What do you say about community-based HIPS

Why couldn't someone have said that a full forum page earlier? That was all I've wanted, a general listing of what PrevX targets, and to be able to see if just plain "adware" and similar items were on it. I was also sent this link via PM, a page that isn't linked on the PrevX homepage. Even knowing it existed, it took a while to find just where it was. No site map, no search function, no FAQ page. I'd think "what do you detect?" would be a common question and that the answer would be easy to find, if not on the first page. Best I can see, that page is 3 pages into the site, if you knew where to look.

I think that's exactly what's happened here. I apologize for the way this thread has gone. It was not what I wanted to happen and if I've offended anyone, I apologize. I'm just amazed that a statement like the one I quoted or the link I just was sent should have been so hard to get. Look at it from a users perspective. Users are told they need anti-virus, anti-malware, anti-trojan, anti-spyware, anti-keylogger, anti-hacker, ad-blocker, spam-blocker, popup-blocker, etc. By the time they put it all together, it amounts to anti-PC software because it's so bogged down, it can't run anymore. Users are almost as much victims of the marketing as they are of the malware itself. Look what one trip to a rogue anti-spyware site that shows false detections can do to a user. This gives me the answers to the user questions I get, and another option to equipping average users with SSM, doing all its basic configuration, then being on-call for all the inevitable "why won't this work" or "what does this mean" questions.
One other thing. Something of a general observation/suggestion. For many users, the internet equates to "instant results", especially with so many using high speed. If they don't find exactly what they're looking for at a site in 2 minutes or so, they move on. It might make it easier if a link like this one was easier to find, maybe linked on the homepage or something. If it already is and I'm still missing it, label me blind and disregard this entirely.
Rick

 

FAQ page: http://info.prevx.com/faq.asp

 

Herbalist,

Another thing to examine, which can be germane if someone is running more than one product, is a listing of the hooked kernel services. That can also provide some insight into what is monitored and general approaches employed.

Blue

 

Oop, I knew I was missing something :X

Indeed I think it was to, and no offense taken on my part - just glad it's cleared up It seemed like you already knew the general scope of protection, from what I had already said and/or the website, and were looking for specifics (the TAC style point system of determining whether a specific file should be included or not, like whether displaying popups counts against it, etc).

I actually have to disagree with that. The average user is told they need Norton. They often aren't aware of the other classes of threats, and often times don't particularly want it explained. To the average user, adware is a virus. They want an overall solution that will handle everything, and so the general anti-malware products are generally presented that way (as an all-in-one solution, or at least a general anti-malware), where the specialized apps usually let you know the limits of what they detect. When you're not a mainstream app then people find your site because they need something to remove what the mainstream apps missed on their system. It's a different story when you come to the enthusiast forums, but we're by far the minority when you start thinking in terms of literally hundreds of millions of people. I can appreciate that someone like yourself might want to have a specific list, but I have to disagree that the general public is looking for the same list. Most of the time people are looking for a solution to a specific problem, like when they have a SpywareQuake infection, and they just want to know that it's an all-in-one solution. Just to be clear, I'm not saying that there's anything wrong with that point of view, it's just that most people aren't that interested, and also why they reject the idea of running all the programs that you mention that end up slowing the machine to a halt. Outside the security circles people can sometimes jump to the offensive if you suggest that they run more than one or maybe two apps. Truth is that I don't entirely disagree. So many apps want to run multiple background services that once you have just your basic drivers (with their utilities) and maintenance apps, you scarcely have resources left for the fun stuff that you're running the system for in the first place. So, regardless of the specific app, I want the greatest level of protection with the least number of processes. To bring this back to the original topic: since traditional solutions aren't normally doing that on their own, the community apps are starting to give some reprieve. Take some traditional concepts and add the community aspect, and you're back to having what you want in the smallest possible package. These days I'm finding that community based apps (even beyond any of the apps discussed in this thread) are the main ones providing innovative solutions and effective protection for what they do.

Well, if you click on the "Clean and protect my PC" link on the front page, you do see:

 

No need to apologize Rick. Just glad we got it sorted out.

 

I have been testing Prevx1 for a couple of days now and I must say that I do like this community-based HIPS idea.
I have for a long time been a security junkie needing to know what happens in my computer all the time.
The most intrusive program I know of is App and Regdefend (GSS). It will tell you everything about what is happening (until rules have been made).
Until recently that has been exactly how I wanted it. It has been nice to know (have control) what was going on behind my back. I have learnt quite alot from it (and other HIPS)
My conclusion, after playing around with HIPS for a couple of years, is that it is quite hard to get infected with anything at all (atleast with my setup) only the leaktests has shown me that there are alot of loop holes for malware, but I have never encountered a real malware (according to the HIPS and AV I have tried) So I feel quite safe letting the community decide what is good or bad since obviously the community do find more malware than I have done

I have grown really, really tired of confirming every obscure little detail with every install/uninstall I make, and I install and uninstall alot. Lately I have bypassed GSS most of the time when I installed something. By doing so I of course I reduced my security and made GSS more or less impotent. Therefore I find that community-based HIPS (Online Armor, Prevx1 are the only ones I´ve heard of) suites me better nowadays.

I still get, if I want, info on what is going on but I dont have to confirm everything anymore which is a big relief.
I have installed different kind of HIPS in some of my not so computer skilled friends computers, but that has of course been a disaster since they had no clue of what was happening which rendered in quite a few phone calls I think that software like Prevx1 is perfect for less skilled (or rather; less interrested in security) people.

 

Thanks for your questions and comments, herbalist.

But I think the descriptions in this link is still not accurate . For example, the support team here did mention they will detect adware/spyware. However I don't see they are mentioned in the feature list.

Even if it includes the simple word of adware/spyware, it doesn't solve the problems. This is not a big problem for signature-based antimalware and classic HIPS since the final decision is passed on to me. However Prevx1 will decide on our behalf, so we need to know more in what circumstances it blocks something, in what circumstances it doesn't. The examples which have mentioned by you are:
delivers popup ads
banner ads
data miner
calls home
updates silently
downloads more software
modifies hosts file
modifies internet zone settings or adds itself to trusted zone
questionable changes in products EULA
vendor shares data with other companies

Some problems may arise when you wish to run that program which display ads or collect some personal data which you approve but is blocked by Prevx1 since they think this is the best to you.

 

Hi,

If I follow your link and click 'Overview' then it provides some more info. Scroll down to "Stops New and Established Threats" and it clearly states that "Prevx1 ABC will protect your system from attack by viruses, trojans, worms, adware, spyware and hackers. It offers much stronger protection than conventional Antivirus or Antispyware products. It will also protect you from established threats as well as new and evolved malware which bypass conventional products with ease."

Hope this helps.

muf

 

Thanks for the info.

The point I would like raise is I think the vendor should try to include these two into the feature list. If they are not there when people reading the feature list, they may assume it doesn't deal with "adware & spyware".

 

Yep, I agree with what you are saying. They appear to have split the list into two. There is also no mention in the feature list of protection from viruses, trojans and worms. Along with Spyware and adware I would have thought these five definition's the most important?

muf

 

That list would be for the behaviors monitored, where the other list would be the kinds of malware that are specifically marked "bad".