"Befunge Sudoku" <daviddotbudd DeleteThis @manchester.ac.uk> wrote in message
news:MPG.1f14868fd309b8c98a7a1@localnews.mcc.ac.uk...
> Opinions on Neoava and Prevx1 ?
> Other desktop IPS ?
> --
> Play nicely, Dragon!
I've used Prevx (the free "1R" beta version) for quite a while and the
Prevx Home free version before that. I have found it to be very good
but there are some problems with it.
The database that it uses to determine if a process is okay or not is
on their server so you need to be online to use it. If you have an
always-on connection (cable or dsl broadband) then you are okay. If
you have dial-up and don't want to keep dialing up on every Windows
bootup, you won't have the latest updates to their database. However,
the rest of its heuristic protection is pretty good along with all its
other protections, like which of the startup/run/event registry keys
are allowed to be changed. You could do manual updates to get a new
copy of the existing state of the database, much like you periodically
poll for new signatures for an anti-virus product, but its best
protection is when you have an always-on connection.
Sometimes when there is an update, it is a program update. Since I am
using the free 1R (research) version, there are lots of *software*
updates. A software update changes the program, not just update the
database. Most times the software updates occurs without interruption
to the user. It get updated and then the Prevx service is restarted
without having to exit Windows, but occassionally a critical software
updates is applied that requires rebooting your computer - but Prevx
doesn't warn you if the update requires a reboot.
I have encountered problems with Prevx that mirrors complaints from
other users. Some have noted that CPU usage goes high. I haven't had
that problem. I have, however, seen when disk activity was high but
CPU usage was minimal yet all the disk activity still impacts
responsiveness of the computer and affects my use of it, especially if
playing a game. What happens is that Prevx is updating its logfiles,
the anti-virus program sees the changes and then its real-time scanner
checks the files, which Prevx sees so it interrupts (pends) the AV
program to check that process is okay and then permits the AV program
to check the changed logfiles but then Prevx has changed them again.
With EzAntivirus, there were times when there were 2700+ file accesses
per minute because of this battling between Prevx and the AV program
in checking the files. One solution would be to have the AV program
not scan any changes made to the Prevx files but EzAntivirus (the free
version) doesn't have that configurability. I switched from
EzAntivirus to McAfee VirusScan (free from my ISP) and that battle was
much reduced. It still occurs sometimes but is much smaller in the
number of file accesses per minute when it does happen. I eventually
uninstalled Prevx and my computer runs a tad smoother now. The change
wasn't drastic but just barely noticable (but like a fan whine that
you can hear that no else does, you go nuts trying to ignore it until
you decide to finally fix the problem).
I also use DiamondCD ProcessGuard to decide whether or not a program
is allowed to load and run from memory. If it can't get into memory,
it can't run. This is front-end protection based on your permissions
to eliminate the program from loading in the first place (rather than
trying to detect it after it loads).
I used Prevx (Home and then 1R) for a couple years. There is some
impact to your system, but then there some impact when installing an
anti-virus program, or a software firewall, or anything else that
consumes memory and runs in the background. I uninstalled it because
I've noticed that my behavior in managing my host more affects my
likelihood on getting infected than relying on an IPS program to
prompt me all the time. Eventually I tired of all the prompts. Once
a day, Prevx 1R is getting updated that is a software update which
then prompts me re-qualify the new version in ProcessGuard to allow it
Prevx to load and run which then prompts me to re-qualify the new
version in the firewall's application rules.
For normal users, it's good protection. For me, it was somewhat
redundant and getting in my way. I would far more recommend Prevx 1R
even though it is beta over Microsoft's Defender (aka AntiSpyware that
they bought from Giant). Defender polls for changes. Prevx
interrupts them. By polling for changes, Defender can only see then
AFTER they have been performed. That is why Defender cannot identify
to you what process made the change and can only offer retroactive
repair to put the item back to its recorded state before the change.
Prevx interrupts the process to pend the change until you permit it
(or block it).
Don't know anything about Neoava (probably because it isn't free for
personal use). Prevx is a commercial venture with lots of companies
that actually pay for that product. The 1R "research" version is how
they decided to continue providing a free copy for personal use
because those users also help beta test their software. Normally I
stay away from betaware but Prevx 1R has been very good and reliable.
The problems that I have with it an anti-virus software is more a
problem with the anti-virus software (which could possibly be
configured to work better with Prevx). Neoava is written by one guy
who is apparently using it as training aid for himself. I suspect his
is also another polling type of IPS program. In fact, his document
seems to indicate it performs similarly to ProcessGuard (I use the
freebie version of ProcessGuard but the paid version is much better;
however, I was just using ProcessGuard to augment Prevx).
>> Stay informed about: desktop IPS 
FAQ
Profile
Private Messages
Log in
