ProSecurity v1.26 released! [as of Jan 08, 2007]

[Stem]

First of all,.. "Thank you" to PS for the free version of this application,.. I did purchase a license for PS a couple of weeks ago, as I do like to show support this way for any product I personally think is good. (I also have license for other HIPS). I have not yet had time to download the latest version,... but will install later.

From some posts, I see that some user are getting BSOD or other problems with PS and/or SSM, if this is believed to be a bug or conflict, then I think that any such problems should be directed first to the developers of the product, to allow them time to try and sort out any possible bugs or conflicts,... we will always see some possible problem (on some setups) with this type of application, due to the low level control being made.

I would also ask, could we please keep the thread more on topic,... and not start straying into who is who,....

[poirot]

I am glad you too, Stem, think PS is a worthy piece of software and i am looking forward to your findings, tips and remarks about it.
(this time it's an easier task than with Jetico, )


TECHWEG, no matter who you are ,or might represent, i think you are rather adding to the Forum and not subtracting anything,so thanks from me.

[Stem]

Helo there poirot,

Quote:

Originally Posted by poirot

.....and i am looking forward to your findings, tips and remarks about it.

PS is a nice program,... but as some are finding, a slightly different approuch is needed (compared to PG / SSM) to correctly set up for your system. I did run the "Kill" tests (APT/SPT) against PS, and PS stood up well and was able to block all I attempted. The developer does appear to be listening to users, and updating the product, so at the moment I have no concerns as such.

Regards,
Stem

i had a problem with the previous 1.22 which has been resolved with this minor release. The developer seriously does listen to users and is very active on fixes. as i say most developers "seem" to have a day job, and work on coding when they get home. But the developer of ProSecurity, upon learning of HIPS software quit his day job of being a successful computer programmer to dedicate his day and night to making the best HIPS he can. I have seen this and i know this to be true. So i really do urge people to go on our forum and tell the developer of any genuine issues that you have and he will do his absolute best to fix it. Even if he needs to research on a problem with your conflicting software.
___

Quote:

Originally Posted by poirot

TECHWEG, no matter who you are ,or might represent, i think you are rather adding to the Forum and not subtracting anything,so thanks from me.

@poirot

Thankyou very much I am a fan and the concept guy for PS and gave the developer very much feedback through the months. I love hearing the good things and the bad things because, good things means happy people and good product, bad things means you identified something that can be done to improve the product. Win win . . no negatives with this.


Best regards to all

WG

[djg05]

Just out of curiosity I thought I would try out PS 1.22.1 to see what it was all about.

On the SSM thread there has been discussion for the lack of protection for LSASS and its mates which can be shut down. The same for LSASS is true in PS using APT-1, although there is less restriction on the rules for it.

With my f/w Kerio it says that it is protected yet it can easily be shut down the same way. In SSM in spite of going through all the warnings none of the various kill methods I have tried have yet managed to kill it off.

Maybe I am looking at this the wrong way, but I regard my f/w as my front door and the HIPS to be the iron bar to stop it being broken down.

I know that some don't believe in going through warnings signs, but to me the point is to try and break a program then you can see what its real strength is. I am sure some way will be found by malware to subvert the warnings and if a program just relies on warning messages rather than substance I would rather know about.

Incidentally I turned off learning mode after rebooting as advised in the help file and there was no problem with BSOD.

I am sure this program will improve but currently I don't think it is for me.

Using Win 2k sp4

Quote:

Originally Posted by djg05

Just out of curiosity I thought I would try out PS 1.22.1 to see what it was all about.

On the SSM thread there has been discussion for the lack of protection for LSASS and its mates which can be shut down. The same for LSASS is true in PS using APT-1, although there is less restriction on the rules for it.

With my f/w Kerio it says that it is protected yet it can easily be shut down the same way. In SSM in spite of going through all the warnings none of the various kill methods I have tried have yet managed to kill it off.

Maybe I am looking at this the wrong way, but I regard my f/w as my front door and the HIPS to be the iron bar to stop it being broken down.

I know that some don't believe in going through warnings signs, but to me the point is to try and break a program then you can see what its real strength is. I am sure some way will be found by malware to subvert the warnings and if a program just relies on warning messages rather than substance I would rather know about.

Incidentally I turned off learning mode after rebooting as advised in the help file and there was no problem with BSOD.

I am sure this program will improve but currently I don't think it is for me.

Using Win 2k sp4

Castle idea . . Your firewall is to stop people coming at the gate. If they get over the gate over the moat, then the HIPS is standing at the door to your castle protecting you unless you let them in. Then you can use things like Cyber hawk to protect the interior along with HIPS to give you extra protection. As for LAss .. . . i think perhaps lots of softwares are having isues with this from what you said. I have to opoligise since i am drinking at present, but i believe the developer will read all these posts and see this one and begin thinking about this problem . .


@JIE

Can you look into this lass thing and see if we can protect it by defeult or something ? perhaps just adding termination protection or something


WG

Wouldn't a good AV detect LSASS exploit, in that case, putting it in PS would kind of make it redundant at the most.

[andylau]

I want to ask, is it supported Windows Vista?

i believe presently it is not supported by Vista but will in a later version. Vista is still only a baby and not even in production PC yet. I would lay off vista for the moment

[starfish_001]

Quote:

Originally Posted by TECHWG

Perhaps you are running too many anti-malware products or something. You should try this in vmware and install one by one your other products and see when you get the problem ?

Perhaps ....

I am only running PS for test. I use Raxco First Defense like many round here. I have a snapshot setup for PS. It is based on a stripped down version of my main sys rather than a clean install. Why because if I migrate this into my main sys snapshot it has to coexist with my setup.


That said the PS snapshot has most other security software removed as I try to work out what is causing the problems. At this point the snapshot has NOD, Outpost, and PS.

I have also had sys freezes when blocking global hooks where ssm or appdefend would have simple blocked with no impact

please feel free to goto the forum "HERE" and detail the problem in as much detail as you can so the developer can do his best to resolve your issues.

[Roger_]

I have also installed and started evaluating ProSecurity full version last night and the first impressions are quite positive so far.
I certainly will be using the PS forum / support mail to clear out a few things.
For the moment, I have a couple of questions that have crossed my mind :

- 15 days surely is very short for me to perform a full evaluation as my availability will be quite limited;

- Although investing money in buying software products from well-known companies may turn out to be quite risky (companies can end or get bought by other groups), being PS almost a 'one man show', what foreseen guarantees of continuity may we anticipate?

Thanks in advance.

Roger

regarding the freezups people have the the user input warning screen's, i believe Jie has fixed this. After he adds and fixes some things he will certainly release the new version. Its with all your help that things get done! if you would not tell us we would not find out all these little things!
Thanks

WG

[ccsito]

According to the product comparison chart, the program has network access control. Could it then be used as a outbound firewall replacement? Can it be used as a supplement to the XP firewall to control outbound access?

[Stem]

Quote:

Originally Posted by ccsito

Can it be used as a supplement to the XP firewall to control outbound access?

PS as options to allow/deny/ask for TCP incoming, TCP outgoing, UDP,RAWIP (per application)

Yes i believe so. But that has drawn a very important (forgotton on my part) point. i will ask Jie to see if he can add TCP/IP / UDP rules etc and if he can have a tick box for an exe to run as client or server or both etc. it might end up being a firewall hips lol but hey function is function

[Stem]

Quote:

Originally Posted by TECHWG

.....it might end up being a firewall hips lol but hey function is function

There is always a possible problem of driver conflicts with firewalls if PS was to add network packet filter drivers. I personally would prefer no such driver installation from an HIPS,... if such an addition was made, then there would, for me, need to be an option not to install the driver for this.

well personally i use a firewall, but i would like to see a server and client tick box so we can control its access after we allow or deny with user interface

[Tommy]

Quote:

Originally Posted by Stem

There is always a possible problem of driver conflicts with firewalls if PS was to add network packet filter drivers. I personally would prefer no such driver installation from an HIPS,... if such an addition was made, then there would, for me, need to be an option not to install the driver for this.

I agree with that. Even i don't use PS i allways suggest HIPS please be a HIPS and not a HIPS with FW-functions which are nearly unusable.

Cobbler, stick to your trade.

[Stem]

Quote:

Originally Posted by TECHWG

.......but i would like to see a server and client tick box so we can control its access after we allow or deny with user interface

As I mentioned, this would require a network packet filter driver, to filter the inbound TCP, to block inbound TCP"SYN" packets (connections) when the "server" was blocked,.... this can lead to conflicts,...... I for one, prefer my firewall to perform this filtering.

but PS right now gives you a warning, xxx.exe is being contacted from outside etc and gives you the IP etc. If it can do this it should have ability for simple tick boxes that says allow inbound, allow outbound etc. I believe the driver you speak of is part of the driver for PS. i may be wrong but i think perhaps true

[Stem]

PS does not filter the TCP/IP, it will simply allow or block, if for example you change the network setting for your browser to block inbound TCP, then all inbound TCP is blocked (including returned packets,... so internet comms will not proceed for the browser,..you will not be able to browse), this is not the same as TCP/IP packet filtering, which, if server status was blocked, would allow returned packets, but would block inbound connections.

yes this is what i personally would like to see only tick boxes to allow inbound and allow outbound, no rules, just the ability to block inbound and akllow outbound etc simple function

[Stem]

But this is not the same as "Allow as client" / "allow as server". If you select to block an inbound attempt with PS, this will then block any/all inbound TCP for that application, and will then lead to no internet access for that application.

You can currently set this in options (per application):-

[PSDeveloper]

Quote:

Originally Posted by TECHWG

yes this is what i personally would like to see only tick boxes to allow inbound and allow outbound, no rules, just the ability to block inbound and akllow outbound etc simple function

I guess you don't use PS to control your network :-), actually this function was exists from v1.20.
Please turn to application's advance settings page, and then turn to network tab, you can see them there, they are not tickboxes, but you can right click on them to popup the setting menu.