ProcessGuard - Is the free version strong enough?

I venture to say that M$ would probably not allow the approval of a PG driver for Vista to have the excellent SECURITY! that PG would offer.

Just look at the history of their actions/inactions to be more factual.

Nonetheless, PG is contributed greatly and continues to even in light of the absence of their public support forums here.

There is no second guessing M$. They created an atmosphere that permeates into all 4 corners of the globe. Like many i love the XP stage and will likely remain with it for some time to come.

 

Since drivers can be signed by Verisign as well as Microsoft, it is quite unlikely that MS' "reluctance" (if they are even aware of PG) is a factor. Signing drivers does impose an extra cost for developers, but DCS' problems started long before the prospect of Vista.

There are alternatives offering similar functionality (e.g. KAV's Proactive Defense module, System Safety Monitor) and Kaspersky do have a Vista-compatible version (though whether it includes a working PDM I don't know) so it would seem to be just a matter of development and research for others to follow suit (though it may well be a case of waiting until the first Service Pack when "approved" Vista kernel access should be available).

 

Make no bones about it, i'm a loyal Windows fan. XP Pro is served required needs very well and then some. Ultimately though, a preference would be for them to relax some of the restrictions that always give rise to suspicions by millions of users.

Security will never be a strong point for them and that's likely their perfect business plan, because how else would that OS attract interests in the complexities it demands in order to fill all those gaps they make possible.

 

Hey to everyone who has responded to me so far. I have three more quick questions. One. Do you feel that ProcessGuard Free is a lot better protection than ProSecurity Free? TWO. Do I need my software firewall anymore since I have PG Free installed and I'm already behind a wireless router firewall? And the last ones to EASTER.2010. Why do you still use AVG Anti-Spyware with PG Free on board? I'm almost certain now that the Guard doesn't use any kind of Heuristics for RealTime, and even if it did it surely wouldn't be needed. I'm not attacking you, as I'm just curious because the whole reason for me to start using PG Free now was so I would stop trying different Antispyware Programs to replace the Antispyware Component in my AVG Internet Security Suite. Thanks everyone.

 

I personally dont use a software firewall unless I would like to control out bound connections on certain programs, my router is sufficient, and in a way the security programs running on my box seem perkier and ready to take on intruders, but hey I know others that use firewalls specifically to control out bound connections on certain programs that they just dont wanna give up even though they know that their phoning home like behavior is rather suspicious. I currently have no programs on my box that do that so no software firewalls for me.

 

Thanks yankinNcrankin, and how you been? Do you feel PG Free is better than ProSecurity Free then too?

 

Havent played much with prosecurity free so I cant say much, but it definitely looks more detailed I'll get back with you on that.

 

Because i really want to see exactly what areas and more explicitly which instructions are covered by which program in the SSDT Table as can be viewed by say an Ice Sword or RKUnhooker reviewed in better detail into that section to name a couple which show the table and the hooks.

procguard.sys (ProcessGuard free)covers/hooks more entries than AVG 7.5 which only shows it hooking one single entry NtOpenProcess on my XP Pro System (SP1).

klif.sys (KIS6) driver hooks several more chief areas and of course safemon.sys (System Safety Monitor) positions itself almost entirely to the whole table.

Another aspect of interest for me personally which is seldom commented about publicly but is of enormous importance if you ask me is how easy it is for another program, legit or not, to displace those HIPS hooks with it's own.

I hope someone armed with this specialty coding knowlege can weigh in on an answer to this.

 

Okay thanks yankinNcrankin I appreciate it. And as for you EASTER.2010, all I can say is wow. I'm truly impressed with what you do with all this different software, seriously. I just want to find something simple and good to be happy with, and here you are already happy with programs that aren't simple. Oh well, at least I get to read your posts and glom onto some happiness that way. LOL. Thanks for your reply and what's your thoughts on ProSecurity Free? I liked it when I had it installed, but removed it before I took it out of learning mode, as I felt somewhat intimidated. (Remember I like simple and good) Plus the ProcessGuard interface is better in my opinion. I'm still not sure if PG Free is better though. Will wait and see what yankinNcrankin comes up with.

 

Well for me it's better to know for certain what programs are doing stationed in my system and where at & why then taking for granted since it's installed and working that theres nothing to be concerned about. I like to make that decision for myself and not necessarily freely turn trust over to the developers explaination although i don't completely discount their details. Everyone's system reacts differently depending on what form of motherboard/CPU and programs they have installed.

As to ProSecurity? That's a matter of first come first taken, System Safety Monitor surfaced quickly ahead of them & commanded so much early attention because it proved to protect in so many new ways and was everything Microsoft or some AV really should have done for us in the first place, that it took center stage for me.
I did try very early on a Pro Security beta but after it gave a BSOD i lost interest in it real fast because theres nothing more annoying than to get faced off with that wretched blue screen affect right?

Anyway from everything i seen and read lately it's greatly improved and it has a loyal following developing now. I likely will give it a try at some point but so far as HIPS go, SSM remains a mainstay for me right now because it is fantastic in intercepting (suspending) incoming signals plus i'm really sold on the Modules Alert prompt. Anytime even a safe driver is Loaded or Unloaded i can measure the time it takes for that to happen by how quick the display shows up. I set it to close after 2 seconds automatically so if something shows of particular concern or interest you won't be left in the dark. LoL

 

Looking at a direct comparison prosecurity free's protection covers more areas such as network protection, thread injection, read/write process memory and driver installation. Processguard is easier to use but offers less protection.

 

Ok here it is just got done playing with ProSecurity, Process Guard does not cover as many areas for protection as does ProSecurity, however PG does exactly what it was developed to do and that is all.
ProSecurity looks thoroughly developed as a HIPS covering alot more areas.
Wondering if some of Wayne's crew are with ProSecurity ......anyways duke1959
ProSecurity does cover more areas than PG and looks to be more advanced so I have to say no PG is not better than ProSecurity, but PG is still a solid program.

 

Thanks yankinNcrankin, I waited until I installed ProSecurity Free to reply back, and so far in learning mode I like what I see again. As much as I liked PG Free, it only made sense that if I was to use a program in learning mode and then take it off and still get pop ups, I may as well use a newer program like PS Free with it's better protection. I do like the graphics better in the PG Free GUI though, and the way it was laid off so I may go back.

 

Hello everybody!

Would it be overkill to use Prosecurity (full) and PG free together?

 

Getting popups with any new unkown event is a key feature with any traditional HIPS, also with PG free. Though it is not the most intimidating one but rather easy.

Also something one should be aware of, from Processguard help file:

One should not run these hips programs if not being prepared to take some measures when doing new things.
They are not set and forget programs.

 

IMO, yes. The same goes for SSM and PG. You've got two apps doing many of the same things, but one, in the case of PS or SSM, does even more.

 

Yes it is an overkill. Notice the 'or' in my signature.
I would never run or even have installed PG and SSM same time in my computer.

Same goes to firewalls too, but they usually show it quite soon when one has 2 of them stupidly installed same time. I have done that only once with Sygate and kerio 2.1.5 same time. It was 1.5 years ago and I was too lazy to uninstall Sygate since it has no rule backup, but it was a no no. No internet connection or some task manager freeze that needed to kill processes.

HIPS can be more devious in away conflicts arise. You might not see it immediately, but it is a time bomb to happen. You should not have any 2 traditional hips installed same time in my opinion.

 

One program I've read some about here a while back is Dynamic Security Agent. How would it compare with pg, ssm, Prosecurity and the others. I gather it's a fairly simple program - always a plus for idiots like me who can't figure out all the hieroglyphics in the other programs. Does it work and do what it advertises is all I'm curious about.

 

Strangely, SSM and PG seem to work together without any problems at all; indeed there may be benefits.

I have been trialling SSM over the last couple of weeks and, as an experiment, I have now enabled ZAP's OS FW, KAV's PDM, SSM, PG and RD, all fired up for max protection with all features enabled and - perhaps surprisingly - I haven't had a hint of a problem so far; in fact I don't anticipate any difficulties, though time will tell.

 

Yes, I maybe overreacted. I have never run them both same time, so no experience.
Was just thinking, two apps having a program control, not good in general.
So it might still work as you say.

 

I don't doubt PG can co-exist with PS or SSM, but what on earth is the point?

 

Here is the point:-

https://www.wilderssecurity.com/showpost.php?p=912997&postcount=48

In addition, the user may prefer the implementation of some features of one over the other; whilst not wishing to relinquish all the functions of either.

 

With all due respect to P2K and others who embrace this concept, I still see it as overkill.

 

Maybe, but it won't be the first time, nor the last, on this Board!

Anyway it is perfectly possible to argue that anyone running a fully featured SSM alongside their AV/FW combo is engaging in 'overkill' in any case, because most of those additional features are entirely superfluous if the malware doesn't run in the first place. If you want to be minimalist get PG free and be done with it!

 

I confirm this even if sighted as overkill, but on the contrary since they both work the sdt table i see more areas covered with proguard.sys then say Cyberhawks driver and it just replaces or rather covers some areas that alone safemon.sys (SSM Driver) would be covering. At first i was looking for the most rapid response time but that doesn't seem to matter which HIPS is there, even though early on i thought Cyberhawk jumped up in advance of SSM.

I dunno, the producers of those products can better answer that then i because i work those programs to examine how well they BOTH intercept malware intrusions and if they can also Terminate the files while suspending them or transfer that control to us, the end user to kill.