Process Guard v3 FINAL BETA released!

Since the very first version of ProcessGuard, Jazzie been trying to get you guys to look into this situation and fix this, so either you guys ignored him which would indicate lack of support or you guys had looked into which would indicate there was quality support but simply couldn’t determine the problem to be reproduced to make way for a fix. And so obviously I known much to Install PG and reproduce the problem within 3mins period, and know exactly where it all freaking up begins, you all however putting fault on specific systems configurations and so on. If it wasn’t for my participation which I remind you, it was for Jazzie but also for you guys, and in the process also includes the customers, you guys months from now most likely still be clueless and putting fault on specific user’s system configurations.

I was enlightened to read Jason’s Informatic post, and on programming level I did understand it and agree. However I was merely pointing out if the app didn’t use the WM_QUIT this would not at all be causing problems for PG.

I’m not any hero, but I at least deserve a bit of gratitude rather then getting prayed on by pack of hungry wolves.

When it comes to computing, I don’t make the foolish mistake to assume something can’t be done. And I was not worried about Send-Key attacks, I don’t even use PG, I can’t afford to buy the Full version and the Free version is merely limited. Therefore my attentions were merely to help, sorry you can’t comprehend that just yet.

 

I told numerous posters that I would be working on CMH as the last thing for v3.000 . That means after the majority of everything else is done I would be working on it. Your program already demonstrates what our official beta testers have experienced since the start, and what I already knew.

What we said to people having specific problems with CMH in the past usually stemmed from the DLL not being loaded correctly (fixed in v3.000 Final BETA), and certain programs closing down in non standard ways. We said from the start that CMH was a BETA feature, and a lot more testing needed to be done with it to be something you could rely on. Go over the release posts from v2.000 where I specifically state this.

 

Jazzie1/Phantom,
You're missing the bigger picture. Why are you worrying so much about SendKeys when you should be worrying about attacks that do actually get used in the real world like TerminateProcess? I could show you thousands of trojans that use TerminateProcess, but there hasnt been a single trojan that has ever used SendKeys. The reality is SendKeys isn't the be-all and end-all of termination methods - actually it's right at the bottom of the pile as it's the single LEAST likely attack you will ever experience, as well as the least effective and most restrictive which is why no trojan has ever used it, so if a trojan is forced to use that attack because Process Guard has blocked every other attack vector then that's a tribute to Process Guard. Trojans use the TerminateProcess function 99% of the time because 1) it's easy to call, 2) it's very effective and very difficult to stop, 3) all you need is a process ID, and 4) it can be used on virtually any process. There are several other less conventional attacks (such as TerminateThread on every thread), but even those attacks have never been used before in trojans, so if they don't even use those attacks why would they want to use the worst of the worst in SendKeys? Answer - they wouldn't unless they were forced to because of Process Guard, but seeing as we'll be adding protection for that anyway they won't even be able to use that even if they wanted to.

Regards,
Wayne

PS. Also don't forget that programs have to be ALLOWED to run by Process Guard before they could even attempt a termination attack, SendKeys or otherwise.

 

Actually to me this isn’t even about SendKeys, it is about a product with a little bug, which been existing since PG first, which even yesterday you all attempted to put fault on Jazzie system, pretty much called him a liar even and use “well I tried reproducing to no avail” so it has to be you… So really looks like you had understanding of the problem huh? Yea I bet!

It has already been said on numerous occasions by many about SendKey having restrictions, and being far from top choice, last choice in-fact, and I totally agree. And I know the uniqueness and importance of PG, and I know it covers all the common attacks and pretty much to the least common attacks.

And you absolutely right, user using App-Control Feature would certainly becapable of detecting and blocking malicious code using SendKeys, but again, this isn’t about SendKey, it is about minor bug in PG…

 

There are thousands of trojans not detected by ANY scanner. Ask around in the trojan community for an estimate on undetected malware. 0-day malware is the threat of 2004 and beyond.

Close Message Handling is becoming a very nice feature due to what Jason is doing with it now, and this latest addition extends its capabilities even further.

Personally I can't live without PG now, and as a professional trojan analyst I'm probably the least likely of anyone to execute a trojan on my machine

 

I'm sitting here drinking an ice cold beer frosty wet moist ice cold liquid going dowen my throat while Little bubbles of dewy drops slide dowen the glass.

I truly believe you all should be drinking

this debate is childish and feeble minded an that it serves no productivity in these applications but also insulting some ones intelligence by no manner is a good way to go

i blaze well enjoy my moist frosty succulent beer and hope all will prosper in the enlightenment of getting intoxicated

so well you my fellow men set dowen and just have a beer

topics of debate should be in tenford on such matters anyways in my humble opinion

 

It's not a bug, it's a feature that you/Jazzie1 wanted that didn't exist which Jason has now added, even though the threat-level posed by that attack is the lowest of all attacks countered so far. Many people have made hundreds of wishlist requests and we've tried to incorporate as many of them as possible, but this takes time and not everything can be done immediately. Jason has said on many occasions for a long time now that CMH would be left to the end, and now that the final public beta is available we're able to put the polish on CMH, including the feature Jazzie1 and yourself wanted so badly.

Regards,
Wayne

 

Wayne-- I prety much told you everything I fealt about PG. There is no need to go into it further... I guess, we could go on all day and talk about customer values and software ethics. But in the end it is a no win situation! Jason-- I like to be the first to tell you publicly that you are full of *hit! I posted on the subject at hand on quite a few occasions, only to be shot down by the arrogant hive. Or to simply say, I am working on the issue, we are well aware of it...SO, I have uninstalled PG, not to be installing it any time too soon!!! Which is my opinion and perogitive...Take care and good luck on future customer relations! YOur going to need it!

m8

 

I can vouch for that they have done that many things in our wish lists have been added to many of there applications such things are almost unheard of from any other company

some companys may do 1 or 2 things these guys done overkill

 

thats kinda bitter why do that pg works great

its runing fine on my system only two minor bugs left thats perty good

and the bugs im seeing are kinda lame not really worth mentioning

anyways a company shouldnt have to cater to one person thats just arogant

but still these guys go out of there way

i think they need a break people just dont seem to understand that theres like 3 maybe 4 programers

and theres like 5 major applications to work on

shesh there not robots

if i was them id say f it im off for a month

 

I find twists being made to everything here, listen the versions before the supposedly “recent modifications” to include patched CMH feature and the additionals, right up to the PG first version, had a minor bug which people like Jazzie accessing specific aspects of the GUI to shut it down would trigger PG where it fails to act accordingly.

The “recent modifications” to include patched CMH feature and additional coverage is very interesting and thoughtful, and I’m sure many PG users will love it, simply because its there.

Again all this work being done on PG isn’t making me happy or sad, I don’t use PG, I can’t afford PG and there you go.

 

Jazzie1,

Can you please email me or private message me your registered username/email address. Thanks.

 

night/phantom:

So why involve yourself by spending so much time here posting attacks about something you dont even have? Would you like to tell people here your motive?

 

I thought I made myself clear on number of occasions, I merely wanted to help Jazzie, and DCS team which also in the process helps the customers. However, obviously it goes unappreciated and I get slapped attacking? YeAaAa Okay….. Fine example you set there Wayne!

 

Thanks, we were hoping for that response. I'll let readers make up their own minds - they're not stupid. Anyway kid we'll let you get back to your childish fun and games, some of us have work to do.