First, Thanks for alll the hard work. Just installed PG on my xp. The advice in the postings, to go slow and use the log as a teacher, is so true. I have some programs that update their exe's as well as their databases. They normally shut theirselves down in order to add the new bits. Should I give TERMINATE,SUSPEND,READ,WRITE ALLOWS to the updaters of these programs? I think the answer is yes. These are security programs, so I trust them. Again, congrats and thanks.
I've learned a few things showing a new user PG (who knows nothing about PC's at all) Allow access is good.. any trusted programs can be added and given full allow access so that logging always goes away Blocking global hooks is not worth it for most users. This is more of an experimental feature which experts can use to secure a system further. To a lesser extent, blocking services/drivers too. But this is a lot less risky to turn on for a new user Using the log, and the checksum listing is very useful. All I do now is tell the user to allow anything that runs if they are using their PC and something comes up. The program could possibly be a trojan, but it still could not kill the AV, or inject into an application or rootkit itself. The firewall is now "really working" since it cant be modified and injection is no longer an issue - and they mostly know how to use the firewall I come along and take a look at the FILE log every few days and see if anything was blocked, examine it, and add it to be allowed. I look for other problems and then check all current checksum files - if any look suspicious they get checked out. Then I clear the file log knowing all is well, and look at it again next time
Well Spoken, Gavin! You make it sound easy,and I respect how complicated all this is, but good old common sense seems to come in mighty handy for the novice. I came up with the same plan as you, I figured that I had already trusted all my security programs, so I gave them whatever allows they wanted (from the log info). I have East-Tec Eraser and when it runs its "Privacy Guard" feature, it erases all the "locked" Windows files, etc., then automatically reboots so it can finish the job. When it is just about reboot, a Windows error pop-up flashes so quick that you cannot read it, and then everything works the way it is supposed to anyway. If I ever get quick enough to read the message I'll post it properly, in case other people have this happening. To close for now, I figure you and all the DCS team should get a few days at a nearby beach, if you haven't already. ciao4nao