plugging the holes

Which functions of a firewall are still necessary when running Process Guard?

Anything else that's a good idea to run in conjunction with PG?

I figure an antivirus scan, spyware scan, trojan scan, and rootkit scan are all good ideas. But scanning isn't preemptive. I'd like to close the holes. PG seems to be pretty comprehensive, but what is it missing?

Or would PG usually be able to fend off most attacks on its own?

 

Hi NoHolyGrail, ProcessGuard is not a firewall as such more a system protector and will not protect you from external attack. If you have a hardware firewall that uses NAT etc. then you are much safer than not having a software firewall at all but you are still vulnerable to outbound access from say spyware if you were are unlucky enough to allow it to run.
At Wilders we recommend a layered defence and ProcessGuard does not change that although it does offer a much higher protection layer than without it.

HTH Pilli

 

Pilli, thanks for the reply.

I figured a firewall would be necessary, I was just looking at how it would need to be configured. I'm just trying to get as thorough a picture as I can of what is still left vulnerable, so I'm not leaving anything open.

Also, wouldn't all attacks rely on running some executable/process? So that choosing the option in PG to block all new processes should prevent them. I know that sounds too easy...

 

If possible, delete these programs from the SECURITY list, so you'll know when someone has run them ! If any of them are set as ALWAYS ALLOW, they can be run and used by malware to *do* something nasty.

Hopefully NONE of these run during your normal PC operation, and you can bear to press PERMIT now and then IF you CHOSE to run it and want to allow once..

CMD.EXE
FTP.EXE
NET.EXE
NET1.EXE
NETSH.EXE
TFTP.EXE
REGSVR32.EXE
REGEDIT.EXE

Those are the main ones.. but you can take it further

WSCRIPT.EXE
CSCRIPT.EXE
RUNDLL32.EXE
IPCONFIG.EXE

And probably further still

 

Gavin, thanks for your input. So those are all processes which could be used maliciously without even being modified? This makes the "block new processes" option even more versatile than I realized.

So am I correct in my conclusion that if I have NAT on a router, then beyond that, I would need to one of the following:

1)configure a software firewall for the sole purpose of restricting which applications have outbound access
2)use the "block new processes" option of PG3 which will alert me and give me a permit/deny option if anything new tries to run

With the first option, something malicious could still run on my computer, it just couldn't connect outbound.

The second option seems more versatile. PG3 would notify me before anything malicious or maliciously modified could even run, let alone connect to the internet. The firewall would be redundant, though redundancy is generally a good thing when it comes to security.

I'm aware that the "block new processes" option will result in potentially "annoying" notifications, but I don't mind. I like to be informed of what's taking place on my computer.

So, beyond human error, what vulnerabilities remain at this point? What sort of attacks are not process-based (scripts, perhaps)?

 

If you set PG to block new and changed then you will not get an alert, the process will just be blocked. You can see the blocks in your log though if you're interested.