practices of Prevx? If so, how?

P.S.: Your post (#2) is exemplary! I wish all security vendors authored and shared information with the same clarity.

 

We don't anticipate it making any privacy policy changes. The user will be more aware of what is going on within their PC with some of the system monitoring functionality we're implementing but this is primarily to help the user in understanding their software rather than sending additional data up to our database. Other than that, Prevx is leveraging our existing technology so we don't see any changes in the privacy policy being required.

Thank you!