Compatible Support Forums: ScinTex: The PrevHomeX tool, where is it again & questions

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

ScinTex: The PrevHomeX tool, where is it again & questions

#1 User is offline   ScinteX 

  • enthusiast
  • Group: Members
  • Posts: 317
  • Joined: 23-August 04

Posted 08 January 2005 - 01:50 AM

oh mate sorry i didnt see this earlier... it wasnt in my "X forum topics since your last visit view" frown

Oh well i am here now laugh


Prev checks loads of stuff & it appears to work on SP2, since I have had it running on my box for about 3 weeks now. Prevx say "...Windows 2000, XP on all service packs".....

http://www.prevx.com/

To be honest it has not flashed up warnings all that often, which I guess is a good thing. However I am sat behind a hardware firewall so who knows what is actually hitting me but getting filtered out by the firewall box!

The most common warning I get is when a program is trying to execute in a "protected" folder. Typically, this is a temp folder of somekind (Windows temp folder or maybe another designated cache like IE's temp folder -> when using Windows Update).
The program appears to monitor malicous activity that it thinks shouldnt be happening. Therefore it is hard to say what it stops exactly (With examples) since it doesnt use signature files as such. Wow this is hard to explain!

The FAQ is really useful :

http://www.prevx.com/prevxhomefaqs.asp

Prevx do "monitor" events generated from the program. This is private and they do provide a detailed synopsis of why/what/when the program phones home. It is not malicious- it helps 0-day attacks and such. You can turn off the phoning home bit (see FAQ and/or http://www.prevx.com/PrevxHomeAudit.pdf). You could also use your firewall to stop it if you dont like the idea I suppose.....

I am not quite sure exactly how this thing works, but I have been a bit crafty and downlaod various bits of code from the net that *attempt* to break Windows XP. I tested on XP SP1 and Prevx killed the process. On SP2, results were different- SP2 was not interested in the slightest and the code had no affect. I can only guess that should I ever get stung by a buffer overflow exploit in XP SP2, Prevx would catch it.

Some background info on the web:

http://www.wilderssecurity.com/showthread.php?p=96050#post96050
http://www.techzonez.com/forums/showthread.php?t=9739&goto=nextoldest
http://netsecurity.about.com/od/readproductreviews/fr/aapr091904.htm

An old article, but interesting all the same- probably the closest thing to how it works!
http://news.zdnet.co.uk/internet/security/0,39020375,39118610,00.htm

0

#2 User is offline   ScinteX 

  • enthusiast
  • Group: Members
  • Posts: 317
  • Joined: 23-August 04

Posted 08 January 2005 - 02:11 AM

No probs, happy reading laugh
0

#3 User is offline   ScinteX 

  • enthusiast
  • Group: Members
  • Posts: 317
  • Joined: 23-August 04

Posted 08 January 2005 - 03:44 PM

Funny you should mention it- I have just been playing with Server 2003. It is annoying when stuff doesnt work on 2003.

But then again, only a handful of home users would run 2003- thus businesses usually go for the corporate editions etc.

Prevx dont seem to mention 2003 on thier site. Then again I would imagine that as a business you'd contact them and they would make it work... what a pain for us lot- I know we are "home users" but we tend to play with all sorts of things and join the "big boys" with thier servers editions etc!!!!

But hey no biggie- and as u say, not a waste.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users