ProcessGuard - Is the free version strong enough?

Discussion in 'other anti-malware software' started by xeda, Jan 29, 2007.

Thread Status:
Not open for further replies.
  1. EASTER.2010

    EASTER.2010 Guest

    Thanks farmerlee

    And as to AppDefend? Very Nice program indeed. Even though there is an entire sub-forum devoted to it some of us are only now discovering it.
     
  2. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    EASTER.2010. Since you use AVG AS and have used PG Free and Cyberhawk, let me ask you this. Do you see any need for me who is using AVG ISS and currently PG Free, to also have Cyberhawk on board? I have come to understand from your and other posts the importance of having a back up like AVG AS with PG Free , but what about rootkit installations and other things that's not covered by either AVG AS or PG Free? This is where I would think CH would come in. I'm just not sure if I need all this protection, and want to limit my number of apps. I'm also thinking about eliminating my Firewall if I stay with PG Free. Any help from you and others actually would be greatly appreciated. I have at least settled on keeping the AVG Antispyware Component installed, and definitely won't stop using AVG AV at this point, and now just want to use something else that best compliments them. I like PG Free very much, but the test results and forum support of Cyberhawk keeps making me want to go back to just using that, unless of course running them together does make sense. Thanks.
     
  3. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,770
    Location:
    New Mexico, USA
    I had Cyberhawk (free) on this machine for a while. Had just about everything on here at one time or other, I guess. At first, I liked the idea of the ... "silence." Very few popups, etc. After a while though, I wanted some activity, if nothing else just to know it was doing something. Sounds strange, I know.

    The free version seems to cover the important bases, but what else is needed to deal with what CH free doesn't?
     
  4. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    Hey Chuck57, I too have had way to many programs on this PC over time, but i enjoyed it. I have decided to stay with AVG AV and AS, but may try Comodo Firewall again, and then just use Cyberhawk yet and be done with it. I understand what you're saying about the silence part. Some of that was why I would uninstall the Antispyware Component and try other ones like Spyware Terminator or PG Free. This is also why I'm partial to PG Free compared to CH, but I'm hoping Comodo along with CH will give me what I'm looking for. At least for awhile. LOL. Take care.
     
  5. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,770
    Location:
    New Mexico, USA
    Haven't changed my sig, since that would be a weekly event at the rate I'm going, but I have AVG antivirus and like it, AVG AS on demand and ASquared on demand, along with (today) appdefend and regdefend. Also of course, geswall for regular surfing and Powershadow for when I just want to play with some new thing for a while but not put it into the box.

    My antivirus and 2 antispyware programs don't change. Everything else is an option.

    So far, I like app/regdefend and have read what I can find about them. I haven't seen any accounts of anything getting past ghost security suite. They might stay for a while. My computer is noticeably faster with them on board.
     
  6. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    Having recently tryed process guard free i'm very happy i did.Very nice,to bad the company behind it has seemingly disappered.kinda wish i had purched the full version long ago,would of liked to have the extra security.maybe they will reappear,or OA2 will someday be released and i'll try that.
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Have you tried the prelease build of OA2. There is a thread about it down a bit.
     
  8. tayres

    tayres Guest

  9. EASTER.2010

    EASTER.2010 Guest

    I agree 100% with those sentiments travellinman. I think they are in Minnesota USA and if i can reach them by phone sometime i like to find out for us. I'm one of those that had no idea it was that effective and now i do wish i could have got the full version because the partial free is really good IMO. Maybe we'll get lucky right?
     
  10. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    If you find something out please let me know.Still very interested in the full version.

    From their website:
    DiamondCS ...
    Diamond Computer Systems Pty. Ltd. was established on December 15, 1986 in Perth, Western Australia.

    Are you sure that they are in the US.?
     
    Last edited: Mar 13, 2007
  11. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Oh brother by chance do all of thoes test's(leaktest) rely on the end user giving consent to the test code to execute....of course it doseo_O

    Now show me code(tests) that terminates PG without needing to execute and you will have found something not yet found:p
     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    As fcukdat said, there are important differences between:
    - Execution interception. This is what PG free does.
    - Interception of suspicious behaviours (hooking, installing drivers, injecting code, reading/writing physical memory, etc) of code already loaded into memory. This is what leaktests try to prove.
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Just curious how code gets loaded into memory if a process isn't allowed to execute. This is where I find the leak tests so stupid. I download and try them and the first thing I have to do is allow them to run. If I allow them, then I get to see if my firewall will pass John Q Leaky's latest invention, but I don't allow them, no test.

    Give me a leak test to try that doesn't have to run something on my system, and I'll be interested.
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    This is the way, every thing including malware, works. Ur demand makes no sense. No execution, no malicious action on ur system- Ok.
    But remember, No execution- no legit action as well.
     
  15. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
  16. tayres

    tayres Guest

    I read Chuck57's statement to mean ANY way (it was read out of context, you're right).
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Aigle you totally missed my point. OBVIOUSLY stuff has to execute to get anything done. My security software knows to let excel run, but when it prompts me for leaktest.exe, I just block it. Then it can't leak period. So my point was give me a leak test, that doesn't have to run something I can't block.
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I do understand that but people who get infected they ofcourse let the malware run either unknowingly or by mistake.
    So take my comment in context of an ordinary user not a person who is security concioususing and is using HIPS.
    Ur point is exactly right but not valid for ordinary users, I think.
     
  19. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    There are two methods for code to execute without triggering a PG prompt:
    • Using existing permissions - this applies for "programs that run programs" like rundll32, cmd.exe or javaw.exe. If you have permanently allowed these (very likely for rundll32 for instance, since Windows uses it a lot), then any malware can use them as an infection vector without causing a PG popup. Software using child-parent permissions (e.g. SSM) is more resistant to this since the calling routine will likely be different in an attack but this is not a sure thing. The best countermeasure is being able to check parameters for the likes of rundll32 - SSM offers this as an option but users have to select it.
    • Buffer overflows - mainly a problem with programs that remain running in the background accepting network traffic. Corrupt data can cause a program with a buffer overflow vulnerability to execute instructions of the attacker's choosing, without starting a new process. In practice, many such attacks would try to start a command shell (a new process, which should trigger a check by PG/SSM - though this would mean cmd.exe which is quite likely to be allowed with PG for most users). Aside from this, neither PG nor SSM can protect against buffer overflows, but it should be stressed that these are mainly a problem with vulnerable software accepting incoming network traffic - with anything else, the user has to take an action for this attack to occur (e.g. visit a site, open a file, etc).
    PG Free can be a useful addition for people not already running software that prompts on program execution - but it lacks the global protection features of the full version (the most important aspect of PG in my view). There are now better options to PG Free for controlling applications - whether users should switch to them depends on their risk level, experience and tolerance of popups.
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Where is this option? Can u explain it a bit.
    Is it present in free version as well?
     
  21. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    When you receive an SSM prompt for something like cmd or rundll32, just check the "With these command line parameters box" - SSM will keep a note of the parameters and prompt whenever the program is called in future with different parameters - this example occurs when bringing up the Windows clock/calendar:

    SSM-Prompt.png
    You can subsequently view (and alter) the allowed parameters via Preferences/Rules/Applications/<program name>/Process Control/Parameters:

    SSM-Rules1.png
    SSM-Rules2.png
     
  22. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Thanks paranoid.
     
  23. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    .....ditto. I ticked the box to enter the parameters. Thanks Paranoid2000
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.