I see myself as a real security geek, always trying to run my box as safe as possibel.

I trialed the freeware version of PG 1 process) and i liked it. But :

Why should i buy the full version ? What more does it offers than Abtrusion protector ?

I run Abtrusion protector on a 100 % clean system, and (almost) never install downloaded software.

How can a trojan or virii disable and unload and lets say .DLL inject processes of safety programs (firewall, AT & AV) without excecuting local on my box ?

Nothing that excecutes runs when Abtrusion P is installed and configured properly.

So what more protection gives Process guard ?

Abtrusion protector protects is own processes also (kernel driven util, just like PG)

convince me that i'm still in danger (technical is ok), and i swear & promise I buy PG Full immediatly !

Rudy

I forgot to add :

Abtrusion protector even protect against the new Hacker defender rootkit > you can't even install it :) I tried.

I also tried to run Beast, optix, Subseven, Bionet, Donald Dick and much more.

None of these "so called" dangerous trojans could run, no server, no client, nothing.

So what does Process guard offers more ?

Regards,

Rudy

I run Abtrusion Protector also and it is one of the keys in my security protection. It will stop all complied code for sure, but it may not stop scripts. So just to be safe(layered security concept) I also run PG. Besides if it cost $150 or something I'd maybe agree, but at $19 to me its a no brainer.

Pete

To protect against scripts i use :

-Disabled scripting in internet explorer
-Script defender (from Active X)
-Avg freeware
-Pest Patrol
-ZA Pro 4 with webfiltering

I guess, i don't need to be afraid from it ;)

Ruyd

of course you are still in danger :)

not everyone like the following logic, but it is true however.

what if you download willingly something you want, something you thinks it's ok, but in fact is a spyware or a trojan ?
When you will launch it, in order to let it run, you will allow it to run in AP, obviously.
And if then the launched executable starts to inject itself into your trusted processes and why not kill your firewall, install a keylogger and send private information to a remote database ?

you may think it's a rare case, i will just say to you that one time i have downloaded a screensaver from an official site and the setup was full of spyware, it could have been trojans.

Any sandboxe software can be bypassed not directly, but because of your mistakes.
If you think you are a god and will never do any mistakes, so may be PG isn't for you :)

{QUOTE-> Nothing that excecutes runs when Abtrusion P is installed and configured properly. <-QUOTE}

Nothing you don't want, may be...
imagine the following case :

your browser, of course allowed, execute a script and kill your
security softwares, is AP can prevent this ? No.
Is PG can prevent this ? Yes.

I could give you many other cases, but some will say it is very rare cases, so, it's up to you to think what make you feel better ;)

Offcourse GKweb, when you manualy excecute downloaded software, and you give launch permission in Abtrusion protector and your very unlucky the package is infected > your doomed.

But NO software can prevent from mistakes made by the user. The computer is only as safe as the person using it. No mather how many safety utils your run, if you persist in the evil, you can mess every pc up.

If i download software (wich is VERY rare) i always check it with AVG, Pest Patrol, RAV online, and if it is not to big with Kaspersky online to.

If none of these detect anything, changes are very small it contains dangerous code. But offcourse the change still excist if it is brand new malware.

Please GKweb tell me about the many other possibilities (rare cases) you know to bypass Abtrusion protecter. You got me interested. If it is not to much trouble for you...

Rudy

{QUOTE->
But NO software can prevent from mistakes made by the user
<-QUOTE}

i disagree, PG is one, a firewall or an antivirus are another.



{QUOTE-> No mather how many safety utils your run, if you persist in the evil, you can mess every pc up. <-QUOTE}

Of course, but there is a gap between doing *one* mistake and to be totally dumb :)

{QUOTE->
If i download software (wich is VERY rare) i always check it with AVG, Pest Patrol, RAV online, and if it is not to big with Kaspersky online to.

If none of these detect anything, changes are very small it contains dangerous code
<-QUOTE}

not necessarely.
It is more correct that there is a small chance that it was a In The Wild threat, but a custom will pass trought without pb
(i can code you a program which won"t be detected by any AV/AT)

{QUOTE->
Please GKweb tell me about the many other possibilities (rare cases) you know to bypass Abtrusion protecter. You got me interested. If it is not to much trouble for you...
<-QUOTE}

My imagination can create a lot of scenario that you won't necessarely like :)

Just another one for you : what if your lovely AP bugs ?
no software is 100% bug free, and to put all his eggs in the same basket isn't a good tactic ;)

You say (state) a Firewall, AV, PG can protect from mistakes by the user ?

I agree. But you can say the same from Abtrusion protector also. It doesn't even let you install stuff. So i guess it offers protection against "mistakes" just like PG or FW & AV does. So i still see no reason why Pg could even protect me further (increase my security).

You say, downloads could even be infected although there scanned with 3 different AV's ?

I agree. It seems you have something like modified trojans (special custom builds) in mind.

But these modified (and expensive) trojans are not found on the net (you have to search damn hard to find it). Only the freeware ones are common, but these are ALL detected by up-to date AT & AV.

You talk about bugs ?

Abtrusion protector is on the marktet a long time...tested by many. Not many bugs are found in that period > and these are all fixed.

PG is relative new, bugs can still be found. (I hope for Diamonds not). I know there working hard to make it "bullet proof".

Putting all my egs in 1 basket ?

Dunno about that ? I have an AV & AT & Firewall with build in process protection &
script defender & registery prot (freeware from Diamonds). And Abtrusion protector.

Please tell me your ways to automaticly shutdown my programs (without human interaction) and bypass Abtrusion protector.

Rudy

Hi Rudy, Can you download Advanced process termination from DCS here:
http://www.diamondcs.com.au/index.php?page=products
Then run all seven kill processes against AP's .exe's and post if any of them kill AP.
If it is killed there is part of your answer.

PG is a able to prevent all these kill processes & V1.200 will also stop SetWindowsHookEx. :)

that you agree or not, PG add a layer of security.
After you may like it or not, you may think that your default security is sufficient, but personally i like to add as many different layer as possible.

I have too SSM, i have AV, AT, firewall, and i use in addition PG.

You *want* to say you are secure, i have show you ways to bypass all your protection.
You have said to sume up it is rare, i agree, but possible, and PG add a layer of defense, that you think you need it or not.
I don't know anyone who like to heard it is still vulnerable, that's why i have warned you that you would not like ;)

You are may be protected from ITW threats, but are you fully protected ? All depends of you security degree will.

You have asked for inputs, you have mines.

Now it's up to you.

{QUOTE-> quoting: Pilli link=board=40;threadid=19765;start=0#msg120941 date=1074384107]
Hi Rudy, Can you download Advanced process termination from DCS here:
http://www.diamondcs.com.au/index.php?page=products
Then run all seven kill processes against AP's .exe's and post if any of them kill AP.
If it is killed there is part of your answer.

PG is a able to prevent all these kill processes & V1.200 will also stop SetWindowsHookEx. :)

<-QUOTE}

Sorry to butt in here, but in order for Rudy to run the 7 kill processes, he has to add/ or allow apt.exe to his trusted ap list.

I don't think this is a fair test?

If you said dl apt and run apt.exe, and AP can't stop it from running then run the 7 kill processes then I would say this would be a fair test. This is the same reason I feel that leak tests, though helpful in determining a vulnerability, are unrealistic tests.

obviously if AP works anything like SSM, apt.exe will not run unless it is allowed to. Therefore it has already defeated apt.exe and the 7 process killers.

this is the same theory/rationale Rudy used initially and I also use if the .exe will not run because either AP or SSM kills the process then the process has failed.

I feel this guy is really giving PG a backhand and saying in a sense why pay for PG when nothing will run unless Rudy via AP lets it. All of the hypothetical examples fail, unless you can find a real actual process which can actually bring down or bypass AP.

Nothing you say will convince him...

I would say to Rudy, use AP and protect it from being shut down by using the free version of PG. Cost = 0
snipped against TOS part

Here was the deal for me:

SSM is free, but there's a definite learning curve involved with it.

I plunked down my 19 bucks for ProcessGuard, added the exe for every single defensive tool I have on the computer (all their exes, including their update exes - I even dis-abled the "shut-down protection" that came with my back-up AT and one I'm trialing right now), plus the exes for my other two browsers (FireBird and Opera) - and, bingo, I was off to doing other things again.

I wasn't worried about what I d/l'ed nor where I went - and I'm still not.

ProcessGuard is great as is - and fixing to get even better shortly.

And simple.

(Read that again)

And simple.

If I were DCS, I'd raise the price. Pete

Peakaboo is correct (according to the suggestion from Pilli to test run ATP):

When i should run ATP to test my security against different shutdown ways, i first have to add (manualy) ATP in the safe list from Abtrusion protector. Otherwise it won't even run. I tried !

Asking to bypass Atrusion protector manualy is not fair. This is like shutting down your AV to see if it still cathes virusses. Makes no sence doesn't it ?

After all these post there is still no answer to the following question :

How is Abtrusion Prot & my other safety programs vurnable against being shutdown by a automated malware?

(trojans like Beast, Hacker defender etc...)

Ruyd

Hi agiain Rudy, The APT demonstration is just that & yes it does require you to allow it :) The validity is when you consider it as malware that has already bypassed your security apps as is the case of some new malwares which are getting that capability
The reason PG was developed was for new threats that do not work at the Admin / User mode level - New Trojans are being developed that bypass the Admin - User parts of the OS - Kernel level, as Gavin (DCS) wrote in another reply to someone that said Admin controls your PC Gavin replied. "No it does not - the kernel does" :)
Most ppl that run PG do it because it has as a very special way of protecting the kernel from interference. i.e. it's kernel mode driver - You can safely protect your Admin - User controls by using PG to protect those processes.

If every developer developed a kernel mode driver such as PG to protect their security apps your computer would be completely bogged down and probably suffer many conflicts.
PG gives a logical and strong answer to many new threats that current security apps cannot deal with.

As others have stated above it is another low resource layer that helps prevent you from making mistakes.

Thanks for the discussion I am sure our explanations are not as lucid as DCS's and they I am sure they will correct or add to it :)

Process Guard and Abtrusion Protection are two completely unique but both very powerful layers of security, and with very little overlap too so there's really no reason why you can't use both, but really you can't compare the two programs - they're two completely different layers of security, Process Guard actually being at a lower level (Process Guard still protects against things that you allow to run in Abtrusion Protection so even if you've given a program the green light in Abtrusion Protection, Process Guard will still prevent it from modifying, terminating or suspending other processes) so they seem to compliment each other very nicely and combine to become quite a formidable dual-layer of security.

Prosess guard is a kernel driven-based util, but so is Abtrusion protector.

If you control the kernel, you control the Pc > I fully agree.

Copy & paste from AB site :
-----------------------------------------------------------
Abtrusion Protector™ is an integrity-based launch protection software that injects itself between the Windows kernel and the user-mode application space. Whenever an executable file is loaded by Windows, a call into kernel mode is made. Abtrusion Protector™ intercepts that call and verifies that the file is allowed to execute before allowing the call to proceed into the Windows kernel.

Abtrusion Protector™ includes a kernel mode component that performs the actual verification of file thumbprints. It also contains a service component that maintains the database of thumbprints. In addition, it includes a user interface component.

Files are identified by the strong cryptographic hash function SHA-1. File hashes of executable files are computed using the method used by Windows to sign files, except that Windows normally uses the slightly weaker hash function, MD5. This is utilized by Abtrusion Protector™ to interoperate with regular certificate-based code signatures.

Abtrusion Protector™ protects its own files and registry settings so that no other applications are allowed to modify them. In addition, Windows access control lists are also used to determine which users are allowed to modify settings or install new software to the computer.
----------------------------------------------------------------

Wouldn't PG & Abtrusion P. load up the kernel TO much ? (if used together).

ZA Pro also uses something already to disable remote shutdown.

I agree that using both is another extra layer in defence. BUT isn't this overkill and bogs the whole system down ? Can cause conflicts.

The main question remains i think > Would it be worth it, honest, Will i be much safer when using Pg ?

Rudy

No I don't think it would be overkill at all, there don't appear to be any conflicts and that's probably because there's virtually zero overlap in regards to what each program is trying to do - they both have different goals. AP and PG both offer free versions so I'd encourage you to try both side-by-side, I'd be very surprised if you encountered any conflicts. In regards to "bogging down the kernel", that's not an issue as PG's code is highly optimised and from the user viewpoint they'll notice no extra slowness.

{QUOTE->
If you said dl apt and run apt.exe, and AP can't stop it from running then run the 7 kill processes then I would say this would be a fair test. This is the same reason I feel that leak tests, though helpful in determining a vulnerability, are unrealistic tests.

obviously if AP works anything like SSM, apt.exe will not run unless it is allowed to. Therefore it has already defeated apt.exe and the 7 process killers.

this is the same theory/rationale Rudy used initially and I also use if the .exe will not run because either AP or SSM kills the process then the process has failed.

<-QUOTE}

I have _never_ understood why it is so hard to understand that all this tests, trojans/malwares/leaktests, are to show what would happen in a case you first layer of security _has been_ bypassed.
It doesn't matter *how* it has been, there are many way like the most simple which is one of your mistake, but whatever, your protection has been bypassed.
As i already said in another thread, security "holes" are mainly human defficienties/mistakes, not really softwares ones.

=> if you will never do any mistakes, you don't even need AP, you are a god, and pls give me advices so :)

Pilli
{QUOTE->
Hi agiain Rudy, The APT demonstration is just that & yes it does require you to allow it The validity is when you consider it as malware that has already bypassed your security apps as is the case of some new malwares which are getting that capability
<-QUOTE}

I'm happy that you get the point, i feel better now to not speak in the wind ;)


Rudy, there is 2 point of view in my opinion, may be three.
First, against In The Wild threats, you are protected untill you do a mistake. If you only care of this, so, you might want to only focus on not doing mistakes without adding a software which can help you.
Second, if you are concerned about protecting from someone wanting to hack _you_ in particular (for whatever reason) then you need PG.
If someone want to crack your computer, it will use private trojans (not private build of existing ones but a totally new private trojans) undetected by any AV/AT nor by you.
Once it is allowed to run (because you have allowed it or because it execute within a trusted process memory area) it can do virtually what it wants, why not install a root kit ?
You seems to have absolutly no idea of what an expert cracker can do.

Third point, whatever is your needs/point of view, in any case your ptotection can leaks (whatever the probability) and PG can save you.

After you can say that you don't want it, but don't say it's useless ;)

First AP and PG run fine together. I have them both running. Only conflict at all is I have to shut all of them down to disable goback which I have to do to run an offline defrag of the system files. Minor inconvenience. Also AP will catch any DLL's installed by an EXE that you have allowed, UNLESS you give that exe permission to install software. Then you are had if its a bad exe. This is where PG saves the bacon. Bascially my philosophy is to protect myself against myself. Like GKWEB said all it takes is one accident and bingo.

In summary spend $19, bet PG, FOLLOW THE INSTRUCTIONS, and you will love it.

Pete

good sume up Peter ;)


Moreover, i know a _very highly_ theoritical exploit not known as far as i know which could allow someone to execute abitraty code without beeing caught by any sandbox software or by any hook.
But i say it again, it is very and highly theoritical.

Just to point out that we never know all that is possible to breach a computer security. The more layers you have, the more you are safe.

No one has mentioned vulnerabilities in software that people use to run code on your system. Overflows,underflows, exploits, all can be used to get some foreign code downloaded and run on your machine, in most cases without the user even knowing. Visit a certain site in IE and you may be infected, read a certain email in a specific version of Outlook and you may be infected. Until you KNOW about specific exploits you could be one of the first people to experience something. It happens a lot.

Getting that out the way, Process Guard doesn't worry about how code began executing on your system, it does what it says, it protects what you specify. There is no "user intervention" required for Process Guard to work. Once you set it up that is all there is to it, so it removes a lot of the human error from it.

Personally I don't see why you would need a program which asks you "do you want this program to run", because in 99.999% of cases it is you which has "double clicked" on the file you want to run. This means the user would then also click the "Allow in AP". In the rare cases there is some unknown exploit and it launches a new process to get its code to run, and the user recognizes this fact that it MAY be malware, then it may provide some benefit in this rare case.

You can't really compare Abtrusion Protector to something like Process Guard because AP is simple in comparison. 90% of what AP does can already be done by someone without the software, whereas with Process Guard I would say less than 1% could be done by someone without the software, regardless of their technical ability. In the end you are comparing a program which effectively just asks you if you want a certain program to run, to a program which is like a swiss army knife in regards to protection.

AP does have some features which PG doesn't have so I am in no way saying you shouldn't use AP over PG in certain circumstances. I just know what I would be using if I had to make a choice between the two, even if that is slightly biased. :)

-Jason-

{QUOTE-> quoting: Jason / DiamondCS link=board=40;threadid=19765;start=15#msg121160 date=1074442917]
Personally I don't see why you would need a program which asks you "do you want this program to run", because in 99.999% of cases it is you which has "double clicked" on the file you want to run. This means the user would then also click the "Allow in AP". In the rare cases there is some unknown exploit and it launches a new process to get its code to run, and the user recognizes this fact that it MAY be malware, then it may provide some benefit in this rare case.

You can't really compare Abtrusion Protector to something like Process Guard because AP is simple in comparison. 90% of what AP does can already be done by someone without the software, whereas with Process Guard I would say less than 1% could be done by someone without the software, regardless of their technical ability. In the end you are comparing a program which effectively just asks you if you want a certain program to run, to a program which is like a swiss army knife in regards to protection.
<-QUOTE}

Jason, not sure I agree with you here. AP never really asks you if you want something to run. Once a program is in its database you never hear from AP again unless, a file related to that program changes. AP doesn't ask for permission, it blocks the file and notifies you of the fact.

Why I consider it a vital layer is this. I've seen a website try to download and execute something on my system. If its purpose wasn't to attack a running process or inject into a dll then unless I am mistaken PG won't stop it. AP caught an instance of this and stopped it dead in its tracks.

Why I like the layers is in most instances AP will stop a program from running and trying to mess with any process, but like I said, IF I download something, I think is okay, and tell AP to let it install, then I have effectively bypassed AP's protection, and then I have PG,TDS, Wormguard, etc to keep it from doing harm.

Its all about layers. Gotta have layers. :D

{QUOTE->
IF I download something, I think is okay, and tell AP to let it install, then I have effectively bypassed AP's protection, and then I have PG,TDS, Wormguard, etc to keep it from doing harm.

Its all about layers. Gotta have layers.
<-QUOTE}

I think that's the point Jason have tried to explain ;)

I agree about a website trying to do malicious action against your comp, it has happend to me, but if the website uses only IE against your other softwares, i feel better to know that my browser doesn't have the capabilitie to terminate nor inject into any processes :)

Layer + layer + layer + (...) + layer = layerS = Security
:D

{QUOTE-> quoting: gkweb link=board=40;threadid=19765;start=15#msg121097 date=1074430850]
{QUOTE->
If you said dl apt and run apt.exe, and AP can't stop it from running then run the 7 kill processes then I would say this would be a fair test. This is the same reason I feel that leak tests, though helpful in determining a vulnerability, are unrealistic tests.

obviously if AP works anything like SSM, apt.exe will not run unless it is allowed to. Therefore it has already defeated apt.exe and the 7 process killers.

this is the same theory/rationale Rudy used initially and I also use if the .exe will not run because either AP or SSM kills the process then the process has failed.

<-QUOTE}

I have _never_ understood why it is so hard to understand that all this tests, trojans/malwares/leaktests, are to show what would happen in a case you first layer of security _has been_ bypassed.
It doesn't matter *how* it has been, there are many way like the most simple which is one of your mistake, but whatever, your protection has been bypassed.
As i already said in another thread, security "holes" are mainly human defficienties/mistakes, not really softwares ones.

=> if you will never do any mistakes, you don't even need AP, you are a god, and pls give me advices so :)

<-QUOTE}

we really do get it - the scenario:

some how the poor stupid user has ok'd a program which is now running wild on his pc behind his back or in his/her face - Rudy (& I) get that and are saying it ain't happening.

Not because we are gods, and never make mistakes but because we understand potential threats and do the upfront work necessary before allowing a program access.

After the scanning, we have boards like this to ask if anyone has tried such and such program, we have script defender/or sentry, we have AV's which we keep current, we have firewalls which utilize some form of outbound protection, we have AB or SSM and Reg protect, dso & hta stop - so we have the layers and we really do get it...

surprised that you refuse to see it from the user/consumer perspective.

the issue is cost/benefit not simply the nominal $19 dollars.

a side issue is how much is enough - depends right

all it would take to convince Rudy is a simple demonstration which proves that he is not completely protected. If you can't provide then you need to say so. So far all the arguments come up short apt.exe is not trusted therefore user control says do not allow - it can't run - period end of story.

a silent bypass of AP and or SSM demonstration would do the trick - your choice of attack, but stop talking theory.

{QUOTE-> quoting: peakaboo link=board=40;threadid=19765;start=15#msg121231 date=1074455199]
all it would take to convince Rudy is a simple demonstration which proves that he is not completely protected. If you can't provide then you need to say so. So far all the arguments come up short apt.exe is not trusted therefore user control says do not allow - it can't run - period end of story.
<-QUOTE}

I do not think it is so much that people are "ignoring" the question posed by Rudy. I think the issue is that these 2 products are rather different in nature. While it may appear they have similarities, as an application that provides some sort of "sandbox" protection from unknown threats, PG is actually the only one protecting the processes from malware. SSM will ask permission if a malware is run, and the net result will be that the malware will be allowed/not allowed to run. It actually does no protecting. The security aspect is more or less the result of a user decision. With PG you do not have to worry about this; as your protected applications will be protected regardless of what harm the malware may want to inflict on these processes. This protection that PG offers can not be undone by other processes as well, from my understanding.

Basically it is what Jason said ;)
{QUOTE-> Process Guard doesn't worry about how code began executing on your system, it does what it says, it protects what you specify. <-QUOTE}

{QUOTE-> <-QUOTE}

all it would take to convince Rudy is a simple demonstration which proves that he is not completely protected. If you can't provide then you need to say so. So far all the arguments come up short apt.exe is not trusted therefore user control says do not allow - it can't run - period end of story.

a silent bypass of AP and or SSM demonstration would do the trick - your choice of attack, but stop talking theory.

{QUOTE-> <-QUOTE}

You guys just don't want to get it. Whats this silent bypass stuff. Also there is no theory here. Can something silently get by AP and attack. NO!. BUT... you go to a website to get a neat program that you think is safe. You download the install.exe and have tell AP to allow it to install software. (this is what you do to install new software). Once you have done this AP assumes everything installed is okay, and if by chance it has a nasty in it(this has happened), then AP WILL NOT catch it, because you installed it. THIS IS NOT THEORY.

In the final analysis, if Rudy can't see this, then he should pass on PG. Hopefully he won't be convinced the hard way.

@peekaboo

you are exactly the kind of guy..snipped. please don't play personal hard ball - let's stick to factual opinions - paul

The fact is that AP can't save you from 1) mistakes, 2) exploits of trsuted apps 3) theoritical exploits
You are saying in addition that you has never done, and will never do any mistakes... i have nothing to advise to someone like you.
(there is nothing theoritical, all was explain by me, Petter, ans Jason, just read again).

snipped for one and the same reason as mentioned above - paul

To Peter 2150 :

I can see (and understand) fully that AB does NOT protect you after you have giving launch (install) permission to a possibel malware.

The thing is, I seldom (rare) install new downloaded software. not to say never.

If i decide to do anyway, I run it against AVG, RAV online, Pest-patrol, FIRST prior to installing.

The final answerto all this is ; AB CAN'T be terminated / bypassed by auto excecuting malware. It isn't even vurnable when excecuting the malware local on your desktop, as it can't run anyway. No mather what you try, if it is not in AB "safe list", it won't run. Period !

It is clear to me that ALL those "so called" bypasses you guys know about don't excist. Otherwise you should have demonstrated / told about one. Not just theory. I already said before, i understand technical explenations very well. go ahead.

I'm never said i'm a God that doesn't make mistakes. I make them everyday.

But i do take ALL possibel precautions to protect my pc. Like described above.

I run resident > AVG, PP, AB, ZA PRO, Script defender, Reg.prot.

Rudy.

will if you run a hard ware and software fire wall plus a good av and at and you say you never dowenload anything then i wouldnt buy it in less your like me

see i do the following

i do everything amaginable to this pc

i dowenload stuffs all the time

i go to pornsites

i dowenload music sometimes

i use dangeriouse applications

i have very good friends that i like to test out my pc

my curiosity threw the darkside of net to see what new nastys are out there or products often kills my pc

i have juno hackers look at me as eat at joes neon sighn on my head

i do everything on this pc

if you just surf for 10 minutes a day and check e-mail then you most likely dont need this

if you spend alot of time surfing and dowenloading and so forth then you need this

but if your into security you probably do alot on that pc like testing stuff and saying what can break

{QUOTE-> quoting: Peter2150 link=board=40;threadid=19765;start=15#msg121310 date=1074460674]
{QUOTE-> <-QUOTE}

all it would take to convince Rudy is a simple demonstration which proves that he is not completely protected. If you can't provide then you need to say so. So far all the arguments come up short apt.exe is not trusted therefore user control says do not allow - it can't run - period end of story.

a silent bypass of AP and or SSM demonstration would do the trick - your choice of attack, but stop talking theory.

{QUOTE-> <-QUOTE}

You guys just don't want to get it. Whats this silent bypass stuff. Also there is no theory here. Can something silently get by AP and attack. NO!. BUT... you go to a website to get a neat program that you think is safe. You download the install.exe and have tell AP to allow it to install software. (this is what you do to install new software). Once you have done this AP assumes everything installed is okay, and if by chance it has a nasty in it(this has happened), then AP WILL NOT catch it, because you installed it. THIS IS NOT THEORY.

In the final analysis, if Rudy can't see this, then he should pass on PG. Hopefully he won't be convinced the hard way.
<-QUOTE}

no one is saying you guys are wrong about mistakingly adding a trusted Ap which could act out

I personally think PG is a great addition to the layared defense. Cost/benefit if it fits buy it. Look at the habits of Rudy... does not install alot of software etc... essentially he is saying he does not need it based on his habits - that's it.

the above is not the issue.

I think with a little effort a demonstration could be put together to show what Rudy is saying is impossible. I do not have the skill to do it but... you or someone like you might

before you scoff at the concept of silent bypass, vulnerabilities exist in many software - we are human we make mistakes therefore the products we make are also not perfect and can be exploited if given enough time and incentive.

[hr]

we really do get it:

... Not because we are gods, and never make mistakes but because we understand potential threats and do the upfront work necessary before allowing a program access.

After the scanning... etc

but again all this is relative based on the surfing habits of the individual...

if we don't agree... it ain't the end of the world - lighten up. :)

{QUOTE->
we really do get it:

... Not because we are gods, and never make mistakes but because we understand potential threats and do the upfront work necessary before allowing a program access.

After the scanning... etc

but again all this is relative based on the surfing habits of the individual...

if we don't agree... it ain't the end of the world - lighten up. :)

<-QUOTE}

Okay. Rudy asked to be convinced and he isn't. So be it. I've also known people who wouldn't buy fire insurance for their house because they they believe they are very careful and they are sure they won't burn their house down. Tis their choice, but I won't have much sympathy if they are wrong.

Rudy best of everything.

Peter,
I also know people who didn't think they needed an anti-virus scanner until a virus destroyed their drives ... :). Likewise, I don't have much sympathy for them.

I'd just like to refute the claim that it is rare to have an undetected or for sale trojan because this is far from true

Process Guard was born to stop the latest trojans at their source, prevention is better than cure. The sheer number of process injecting and rootkit style trojans appearing is a little scary. The facts are that anyone can buy an undetected version of their favourite trojan for as low as $21, and it seems quite a few have been sold at $21 for Lithium, $50 or more for Beast, up to even $300 for Optix Pro

The other (probably WORSE) thing is that a lot of users learn how to package these cleverly, not only PATCHING the trojan to be undetected, but also using free installer packages like NSIS to distribute the program with a more genuine look. Scanning these with most scanners first is pointless, since most dont scan inside the package. And if the trojan has been patched first (hex edited) then its pointless scanning again.

So if you trust the package, then after install it has a few EXE files then its still whether you allow all those EXE files to run ? What if one is cleverly named to be some "compatibility module" and is the trojan. The rest of it seems ok, it all scans clean.

In short, private malware is not detected by ANYTHING, and most trojans can be edited with ease to an experienced user, and yes there are a lot of them out there.

It's a proven FACT that Abraham Lincoln did NOT say "you can please some of the people............" ;D

Let's get on with the release of PG 1.2 ... anxious to install and be further protected. ;)

{QUOTE-> quoting: Rudy nework link=board=40;threadid=19765;start=15#msg121321 date=1074461929]
To Peter 2150 :

I can see (and understand) fully that AB does NOT protect you after you have giving launch (install) permission to a possibel malware.

The thing is, I seldom (rare) install new downloaded software. not to say never.

If i decide to do anyway, I run it against AVG, RAV online, Pest-patrol, FIRST prior to installing.

The final answerto all this is ; AB CAN'T be terminated / bypassed by auto excecuting malware. It isn't even vurnable when excecuting the malware local on your desktop, as it can't run anyway. No mather what you try, if it is not in AB "safe list", it won't run. Period !

It is clear to me that ALL those "so called" bypasses you guys know about don't excist. Otherwise you should have demonstrated / told about one. Not just theory. I already said before, i understand technical explenations very well. go ahead.

I'm never said i'm a God that doesn't make mistakes. I make them everyday.

But i do take ALL possibel precautions to protect my pc. Like described above.

I run resident > AVG, PP, AB, ZA PRO, Script defender, Reg.prot.

Rudy.

<-QUOTE}

Rudy nework (guest),

If you are still purusing these parts, have a look at the thread below:

http://forums.spywareinfo.com/index.php?s=63db60d1072aba5cbc55b7a0f1da7cdc&showtopic=23137&st=0&#entry129914

go to the gaming spot mentioned in the link above (gamewinners - link not provided for obvious reasons) with all your defenses up and let us know how you faired out...

I think with all the theory spouted here all you were asking for was a real example... sounds like that gaming spot has some nice silent drivebys for you to try out.

Be interesting to know 1st if you get the driveby download (not sure if activex & java are the injectors so if it don't work for you and you normally run with those disabled, just for grins you might want to try loosining your security a bit to see if #2 can occur) , second if they are able to execute...

if 1 & 2 occur don't come back here for help ;) LOL sounds like you will get no sympathy...

go back to the above link someone there will be able to help you if you need it.

BTW, based on your surfing habits I agree with your position. If on the other hand you surfed like Blaze well enough said :o