What's so special in Drivesentry?

Discussion in 'other anti-malware software' started by ako, Jun 11, 2008.

Thread Status:
Not open for further replies.
  1. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    What's so special in Drivesentry?

    Isn't it at the moment just another classical HIPS (with a scanner included), very similar to AE or PG? One just goes one step ahead: the malware is allowed to execute, but not write to disk, if one chooses correctly (or central database gives enough information).

    Does this approach (drive protection) give some special advantages?

    Of course DS may be develop to a nice behaviour blocker, time will tell.
     
    Last edited: Jun 11, 2008
  2. dmenace

    dmenace Registered Member

    Joined:
    Nov 29, 2006
    Posts:
    275
    Drivesentry is great at protecting against ransomware and destructive malware.

    Some HIPS such as SSM dont monitor files. They only monitor registry.
     
  3. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    But how does DS do it? Does it have some special AI to recognise when the write action is destructive? Or is it up to the user to decide it?
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    I tried it back before they added so much to it. Still had pop up's to contend with, although I don't know if it's changed.

    The file protection didn't strike me as all that big a deal.

    First for something to mess with my files it has to run, so other HIPS can prevent that. Finally with Sandboxie when I am online, nothing can write to the system area, my second drive or My Documents.

    Pete
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Detection ability is about middle of the pack.
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Agree totally!

    In the lengthy KatieDriveSentry thread here at Wilders, read through it & note that many essential HIPS features are in the status of "we are working on it" or "I'll pass your suggestion along to our technicians." Overall, DS is far less advanced than other HIPS such as Defense+, OnlineArmor, SSM, & ProSecurity.
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    AE and PG are not the same as DriveSentry. I saw that immediately after reading the suggested thread "KatieDriveSentry" and the info on the website. The used method is totally different.
     
    Last edited: Jun 11, 2008
  8. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    Please read my first post again.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I just don't like the method of DriveSentry, which is similar to Prevx.
    I don't need a large community database to verify my computer and who is controlling that large database, that contains good, grey and bad softwares ?
    Must be quite a job to verify this database in a professional way, instead of user's opinions. I really wonder how they do this and there is no way for me to verify what they will tell me.
     
    Last edited: Jun 11, 2008
  10. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    What is so special in Drivesentry?

    The fact that you can buy it for $10 or wait for the free stripped down version to be released. ;)

    But bellgamin has a good point in his post #6 in here.

    dja2k
     
  11. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    That's why I block DS Advisor totally :D
     
  12. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    But you can run DS without database too, just like AE
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That is good. Then I have still only one little problem : its blacklist scanner. :)
     
  14. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I do think file protection is important. I'll give an example. I was using a burning program to burn some backup files to dvd. I intended to delete the backup files from the project window pane, but I accidently tried to delete the files from the file explorer pane. Fortunately, because the backup files were under file protection of my HIPS (Comodo Firewall 3), the HIPS alert notified me before the files were deleted.
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Does that mean, you disable the blacklist scanner as well ?
     
  16. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  17. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    I'm not sure. For me that doesn't matter, but I understand your special needs for this. (frozen snapshot)
     
  18. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    From me above: "But how does DS do it? Does it have some special AI to recognise when the write action is destructive? Or is it up to the user to decide it?"
     
Loading...
Thread Status:
Not open for further replies.