PDA

View Full Version : TDS-3 and PG

siliconman01
December 10th, 2003, 08:39 AM
With PG active and fully loaded up with user pgms and with the two PG General Protection Options set active, is TDS-3 with Execution Protection sitting in memory really necessary to fully protect one's system? I've always had TDS-3 start up automatically on boot and remain memory resident.

I recognize this could be a "leading question" for TDS-3; however, it would be nice not to see it sitting in memory if it's no longer necessary. Perhaps it's now only needed for a manual scan of the system every so often?
Peter2150
December 10th, 2003, 10:01 AM
With my understanding of both programs I would answer yes and no.

TDS execution protection, looks at a program the OS wants to fire up, checks it for problems and then if its okay lets if run. PG only protects you assuming that the trojan want to shut something down. If thats not the case, then you need TDS running to make sure nothing bad runs, because PG won't protect you. (thats a yes)

I personally don't run it because, I have Abtrusion Protection running, and it flat won't let anything new run, period. So assuming a program slips in unannounced, I am protected, because it can't run, until I examine it and give it permission. (thats the no)
DolfTraanberg
December 10th, 2003, 03:47 PM
Execution Protection is only working when TDS is running. PG only protects TSD from being closed (or modified in memory)
Dolf
gkweb
December 10th, 2003, 07:03 PM
@Peter
{QUOTE-> PG only protects you assuming that the trojan want to shut something down <-QUOTE}

PG does more than that, it prevents also thread injection and DLL injection, as well as process code modification.
That's how lastest trojan hide into trusted processes.

PG is a jewel ;D
Peter2150
December 10th, 2003, 09:04 PM
{QUOTE-> quoting: gkweb link=board=40;threadid=17653;start=0#msg109167 date=1071101033]
@Peter
{QUOTE-> PG only protects you assuming that the trojan want to shut something down <-QUOTE}

PG does more than that, it prevents also thread injection and DLL injection, as well as process code modification.
That's how lastest trojan hide into trusted processes.

PG is a jewel ;D
<-QUOTE}


gkweb. But of course. Case of the fingers being faster than the brain. I sure agree that PG is a jewel.