Saturday, October 07, 2006

Intrusion Prevention and Detection Utility

These days all users face a real risk of malicious programs secretly installing themselves on your computer. Anti-virus and anti-spyware products dramatically reduce the chance of infection but are not perfect. In particular they are prone to miss new malware products not yet included in their signature databases. They can also fail to detect malware programs that are cleverly disguised to avoid detection.

To detect these malevolent programs that manage to slip by your AV and anti-spyware programs you need additional defenses such as an Intrusion Detection program (IDS). These programs pick up intruders by their behavior rather than by their characteristic fingerprint. They are not limited to detecting specific malware products but can target a wide range of interlopers. Generally IDS programs all work in a similar manner; they stop any suspicious behavior and then ask the user whether they want to allow it. This, as we shall see, can be a mixed blessing.

For advanced users Prevx Home is a stand out recommendation. Prevx provides a vital "last ditch" defense layer by telling you when a product is trying to change any of the critical settings on your PC such as the registry and auto-start areas. In my tests [1] it beat all other free intrusion detection systems hands down. Unfortunately the free Home version was recently discontinued by the developer in favor of a new product Prevx1 for which there is no free version only a free beta [2] . However Prevx Home is still readily available from other download sites [3] and remains a very viable product.

The only real problem with Prevx Home is that it pops up lots of warning messages many of which are quite cryptic. These messages tend to alarm many less experienced users who feel there is something wrong and simply don't know how to respond. That's why PrevX is only suitable for the very experienced (and very patient).

For less experienced users (but not beginners) I recommend the free version of WinPatrol [4]. It works just like PrevX except it is not nearly as intrusive. Its warning messages are also a little more comprehensible. It is however markedly less comprehensive than PrevX in its monitoring.

Of course being warned is useless unless you know how to respond appropriately to the warning. That's why neither Prevx nor WinPatrol is suited to non-technical users. If you are a beginner you should seriously consider the $24.95 Plus version of WinPatrol which provides lots of guidance to help you make sense of any warning messages. As a bonus it offers better protection then the free version as well.


[1] http://www.techsupportalert.com/intrusion-detection.htm
[2] http://www.prevx.com/prevxhome.asp
Freeware, Win2K and later, 7.5MB
[3] http://www.download.com/Prevx-Home/3000-8022_4-10364927.html
[4] http://www.winpatrol.com/download.html
Freeware, Win 98 and later, 1.1MB

No comments: