Do we need more than free Process guard if we do not indulge in high risk behaviour?

With regard to Process Guard , does a computer user who :- 1) Does not visit high risk sites 2) does not download from iffy sites 3)does not execute .exe attachments 4) does not use pirated software 5) has a good AV prog installed with up to date signatures - say Nod32 6) has a good firewall installed-say Sygate Personal Pro 7) regularly scans with Spybot and/or Adaware (free) for malware

..... need to have the paid for version or the free version to complete his/her security configuration?

 

Re: Do we need more than free Process guard if we do not indulge in high risk behavio

Hi.

You are asking this in a forum devoted to Process Guard. What do you think most people here will say?




Okay okay, if you want to know my answer is probably not. But you never know.... There are worse things to sink your money into if you can spare the cash.

Okay time to go, I'll let Richrf and others give you the sales pitch about 'executable portables' and 'catching strangers at the door' analogies.

 

Re: Do we need more than free Process guard if we do not indulge in high risk behavio

The question is whether you visit only trusted sites, or do you surf at all. If you surf at all, there is always a possibility that you will get attacked. It happened to me by just linking to a site from Google after a totally innocuous inquiry (something related to dinosaurs or something like that). So, if you only visit trusted sites, then I don't see that you have any problem. If you visit sites that you do not know for sure are trusted - well all bets are off and ithen who can really say. For me, the few dollars it costs for PG licensed is more than worth it. Some people insure their car against collision and others don't. Everyone is different.

Rich

 

Re: Do we need more than free Process guard if we do not indulge in high risk behavio

Yeah kind of, except real insurance pays you monetary compensation. Security software gives you no guarntees.

Otherwise a balanced commentary

 

Re: Do we need more than free Process guard if we do not indulge in high risk behavio

Insurance: any means of guaranteeing against loss or harm; [Random House Unabridge dictionary]

 

Re: Do we need more than free Process guard if we do not indulge in high risk behavio

Yes and I don't see one for using software.

 

Re: Do we need more than free Process guard if we do not indulge in high risk behavio

Example sentence from the Random House Dictionary:

"Taking Vitamin C is viewed as an insurance against catching colds".

Another example:

Using HIPS is viewed [by many] as an insurance againast catching viruses and other types of malware.

 

I don't want at all to argue with the comments above but I just have this nagging doubt about the level of security software we actually need. The fact is in year of heavy net use, permanently connected to the net, and using only NOD 32, Spybot, Sygate firewall ( licensed) Adaware. ( two free , two licensed) I have had not one attack from a virus, trojan key logger etc. Tracking cookies , of course I remove with Sybot.
Recently I have added the freeversion of Process Guard to complete a reasonably secure system - it was the missing element(insurance policy) -given my behaviour.

Nobody takes out insurance against every mishap that might befall them. No , they measure the risk aginst their circumstances, against their behaviour and then take out an appropriate level of insurance. I would argue that is exactly what PC users should do and yes Process Guard should be part of that insurance but maybe the free version is enough for many of us.
Surely my configuration is enough insurance for most users.

 

Re: Do we need more than free Process guard if we do not indulge in high risk behavio

Depends. I installed a program from a site, that at the time seemed to be run by a very large and "trusted" company. Only, when I installed the software, PG alerted me that it was trying to install a "driver/service", which I thought was odd, so I disallowed it. It was only much later, did it become clear on a forum, why this company's software was trying to install a driver/service, and I am glad I had the opportunity to stop it.

For me, "total control" on what is installed and runs on my computer is what it is all about. I don't trust the "trustworthy" companies. The latest red flag being how MS AS is now handling Claria. Where there is money to be made, companies just ignore or privacy and ethics issues and do what they can to get information from my machine. At least that is what my most recent experiences have been and why I no longer trust signature based systems that are maintained by commericial vendors. I am just going to keep my own watchful eye on things. But it is not for everyone, I know.

Cya,
Rich

 

It isn't always possible to predict whether you're indulging in high-risk surfing. It's entirely likely that a new site that gives every outward indication of being legit may in fact be dodgy. The same is true if you test-drive shareware or demos from time to time. Under these all-too-common circumstances, having a multi-layered security strategy becomes important.

Whether you decide to move to the paid version of PG is ultimately up to the individual. However, I tend to think that it's only fair for developers to want\need compensation for their work. For me, this idea extends beyond just wanting added features. So far, PG has been a great app that I in no way regret purchasing.

 

Points well-made Richrf and Hard Warrior, I am almost convinced. Dead right about the ethics of profit making concerns, also dead right about the need to reward those software developers with scruples. (Diamaond CS , for example)

 

I agree.. also, you may be able to trust the site itself, but what about their advertisers? You also never know if it's been hacked, there will always continue to be worms like Download.Ject. That said, however, whether PG free is enough for you is really up to you. Are you comfortable making decisions on all of PG's prompts? If you're not completely comfortable with it's execution prevention, it may be worth adding something else.

 

Palombaro, Hello.

I'm in the same boat that you are regarding safe surfing. Every piece of malware I've come across came to me via email. I use Outlook Express' Preview Pane - which is probably not a smart thing to do. I don't click on attachements either. For me, PG has been a good friend and has helped me. So to answer your question, I would say yes to PG (IMO), right after a good firewall and AV.

P.S. I would probably say no to an AT in your case. I just use one (among many other pieces of security software) because I like experimenting. It's a hobby!

 

Thanks Daisey. I have decided to go with the following config and see what happens.
Nod 32 +Sygate PFPro + Spybot + Adaware + ProcessGuard(Free)
For the moment I will stick to the free version of PG until I get used to some of its calls. Should I manage to get my head round PG I will certainly purchase the licence.

 

Understood. I think you'll find it easy to use, once you understand it better. If you ever have any questions, you know where to ask!

 

Re: Do we need more than free Process guard if we do not indulge in high risk behavio

Hi,
Rich, so basically what you say, the abundance of security is to give you more control of what is happening in your machine rather than prevent acutal attacks against it, since even if probably only half your setup, you're still rather secure. If that's your angle, I like it. Comparing back to cars, I would like to be able to install in my car a particular type of brakes, or particular type of fuel injection etc.
But for someone who just wants to be secure, it can be done with less.
Seeing people around me and helping them get rid of spyware in their machines, I realize that it narrows down to what the user does at the end of the day. The rest is paranoia, cosmetics, fetishes and hobbies.
Cheers,
Mrk

 

Re: Do we need more than free Process guard if we do not indulge in high risk behavio

Hi,

1)ZoneAlarm: Firewall
2) KAV 5.0: On-access anti-malware file protection
3) ProcessGuard: anti-executable, driver/service, global hook, rootkit installation protection
4) RegDefend: registry protection
5) WormGuard: script protection

Whether or not this is an "abundance" of security, I guess is in the eyes of the beholder. For me, it is just right.

Yes, I would like to decide what goes on my computer, rather than leaving it up to some other vendor to decide - e.g Microsoft/Claria issue.

Less? In what terms? Dollars, manhours learning, manhours installing, manhours maintaining? Maybe if you give me the absolute equivalent configuration (to the exact detail) that you believe can replace what I have, it might help. Generalities are difficult to discuss.

I think it is just people doing the best they know how, with what they know and what they can achieve (time, money, experience, etc.)

Cya,
Rich

 

Re: Do we need more than free Process guard if we do not indulge in high risk behavio

I wouldn't be so quick to judge, you never know what people's circumstances are.

 

Hi,

Perhaps the question could be expanded to "do we really need personal HIPS/proactive protection/behavioural blockers?"
And this question can be related to this thread: https://www.wilderssecurity.com/showthread.php?t=91297

Absolutely sure:a single host without Process Guard:
- has more chance to be compromised/infected by a malware,
-facilitates the job of the potential intruder.

I don't have a risky surf, don't use P2P/Warez softs/ICQ/MSN/Outlook/Thunderbird/bank-shopping online, never store any sensitive information on my computer and i'm not paranoiac at all.
Result: i never trust in scanners for my security.
Many people can be infected with an AT/AV/AS: it's really common as it is often noticed on the "virus/backdoor/worm area

AVs are limited by their database: they can only detect/block what they know.
And AV publishers can't be aware in real time about all new threats and malwares:for instance Blaster, and recently Kelvir have not been detected/blocked (only after a few hours); but were blocked by some personal HIPS/behavioural blockers.

In order to detect all malwares, AV vendors should place a guard behind each potential malwares coder in the world!
Staying aware about 29A, HangUp or CWS groups is not sufficient.
For instance, a new PAID version of the free Hacker Defender will be available at the end of this month:some AV publishers would perhaps pay to integrate it in their database...

No need to have a risky surf to be infected by a Cool Web Search trojan: recently, the Sunbelt labs has discovered new variants which are not detected by any AT/AV: for this case, risks are real for the ones who use online banking/shopping: http://sunbeltblog.blogspot.com/ (august 8 and 4).



Technically, AVs are bypassed like it's shown in this research paper:
http://www.securityelf.org/html/software_misuse/index.html

Solution like ProcessGuard increase the level defense, especially against unknown/new threats/malwares.
For instance, worms typologies provide many possibilities for new variants:

-SSH worm:
http://www.schneier.com/blog/archives/2005/05/the_potential_f.html

-Web application worm:
http://www.imperva.com/application_defense_center/white_papers/application_worms.html

Being infected by a malware is not a big problem, but it costs time and sometines datas...
Finally, with or without ProcessGuard, it's a personal choice: each one his policy.
Palombaro: on the next links, you'll find independent reviews about Process Guard which is well known to be an anti-rootkit/keylogger solution.

http://www.morgud.com/go/open/Digital-Fort-Knox.pdf

https://www.wilderssecurity.com/showthread.php?t=90583

I'm not a PG user (it will be an over-protection on my system) but i can't contest (see the "Overall" link ) that it's an excellent product.

Regards

 

Re: Do we need more than free Process guard if we do not indulge in high risk behavio

Hi,

Actually I was talking about myself ^^

@rich, when I said less, I meant mainly the effort introduced into the processs of securing your system, by not just installing programs, but by learning them and eventually controlling them. For instance, hardening takes a lot more than clicking buttons in a GUI. It takes deep understanding of processes and how the OS wants its stuff done.

Cheers people,
Mrk

 

The paid for version of PG gives extra protection compared to the free version.

The extra protection is:

Protect physical memory
Block global hooks
Block rootkit/driver/service installation
Block registry dll injection

Can a piece of malware do any of the above without executing? If not, the free version is as good as the paid for version.

 

Re: Do we need more than free Process guard if we do not indulge in high risk behavio

There have been several occassions when I allowed a process to execute only to find that it was trying to install a driver/service or obtain a global hook, which I was then able to stop. So these added capabilitiews were very helpful to me. The block registry dll injection can occur without a user being aware of it. Here is a paper explaining this:

http://www.commontology.de/andreas/win_secure_pg3.html

Rich

 

Thanks richrf, I had a quick search through the paper. I'm still not convinced that the change to the registry for the dll protection can be accomplished without something executing first (perhaps I missed the relevant bit, could you copy and paste the relevant bit or PM me thanks).

I can see your point on the install driver/service blocking. Why would a supposed note taking program need a driver/service, suspicious.

The extra protection from the paid version may help if you deliberately execute unknown programs but for general surfing will they give you any added protection if you block unknowns from executing?