Last night I reviewed one of my favorite applications…DriveSentry 3.1
DriveSentry is a FREE (yes, free) HIPS based application and uses what they call “TRI-Security Malware Protection” which is basically:
- Whitelisting – A list of 40,000 + known safe applications. Since these applications are already proven safe the user is spared the question…”is this application safe to run”.
- Blacklisting – A signature database of over 2 million malicious applications.
- Behavior Analysis – Allows drive sentry to question and stop processes that appear to modify the operating system in a malicious manner.
So far DriveSentry has blocked every single threat (about 20 now) with complete ease (and I mean ease…just click the deny button). DriveSentry uses about 19 MB of RAM and no noticeable processor time (on my pc).
So are there any downsides? Yes, there are. DriveSentry asks a fair amount of “is this safe to run” type questions. Of course this is no big deal to me, but to a novice this can negate the power of this awesome application with one wrong answer.
Because novices run everything! DriveSentry needs to put a MAJOR focus on identifying legit applications for their whitelisting database if they want to break into the consumer market at a faster and more successful rate.
On a personal note – DriveSentry is currently my second favorite application (right behind DefenseWall). I’ll be using DriveSentry for a few of my clients tomorrow. I’m planning on having the users run their PC like they do on a normal day. I’m sure DriveSentry will ask us if it’s OK to run a few apps here and there. Once we have our modified whitelist set the client should be good to go. If they get further DriveSentry questions they can just call me.