About Mikazo Tech Blog

My name is Mike, and this blog is my way of saving people time. If someone has a specific problem that I've encountered before, hopefully these posts will save them the extraneous Googling I had to go through to solve the same problem. Also, when I have something to say about technology today, I will post my thoughts here. If this blog has helped you out, even a little bit, vote on the poll below, or let me know by sending me an email. I'm always open to exchanging links with other blogs or websites that share a similar interest.

Saturday, September 27, 2008

Thoughts on DriveSentry 3.1.2.5

After tiring of authorizing my standard antivirus software to update at least once a day, and after reading The Six Dumbest Ideas in Computer Security, I decided to look into whitelist-based antivirus. There are not many such programs freely available on the internet, but I did find one for Windows called DriveSentry, so I decided to give it a try.

In case you don't know what whitelist-based antivirus is, or are too lazy to click and read the link above, I will explain it briefly. Instead of your antivirus program constantly updating its massive list of bad things that your computer can catch, the program blocks all programs from running except those on the whitelist. DriveSentry has a community-maintained list of programs that are known to be safe and should automatically be granted access to your computer. Every other progam that attempts to run involves a pop-up asking "allow or block".

I've found that the preset list of programs allowed to run was not all that extensive, and programs as common as WinRar triggered a popup claiming "suspicious behaviour", as well as many Windows programs that are essential to the operating system. Perhaps DriveSentry simply needs a larger user base to improve its list of safe applications.

Some might argue that constant pop-ups every time you try to run something are almost as bad, or worse than having to update your regular blacklist antivirus all the time. This is a valid argument, but I prefer to know exactly what is running on my computer and once my common applications are whitelisted, there are very few pop-ups.

Although the concept behind DriveSentry is a good one, it is not without its problems. I am running DriveSentry on an Intel Core 2 Duo 1.6 GHz processor. I opened up the Windows Task Manager Processes tab and sorted the processes by CPU usage. DriveSentry is constantly using anywhere between 15-30% of the CPU. For everyday tasks, this isn't a huge problem, but for playing games or something else processor intensive, it can eat up valuable resources. Also, sometimes when DriveSentry starts when Windows boots up, I will see an error message claiming that DriveSentry failed to start. DriveSentry is not recognized by the Security Centre in Windows XP SP3, so I've had to tell Windows that I am running an antivirus software that I will manage myself.

All in all, I enjoy the concept and interface for DriveSentry, though the issues tend to make me look for an alternative. If I find another whitelist-based antivirus program to try out, I will most likely write about it as well.
del.icio.us DiggIt! Reddit StumbleUpon Google Bookmarks Yahoo MyWeb Technorati Faves Slashdot it

Posted by Mikazo at 7:44 PM
Labels: , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Donate to Mikazo Tech Blog