WG, PG,...

[Atomas31]

Hi,

Since DiamondCS seems dead for good and the fact that I own most of their products, I was wondering :

Does Wormguard still very usefull nowaday? Can I disable it and count on Nod32 and Boclean to detect any worm and do what Wormguard was doing

Concerning PG 3.15 wich I really liked, is there any good alternative that can do all of what PG can do and even more (with good support :-)? If possible in a similar approche and GUI?

Thank you and good holidays,
Atomas31

[dallen]

Atomas31,
I would remove both WG and PG because products that aren't continuously update become obsolete very quickly these days, especially considering that you have quality products like NOD32 and BoClean. If you feel naked without PG maybe you should seriously consider Online-Armor.

[Atomas31]

Hi Dallen,

Happy holidays!

I have disabled Wormguard and Process Guard and you are right, I am feeling a little bit naked!!!

As for Online Armor, I know it and, unless I am mistaken, it doesn't do the same than PG... Also the last time I started it (I already have it but don't use it), there was no way to terminate the online armor services (GRRrrrr!) and this is something I personnally hate.

Thanks,
Atomas31

[dallen]

Happy Holidays to you. It's good to hear from you!!!

We all use our computers differently and we all have different expectations from our security strategy.

I'm not one to know the technical differences between OA and PG. Additionally, I am one that prefers user friendliness to meticulous security. So my advice may not be the best for everyone.

That being said, I am confident that PG is nothing more than a decaying false sense of security.

Whether Online-Armor is right for you is a personal choice. I have found it to be unobtrusive while simultaneously providing decent security. I’m rather new to the beta-testing team, so admittedly I have not thoroughly tested it against attacks, but I like what I see so far.

May I ask why you prefer the option of terminating the service?

[Thankful]

I agree with dallen that NOD32 and BoClean are two excellent programs. If you want to add a HIPS, give free SSM (system safety monitor) a try. http://www.syssafety.com/ They also have a paid version. They also have a forum for support for both versions.

[Atomas31]

Quote:

Originally Posted by dallen

Happy Holidays to you. It's good to hear from you!!!

We all use our computers differently and we all have different expectations from our security strategy.

I'm not one to know the technical differences between OA and PG. Additionally, I am one that prefers user friendliness to meticulous security. So my advice may not be the best for everyone.

That being said, I am confident that PG is nothing more than a decaying false sense of security.

Whether Online-Armor is right for you is a personal choice. I have found it to be unobtrusive while simultaneously providing decent security. I’m rather new to the beta-testing team, so admittedly I have not thoroughly tested it against attacks, but I like what I see so far.

May I ask why you prefer the option of terminating the service?

Hi Dallen,

What I mean concerning the termination services is when you click on Start/administration tools/services and then look at the online armor service, it was impossible to stop it, you had to change the property to manuel and reboot so you won't have this services running background anymore... That was an old build that I beta test some times ago so maybe now it is different. The reason why I like to have that control is for exemple if you want to start another software who is or might be conflicting with that services, I don't want to change property and then reboot to be able to open that other software... That's all!

Right now, I am trialling Prosecurity wich seems very promising and more to my taste...

Thanks,
Atomas31

[MikeNash]

Quote:

Originally Posted by Atomas31

Hi Dallen,

What I mean concerning the termination services is when you click on Start/administration tools/services and then look at the online armor service, it was impossible to stop it, you had to change the property to manuel and reboot so you won't have this services running background anymore... That was an old build that I beta test some times ago so maybe now it is different. The reason why I like to have that control is for exemple if you want to start another software who is or might be conflicting with that services, I don't want to change property and then reboot to be able to open that other software... That's all!

Right now, I am trialling Prosecurity wich seems very promising and more to my taste...

Thanks,
Atomas31

Hi Atomas31,

That is still the case - this was to stop malware potentially stopping the OA service in a trivial way. If this is a showstopper for you, I can probably add the ability to do this inside the OA GUI somewhere - or, alternatively, we could implement a warning when something tries to shutdown the service.

Kernel mode OA just hit the beta test team, so there is definitely scope to change how things work.


Mike

[Atomas31]

Quote:

Originally Posted by MikeNash

Hi Atomas31,

That is still the case - this was to stop malware potentially stopping the OA service in a trivial way. If this is a showstopper for you, I can probably add the ability to do this inside the OA GUI somewhere - or, alternatively, we could implement a warning when something tries to shutdown the service.

Kernel mode OA just hit the beta test team, so there is definitely scope to change how things work.


Mike

Hi Mike,

Yes, that is a show stopper for me... I only know one other application who does that an it is Spysweeper (GRRRrrrr!). If you can rectifie that, I might start using again my version of OA.

Also, I am trialling Prosecurity wich I really like and seems like an ameliorate and more complete version of Process Guard and was wondering if the two products (Prosecurity and OA 2.0) can work together without any conflict? Are there gonna be any overlaps?

Thanks and Happy Holidays,
Atomas31

[dallen]

Atomas31,
I know nothing about Prosecurity, but I do want to caution you about one thing. Learn a valuable lesson from the DCS debacle, customer support matters and a product is only as good at its developer. Mike Nash seems to be as classy as they come. This is evidenced by his willingness to listen to his customers.

[egghead]

Quote:

Originally Posted by dallen

Atomas31,
Learn a valuable lesson from the DCS debacle, customer support matters and a product is only as good at its developer.

Could have been my words

[Atomas31]

Quote:

Originally Posted by dallen

Atomas31,
I know nothing about Prosecurity, but I do want to caution you about one thing. Learn a valuable lesson from the DCS debacle, customer support matters and a product is only as good at its developer. Mike Nash seems to be as classy as they come. This is evidenced by his willingness to listen to his customers.

Hi Dallen,

Thank you for your advice! As I am concern, I believe that a developper that does something good desserve a chance... If nobody never gave Mike a chance to show us how classy he was and how good is product was just because of the DCS debacle, than Mike and OA will already be history and we will have lost a classy guy and a great product... :-)

Atomas31

For the time being there is nothing wrong with PG, and WG should server it's purpose/design indefinitely. I wouldn't move at all to any Ghost Security products as their support is also almost null too. While I don't use OA (nor am I connected in any way to Online Armour), I can really appreciate the effort they display in development (just think about the leaps and bounds OA has made since it's inception) and the support they (Mike Nash) provides here at Wilders, in addition to their own support forum. I think one day, OA will have an official support forum here.

[Rico]

Hi Atomas,

I was a long time user of PG & finally got fed up with their, horrible customer support. I uninstalled PG got a 'competitive upgrade price', & am verry happy with SSM. SSM is like PG on steroids.

Take Care
Rico

[dallen]

Quote:

Originally Posted by ClassicQ

For the time being there is nothing wrong with PG, and WG should server it's purpose/design indefinitely.

I absolutely disagree with this statement. both WG and PG have been obsolete for a very long time. Almost immediately after Jason left DCS, he told me that PG had some serious problems that he wished he could fix, but could not since it was no longer his product to develop. Wayne has proven his unwillingness to address his product's issues, to wit Wilders was forced to take action.

I'm not one to try to predict the future, although I will take credit for being one of the first to illuminate Wayne (DCS) for what he truly was, but it would not surprise me if Jason (Ghost Security) follows in Wayne's wake and meets a similar fate.

Quote:

Originally Posted by dallen

I absolutely disagree with this statement. both WG and PG have been obsolete for a very long time. Almost immediately after Jason left DCS, he told me that PG had some serious problems that he wished he could fix, but could not since it was no longer his product to develop. Wayne has proven his unwillingness to address his product's issues, to wit Wilders was forced to take action.

The issue was processes using 'services' to install drivers (and bypass security), which there is a working around for and may have been address with the latest release (I don't know for sure I don't actively use the product [I use Linux rather than Windows by choice], but I have tested it many times in VM sessions). What is the issue with WG? There are free apps that provide the same protection - which are still valid today. How is it obsolete?

Wow, Do you really take what is said by an ex-employee and competitor at face value? Your anti-DCS bias is helping lead you astray, which isn't a good sign. Do you have anything that you can factually back up your beliefs with?

I'm anything but a DCS fanboy, I hate what they've done / become ... but I wouldn't dismiss the merit of the product without understanding the issue and having actual evidence.

Quote:

Originally Posted by dallen

I'm not one to try to predict the future, although I will take credit for being one of the first to illuminate Wayne (DCS) for what he truly was, but it would not surprise me if Jason (Ghost Security) follows in Wayne's wake and meets a similar fate.

That statement I can agree with

[dallen]

Quote:

Originally Posted by ClassicQ

The issue was processes using 'services' to install drivers (and bypass security), which there is a working around for and may have been address with the latest release (I don't know for sure I don't actively use the product [I use Linux rather than Windows by choice], but I have tested it many times in VM sessions).

ClassicQ,
I apologize if my criticism of your conclusion that nothing is wrong with PG or WG upset you. That was not my intent. It seems that what you consider to be "the issue" is different than what I consider the issue to be. So, it seems that we are in disagreement about different things.

Quote:

Originally Posted by ClassicQ

What is the issue with WG? There are free apps that provide the same protection - which are still valid today. How is it obsolete?

I consider it obsolete for a number of reasons including, but not limited to, the fact that it has not been updated for years and almost every quality AV on the market provides better anti-worm protection than WG.

It seems that you know enough about computer security to understand that the dynamic nature of malicious threats cannot be met with stagnate defenses.

Quote:

Originally Posted by ClassicQ

Wow, Do you really take what is said by an ex-employee and competitor at face value? Your anti-DCS bias is helping lead you astray, which isn't a good sign. Do you have anything that you can factually back up your beliefs with?

I absolutely take it at face value (which means I don't give is much weight considering the vested interest the ex-employee has in the matter), but when I discuss the matter with the ex-employee privately and the statements are coupled with the reasons for making them and subsequently verified, I tend to take them at more than face value.

Quote:

Originally Posted by ClassicQ

I'm anything but a DCS fanboy, I hate what they've done / become ... but I wouldn't dismiss the merit of the product without understanding the issue and having actual evidence. That statement I can agree with

They've become non-existant and the fact that you wouldn't dismiss a non-existant company's antiquated product in an ever-changing environment of increasingly sophisticated threats speaks for itself.

[Rmus]

In the summer of '05 I tested several script-blocking programs for a friend who was interested
in that type of protection. I found WG to be in a class by itself.

Two of the other popular ones at the time added a line in the Open|Command line in the Registry
for all script filetypes, resulting in passing the open command for that filetype to the blocking program.

WG on the other hand, has it own script analyzing engine, which looks at all filetypes that run scripts.
There is a slight difference: .html was not normally blocked as a script filetype in the other programs,
but is capable of running scripts. See a discussion here, where I ran a test using .html:

http://www.wilderssecurity.com/showt...885#post521885

Another filetype that can run scripts is .doc, and WG will catch it, but the other programs would not
unless added to the block list, which would result in every .doc file requiring a prompt from the user.

http://www.urs2.net/rsj/computing/imgs/wg_doc.gif

Quote:

Originally Posted by dallen

I consider it obsolete for a number of reasons including, but not limited to, the fact that
it has not been updated for years and almost every quality AV on the market provides
better anti-worm protection than WG.

At the time, I didn't consider WG just from the standpoint of worms, and would be interested
in how current products handle scripts contained in files such as .doc.

regards,

-rich


________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier

[dallen]

Rmus,
If I'm not mistaken, both KAV and NOD32 each have methods of coping with the threats you reference. Furthermore, I think IE7 has a method of disabling scripting triggered via html.

Actually, I tested the following script:

Quote:

<SCRIPT LANGUAGE="VBScript">

<!--
function fnCreateFolder()
dim oShell
dim oFolder
dim sDir

sDir = "C:\SomePath"
set oShell = CreateObject("Shell.Application")
set oFolder = oShell.NameSpace(sDir)
end function
-->

</SCRIPT>

Which you provided as a means of testing. I created an .html document containing the script and with default settings I am provided a warrning from IE7. I will play with the same script using a .doc file and report back.

Meanwhile, I stand by my conclusion regarding DCS and their products.

[true north]

Back to the topic,

I use PG for a long time and now since their support is gone Should I replace PG with an other safe and easy going app
What would you recommend
Thanks

[dallen]

Quote:

Originally Posted by true north

Back to the topic,

I use PG for a long time and now since their support is gone Should I replace PG with an other safe and easy going app
What would you recommend
Thanks

true north,
You are going to hear advice both ways, but I want to emphasize that PG is fundamentally flawed and relying on it only gives you a false sense of security. You need to remove and replace it.

The problem is that the product that I would replace it with has not been released yet.

[Rmus]

Quote:

Originally Posted by true north

I use PG for a long time and now since their support is gone Should I replace PG with an other safe and easy going app

To borrow a phrase from Blue, I would do a "risk assessment:"

1) What types of threats doesn't PG protect against that you think are necessary?

2) What is the likelihood of you encountering such a threat?

If using PG doesn't satisfy your risk assessment, then it's time to change. Looking at other threads, this goes on all of the time with other products: people switch because they think something else is better for them.

I don't think it matters whether or not the product is still supported - if it meets your needs, why change?

This has been discussed in other forums, and I notice other PG users sticking with it.

Referencing my above post, my friend still uses Worm Guard because it meets a particular need in her work, so there is no reason to change.

regards,

-rich



________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier

[dallen]

I agree with everything Rmus said in his/her most recent posting.

The only thing I would like to add is that a false sense of security is worse than a complete lack of security.

[Baldrick]

Quote:

Originally Posted by dallen

Atomas31,
I know nothing about Prosecurity, but I do want to caution you about one thing. Learn a valuable lesson from the DCS debacle, customer support matters and a product is only as good at its developer. Mike Nash seems to be as classy as they come. This is evidenced by his willingness to listen to his customers.

You really do know nothing about ProSecurity. From what I have come across the developer of ProSecurity seems to be about the most responsive developer around at the moment. However, IMHO willingness to listen to customers is good but a sound financial model/basis for the development of the software is even more important...and we know very little about any of these developers.

It would be good to get some more information in this area.

[dallen]

Baldrick,
What did you mean by reiterating my admission of a complete lack of knowledge of ProSecurity?

I agree that the responsiveness of the developer is not the only criteria in which one should judge a software. You are correct that "financial model/basis" (business plan) is also very important. However, when you say "we know very little...", you should probably restrict your assertion to yourself. I'm sure there are some here that have at least some knowledge about the business plans of these developers. I, for one, have some knowledge about a financial aspect of one of the developers that I consider to be pertinent. However, I don't feel that information is for public discussion.

[Baldrick]

The reiteration was to confirm that the statement seems to be true.

On the other point, I believe that the 'we' (as in the collective and not trying to single out any one person although it appears that I may inadvertently touched a nerve) is justified as this aspect of the software developers and their products that are discussed, recommended and panned in public does appear to be almost completely omitted from discussions. That is a shame.