Possible PG vulnerability?

Discussion in 'ProcessGuard' started by tlu, Sep 17, 2004.

Thread Status:
Not open for further replies.
  1. tlu

    tlu Guest


    In http://www.wilderssecurity.com/showthread.php?t=48001 I mentioned that I visited the windowsupdate site (without installing anything), afterwards I downloaded and installed an Office XP patch (adressing the new JPEG vulnerability). A reboot was not necessary.

    Everything seemed okay. But when I opened the PG GUI I noticed that protection was still enabled but the list of protected applications was completely empty - this was only fixed by rebooting the computer.

    There are two things that strike me: 1. PG didn't inform me that the protection the program offers might have been somehow affected. I wouldn't have noticed if I hadn't opened the GUI.
    2. The cause for this problem is not clear to me. Was it only the fact that I visited windowsupdate (resulting in the execution of JScript and ActiveX code), or was it the installation of the Office patch? Whatever - it seems that there are internal functions in the operating system that can affect the security provided by PG.

    The crucial question for me is: If this is true - how can I be sure that malware might not misuse these functions in oder to (partially) disable PG? Is this a possible PG vulnerability?
  2. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Nov 11, 2002
    Perth, Western Australia
    It's a known issue in ProcessGuard v2.0 that we havn't been able to replicate. ProcessGuard v3.0 should have this issue fixed. The problem seems to stem around the user running multiple accounts at the same time, do you use fast user switching on Windows XP?

    ProcessGuard v3.0 fully supports multiple users, and if this is indeed the cause, it has been fixed in the next version.
  3. tlu

    tlu Guest

    I do have different accounts but usually I do not use fast user switching. In this case I was only working in the administrator account. So I don't think that's the cause here.

    Thanks a lot for your reply, Jason.
Thread Status:
Not open for further replies.