Small test of Drivesentry

Discussion in 'other anti-malware software' started by ako, Sep 23, 2009.

Thread Status:
Not open for further replies.
  1. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    642
    I tested DS with several 0-day exploits and malware. It did not recognise any of them malware, but blocked almost all of them (see next message for an exeption)

    -The HIPS messages were too general and not very informative. (fig 2,4)
    -The community votes seemed useless. (fig 1,3,5) low statistics and possibly false conclusions.
     

    Attached Files:

    Last edited: Sep 23, 2009
  2. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    642
    During signature update a serious infection was allowed! :thumbd: (fig 1,2)

    Prevx scan after test (most files are dead, but one serious infection, fig 3)
    I scanned also with DS: clean! :thumbd:

    Obviously DS signatures (simple hashes) are almost useless against new threats.

    Fig. 4 is an example of community "wisdom".
     

    Attached Files:

    Last edited: Sep 23, 2009
  3. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    i consider it a dead project anyways...
     
  4. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Yep. It's been a long time since DS was an active topic here.
     
  5. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,354
    It was a memory resource hog and conflicted with my existing AV. It would have been better to create a standalone HIPS application.
     
  6. SammyJack

    SammyJack Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    129
    Is it just me,or do I remember this software seeming to show some serious potential at the start?
    Or was I blinded by the cute girl Avatar of the spokesperson?

    (Probably really a 250 lb Welshman with beard like a rhododendron bush.)
     
  7. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,354
    You mean KatieSentry who used to post here? I sorta liked half of it but three things turned me off: the huge file size, the CPU load and finally it became shareware.
     
  8. SammyJack

    SammyJack Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    129
    Yes,and the way it just seemed to languish undeveloped.
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yep,

    They could have easily done that.

    Just remove the stupid limitation of HKEY_LOCAL_MACHINE + HKEY_CURRENT_USER entries of the SOFTWARE hive to be added.

    Skip the local data base and use it only to check at community rating when an unknown program tries to access a file/extention or registry key/value for the first time, using more or less existing mechanismes:
    a) known hash
    b) Is it blacklisted
    c) does it has a valid comminity advice?

    RED ALERT: B = YES (A only for dectection speed)
    ORANGE ALERT = A: NO, B: NO, C:NO
    GREEN ALERT (or auto allow) = A: YES, B: NO: C: YES

    With current DS community validity (e.g. 90% positive with at least 20 votes) and trust levels can be set allready (trust program complete or only for this key/extention, trust program for file or registry value only).

    Would have a pretty user friendly file and registry HIPS (with its build in whitelist).
     
  10. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    642
    Indeed simple and nice system. That could have made it pretty useful.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.