Small test of Drivesentry

Discussion in 'other anti-malware software' started by ako, Sep 23, 2009.

Thread Status:
Not open for further replies.
  1. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    I tested DS with several 0-day exploits and malware. It did not recognise any of them malware, but blocked almost all of them (see next message for an exeption)

    -The HIPS messages were too general and not very informative. (fig 2,4)
    -The community votes seemed useless. (fig 1,3,5) low statistics and possibly false conclusions.
     

    Attached Files:

    Last edited: Sep 23, 2009
  2. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    During signature update a serious infection was allowed! :thumbd: (fig 1,2)

    Prevx scan after test (most files are dead, but one serious infection, fig 3)
    I scanned also with DS: clean! :thumbd:

    Obviously DS signatures (simple hashes) are almost useless against new threats.

    Fig. 4 is an example of community "wisdom".
     

    Attached Files:

    Last edited: Sep 23, 2009
  3. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    i consider it a dead project anyways...
     
  4. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Yep. It's been a long time since DS was an active topic here.
     
  5. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    It was a memory resource hog and conflicted with my existing AV. It would have been better to create a standalone HIPS application.
     
  6. SammyJack

    SammyJack Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    129
    Is it just me,or do I remember this software seeming to show some serious potential at the start?
    Or was I blinded by the cute girl Avatar of the spokesperson?

    (Probably really a 250 lb Welshman with beard like a rhododendron bush.)
     
  7. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    You mean KatieSentry who used to post here? I sorta liked half of it but three things turned me off: the huge file size, the CPU load and finally it became shareware.
     
  8. SammyJack

    SammyJack Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    129
    Yes,and the way it just seemed to languish undeveloped.
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yep,

    They could have easily done that.

    Just remove the stupid limitation of HKEY_LOCAL_MACHINE + HKEY_CURRENT_USER entries of the SOFTWARE hive to be added.

    Skip the local data base and use it only to check at community rating when an unknown program tries to access a file/extention or registry key/value for the first time, using more or less existing mechanismes:
    a) known hash
    b) Is it blacklisted
    c) does it has a valid comminity advice?

    RED ALERT: B = YES (A only for dectection speed)
    ORANGE ALERT = A: NO, B: NO, C:NO
    GREEN ALERT (or auto allow) = A: YES, B: NO: C: YES

    With current DS community validity (e.g. 90% positive with at least 20 votes) and trust levels can be set allready (trust program complete or only for this key/extention, trust program for file or registry value only).

    Would have a pretty user friendly file and registry HIPS (with its build in whitelist).
     
  10. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    Indeed simple and nice system. That could have made it pretty useful.
     
Loading...
Thread Status:
Not open for further replies.