I am using PG free and I tried the latest version ProcessGuard v3.3b3 for a while. Did not use it for long time but just want to mention few things, 1- A bug in settings is not fixed. See my thread please, https://www.wilderssecurity.com/showthread.php?t=123332 especially post no. 21, 22 and 23. I am rather disappointed. 2- Grossly there is no much increase in application execution control. I compared current version( not beta but I think in this regard both are same) with Antihook and I will say AH has more detailed rules. Just for an example, if i install a software on my PC( suppose its name AA), now this software AA tries to launch my browser to access internet, PG will ask for permission, if I permit and make it a rule, the rule will be generalized so that next time software AA can launch not only my browser but also any other application like outlook express etc without any warning from PG. On the otherhand, if I have AH, it will ask me for permission and if I permit and ask to make a rule, the rule will not be generalized. It will be rather specific, I mean next time this new software AA will be able to launch browser without any warning by AH but if it tries to launch some other application, AH will again ask a permission to do so with a new rule formation, and the process will be repeated again if AA tries to launch some other application and so on. I know this is only one aspect of the security offered by PG but I will really like it be more advanced in rules creation like AH. Please correct me if I am wrong anywhere. I am PG user and just intend to see improvement in it.
I think you are confusing PG with something else. PG will permit 'AA' to execute, if you create a rule permitting it to run, but PG will not prevent 'AA' from spawning another process, such as your browser (so long as that process has permission to run). PG will however prevent 'AA' from launching a process that does not have permission to run. ZAP's 'Operating System' FW will prevent a process with lower priviledges spawning another process with greater priviledges, and presumably that is something SSM will also do, but PG was never designed for that purpose. To give one example, if you hit a maliceous site with an exploit that attempts to get I.E. to spawn Rundll32, PG will prevent Rundll32 from executing (if you have configured it to 'Permit Once') while ZAP will prevent I.E. from running Rundll32 because I.E. has lower priviledges than Rundll32. They are both preventing Rundll32 from being launched, but for entirely different reasons.
PG should actually operate in reverse from your example, if you allow your browser to run (and tell PG to remember that decision), then any other program will be allowed to run it. The rules could be more finely grained to allow users to specify "allow B to call A but block C from calling A" but I suspect the security requirement for this is less than for other issues. System Safety Monitor does allow you to create such rules though so you may wish to trial that - it can be run alongside PG though you will have some duplication of functionality and it is not free (though a trial download is available).
You mean if AA wil try to launch some new process that is not in the protection list, it will be stopped?
Not sure you are giving PG a fair evaluation. The free version isn't intended to be all encompasing. You would need the paid version. Asking for features that are in the paid version for the free version will probably fall on deaf ears.
The Execution Protection feature should be identical on Free and Full versions. The full version offers Global Protection Options to limit program actions by default (which should be able to block any rootkit or keylogger amongst other things).
No! If 'AA' tries to launch something that is not permitted 'always' in the 'Security' list, it will be stopped. The 'Protection' list is to prevent unauthorised interference to apps, it is not concerned with their 'execution'.
Totally right, I trust Antihook much more, despite it also has some weakness. But in comparison with gss and pg it has actually the most stable state to date. I could remember some times where antihook was in a cruel state with many blue screens, but actually its pretty cool, but can also crash. All three tools can be BOd, like every exe in windows, no matter how many hooks they install, I tested so many tools and what I can say, no matter if tiny, za, pg, gss, ah, all of them have some malfunctions at some point. The more dangerous are the silent malfunctions, Antihook in most cases showed a crash, but actually it is relatively stable on my PC, PG3 stopped to do his job in silence this is dangerous, PG3.3beta got turned into black with error message @startup. Gssbeta stopped once too in silence, despite it showed active status. Tiny also refused a correct IDS some times, even ZoneAlarm forgot at some point to send messages. No tool is perfect. PS: What are you worrying about feature problems, there are many cool tools for free you can add. For fairness purpose I have to say that I do not use much the PG Execution protection, I used it in the beginning then after a while I turn it off, it´s like a must, don´t know why. PGs best side is the alert box and the protection edit box, very nice look. The thing I ignore nearly totally is the security display, in 1000 clicks I only look once in it. Concerning System Safety Monitor: I tested it but it was long time ago and its state wasn´t really good it was unstable and ate much perfomance.
Hmm - sounds good! Oh! - maybe it's not so good. I don't call crashing "relatively stable". I'd have thought the main point of having PG was to be able to prevent unauthorised programs (eg Trojans) from executing. There's some pretty confused thinking going on here SystemJunkie; on balance I think I'll stick with PG, at least that has never BSODed me.
