Best Free Intrusion Prevention and Detection Utility for Home Use (HIPS)

 
In a Hurry?
  Go straight to the Quick Selection Guide
Introduction

Gone are the days when a virus was a virus and everything else was - well – different! Now known collectively as “Malware” these threats are constantly evolving and pose a serious challenge to security software. Signature based scanners give the most reliable detection results but these are limited by the frequency of their database updates. To compliment signature recognition software HIPS programs were developed which look for behavior on your PC which is “characteristic of malware activity”. The user is then presented with an alert to either allow or block the event. Some programs automate this process which can occasionally lead to problems. See my article “HIPS Explained” which deals with this and other issues in more detail.

Evaluating the performance of HIPS programs is far from easy and any so called “test results” should be viewed with a degree of caution. It is straightforward enough to feed malware files to a selection of signature scanners and then count what they find to arrive at a score. AV Comparatives provides an admirable service here and the results are always consistent and reliable. There is no such definition line possible for testing HIPS software and my feeling is that some of the vendors may possibly use this to their own advantage (“hype”).

Review Criteria
My objective in reviewing this software is to help users make an informed choice about the suitability of the products for their own requirements. In addition to information obtained from the various producers, I have used two methods to collect the necessary data and tried to present my analysis in a factual and entertaining manner. Part of my review is based on personal usage of the software concerned and I will be updating information about my component set-up on this page. I have also used third party data collected from sources I know to be reliable such as other forums where I have known some of the posters for several years. In reality no one can ever duplicate the system you use and the software reviewed may react quite differently between one PC and another. Ultimately, the best way to judge the suitability of these programs for yourself is to try them.

Discussion

DriveSentry DriveSentry is a relative newcomer to security software but it is still my top pick. People who have already discovered this product will appreciate what a solid option it is. Released for the first time four years ago, DriveSentry adopts a novel and innovative approach to malware detection. It assumes (quite rightly) that in order to operate, any program on your computer needs disc access, and in particular it needs to be able to write data to your hard drive. Without this ability it cannot launch, control or change another process, replicate or use the Internet. This includes things sitting in your temporary folders and on your desktop as well as the installed applications in your program files. The key feature is that DriveSentry will only allow trusted programs to write to your protected areas. DriveSentry contains a white list of safe files which it will allow to run and also a black list of known malware which it will block. There are now 2.8 million files in the malware database. A new feature is powerful “honey pot” feeds which provide real time signature updates as soon as the virus is discovered (paid version only after 30 days). In addition to the real-time protection you can use DriveSentry to scan for malicious files including scripts, macros, Trojans, viruses and rootkits.

DriveSentry also includes a community advisory for each alert showing details of how many people have either allowed or blocked an event previously. A similar function called Threatcast is now included with Comodo's CIS Internet Security suite. Whilst this format for sharing information is always welcome, community based advisories should be viewed with a degree of caution. If an alert is presented for a new safe program and nine out of the ten people who first saw it chose to “block” then you will see a 90% advice to do the same and may be tempted to follow suit. The good thing is that with DriveSentry you can always change or remove the rule created later if you discover that something blocked is really OK to run.

There are considerable options for adding extra rules but this facility is only for experienced users. The logging facility is excellent and provides an invaluable source of data for determining any changes you may wish to make to an application's access rights. Some programs bestow levels of system “invadability” upon themselves at install which they either don't need, or in some cases, shouldn't have! Only you can decide if this amount of adjustment and control is really necessary for your own circumstances. As with all rule settings, if you do make changes it's best to do them individually and then check your system functions. One error can usually be tracked back and altered fairly easily but several might take some finding!

DriveSentry's own literature describes it first as being a “firewall” (for drives) and then an “antivirus” so it's little wonder that many of us end up a bit confused as to exactly what this program does! It's not altogether the manufacturers fault as it's becoming more difficult to classify the threats too, hence maybe the confusion.

I've given DriveSentry our top pick award because not only does it do what it says on the box but it does it in a way less likely to cause you problems than some of the alternatives. Whilst it will automatically block and quarantine known malware, the other automated features are fully controllable, keeping you in the DrivingSeat if that's the way you want it. The GUI is easy enough to navigate and the information presented is clear and concise. Resource consumption, in particular memory use, was an issue with previous versions but this has now been fixed in this release.

There is also a paid version of DriveSentry which offers automatic updates and a portable version called “GoAnywhere” aimed at USB drives, but this too is paid.

Updating the free version is a manual operation.

The PDF available is not exactly what you might expect, containing just two pages similar to the web layout, but it does give some additional information.

DriveSentry Security Suite

In line with the trend already set by other vendors, DriveSentry have now released a "Security Suite" which combines the separate DriveSentry desktop and GoAnywhere programs.

This basically adds Drag & Drop AES 256bit data encryption and File Synchronisation/backup to the features list.  Users should be aware though that this package does not contain a network firewall as you might expect from the description so if you are not using the Windows firewall you will need to consider a third party application to perform this role.

Despite being in direct contact with the vendor I've found this to be one of the most confusing product juggling exercises to follow, and I'm not alone as visitors to the dedicated thread at Wilders will see.

This FAQ link now answers some of the questions raised since the suite was introduced.  

forum.drivesentry.com/viewtopic.php

I guess this would be the one on most people's minds.

Will you continue to support and offer updates to DriveSentry Desktop (paid & free version)?
"Yes, we have no plans to discontinue the free or paid version of DriveSentry Desktop. We are continuously researching and developing new premium features for our paid products/suites whilst offering simple next generation anti-virus protection for free".

Both the suite and desktop applications are evolving products and as such have suffered less of the stability issues reported by users of comparable software.   DriveSentry remains a solid choice for PC security and a real alternative to established protection methods, but do expect some bugs as the upgrades become implemented.

Despite the reassurances in the FAQ above it remains to be seen which direction the "free" version of this software will eventually take.

 

PC Tools ThreatFire PC Tools ThreatFire continues to evolve but from version 4.5 they took some bits away as well as adding new ones. Gone is the antivirus scanner and users must now find an alternative program to perform this function. A facility to download the PC Tools antivirus is provided from the ThreatFire GUI. The immediate effect of not having the virus scanning engine and signature database is to reduce the download size from some 22MB to just 7.5, but what about the rest of it? Well the old “Threat Detection” map remains which in terms of security provision is about as much use as a paper bag in a thunderstorm but the other features are solid enough. To detect malicious behavior, ThreatFire monitors every file operation, every process creation, every network communication (inbound and outbound) and every interaction with critical components of the operating system. They say rootkit detection has been improved to discover “deeply hidden threats” but I thought this was why rootkits were called rootkits in the first place (because they were deeply hidden!).

The thing that concerns me most though is that the level of program automation has been increased with the addition of “in-the-clouds black and white lists to automatically handle threats, significantly reducing user interaction”. This means it will now do more things without asking you! You may prefer to keep your feet on the ground instead of “in-the-clouds”. Maybe I'm being a little unfair as this program continues to be hugely popular but with forum posts highlighting a range of issues, some relating to the (supposed) automated removal of Windows system files I can't help but think that increasing the automation still further was a bad choice. I've never questioned the value of behavioral based detectors in a balanced security line-up but what I do doubt is the wisdom of giving them an increased automatic ability for process termination. General feedback for the new version though appears to be very positive and from personal contact with PC Tools I can confirm they are working hard on fixes for any remaining issues. Certainly browsing performance with this version shows a significant improvement. Time will tell if the major problems some have experienced with ThreatFire have finally been smoked out.

Despite my reservations ThreatFire continues to be a top contender amongst the free behavioral detectors, but I am wary of recommending it for average users. Especially since the removal of the signature based virus scanner, I believe DriveSentry to be a better option.

Be aware that automatic updates are not provided with the free version if you elect to “opt out” of the ThreatFire Community. The paid version does offer this option plus other flexibility, permissions for commercial use and telephone support.

*Windows 2000 users please note that you need V4.1 of Threatfire.  See footnote 3 and other useful information including the download link on this page.

 

 WinPatrol Startup WindowWinPatrol has been helping to protect computers for more than ten years. With DSA now only available as part of the Privatefirewall package the options for standalone programs of this type have been reduced still further. Maybe then this is the right time to re-visit an old favorite of many users which is still in development and more than capable of providing this extra layer of security.

WinPatrol has many advocates and has recently been upgraded to achieve greater compatibility for Vista and Windows 7 users. It's main objective is to warn you about alterations to your system which may be malware generated. It does this by taking a snapshot of your system settings and alerting you to any changes. WinPatrol operates using a heuristic approach which makes it more likely to find new malware than traditional signature based scanners which are heavily reliant on updates.

WinPatrol will alert you to new program activations as well and is effective across a whole range of malware including worms, trojans, cookies, adware and spyware. Even stuff designed to replicate itself on your system is with WinPatrol's reach. You can also use WinPatrol to filter unwanted cookies and IE add-ons. An added bonus is that WinPatrol will also deal with the problems it finds so you won't need another program to do this for you.

The author, Bill Pytlovany, provides support and has an interesting comments and resource blog here:

http://billpstudios.blogspot.com/

Softpedia review link (2007)

http://www.softpedia.com/reviews/windows/WinPatrol-Review-62232.shtml

 

 

Spyware Terminator Spyware Terminator seems to have been around for almost as long as I have and some might argue it's about as much use too! That said if you witnessed the decline of this software a couple of years ago you might now be surprised by its rejuvenated format. I'm not going to pretend that the spyware detection rates are that good because they're not, but the HIPS component is. Added to that is the option to integrate the ClamAV antivirus shield and Web Security Guard. An adware toolbar (Web Security Guard Toolbar) is included but you can un-check this at installation. There is a choice of two proficiency levels for the default install (basic and advanced) which then sets the rules and notification levels (number of popups) accordingly.

No less than ten real-time shields are provided for system protection and each one can be enabled separately. An install mode is included for use when adding new software and there's a separate cookie scanner. Other features include locked file removal, file analysis, browser restoration and even a system restore function. See the full details here. There are several scan options including customized and context menu scanning. The updates are compressed to minimize bandwidth usage, and there's even free support via email and the forum. The spyware scanner is 64-bit compatible for both XP and Vista but unfortunately the Real Time Shield is not. This is planned for the third quarter of 2009. Free for home and commercial use. How do they do it!?

Resource use and system impact will vary according to your component strength and what you ask Spyware Terminator to do. It is always likely to be on the moderate side but unless you have a really old computer it's worth living with.

Be advised that Spyware Terminator only loads a small installer program initially (632kb) and then connects to the Internet to download the other stuff you've ticked as options. There is a separate link for downloading an off-line installer if preferred.

 

MJ Registry Watcher MJ Registry Watcher is another application that maybe not too many people are aware of. It is a simple registry, file and directory hooker/poller that safeguards the most important startup files, registry keys, and other more exotic registry locations commonly attacked by Trojans. It has very low resource use, and is set to poll every 30 seconds by default, although you can adjust this if required. A configuration file stores all your settings for future use. MJRW not only polls the system, but it also hooks it, so that most changes to keys, files and directories are reported instantaneously. Key deletions are still caught by the polling loop though, since they cannot be hooked. Exactly which keys and files are protected can be completely configured by the user, although the sets supplied with MJRW will cover most standard PCs. You do need better than average knowledge to get the best from this software but users in this category who prefer to combine small light applications to create a layered security solution should definitely check it out. Installation is not required, simply run the program from whichever directory you un-zip it to.** New features in V1.2.6.7 released 4th April, 2009 : Process Launch Monitoring, Folder and File Hooking, EMailing of Alerts, Quarantining of Files and Directories **  There is an active thread for this software at Wilders forum here: http://www.wilderssecurity.com/showthread.php?t=54666 The author, Mark Jacobs, also maintains a range of other free software on his website and will respond to emails for support if requested.

Related Products and Links
Quick Selection Guide

DriveSentry    Rating 9 of 10  Gizmo's Top Pick

Pros Excellent default settings for novices but also highly configurable for more experienced users
Cons Manual updates; Low user numbers could make the information in some of the community advisories unreliable
Developer Home Page http://www.drivesentry.com/AntiVirus-Firewall-features-for-computers-and-removable-media.html
Download link http://www.drivesentry.com/AntiVirus-download-free-Firewall-products-for-computers.html
File Size 51 MB   Version 3.4   License Type Private Freeware (not free for commercial use)   Installation Requirements MS Windows 2000, XP, 2003 Server, Vista

ThreatFire    Rating 7 of 10

    Runs from the box without the need for additional configuration

    Ambiguous results may need web research confirmation; doubts about compatibility with other software
   http://www.threatfire.com/
   download.cnet.com/ThreatFire-AntiVirus-Free-Edition/3000-2239_4-10726873.html

 9 MB   Version 4.6.0.19   License Type Private Freeware (not free for commercial use)   Installation Requirements MS Windows  XP, 2003 Server, Vista  *Windows 2000 users please see footnote in the text above

WinPatrol    Rating 7 of 10

Pros 

Comprehensive protection; deals with the problems it finds; a pioneer of heuristic based detection technology

Cons 

“Scotty the Windows Watchdog” projects a somewhat dated image

Developer Home Page 

http://www.winpatrol.com/

Download link 

http://www.softpedia.com/progDownload/WinPatrol-Download-10365.html

File Size 714kb   Version 16.1.2009.1   License Type Unrestricted freeware   Installation Requirements MS Windows all inc. 64 bit

Spyware Terminator    Rating 6 of 10

Pros Long established and well supported software with an excellent HIPS and many other features
Cons May slow some older PC's; spyware detection rates poor in comparison to SUPERAntiSpyware
Developer Home Page http://www.spywareterminator.com/features/antispyware-features.aspx
Download link http://www.spywareterminator.com/download/download.aspx
File Size 632 KB   Version 2.6.2.456   License Type Unrestricted Freeware   Installation Requirements All Windows

MJ Registry Watcher    Rating 6 of 10

Pros Light resource use; excellent default rules with choice of security levels
Cons Only really suitable for experienced users
Developer Home Page http://www.jacobsm.com/mjsoft.htm#rgwtchr
Download link http://www.jacobsm.com/mjsoft.htm#rgwtchr
File Size 1.34 MB   Version 1.2.6.9   License Type Unrestricted Freeware   Installation Requirements All Windows

 

4.2
Average: 4.2 (20 votes)
Your rating: None

hi i was wondering what would be the best hips for a 64-bit os?

For a lightweight compliment to your existing security software then WinPatrol is stable and able. I've run it extensively now without a single negative issue to report. The best possible solution in my opinion would be CIS (Comodo) but then you probably already have another firewall which you don't wish to change.

Are there any known conflicts between Winpatrol Plus and Microsoft Security Essentials?

Thanks

Scotty works and plays well with others.
I've been running both successfully under Windows 7 since early beta of both. While there may be some redundancy there are no problems.

There was a comment about WinPatrol still having a more classic user interface look. One of the reasons WinPatrol is so compact and quick is I didn't spend a lot of time on fancy graphics or transitions. The result of a simple interface is great performance and it provides support for many Enabling devices like screen readers.

Thanks,
Bill

Thanks Bill. Now that's what I call support!

Thanks by the way Bill for contributing here. Much appreciated.

To change the theme a little and go back to WinPatrol, I have a comment or two about that software. It enjoys a very good reputation and has been around for a while but I have noticed a couple of things about winpatrol that I do not like. For a short background, I have always been extremely unhappy (being diplomatic) with IE creating the index.dat files. With the "enhancement" to XP the alterations I had made to ME to drastically reduce these files would no longer work. So I began using another browser and basically buried Internet Explorer (Only needed for sites that believe their existence depends on IE). The results: better security, easily removable items that point to where you have been on the internet and very little, if any, build up of the "index.dat" files. (Again, these files have been one of my pet peeves).
If you use winpatrol, it has a tendency to favor IE and will, all of a sudden, create a build up of index.dat files for just about all your security software. As index.dat is one of the major contributors to my irritation level, I removed winpatrol. Index.dat files are back to virtually nothing.
Reckon I got a little verbose on this one.......sorry about that. Other than that, the program does a good job but needs to be altered to recognize the browser that is actually being used on the system. One would think that the authors would be aware of this issue but perhaps they are not concerned. The other option is that people consider things like index.dat files trivial. So be it but I will not accept having any software creating files I do not want or need and then making it difficult for me to eliminate.
Have a good day (tomorrow).

Dazeydog,

I welcome you to send your comments to support@WinPatrol.com. To be honest I'm a little confused about your index.dat file comment. The only index.dat file I know of is related to IE cookies. This file is related to IE cookies. This file should be reduced automatically by Windows depending on your settings for how often your cache is cleaned up. I recommend keeping your default Temporary Internet Folder size to a smaller number than the Windows default.

If you use other browsers you may be happy to hear WinPatrol 2010 now includes support for Firefox 3.x and even Chrome.

Bill

Thanks for your input dazeydog. As I have only just added WinPatrol to my review I am still learning about it's capabilities myself. This plus I tend to use my Ubuntu partition more than Vista which limits my exposure to the software. I've actually approached the author and asked him if he would like to contribute here or at least respond to your comments. Depending on the response I get I'll post the details here and maybe open up a thread in the forum for WinPatrol too.

Drive Sentry have just released V3.4.0.20 of their free desktop version. There are no new features but I'm informed that improvements have been made to existing components in several areas.

Users of the previous version please note that there are no time limited automatic updates as before. From V3.4 the free version requires updating manually.

I can't install Drive Sentry on W2K because the install throws up an error message right at the beginning:

"Drive Sentry requires the Filter Manager in order to operate. Please install the latest Service Pack for your operating sytem."

The install continues but I assume it is not 100%, so I terminate it.

I have W2K SP4 Rollup1 - which is the latest version of W2K. So it looks like DS doesn't work on W2K?

chris.p

Received confirmation from Drive Sentry today that V3.4 Desktop "should" still work on W2K assuming SP4 or above. I've asked for a bit more detail than this as "should" is something I don't understand. Either it does or it doesn't.

Thanks for the feedback on this. According to their website DS is still compatible with W2K but I'll mail their support for confirmation. I've not found them too responsive of late, in fact there doesn't seem to be very much activity at all.

MC, the latest version of Threatfire does not work on Windows 2000 (won't install). Old versions install OK.

Also, TF does not prevent rootkits creating a new .exe and writing it to the disk. If it doesn't do this, I'm not sure what use it is, since the only other useful facility it might contain would be to stop unknown apps dialling out - but your HIPS firewall does that (and much more effectively, in my ongoing live test, which involves trying to get rid of a damn pesky rootkit).

Threatfire - on W2K at any rate - doesn't stop unknown exe's being written onto the disk, and it hardly ever stops new processes dialling out. All these are caught by Avast and Online Armor, not TF.

chris.p

Thanks for the heads up about the version install on W2K. I tend to use Softpedia as my reference source for this and they still list it although PC Tools and Cnet (our own link) have removed it.

In truth I've no knowledge of how effective even the older versions of Threatfire might be on W2K because I've never used this system. Many users add Threatfire as an additional layer of security for it's keylogging and buffer overflow prevention capabilities.

The real strengths of Threatfire though lie in it's ability for custom rule creation which unfortunately is beyond the abilities of most average users to configure and inadvisable for same to try. This tutorial though has been well written and includes a section for outbound protection.

http://www.wilderssecurity.com/showthread.php?t=253507

To be honest if I was using W2K and felt the need for this type of software I think I'd revert my attentions to the era from when it was written and use Cyberhawk instead, copies of which can still be found.

Threatfire 4.1 supports Win2K. See footnote 3:

http://www.threatfire.com/updates/

Steve

Thanks for this, SBW.

MC, maybe you could add this info to the TF details :

W2K users need to download the ThreatFire 4.1 version, the download link is at the foot of this page: www.threatfire.com/updates/

Personally though, I've deleted it and won't be reinstalling it. It never picked up one single disk write out of dozens that a rootkit I had was creating (additional .exe's), and that were stopped by Avast. It never picked up any of the added (malware-created) tasks in Task Scheduler, that WinPatrol stopped. It never picked up any dial-outs, which Online Armor stopped.

Therefore as far as I can see it is not much practical use. Perhaps this just applies to W2K. However it uses very little in the way of system resources :)

chris.p

Thanks Steve.

Hi all.Dont know wether anyone has tried iobit security 360.I suppose it is a hips,running it now myself,seems to work okay,any chance of giving it a test???? Had trouble with drive sentry and threatfire.thought i mite give this a go....

Iobit 360 is an anti-malware product, not a HIPS. It is possible that it will be reviewed here now that the final version has been released, but this decision will be made by the editor of the category concerned.

DriveSentry put a BSOD on bith my pc and my wife's, both run Comodo and Avira. There is a basic conflict when I removed DriveSentry the PCs reverted to problem free

When I was trialing DriveSentry for the review my own machine (XPSP2) was also running Comodo and Avira without any problems. Without knowing a lot more details about your system and how you had your other security components configured it's not possible to second guess what might have gone wrong.
Unfortunately these instances are very system specific and often here and in the forums we see similar posts relating to troublesome combinations which others are running quite happily. The (yawn) long awaited new version of DriveSentry is meant to be more imminent now than it was so maybe you might feel confident in re-visiting this software then?

I am surprised not to see ProcessGuard included in the review. It is by far one of the best hips i have ever used if not the best. Can you please consider reviewing ProcessGuard?

The products reviewed here all have full featured protection. All of the important functions such as Rootkit protection, hooking, driver installation, registry and memory protection are all missing from the free version of ProcessGuard. It doesn't even block new or changed programs. You can achieve far more protection with other software.

I'm having two major issues with Dynamic Security Agent. I installed it a few days ago and after a couple days it was using over 200 megs of memory. If I restart it, it goes back down to about 18 or 20 megs, but then starts increasing fast. The other issue is that every time I restart DSA, it turns off my Windows firewall. Any ideas?

DSA is now discontinued as a standalone application and no longer supported. An updated version is now included with the Privatefirewall package. This excellent firewall used to be commercial but is now freeware.
http://www.privacyware.com/personal_firewall.html

Thanks for the info. I can't find many reviews of Privatefirewall. How do you think it compares to the ones listed on this site (Outpost, Comodo, Online Armor, and PC Tools)?

I have been testing it for a few days. It has an 'old' looking interface and is a bit buggy on an XP SP3 machine. It seems to get confused sometimes about what process is doing what and starts blocking the wrong things.

I will be uninstalling it shortly. Not up to par, IMHO.

It would be helpful to know which applications and processes you are referring to as the firewall doesn't block anything. It produces an alert to prompt an action, depending on how you have it set up.

Hi,

I watched a video on YoutTube from mrizos. He reviews a lot of software. He said Geswall was pretty good in his opinion. I DL'd the freeware version.

Any reason the free version doesn't make the list? Is it a poor cousin to the Professional Edition?

Thanks.

Dogpile

Although GesWall can be considered a HIPS, it's not really a HIPS as in a behavioural blocker, it's more of a browser protection utility:
http://www.techsupportalert.com/best-free-browser-protection-utility.htm

As with all software groups we try to mix performance with ease of use. We also try to reduce the overall amount of items reviewed otherwise the whole thing can become more confusing than it already is, especially for security programs. Also, the following warning is posted on the Softpedia page for GeSWall

NOTE: Only for advanced users. Please be very careful. Your operating system may not start anymore!

On balance therefore I decided to leave it out. If your system knowledge is at a sufficiently high level to operate this software correctly then it would indeed be a good addition to your security setup.

Thanks for the quick reply. I removed it from my computer.

I tried DriveSentry on XP but it conflicts with Sandboxie causing it to blackout to DOS and switch off abruptly. I have since changed to Vista and decided that PREVX 3 free version is the best available as it effortlessly flags malware without any intrusive pop alerts of safe executables. This and Nod 32 online scanner will find malware that everything else could miss including Avira Antivir.

I was infected by what Nod 32 Identified b.exe c.exe d.exe as fake Trojan. I then scanned using Virus Total and Nod32,PrevX perhaps Trend and Norman also showed positive results. Malwarebytes, SuperAntispyware, A2 all proved usefull in identifying and removing but only Prevx was able to provide early detection of something that very few other products could prevent. All without having to check every executable message asociated with HIPS.
I want to keep SandboxIE and therefore give up on DriveSentry. Therefore PREVX to me is a double blessing.

The free version of Prevx provides no protection, only the means to identify malware after it has infected your computer. You would then need considerable system knowledge or another third party application to undertake the removal process. As prevention is always better than cure you would be better to re-consider using a solution with real-time protection. That said, with Sandboxie used properly many would argue that you need nothing else at all.
In terms of detection statistics you will see from the file scan results in various places that all of the recognized software misses something. In this respect Prevx is no better than the other top marques despite all the rhetoric and charts on their homepage. It's also no worse either. Overall the best two at the moment are Avira and a-squared. Next week it might be two different ones. Malware is evolving at such a fast pace these days it's almost impossible for the traditional software to keep up. This is one area where Prevx does score, but only in the paid version if you want real time protection. Prevx is also not a HIPS in the true sense so it was never designed to alert for executables like DriveSentry.

No reconsiderations. I am convinced by the my own trials. Avira Antivir + Outpost + PrevX is all I need.

"In terms of detection statistics you will see from the file scan results in various places that all of the recognized software misses something." Are you referring to VirusTotal?

Yes, Virus Total is perhaps the best example to demonstrate how one program might find something that another misses, or vice versa. It also serves to demonstrate those programs with a regular high incidence of false positives as enjoyed by a-squared recently.

But VirusTotal does not take into account the real-time protection offered by the programs. In particular with a program like Prevx, where the main protection lies in the real-time cloud database, so VirusTotal isn't a good tool to judge the effectiveness of Prevx (or many other software).

The comment was merely an illustration about how certain threats can be missed by one application and not another, and how the results could well be reversed with a new batch of malware. I accept the point about Prevx but the original comment was about the free version.

The free version of Prevx has full detection capabilities of its real-time protection. So the level of detection between the free and paid are the same.

I appreciate that the detection levels are the same. It was more the "protection" capabilities I was concerned with as the OP was comparing Prevx free with DriveSentry and Avira.

This is what I saw on their website which to me suggests that "protection" is only available with an upgrade to the commercial version.

"Should Prevx 3.0 detect infections missed by your existing security product(s) you can always upgrade to add malware removal and protection at any time or report the infection to your existing security"

Ah OK. I assumed the OP knew that Prevx only had detection.

Hey-Ho, I misread this too because I thought the OP was just referencing Avira and not actually using it together with the free Prevx. As it is the setup now is ideal. Sorry for the confusion folks!

I recently looked into using DSA and downloaded it on my system which is windows vista home premium sp2. I've had issues installing it. I kept getting compatibility issues and I was redirected to the right version by vista error reporting. Then to top it off I get Trojan win32/agentBypass.gen!G detected by Microsoft Security Essentials on file:C:\Program Files\Privacyware\Dynamic Security Agent\pfsvc.exe. So it was automatically detected and removed by MSE. So I decided to remove it and use Webroots firewall which has DSA built in and I kept getting a error saying that it needs the DSA driver and wouldn't install. Interesting part it needed that file mentioned above as infected. Its just one error after another. I was using Panda Cloud AV since it was released but I got a few worms and Trojan infections that got through and I had to reformat. As we all know that is a big pain in the ass... So far Microsoft Security Essentials is kicking Panda's Ass. I've had no issues and it found 4 trojans that were actively messing up my computer. Just letting people know I think the download for DSA from their site is infected. Since Microsoft is known not to have any false positives. It was also detected by A-squared free scanner and I had to check on virus total to make sure and it was a trojan. Not many scanners found it but there was a few. Don't remember exactly the number since I use MSE now it won't let me check again its automatically removed. DSA seems to work fine without it though. I haven't had any issues so far but for some reason its not registering as DSA its showing PrivateFirewall now as well lol...

detected by Microsoft Security Essentials on file:C:\Program Files\Privacyware\Dynamic Security Agent\pfsvc.exe.

As expected, now confirmed by Privacyware as a false positive.

Despite Privacyware being a Microsoft Gold Certified Partner, MS are obviously having problems adding all of their files into the database!

I'm sure this detection is a false positive as I've seen similar before. To be on the safe side though I've submitted it to Privacyware for their input and will post the reply when I get it.

I've got KIS and DRive sentry.... do I need drive sentry? Are the two antiviruses conflicting in anyway?

Should one add DSA?
At the moment I've got:
Drive Sentry
KIS
SAS Professional
Comodo Memory Firewall
As well as the WOT, COmodo Verification engine, Spywareblaster, etc.....

Any thoughts?

Personally speaking if your using KIS (Kaspersky Internet Security) I don't think you need anything else mentioned above since its a full Internet Security Suite. Your taxing your system and not getting much added protection. Kaspersky is a good quality product and they have been up in the top 5 best (usually behind #1 ZoneAlarm) Internet security suits in the world. Drive Sentry is a stand alone application it can work with KIS without any issues but Drive Sentry recommends using it alone to prevent any compatibility issues. I'm not a big SAS fan it always has issues on my computer and Comodo as well all of its products. I'd recommend WOT and Spywareblaster is good as well. Passive protection.

So to recap you could be alright in just using KIS alone but if you dont want to if you use Drive Sentry either alone or along side KIS your going to be ok. If you check the remove malware forum and see the review of Drive Sentry it does offer great protection he throws enough things and it got 100% on his test and is a great product. I found it a bit restrictive of my online games lol Combat Arms and Cross Fire. Spyware blaster is good pasive protection blocking known sites but the updates aren't that often. The other products aren't really needed they will just tax your system if you use just DriveSentry you will notice a bit improvement in speed and response of your system. I would use just KIS and drive sentry if I were you. In any paring you chose either ran along side or individually. If you want to help compatibility with running drive sentry with anything else in the settings at the bottom remove automatic quarantine so you get a pop up that way it alerts you if KIS misses anything Drive Sentry will catch it that's for sure.

Hope that helps sorry its so long...

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <b> <address> <blockquote> <br> <caption> <center> <code> <dd> <del> <div> <dl> <dt> <em> <font> <h2> <h3> <h4> <h5> <h6> <hr> <i> <img> <li> <ol> <p> <pre> <span> <strong> <sub> <sup> <table> <tbody> <td> <tfoot> <th> <thead> <tr> <u> <ul> <tr>
  • Lines and paragraphs break automatically.
  • [node:123] - insert full text (themed by theme('node'))
    [node:123 body] - insert node's body
    [node:123 teaser] - insert node's teaser
    [node:123 link] - insert link to node
    [node:123 collapsed] - insert collapsed node's body
  • You may use [view:viewname] tags to display listings of nodes.

More information about formatting options