PC security programs have become the bane of a PC user’s life. It is now possible to choose from conventional anti-virus with signature updates, anti-spam for email, anti-spyware, desktop and router-based firewalls, and any number of bits and pieces that can be plugged into browsers to stop them becoming yawning chasms through which malware can gleefully trample.
And all that’s before one even considers intrusion detection, various forms of data encryption, and the growing number of applications and services to secure and authenticate wireless connections. You could, conservatively, run up to half a dozen programs just to keep a single laptop or PC safe. But is it really necessary to turn the average home or business computer into a platform for running software security programs? And how secure is most of this software anyway?
Brave, then, that a relatively unknown UK company has decided to launch yet another security client, claiming that it has found a completely different way of solving the security problem. It is called Prevx1, and according to its designers it can secure a PC from all possible attacks without the need to run to any other program, including conventional anti-virus scanners.
Prevx1 is as original as it is unorthodox. Where conventional security software will use a mixture of signatures (protecting against known threats), heuristics (protecting against known threat activities) and honeypotting (looking for unknown threats before they strike), Prevx1 is founded on the principle of creating unique checksums for every bit of code (executable, DLL, scripts, etc) running on a PC, and then cross-referencing this against a central “community database” of user checksums. If the code is legit, that will be easy to check, while if it is unknown the code is stopped.
This process is carried out once in depth, when the software is first installed, and takes around 15-20 minutes. According to the company, an average PC will have around 15,000 individual programmes with some systems having up to 100,000, roughly equivalent to the size of the Prevx1 program database. Every piece of malevolent code found on PCs is automatically analysed before being added to the mother database.
Every time the PC is switched on, by default the program briefly re-checks the local checksum list to see whether any new code has appeared, before moving into the background. Apart from queries regarding unknown new programs – this happened only once in the time we tested the software – Prevx1 just sits quietly in the background. No scheduled scanning is required, and about the only other thing it does is to occasionally update itself to the extent of needing a reboot.
In fact, Prevx1 also appears to use signatures and heuristics to some extent as well – hedging its bets perhaps - but it is the analysis of the identity and state of running applications that defines its claim to be different.
There are three security modes to chose from, depending on knowledge; ABC, Pro and Expert. The basic mode offers minimal interruption, while the other two modes will, initially at least, query more of what is going on with the system and allow the user to build a set of application rules.
Users can chose from one of two ways of licensing the software. If used as a free trial, the detection will work indefinitely, but the cleanup will only work for a single month after the first piece of malware has been detected and removed. Using cleanup again after that month will mean paying for a license. Alternatively, the software can be licensed from the start by buying a license key.
So, does Prevx1 work? It’s not easy to test anti-malware software nowadays because the universe of potential malware is now so huge, and the worst category - targeted attacks - is all but impossible to replicate. The lack of a methodology didn’t stop us browsing our favourite drive-by malware sites to see how it would cope, and sure enough it noticed plenty to offend it.
What we liked about Prevx was its intriguing design, which promises more reliable detection than conventional approaches, even if it has still to prove this beyond doubt. Set in the simplest mode, it offered only one false positive, and therefore threw up none of the incessant and sometimes hard-to-read pop-ups that the majority of security programs assail users with. Better still, it doesn’t ask you, as will conventional AV and anti-spyware programs, to do periodic and time-consuming scanning.
Meanwhile, the software updated on a fairly regular basis (some of which needed reboots), but no more than any other security program out there, and probably, on balance, less. If it has a weakness, it might be performance; using a behaviour engine to monitor the way a whole raft of program components are operating, is bound to consume cycles.
It’s early days for this program but it shows great promise. We normally de-install security programs from our test PCs, but Prevx1 is one we’ll keep running. Although it started life as a consumer product, the company can provide a console to allow Prevx to be managed on a day-to-day basis as a network client.