Last night I reviewed one of my favorite applications…DriveSentry 3.1
DriveSentry is a FREE (yes, free) HIPS based application and uses what they call “TRI-Security Malware Protection” which is basically:
- Whitelisting -- A list of 40,000 + known safe applications. Since these applications are already proven safe the user is spared the question…”is this application safe to run”.
- Blacklisting -- A signature database of over 2 million malicious applications.
- Behavior Analysis -- Allows drive sentry to question and stop processes that appear to modify the operating system in a malicious manner.
So far DriveSentry has blocked every single threat (about 20 now) with complete ease (and I mean 
ease…just click the deny button). DriveSentry uses about 19 MB of RAM and no noticeable processor time (on my pc).
So are there any downsides? Yes, there are. DriveSentry asks a fair amount of “is this safe to run” type questions. Of course this is no big deal to me, but to a novice this can negate the power of this awesome application with one wrong answer.
Why?
Because novices run everything! DriveSentry needs to put a MAJOR focus on identifying legit applications for their whitelisting database if they want to break into the consumer market at a faster and more successful rate.
On a personal note -- DriveSentry is currently my second favorite application (right behind DefenseWall). I’ll be using DriveSentry for a few of my clients tomorrow. I’m planning on having the users run their PC like they do on a normal day. I’m sure DriveSentry will ask us if it’s OK to run a few apps here and there. Once we have our modified whitelist set the client should be good to go. If they get further DriveSentry questions they can just call me.
Part 1
Part 2
Part 3
Personal Test
{ 44 comments… read them below or add one }
FREE?! I thought it costs money! Wow.
19meg of ram? Every time I try it (different pcs), it is about 90 meg. If I could get it under twenty I would probably keep using it.
i was wondering if you could test out the on demand scanner on this to see how well it works at removal. also do you know of any hips system that works on x64? i really want to use this but its 32bit only.
Can this program be used in combination with Avast Antivirus?
Is there protection for Outlook?
Is this safe to use along side NIS 2009?
rigt now DS use 13 mb (VM is 54 mb)on my pc (xp pro 1 gb ram)
looks like the the update server is down since friday at 4:15 PM. maybe they shut it down on weekends :/
Just thought I’d pass along the fact that when I tried to install DriveSentry it detected my AVG Antivirus and “suggested” that I uninstall AVG before continuing with the installation.
I’m also wondering if it can be run along with NIS 2009
im using it along side with avira and it works fine:)
Great videos Matt.
Just one request: Could you provide downloadable screenshots (or perhaps a PDF compilation of screenshots) for the key steps shown during the Install/Configure portions of the products you review?
I tried out Drive Sentry a while back and loved it, but I have one question: where does the main company for Drive Sentry get the funding necessary for product research and development? I don’t see a “premium” pay-ware version on the website unlike every other anti-virus freeware program (Avast, AVG, Avira, etc.) currently available.
you should try threatfire! from pctools!!!!!
I want to see the results
I would love
after 30 days have to download updates manually, or something like that. if you pay the trickle updates continue. there is a large icon in the app called upgrade
thats lame if we have to download manully
but
its kindy annoyong, and you said you used it at work??
so much for the non-commercial part
are you reviewing threatfire?
thanks
Thanks for the info on the manual update/Upgrade info bob; I honestly didn’t remember it from testing DriveSentry back in early 2007.
Just a heads up – I tried to use this alongside my existing antivirus and it completely locked up the machine making it almost unusable.
I had to boot into safe mode, remove drivesentry, reboot into normal mode,remove my existing antivirus then reinstall drivesentry. Now all is fine.
this does work with my old antivirus, its just that drive sentry cries about avast and avira..
it spams me with popups
pcmag gives drivesentry a really bad rating
i know its for v2.1, but it really really sucked at one point
well pc mag suck at reviewing they actuAally gave avira and bitdefender the same rating as drivesentry…….plus watching reviews on videos is much better
Realy, i haven’t seen one popup by drivesentry about avira so far..
i used avg pro 8 with DS without any problems for a couple of hours. then i realized i dont need any AV after i tested DS by visiting a lot of crack sites, DS moved files from temporary internet files to quaratine.
- it took forever to update to 100%
Just an update…
Apparently my aborting the DS installation (wanted to think about their suggestion to uninstall AVG antivirus) did no good. The next time I booted up the computer DS started running even though I’m sure I clicked on “Cancel the installation” instead of “Finish….”.
The good news is that AVG, DS, and Comodo firewall all seem to be getting along.
DriveSentry is a very good application but you only get the ‘tricklefeed’ updates for 30 days before you have to start paying. After that it bugs you everytime a new update is released.
http://www.drivesentry.com/AntiVirus-new-features-free-Firewall-products-for-computers.html
I just looked on the website and the price is
£10 = United Kingdom (inc VAT)
€10 = EU
$10 = USA & Rest of the World*
*If you are outside of the USA, the cost will be the closest to $10 in local currency, depending on your credit card’s current exchange rate.
Bit unfair really because I live in the UK and it means I have to pay nearly double what you have to accross the pond… I think I’ll be sticking with DefenseWall instead
how far are you on reviewing threatfire 4?
please upload/review it soon
thanks
Does DriveSentry works next to PC Tools firewall+? If I read it PDF file on the website the program is a firewall with extra features.
@Ping – Yep, it’s free as long as you perform manual syncs.
@Mike – I think it peeked around 39 MB, but that’s about it.
@Trey – I am currently testing DriveSentry’s detection and removal abilities. I hope to have a video up this week.
@Burt – I’m not sure, however I don’t see why it wouldn’t. I’ve pretty much stopped using traditional signature based AV…there is just too much malware these days for signature based AV’s to handle
@Dieselman – see my answer to Burt
@927 – yeah, I’ve has a few issues with their update server(s). The behavior analysis engine is more than enough, so I don’t really care about the updates (that much).
@burning_chrome – both applications have “pay options”. If I get some extra time I’ll throw up some screen shots for you guys.
@Matt – Since DriveSentry is probably better than your signature based AV you’ve made a good choice.
@F – You should get a few initial popups, however once your whitelist rules are created for those apps you shouldn’t be asked going forward
@927 – I agree. DS is flat-out amazing at blocking anything malicious so I just ditched my AV.
@Jimmy James – I’m gonna subscribe to trickfeeds…it’s well worth the cost. If you already have DefenseWall then just stick with that. Nothing is better than sandboxing.
@F – I’m done with ThreatFire, I just need to make the video.
@William – It should, judging from what others are saying.
Any plans to test and review Sandboxie sometime in the future as part of your malware prevention videos?
is threatfire 4.0 good?
the sandboxing idea is good, but sandboxie is bad. i think the best is still vm’s but sandobixie is terrible
i dont think drive sentry is behavoir based, its lets spam the user and let them decide.
Threatifire is real beahovior detection.
Drive sentry should go get real behavior analsis, and be used with other signature based av
i believe norton uses this apporch, but for some reason, it is a hog, and will make a computer like 1/32 spead.
Your wrong burning. NAV/NIS 2009 is extremely light. And Sandboxie isnt bad. Sandboxie is one of the best security products you can get.
That wasn’t me Dieselman, the comment on NAV/NIS 2009 and Sandboxie was from “f”, not me.
Just the opposite, I use both NIS 2009 and Sandboxie and find them both extremely light and effective. Norton really reversed its bloatware trend with the 2009 line and Sandboxie just plain rocks IMO.
@Burning_Chrome (on Sandboxie) – I’ve downloaded it and played around a bit, but it seems pretty confusing and clunky. I really just need to read their help file before I give a final opinion of it.
I’m a huge fan of sandboxing and I run defenseWall on both our home computers…it’s quiet and effective.
@malwarekilla
so you don’t run spyware docter with antivirus anymore?
you only use defense wall?
you should still run traditional av
but
its your computers
and your the pro
Can you make a review of COMODO IS? I know you already have one, but on the prevention side. I use it and it works great so far but I still want to see it in action like DS!!
Thanks
matt will u do a review on ad-aware pro anytime soon……..thanks u da best
whats going on with this app…?
0% cpu and 8 mb, next minute its 95% cpu and 60 mb ram, its not updating! this happens even if trickle is unchecked
Wow, this looks great. Does it prevent hackers and network intrusion>? Maybe I should use google before asking
Matt come on now. Sandboxie confusing. Just install it and use it. I only use it on demand but the services are running. Right click on Firefox and select “Run Sandboxed”. When your done just empty the Sandbox via CCleaner custom cleaning. There is no special configuration needed for Sandboxie.
To Dave:
You will probably still need to have a firewall installed in order to prevent hackers.
Any plans to undertake a sandbox prevention shootout between Sandboxie, GeSWall, SafeSpace, and BufferZone?
We already have your verdict on DefenseWall of course and I’m leaving out Greenborder since Google bought it out and now uses it as part of their Chrome browser.
I tried installing DS on my Vista SP1 computer and I got this:
—————————
DriveSentry
—————————
DriveSentry requires the Filter Manager please install the latest Service Pack for this Operating System.
—————————
OK
—————————
Any ideas? It didn’t install it as far as I can tell. It next went to the install dialog box after that and said it was finished, but I can’t find a directory for it, nor is it listed in “Uninstall or change a program” in Control Panel.
Thanks for any help.
Brad
Hey Matt..you said you only use this software on your work pc and my question is: What about protecting your network and ports? What about network attacks? This program doesn’t have a firewall or a network attack blocker. Is that not needed? Thanks
Can you test drivesentry by clicking “Allow” for the fake urls? I would like to see whether drivesentry automatically quarantines a threat when its behavior becomes nasty.
Thanks,
Balaji.
i’m hearing talk of dropping avs.pls do not
do that,ds blocking capability is not in question,but i do question its removal abilities.at least keep an av for on demand
scanning.
antivir free
drivesentry(tell ds antivir is a safe prog.)
windows firewall
advanced system care free
glarys(for 2 apps missing on asc free)
ccleaner
and i use free online scans to pinpoint possible infections when paranoia sweeps over me.results no infections