Is there a stand-alone app that strictly focuses on protecting against process termination?

Thanks!

Task Catcher is one.

{QUOTE-> Task Catcher is one. <-QUOTE}

Thanks, that looks good but...

Is there a free alternative to Task Catcher?

I believe something like prosecurity free is able to protect against termination attempts. You can even set it up to just monitor termination and nothing else if you prefer.

{QUOTE-> Task Catcher is one. <-QUOTE}

From the description it seems Task Catcher doesn't protect process from termination but rather it restarts the process once it is stopped. Not quite the same thing. And not as secure.

{QUOTE-> And not as secure. <-QUOTE}
That is debatable.

The fact remains that, with admin rights, ANY process can be terminated if the attacker tries hard enough. Restarting a terminated process is a very viable option.

{QUOTE-> That is debatable. <-QUOTE}

Of course it is. Isn't everything?

{QUOTE->
The fact remains that, with admin rights, ANY process can be terminated if the attacker tries hard enough. Restarting a terminated process is a very viable option. <-QUOTE}

As a backup option, if termination protection fails, maybe. I believe SSM has or used to have a similar option for this - keep process in memory or something.

And the fact remains, you would prefer the process not to be terminated at all, compared to being terminated, and then being restarted with a window of opportunity...

{QUOTE-> As a backup option, if termination protection fails, maybe. I believe SSM has or used to have a similar option for this - keep process in memory or something. <-QUOTE}
It still does. I use this on one of my setups with Winpooch, and they complement each other perfectly (as Winpooch is somewhat weak in the self-defense department).

{QUOTE-> And the fact remains, you would prefer the process not to be terminated at all, compared to being terminated, and then being restarted with a window of opportunity... <-QUOTE}
That depends a lot on what is being terminated, doesn't it?

Not to mention that the first preference, as mentioned before, isn't always possible.

Hi all,

Online Armor (both paid and free) will protect you against this type of attack

http://www.wilderssecurity.com/attachment.php?attachmentid=194360

Take a look here : http://www.wilderssecurity.com/showthread.php?t=188545 for a thread dealing with the same question

MaB

{QUOTE-> It still does. I use this on one of my setups with Winpooch, and they complement each other perfectly (as Winpooch is somewhat weak in the self-defense department). <-QUOTE}

Don't you use Eqsecure?

{QUOTE->
That depends a lot on what is being terminated, doesn't it? <-QUOTE}

Well, since we are talking about being more "secure", I guess we are talking about security related processes?

{QUOTE->
Not to mention that the first preference, as mentioned before, isn't always possible. <-QUOTE}

We only can use what is possible yes. But one wonders if restarting a process that has being terminated might be too late and if so the whole point of restarting the process is moot.

Well the original question talked about a standalone that "strictly focuses" on process termination protection , so I don't know if the things already mentioned (except Taskcatcher which is disqualified as alluded earlier since it doesn't protect proceses from termination), count since they do more than just process termination protection?

{QUOTE-> We only can use what is possible yes. But one wonders if restarting a process that has being terminated might be too late and if so the whole point of restarting the process is moot. <-QUOTE}
To be honest, I cannot at the moment think of an instance where restarting a terminated security process is a moot point. Perhaps you would care to provide examples?

{QUOTE->
And the fact remains, you would prefer the process not to be terminated at all, compared to being terminated, and then being restarted with a window of opportunity... <-QUOTE}

I agree. All it takes is a small window of opportunity, and the time that it takes between termination and the restarting process could be a sufficient amount of time for the malware to gain control.

It's funny that solcroft should mention Winpooch, because that's exactly what I'm trying to protect. ;)

Then you may need a HIPS program.

I believe GeSWall does this.........please correct me if i'm wrong.

But then again it does more then this and the OP is interested in a stand alone app who's sole purpose is to protect from termination.