PG - Is it too complex for the typical home user?

I am seeking advice with regards to PG and to make sure that the software is not too complex for the typical home user.

I have read the great reviews which seemingly all point to the same conclusion and that PG is a must have.

I have also read that mistakes can be made in respect of when to say yes/no at the wrong/right time which is what is concerning me. The last thing I want to do is mess with something that is essential and so defeat the object of having PG running in the first place.

Can the program be used straight out of the box or is it essential that I have some understanding of what PG is all about especially so when to grant permission or when to deny.

I have Zone Alarm Pro having just recently "downgraded" from Zone Alarm Security Suite to move over to NOD 32 whereby I am in the process of trying it out. I have always made the right decisions in ZA when and when not to grant access but ZA does the hard work for you and is the very reason I use it, namely ease of use.

I also have TrojanHunter paid for version, SpyWare Blaster (free), Ad-Aware SE Personal (free), SpyBot Search n Destroy (free) and have TrojanHunter Guard running at all times. The MS-Spyware seems to have some good reviews also but as yet I have not tried it.

I do have a paid for version of TDS-3, Wormguard 3 and Port Explorer but dont use them as I dont know how to really. Wormguard did cause me to have loads of problems after install but then again maybe that was my fault and I did something wrong but I do remember reporting back in these forums over 12 months ago and seemingly there was some issue/conflict with Wormguard and some other software I was running. It could be that it affected my game paying. Sorry I cant remember the exact details now.

I can use the basic scan for TDS-3 but thats as far as it goes. Port Explorer looks good when loaded up but what I would need to use it for I don't know. I purchased all 3 as a package after trying out TDS-3. I have just performed a clean install of windows and have not installed any of the 3 at this time.

I am not that confident in my own abilities having only owned a PC for just over 2 years now. I do have lots of software and many of these purchases I have made were due to panic when I read about the issues/dangers of surfing and aquiring more than you bargain for especially so seeing as I share my PC with my 14 year old son and 18 year old daughter.

If I need to create special rules to use software forget it. Plug n Pray that it works is the name of the game. Load it up and forget it and get on with gaming and surfing is the only way to go once you have paid the dosh to protect your system.

Any views/links would be greatly appreciated in respect of PG be they easy to use guides and a yes or no as to the ease of use.

In particular will PG hog resources when I am in a game and indeed do I need spyware, AV running at all unless I am on the net. Do you need big protection for gameplay?

Thank you in advance.

NB Apologies for some cut and paste from a Thread (great success) that I posted in the NOD 32 Forum

 

Hi Cyborg,

I will make this answer very short, and if you have more questions, we can see how to proceed:

1) ProcessGuard is not Plug and Pray. If your gaming machine is relatively static (i.e., you do not install or uninstall programs too often), your interactions with PG will also be relatively infrequent. However, no matter what, you can expect PG to alert you from time to time and you should be prepared to answer the alerts. There is a relatively high upside to all this. You learn a lot about what vendors are doing on your machine without you knowing it. For example, lots of the so-called "free stuff" out there is loaded with detection software that is monitoring your behavior. Nice to know what software is doing on your machine.

2) PG resource usage is very low. I have it running on a game machine with no problems at all.

3) It can be installed in such a way that it requires minimal of knowledge. I would recommend installing it in Learning Mode for several days so that you have accessed all of your normal use programs. Then I would take it out of learning mode and then clamp down on security by preventing events such as "global hooks" (prevents keyloggers) and installation of rootkits (real nasties).

4) My son and my wife who are relatively illiterate about these things use it with no issues. I may answer a question once in a great while. You could use this forum as a sounding board.

This is my short answer. I am sure there will be lots of other help/opinions for you.

Rich

 

There is another upside - you also get to learn (if you're interested) what all those strange system processes are that are running on your computer.

I wanted to know exactly what every program in the protected area of PG was doing, and what every program I was allowing to run was...so I created a word document on my desktop and found all the definitions on the net and copied them there...helps me keep track of what programs are legitimate (and therefore what programs are illegitimate).

A google search will quickly give you most definitions (although it would be nice to have all the windows processes listed in a PG library)

 

I am the same as Cyborg with the complexities of Process Guard. I know I have had the re-assurance from the moderators of this forum before but I am still worried that if I installed I would not have a clue about global hooks etc

I frequently read the posts in this forum and most seem to know all about the read/write/terminate and what permissions to give to what; even then they have issues with some installs and applications. I printed out a lot of info and was ready to download - come to the forum and discover complications with installs/application permissions and then decided it would be too complicated when I really don't think I would know what permissions to give

I would love to have the confidence to install PG as I really do need this layer to my security but always have the question over ease of use for the home user. I have various layers and added them without question and know how they work it is just this one I really want but do not have the confidence that even in learning mode it would be easy to set up and use

 

Robyn,

There really isn't any need to worry about global hooks. Go with a default installation.

I don't attempt to address every conjectured theoretical eventuality. Am I more vulnerable? Sure, more or less in the same way as when I board a commercial airliner without having a parachute strapped on my back ready to go.

Even if you do not understand a lot of the inner workings of these applications, if you allow basic Windows system processes to do their thing, understand that a Window pop-up might be expected when you're in the middle of an installation or configuration change, and that having a process trying to kill off your AV/AT/etc. is probably not a good thing to allow, you'll be in good shape and can profit from this application.

Blue

 

Thanks Blue (sorry Cyborg for hijacking your post)

I will have to learn to feel more confident with this type of security as at the end of the day it is for my benefit (I just worry a LOT )

I installed the trial version over a year ago and had the error bug which was known with XP computers (especially my HT processor) that scared me and I decided not to attempt an install again but now I am even more aware of my utter security and just hope I can find the full confidence to keep my focus on installing PG to 'learn' and keep running this time.

I will take further time to read the forum and then make up my mind that the only way I will learn is to install (not feeling well enough today to work with a new install) but hopefully when I feel better I will feel my mind is clear enough to cope with the basic learning for PG.

I really feel guilty asking about PG from time to time and have yet to install but after installing my other security layers I know this is the next step for me.
Thanks again for a little bit of confidence.

 

Robyn,

I you are like most of us, we became serious or concerned about security due to an incident that we either experienced ourselves or saw someone else experience. At that point we knew very little aside from the fact that we had some level of exposure that made us uncomfortable.

This initial phase is followed by one where a number of applications are tried for various purposes. Some worked, some didn't, others we were uncertain of. PG generally falls into the latter category since it does dig deep into the recesses of Windows. At this stage I piled on duplicate applications and was, in a sense, overdoing it.

If you are like me, once you have become comfortable with what all the various program options are able to do and have assessed what level of protective measures are appropriate for yourself, you will probably scale back on the number of security programs employed and increasingly rely on a small number which provide fairly broad, robust, minimally overlapping coverage. At least that is how I see my own evolution of thinking.

PG is an exceptionally powerful tool, even with a default installation and no additional customization. My own approach is described here and my bare bones paid installation set is described in the $200 Complete Package Challenge. In the latter thread I waffle between PG and another somewhat similar package. Right now, PG is the more mature option and is what I would recommend for others in general. As with AV's, there are a few options here and they do have distinct strengths and weaknesses (some being one and the same).

Blue

 

Thank You so much Blue - I am still reading in detail the posts you have linked from here but it makes me feel better about my thoughtson the way to go.

I am busy each day wondering what I should add to my growing list of security and as you say some of them are overlapping in areas. In my heart I know I should stop wondering what I should install next as I know it should be Process Guard and that way I could condense and stop adding one program after the other. At the end of the day it is only the power of Process Guard will make any of my software & my OS safe.

I am so delighted with this post as it really expresses what I have been trying to get myself to believe. 'Yes' I am avoiding the install as I know it does go deep into Windows and I do fear any sort of blue screen/error notice I know when I read about things which could happen and even though I have a router firewall plus Outpost Pro - I do get scared.

I have NOD on my notebook and am seriously considering this for my desktop when my sub to AVG Pro expires (if not before) I also have BOClean and TDS/Ad-aware SE Plus with Ad-watch/Tracks Eraser as paid for software (which I much prefer)
I do have the other layers which are free but used as on demand scanners plus the added protection with Javacool software and safeXP/MSAS etc

I had RegRun Gold on my list but feel it may be rather complicated and am looking at RegDefend too.

I really do need to start thinking a lot more positively about Process Guard as I real have discovered from your post I am adding to my layers only if just to avoid and install I am not confident about and that is PG

I know XP can run today and tomorrow could be a different story but I only hope when I do try my install (with a little bit of confidence gathered) it will at least work in learning mode until I know exactly what applications need to read and write and all the words which are ringing about Process Guard.

Thank you so much I will read the threads properly and will also get as mnay details on the forum for the best way to install and start using - I only hope that one day I will be able to post back and be so pleased that PG is installed and working for me.

 

I really don't think you will have an issue Robyn, if I can show my Aunt and Uncle how to use it, then anyone can use it... Within a few days it is set and forget, until you install another program...

Cheers

 

Blackspear I hope you don't think I am your aunty! I think I am your nervous wee cousin

That was another 'query' of mine was when installing something (I try not to have too many and after PG less) how PG re-acts. I will have these details to add to my list before installing (when?) Thanks for the added confidence as you certainly sorted me out with NOD

 

Hi Robyn,

It is unfortunate that there are no specific scenarios described in the documentation covering things like global hooks, because in essence it is quite easy, but until someone first encounters it, it is a bit black hole of knowledge.

What will happen is this:

1) When you initially install in learning mode, all of your programs that require global hooks, or permission to install system services will automatically be given these permissions. If your system is clean, then all programs that have these permissions should and will be given them.

2) Once you come out of learning mode, permissions for access to global hooks and service installation can only be granted by you personally. Why? Because these are the kind of services that rootkits or keyloggers will request and you can stop it.

3) If you are installing a new program that may require one of these services, you have a choice. Either a temporarily put PG into learning mode again so that it will automatically give all permissions to the new program or b: keep PG in its locked mode and when a little bubble message comes up saying that so-and-so program has been "denied permission for installing a service" you can click on that bubble and give permission at that time. I usually keep PG in locked mode because sometimes I am quite surprised that certain programs - even legitimate programs - are requesting certain services which I do not want to give them. In any case, the big thing is when PG gives you one of the messages and you are _not_ installing any legitimite programs. This means that a rogue piece of malware is trying to inject itself on your machine and since your machine is locked down, PG will stop it dead in its track. Nothing new will get by you without your permission. Sort of lilke someone has to knock on your door and you have to let them in. No permission, no entrance.

This is a thumbnail of scenarios that usually occur with PG. It is quite simple once you know that type of events that you might be presented with. There aren't that many, but it would be really helpful if there was a user manual that provided examples of the most usual scenarios (there are really only two or three that I can think of).

If you give it an install, you will quickly come across these two or three scenarios and you will see that you either grant or deny permission - after reading the message - and how easy it can be. BTW, RegDefend is very similar, only you need to grant or deny permission every time a program wants to chance the directory. This usually happens when a program is being installed, updated or uninstalled but it may happen other times. It really protects the registry from uninvited access.

Rich

 

Robyn,
As has been said by others you will be suprised how easily you will pick up on what to grant programs. It really is quite simple once you get the hang of it, "just say no" and if the program doesn't work then think about saying yes...

Registry protection is also very important, so it is certainly worthwhile to have something there. RegDefend (as suggested by richrf) has the benefit of not polling registry keys to look for changes, as it blocks before a change happens (like ProcessGuard does). It is a rapidly maturing product and a good companion to ProcessGuard.

And back to some earlier comments....

In addition to Peter2150's comments which I agree with (and all the others since then), I think that by asking the question on a Security Forum you are possibly not just a "typical home user". If you were a typical "home user" then you probably wouldn't have heard of PG let alone be considering purchase

At the moment I would consider that for the typical home user, they would probably need a computer support person to recommend it and set it up for them (or provide directions to this forum so that they could ask questions and learn by themselves). Blackspear illustrates this quite well by having shown his Aunt & Uncle how to use it, its just not that hard with a little help (no matter how daunting it seems at first)

PG is still useful even when using it in the most basic way but it lacks finesse so it cannot be set it up so as to minimise alerts/questions to ones that truly matter. It is also quite hard to decide in advance what things matter...

In my opinion, in addition to its current features PG would need to be able to distinguish alert conditions based on the parent process to be able to more tightly specify when prompts would be displayed. This would allow someone else to setup PG for a home user that didn't want to bother learning the why's and wherefore's

Learning mode is a very good way of allowing someone with little or no experience to get PG running, but what happens "after" learning mode could do with some more enhancements for user friendliness

Regards

 

Wow - thank you so much for these very detailed posts which are helping more and more. I think anyone how has posted in reply has 'summed' me up exactly.

I know I have been in this situation before trying to decide but always thinking 'I will another time'.... but I am (as suggested - thanks) not really a typical home user as I am the one who has set up security on family and friends computers even though they do not understand why I want to install so many programs!

I am a 'safe' user in respect of sites I go to and the caution I observe to the best of my ability. I do not use any sort of file sharing programs etc in fact my notebook and PC do not even share anything across a network - they only share my router connection.

As with all things I approach especially security related thinking I need to understand 'in depth' the way the program works as I do not have full confidence in the way I will cope with the software. I do love to have a manual for most things as I like to read and learn then put into action what I have learned

I am very aware that no matter how little or how much I do online I am not safe (or rather my security software) is not safe unless I guard it with Process Guard - believe me I always have this in my mind and know it has made me feel so guilty as I have never been brave enough to even run the new version on learning mode. I know for a fact when I do install and if I learn how to use it there will be more than me running the software as it will one of my recommended applications.

I really do appreciate all the step by step guidance on the way the handle PG from my initial install. I am very encouraged now and will most definitely copy and print this advice - given myself a day when I am feeling well and download and install PG as I know for sure I do not feel safe without it especially reading all of this advice.

Thank you everyone for your time (even though it was not my initial post) I hope others will learn as much as I have and gain the confidence (I definitely need this) to download and install. Thankfully this forum is here to help when the first bit is over.

 

I read all the security forums....but a need to know is a lot different from the need to act.
Fact is nearly all of us have little or no need for the offerings which pander to our self-induced paranoia.
I imagine there are many bad-guys that would salivate at the thought of accessing Warren Buffet's laptop or breaking in to e-Bay or ANZ Bank but the same bad-guys would drown in their own disappointment if they bothered to access the average computer.
Possibly the one exception.....and what sparks my interest in the forums....is Internet Banking.
Banks have the highest level encryption available as they transfer TRILLIONS of dollars every day but they give stuff all attention to the consumer end as that opens the liability door.
However the consumer can lock down this vulnerability by taking very simple proactive steps.
BPay is no problem as the payment goes to a nominated account and relates to a specific, identifiable bill.
"Pay anyone" facility is a recipe for disaster as the name suggests. If any explanation is needed you obviously reached this forum by mistake.
Banks are very reluctant to talk about limited indemnity.
When you sign up for phone/fax authority transactions the bank will transfer to anywhere ,and all liability is on yourself to ensure amounts, destination, payee are correct but you can restrict movemnt of your money to be only between nominated accounts which limits the liability. Consequently the bank is liable if anyone hacks your account and forwards your hard-earned to a coffee shop in Russia.
Rant ends.
The postscript below is no contradiction....I am sceptical not stupid.

Using: Zone Alarm Pro, WinPatrol Plus, AVG, WinASO, SpywareBlaster
Evaluating: Port Explorer

 

bellyman said: "but the same bad-guys would drown in their own disappointment if they bothered to access the average computer."

This simply isn't true. The average computer is most often the target of choice. That's why there are literally armies of zombie drone machines out there spewing spam and worse, hosting phishing sites, acting as online storage servers for who knows what, and being directed at other's servers in coordinated attacks... and the sad part is, most home users are completely unaware their machine is being used this way. And we all pay the price for this global security unawareness.

Like most security products ProcessGuard can be installed and setup easily to provide good security with a limited amount of time and learning for beginners. As with any security product it works best if you invest a little time and learn some simple basics. But, it also can accommodate advanced users that want to delve deeper into aspects of securing and controlling their PC along with what and how things execute on it.

It's an absolute must have in my opinion for both beginner and advanced user.

 

In my view, the truth probably lies in between. While the average bad guy likes to own any machine they can get their hands on as part of their bot net, they are unlikely to expand large amounts of energy trying to break into a pretty secure machine (fully patched, basic services closed, basic security software installed), espically when there are millions of easier fish out there.

Expanding a zero day exploit to run some super undetectable rootkit variation just to break into some Joe Average's machine would be unthinkable. [Hence the futility of the hack IIS6 contest, where you get a miserly xbox as a prize]. PG and similar software I guess claims to provide us with sufficient protection to have a chance even against that level of attack, though chances of us getting subject to that degree of probing is probably pretty slim.

 

Well of course, not everyone on the planet has a level of mal-expertise focused on hacking them like let's say Gates or Balmer may or major financial insitutions, etc., but the common level of expertise out there is growing rapidly and getting more sophisicated every day. So is the sophistication level of outside attacks and inside "snoops" from legititmate applications we all know and love.

Even the enterprise edition of my "anti-virus" application added file and folder execution control and logging. I don't know how I ever lived without some sort of application execution logging and let alone the control over execution and termination that ProcessGuard affords me.

The question was, is it too hard for beginners?

I say no, not at all.

 

Is PG too complex for the average user? In general, I would say yes. However if the average user wants a secure machine, they're responsible for doing what's required to make it so. I've had PG for 3-days, and frankly it just isn't that hard to understand once you look at the help file.

 

Hi,

I agree. PG is not too hard, if someone is motivated. However, many of my friends are not in that mode, so I just recommend KAV 4.5 to them as well as Firefox. My guess is that if they are ever hit hard and lose some serious data, they will become motivated. It is like most things in life, people do not change until they hit rock bottom.

But for those who want a much higher level of security, then PG is very doable and in a relatively short period of time. It would help a lot if an even slightly better user manual was developed with some clear cases of common situations and how to handle them - e.g. a Microsoft Update, a new program install, etc.

Rich

 

Being a new PG user, I can but agree that it's not that difficult once you put your mind to it, reading the help file, as well as several very informative posts here. I really like this additional layer to my defenses. Still in learning mode though, but not for long.

Problem is however people are not motivated, like you said or don't even know it exists.
Most of my friends never heard of Diamond CS products and it's a shame really, because they produce topnotch security products.
I'm however trying to educate my friends, but it's not easy to let them understand the importance of a layered defense.

That surely would help a lot as not everyone visits these forums.

 

Hi Eldar,

Glad to hear that you are finding PG useful. I am always recommending it to people who feel that they need more security than what their AV provides.

User manuals are very much underestimated. A standard project that I use to lead would have 15% or more of its budget dedicated to user manuals, and this aspect of the project was staffed by people who understand the way a new user approaches and interacts with software. Case studies that lead users through common scenarios were carefully scoped out and explained.

Most of my work was on large scale systems, so I understand while smaller, PC oriented projects may not have the budget for user manuals. However, once created, they usually pay for themselves with increased sales and customer satisfaction. The trick is how to get the funding for the initial efforts. Forums such as these create an alternative, but there is nothing like a well layed out user manual.

Cya around,
Rich

 

And so is the sophiscation of users and software designed to protect them.Eg, after the worm scares of the late 90s, people as a whole are nowdays much smarter when dealing with them. To the extent that KAV is predicting that worms will be pretty much dead as a threat soon.

You are not typical.

Wrong question. Correct question is, are HIPS (Host intrusion system) or IPS/IDS or application control apps or whatever buzz term you want to use like PG, strictly necessary?

If they aren't, it's pointless to discuss whether people will use them.

Note :When I mean necessary, I refer to a minimal level of security, not the paranoid level of security, computer security hobbyist like ourselves aim to reach.

 

Hi,

The way I look at it is whether it is "paranoid" to ask: "Who is it?", before I open my front door?

Rich

 

richrf - good analogy.

Pollmaster said: "You are not typical."

Well that certainly is true. But I am the "typical" person that gets called to come and clean up everyone elses machines when they get infected and compromised. I would like to be able to see some sort of application execution log and control on other's machines as well as I attempt to clean up their mess and determine what's up.

Pollmaster said: "Note :When I mean necessary, I refer to a minimal level of security, not the paranoid level of security, computer security hobbyist like ourselves aim to reach."

Clearly security takes on a hobby type atmosphere here, this is a security related forum after all. But I do not see the average "minimal level of security" as being sufficient. I recently stopped "supporting" family machines because it was taking up way too much of my time and "they" were not taking the time to learn basic computer skills. They are left fending for themselves with the average compliment of antivirus, firewall and antispyware. It's not enough. They are still getting infested with spyware and then the problems begin to escalate from there. But it's not my problem anymore. Call the GeekSquad and pay for support. Like richrf said, sometimes it takes a little motivation to get people to learn and start using what is already available to them and take it seriously. Loosing all the family photos on their HD seemed to do it.

There was a time people didn't run anti-virus apps because they bogged down the machine so badly and easily got away with it, software firewalls turned on INSIDE a protected network was considered kooky and unnecessary, and whatever is in your startup folder/registry must be "all good" and necessary, but times change. So do we. I also do not consider the people here to be typical, but merely motivated people attempting to stay one step ahead of the cat and mouse security game.

Once again the question in this thread was:

Is ProcessGuard too hard for the typical home user?

OK, for the total beginner that gets confused on click or double click, yes.

But NO for the typical home user, that's why there is a learning mode, a help file and this forum. Maybe some sort of basic quick start wizard with starter tutorial might help some people. There is a minimal learning curve, yes, but you don't have to get into serious tweaking of settings like we all do here if you do not want to. How far you take it is up to you.

With a clean machine, install PG, then reboot in learning mode 3 times and open your trusted commonly used apps in learning mode also, then turn learning off, max the protection settings and global protection options and click deny if you don't understand an execution prompt in the future.

Even my sister-in-law can do that, although I'm sure a walk thru wizard with a cute talking puppy or such to guide her wouldn't hurt.