How can Process Guard become more user friendly

Hi Everyone,

I'm starting this thread because I believe it's one of the more important aspects of Process Guard next to security.

I recently took up the offer from DCS re TDS 3 and got a copy of PG for my sister. But here's the catch. My sister has no time and absolutely no patience for going through step 5 of the set up so she won't install it. So unless I personally go out there and set it up for her she refuses to use it which leaves it just sitting in her PC untouched even though it was FREE. She also has kids using the PC and they wouldn't have a clue about the pop ups so this is definitely not user friendly for kids either unless it has been painstakingly set up first.

An easier way has to be found if this program is not to suffer (or has not already) the same fate as TDS 4.

I'm talking about step 5 in the set up instructions.

5) Minimize the Process Guard interface and run all of your regular applications (your web browser, email client, and so on). Any application which is run while under learning mode is automatically added to ProcessGuard's list with default permissions.

My sister, who is just an average mum who works won't install PG because of this. She says she just couldn't be bothered and the whole process is a nuisance. While the tech savvy person will spend hours tweaking and fine tuning their security settings, the average user just wants to install and get on with what they were doing and DCS has to realise that unless they can make PG user friendly for the 'set it and forget it mob' then it will not attract a large portion of average users like my sister who don't want to go through the step 5 procedure or visit forums to ask questions.

The majority of people just want to install a program and then use it and not be bothered by pop ups and having to click on all their programs and reboot etc etc.

My sister lives far away and I can't visit just anytime so PG remains uninstalled. Step 5 is a real turn off and put off for many people I believe - people who don't visit forums and come here. They just have a look, see it's too difficult and uninstall and walk away without DCS or us ever knowing - people like my sister.

Maybe DCS were targeting companies and not individuals with PG because it's certainly not user friendly enough for novice PC users. I wish something could be done so that DCS could make it as easy as pie to install and set up(like any other program out there) and then sales might increase but I can't see many novice users going through step 5 so I suggest this be looked into.

Dave

 

Hi Dave,

Well I disagree, I'd like to see even more minute control (child processes etc.), if DCS changed it's target users from advanced user and security freaks ... they'd have no target audience at all. General users aren't after these types of applications, they won't bother at all to use anything other than an AV and maybe a FW. Besides I don't think there's anything complicated about PG ... yes it takes maybe ten minutes to setup, but then it's easy sailing from there, changes only be need to made when installing new software. With PG locked I'm the only one with that control, there aren't any pop ups, either I approved it or I haven't - ie. It runs or it doesn't period. . Including the allowed privileges for each application.

I don't know how you can relate the environments of TDS and PG, they don't face the same issue - TDS' issue was the resources required to update the DB. PG isn't going anywhere, it doesn't have that issue ... regardless if development were to stop or the project reached completion - PG would still be in a complete state from where is stands now and completely useful.

Steve

 

That is why added PG along with RegDefend and WormGuard as a backup to my AV and firewall. I want protection and am willing to spend a little time to learn how to use the software. If it was signature or list based it would not be as effective.

 

I fail to see how anything could be easier than "run all of your regular applications". You would be doing it even if you did not install the program.

 

maybe it should just scan the start menu and desktop. itll be faster and get the majority of apps u use. and about the permissions: even if pg knew what permissions to give, some people would rather not give permissions (like hooks) to an app as long as it still works. its a personal preference.

 

I did not mind the setup guide, DiamondSupport told me it was very important to follow the guide all the way through. If they can make it easier then good, my games all crash first time I use them with Learning Mode, but they work the next time so ok, the rest of the setup was easy like any other program

 

It's still better than nothing.

To solve your problem have default child-parent control to always allow if launched from trusted parent. Not as secure, but increase ease of use.

It still won't catch 100%, but much better than the current sit.

On the other hand, I do appreciate it if PG allowed better control of child parent relationships.

 

Dave,
I would also like to see some progress in ProcessGuard in this sort of area., there is a very long feature request list that has had no apparent progress for a while now. Hopefully PG will get some attention in the "promised" cycle of updates...

For the moment you could always just turn Execution Protection off and get your sister to do a single reboot in learning mode to get most things that load a driver.

That way you still get the core features of PG by stopping DLL injection, protecting Physical Memory and getting reasonable Anti-Termination protection as well.

As was said by thingsthatmakeyo I think that finer grained control of execution protection would make a difference. If for example you wanted to have exection protection enabled you could simply deny everything starting from iexplore.exe and allow everything starting from explorer.exe (and everything else). That way there would still be no alerts and drive-by-installs couldn't simply just drop and run a file.

[They would have to drop a file and write to the registry and wait for you to start a program in order to avoid the execution alert... but they can do this with execution protection the way it is now anyhow]

If you havent already you could possibly look at setting up Proxomitron as a proxy on her computer and have it use a decent filter set (like Gryphen) that may help lessen the likelyhood of issues whilst browsing and shouldn't generate any alerts.

If none of that sounds useful and you are in travelling distance, then you could just wait for a family birthday and do it for her while you are visiting

Regards

 

I saw this mention of sensitive guard and googled it. Here's a very interesting feature

http://www.sensiveguard.com/

Very cool. It makes a difference between actions carried out by the user and those that isn't.The same thing with its fileguard, you can set different policies depending on whether it is an action carried out by the user, or not.

See screenshot here

http://www.sensiveguard.com/screenshot.html

Imagine if PG had this, it would be a godsend at least for a lot of execution protection requests.

The cynic in me would probably point out that malware can learn to emulate what the software is looking for when it says something is user initated.....

 

I really like the user initiated aspect. It would really help people who just don't feel confident enough or patient enough to go through running their applications. With PG's system you miss a few or forget a few in learning mode and then blocking starts and then it begins to get too arduous for the novice and they tend not to persevere with it.

I wouldn't give in on a 'set it and forget it' system for PG because that might be the only way to get the masses to use it. The user initiated idea would be great for PG because the program then does the thinking for you. Emulation might be a problem but don't forget it's layered security so there's an AV as well as firewall. I don't think that layered security has to be all complicated as PG is as it's not the 1st line of defense so even something like an emulator would have to get through the AV and firewall first so user intiated intelligence might just be what PG needs to make it more marketable to the masses.

Is that sensiveguard free?

Dave

 

Emulation is the wrong word , I apologise for using it. Simulate user action was what I should have said.

I suspect, it can be pretty easy to do this depending on the implementation.

Yes, apparantly. I haven't tried it though. Maybe it's not as smart as it seems.

 

I'm not the average user, especially not where security applications are concerned, but I am finding the full Process Guard to be MOST irritating and difficult. I find buggy KIS 2006's process guard to be easier to use (except for the tiny GUI) although not by much.

The problem with Process Guard is that it doesn't learn well. And it doesn't always pop up and ask what you want to do either. It just silently blocks (global hooks for example) and that is not acceptable. I can't imagine an average user having the patience or understanding to use something like this.

 

A program like Process Guard doesn't sell very well to the novice because it's just too complicated to install and look after. If something goes wrong like a silent block then your average and even experienced user will be left baffled for days. I think DCS should at least give it a try to see if they can't come up with something much more user friendly.

The GUI was only one idea but user friendliness is even more important because things like a silent block can turn users right off PG. Average or novice PC users may never ever really flock to PG in even moderate numbers so it's days may be limited because it's only catering to a very small audience and can't be continually improved and updated when the income for it may not be enough to support the product. So I do see programs like PG being around for a while but really not having many improvements or updates anymore because they are not bringing in much money.

Another case where DCS may be shooting themselves in the foot because their products are not attracting a large enough market to sustain the product leading to discontinuing of updates and upgrades which we saw with TDS 3.

I think DCS have got to look at appealing to the masses otherwise all their software is not going to support itself and they will just have to forgo updates and upgrades and if it falls far enough behind and is not worth the effort to redo then it might suffer the same fate as other programs. So I strongly believe that DCS have got to start incorporating much more user friendliness and less technicality into their products for them to appeal to larger audiences.

Dave

 

I would have to agree with K9.

I think a reasonable analogy would be a camera. Your average vacationer (or Soccer Mom) wants a point and click camera. While your professional photographer wants more minute control over every last detail of the shot. To make PG more acceptable to the Soccer Mom, a lot of functionality would have to be lost.

 

I guess like someone suggested already, PG with with two types of user interface. Pro and soccer mom.

 

Hello, BJ69.

That would be OK with me, but I would be surprised if anyone would buy it and use that feature.

 

The next release will mostly concentrate on some good little features, and on help file and user guides. ProcessGuard is based around a few simple concepts and protections implemented in the right place at the lowest level. Guides will make things a lot better so anyone who is willing can have a better chance of being secure.

Some more protection is always better, and if some of us can gain complete control then great!

 

That sounds great! Just what I need. The current help file is execellent...as far it goes. It doesn't go far enough. I'm also encouraged to hear that there will be another version. I hope it is coming soon so as to help deflect the rumours rampant that PG is dying.

 

I made a couple of guides recently and we are really paying attention to detail on those.. lots of useful info will be available. I'll do my best, still working on the guides and the new version will definitely please in a lot of ways. Dont expect miracles of course its only one program in the big picture but if we get the guides right people will definitely end up better off and less vulnerable

 

Hello Garvin..........any words on when..........soon or not sure ??
BTW....I for one can do fine without TDS-3......i can not say the same about PG............long live PG

 

Not soon sorry, PG is hard work. Low level coding, debugging testing fixing more debugging etc etc etc!

All the other stuff we are working on is far more advanced.. website is mostly done..

PE has lots of stuff fixed and added, we went through the requests and got some stuff done already. Its a lot better already and more useful !

 

The sun was not supposed to shine here today..........now it is

 

Very true!!