Prevx?

I was wondering if anybody had some comments about or experience with
the Prevx malware detection system: http://www.prevx.com/

As I understand the concept, all Your computers files are hashed and
based upon that, checked against a big "community file knowledge
database".

It initially also builds a local database of Your own files, to be
checked on each file launch. The idea would then be that when You run
a new program not registered in Your local database as being good or
bad, it will check against the community to figure out if it is
generally considered safe, unsafe or maybe not really known to the
community yet.

As always, users rate it from anything between "brilliant" and "worst
crap ever", but I would really like some solid input about this
approach.

I must admit that I basically like the concept of it. Checking Your
files "fingerprints" against a known safe is a known security concept,
although I would of course never compare a community opinion to a
known safe. I understand also that the guys behind this have realized
that a community is actually not good enough to destinguish between
good and bad, so they are more or less doing their own research on new
files.

But any ideas about the implementation and inner workings of this? Is
it just another crapware?

Or are there other and better providers of "known safes" out there
that You can check Your files against?

/B. Nice

Re: Prevx?

B. Nice wrote:
> I was wondering if anybody had some comments about or experience with
> the Prevx malware detection system: http://www.prevx.com/
>
> As I understand the concept, all Your computers files are hashed and
> based upon that, checked against a big "community file knowledge
> database".

Worse than that! No hashes, just names... If a file has the same name as a
malware, it is detected as malware by Prevx1!

> It initially also builds a local database of Your own files, to be
> checked on each file launch. The idea would then be that when You run
> a new program not registered in Your local database as being good or
> bad, it will check against the community to figure out if it is
> generally considered safe, unsafe or maybe not really known to the
> community yet.
>
> As always, users rate it from anything between "brilliant" and "worst
> crap ever", but I would really like some solid input about this
> approach.

See Above... I liked Prevx which was based on rules for detecting malwares.
But Prevx1 is pure crap. Antivirus try to detect malwares by signatures,
Prevx1 just does it by name.

> I must admit that I basically like the concept of it. Checking Your
> files "fingerprints" against a known safe is a known security concept,
> although I would of course never compare a community opinion to a
> known safe. I understand also that the guys behind this have realized
> that a community is actually not good enough to destinguish between
> good and bad, so they are more or less doing their own research on new
> files.

No fingerprints...

> But any ideas about the implementation and inner workings of this? Is
> it just another crapware?

Yes, it is.

Michel Nallino aka WinTerMiNator
http://www.winterminator.co.nr (Internet et sécurité)
http://www.gnupgwin.co.nr (GnuPG pour Windows)
Adresse e-mail invalide; pour me contacter:
http://www.cerbermail.com/?vdU5HHs5WG

> Or are there other and better providers of "known safes" out there
> that You can check Your files against?

Antivirus softwares?

> /B. Nice

Re: Prevx?

On Sat, 17 Jun 2006 15:26:08 +0200, "WinTerMiNator"
wrote:

>Worse than that! No hashes, just names... If a file has the same name as a
>malware, it is detected as malware by Prevx1!

Really? -Well, if that's true then it's no good. Thanks for clearing
that out.

>> Or are there other and better providers of "known safes" out there
>> that You can check Your files against?
>
>Antivirus softwares?

I guess that is not exactly how antivirus programs work. They are more
like looking for known patterns within the files.

I am looking for an online service that holds known safes, that You
can check Your files against - using fingerprint technology.