Here is one link:
http://pxnow.prevx.com/zeroL/Immunity.pdfI don't necessarily buy the "Independent Testing" but non the less, these claims are VERY interesting, so I bought the utility out of desperation to find SOMETHING better than SnoopFree, and that would work on NT6.
Here is a blurb on the claims, by Prevx:
-----------------------------------------------------------------------------------
1.2 What is Prevx 3.0.5?Prevx 3.0.5 has several levels of protection. The first level is similar to a normal An Virus/Anti-Malware product's signature detection. This provides the user with a warning screen and offers to remove the malware and prevent it from executing. Of
course, the downside with traditional anti-virus techniques is that they require constant updating with signatures to protect the user. This is where the other layers of Prevx SafeOnline come in. These additional layers allow PrevX SafeOnline to be effective not just against known variants of malware, but also against future variants for whom signatures have not yet been developed.
The second level is a kernel component and a userspace component that protects FireFox and IE when they are browsing to HTTPS pages (where credentials are often stolen by malware). Keyboard presses are tunneled via the kernel driver into the browser in such a way that makes it hard to intercept by malware, and the screen is protected by a kernel driver component that also provides integrity protection for the userspace layers of the Prevx SafeOnline module.
PrevX's
"extrusion prevention" also hooks several APIs in order to prevent any stolen credentials from being sent back to a botnet's command and control machines.
This layered model is particularly effective against trojans not specifically coded to
attack PrevX itself. Security by its nature is an arms race, and while there are no
silver bullets, Immunity judged Prevx 3.0.5 with Prevx SafeOnline to work as
designed against the live trojans tested.
----------------------------------------------------------------------------------------
Of course our argument would be,"does this 'bubble' extend around the browser after login?" And of course I don't know that for sure, with this description. But I am impressed at how it works so far. It is fast and light and blocks almost everything before Avast can get hold of it.
I like the fact that it makes a good companion, like MBAM does, and has a few tricks up its sleeve if it works as claimed. I haven't seen it go after a keylogger like I've seen Snoopfree, so I'll have to wait or find a legit site to provide safe samples; or perhaps use pen testing tools.
