Who has actually had PG save them from a malware attack?

Hi Rich,

Glad to mate.

Currently I'm using Kaspersky Pro after trialling it for some time. Many users had said it was slowing down their PC but my PC goes superfast with it installed so I have no problems there and I must say it is one of the best investments I have made. I did use Avast for a long while and never got infected but I was so impressed with Kaspersky Pro's security and performance I decide to by it. I use PC Internet Patrol as my application firewall - does a fantastic job. If something is suspect I don't run it until I get a verification from the program's online verification system and this can be from 1 minute to an hour but at least I know that it's not malicious. No allow or disallow for me.

On standby I have TDS 4 for scanning my PC when I feel it's acting a bit strange but that hasn't happened for years. An invaluable program is Port Explorer. Now and again when I see my connection is active and I'm not doing anything I open PE and have a look to see who or what is using my connection and this is a very great benefit. This program is a must have. I also have Wormguard, Boclean and Trojan Hunter but am not using them currently. Wormguard is something I like very much too and do feel safer having it installed.

Process Guard is a program ahead of it's time and I keep it for when I think it will be needed because now it's smooth sailing for me and there's no need to overload my PC with security software unless the threats become really volatile. I have Giant Anti Spyware and Spy Sweeper and scan for spyware now and again or when I see a noticeable slowdown in my PC and online connection or I suspect some malware has gotten past Kav. But the bottom line is that there are many very good programs out there to suite all budgets and configurations and everyone should use the ones they feel most comfortable with. I'm really looking forward to TDS 4 Guard and will have it running all the time when it comes out as Trojans are increasing. So...

Using Currently/ AV - Kaspersky Pro; Firewall - PC Internet Patrol
On Standby/ Scan Trojans - TDS 4 Scanner; Scan Spyware - Spy Sweeper
If needed /Process Guard, Wormguard, Trojan Hunter, Boclean.

As you can see, I'm only using 2 programs but they are amongst the best of the best and really look after me very well.

Dave

 

Hi Dave,

I use KAV, WormGuard, ProcessGuard and RegDefend.

It appears that you prefer PC Internet Patrol to ProcessGuard as your application executable firewall. I could see people preferring one product to another. There doesn't seem to be a good description of their product's architecture on their site, so you and others may want to do a point-by-point comparison. But assuming that they have equal technical capabilities (something that I am not personally assuming), then it comes down to which "database" do you "trust".

Security Task Manager also maintains its own database which I find useful. Maintaining a database is always useful, but I personally wouldn't want to depend on one database to make all the decisions for me, especially it if is suspected malware. But which ever product you use, the user still has to ultimately make a decision on whether to trust the program or not (or to trust the database).

Cya,
Rich

 

Rich,

I still haven't trialled RegDefend so I must have a closer look at it. When it comes to security the last person I trust when asked about a program is myself because many times the details are very intricate and obsure so I just wouldn't have a clue and clicking on the allow or disallow many times would not even be an educated guess, just an outright lucky dip. At least with verification I've got some intelligence going into the decisions which leaves me much better off than just plain guessing. Luck is not as reliable as a clean database to compare checksums.

Dave

 

Hi worldcitizen,

There are all kinds of database available on the internet to make decisions. For example:

http://www.liutilities.com/products/wintaskspro/processlibrary/

As I said, Security Task Manager also has a very good database.

There are lots of ways to verify a decision. In your case, you have decided to rely solely on one company's database. That is fine. Others may look to other sources. But no matter what, the user ultimately has to make a decision whether or not to permit the process to execute based upon some "research database", whether the user is using PC Internet Patrol or ProcessGuard or any other application firewall. Luckily, the need to make these decision are really very few and far between unless the user is constantly adding new programs to their system.

Rich

 

interesting arguments about the possibility of letting malware through PG's execution protection.

PG's exe protection is little different from Zone Alarm, except one is an internet firewall, and the other is an application firewall...at least, that's the easiest comparison in terms of how difficult it is to know what to let through and what not to....they both have the deny/allow once/always, and they can both throw up .exe's that you've never heard of before.

Eg. my ZA has asked permissions for msgsys.exe, csrss.exe, alg.exe, svchost.exe all to access the internet....much the same as they have asked PG for permission to run. Many of the products I've installed also ask ZA for permission to access the internet...the same ones that ask PG for Permission to run.

So ZA is one of the most trusted firewalls outthere, based on a very similar working structure to PG's exe protection, and what really is the difference ?

If you can work out ZA's allow/deny's, you can work out PG's. The only difference being you want to do a little more research (and really, how hard is it to google?) with PG before hitting deny.

The last point being, once you have PG set up to your satisfaction, you get almost no alerts that you arent' expecting (I havent had an unexpected alert in about a month now, since I finished fine tuning it)

As for allowing an unknown/untrusted application to run, that is a different matter all together

 

Hi Vikorr,

One way to look at it is that with ProcessGuard gives a person an opportunity to stop malware that may have gone undetected by the AV/AT. Without it, there is no opportunity. So where is the loss? The $29? If there is a better approach, I am open but so far no one has pointed to one other than another application firewall which has a built in database vs. using a database off the internet. They are slightly different approaches but they both require a user to make the decision whether to allow the process or not. As you pointed out, almost every security product has this same issue. Even the very best have "false positives".

As for the learning curve, I still have no idea who MS Word works. I know people who spend hundreds of hours trying to figure out different application software - including games. I think investing a few hours in learning a piece of security of software that protects my system environment as time well spent.

Rich

 

Hi Rmus,

From what I have been told, the answer is yes. Worms, for example, could launch programs through buffer overflows which I am told will not be detected by PG. A low risk proposition, but a possibility nonetheless. There are probably other situations.

My primary reason for using PG is to create an overlapping defense against known and unknown methods of malware attack. The key for me is overlapping so I am seeking a certain amount of redundancy in my security environment.

Most security environments adopt this approach. So, for example, to get into my safe at my bank, I must:

1) Show several pieces of identification
2) Sign in for signature verification
3) Produce a key

I think that redundancy is very appropiate in security environments.

I am sure others will have additional comments to your question.

Rich

 

Hi Rich,

I think I've been misunderstood here. By database I didn't mean a database of 'names' with which to check the 'name' of a file as to whether it is a legitimate program or not.

What I meant was that when I install a file that PC Internet Patrol cannot verify instantly, it marks the file as 'suspicious' and sends or uploads a copy of the file to Internet Security Alliance for verification. I can still choose to run the file or program but let's say it was a game then there's no urgency and I can wait to see if it was infected before using it. If it is approved of course then I can be sure it is clean.

Here's a link that maybe you might have already seen but it helps explain it a bit more. A file that is deemed unsafe will not execute even if you try to execute it. If PCInternet Patrol has positively identified a file you will not be able to run it. You will be protected.

http://www.pcinternetpatrol.com/firewall

Dave

 

Hi Dave,

Yes, I understood. There is a local database (such as the one AVs like KAV maintains), and then there is a remote database, with which there can be further verification. In either case, you, the user, must end up making the go or no go decision, just like I do (KAV will pick up most of the known file signatures). The difference between the products, at least in terms of the type of user interaction is really quite minimal.

For example, most of my interactions with PG has to do with known trusted programs such as iexplorer.exe and rundll.exe. I know these are trustworthy but I choose to give them permit once authority since I do not want them to run on their own without my permission. PC Internet Patrol would simply automatically give these programs permission (is there is a way to override the automatic database?), which I could easily do with PG also.

At some point, it would be interesting to compare the two in-depth in another forum. But from what I can tell, if I created a white list at installation time similar to the one that PC Internet Patrol does, I would probably hardly ever hear a peep out of PG.

In terms of trusting their reply from their central database, it has been mine own experience that most situations that are potentially real malware, the "automatic" decision would be inconclusive. So some user input usually is required before a decision is made based upon the circumstances of the alert.
Rich

 

to the question asker i have been saved several times from worms or malware trying to disable my firewall and antivirus software. PG free at least is one of those must have programms that can save you alot of problems in the long term.

Hope everyone thinks the same

boris45

 

I am on Internet since 1997. I was used so meny AV and spy-remove,etc software (Kasperski, Norton, PG...etc,etc,etc...) and periodicaly on very few months I had trubles: viruses, worms,etc,etc... Now I am realy tired of strating 10 "protecting" tools any time when I start my computer, checking for updates, buying new versio, so I learned few things about windows, and I am now using ONLY power Informer XP 2, which is basicaly monitoring tool, so I can "set" whit it what is wrong on my system,and then manualy remove and "strangers" (viri, worms, and other trash...) For me there isn't other 100% safe method for safe PC...

 

PC_expert wrote:

Sorry can you please justify that remark? Try these two utilities against it, if power informer fails either one then you do not have anywhere near 100% security and even if power informer did stop them, you still will not have 100% security.
RegTest: http://www.ghostsecurity.com/index.php?page=regtest
Advanced Process Termination: http://www.diamondcs.com.au/index.php?page=apt

Looking forward to seeing your results - Pilli

 

Huh? Does PC-expert *really* have to justify the remark there is no 100% safe security?

Or is Diamond CS now claiming that using their product provides 100% security?

 

If he claims that his product is 100% (Power Informer) is good stuff, yes he should put up or shut up.

Let's see the tests and the results and then go from there.

I don't think Diamond CS *claims* anything. Think before you post.

Jag

 

Unless I misread it PC_Expert was claiming that Power Informer gives 100% security for him/her. I was questioning that remark.

DCS has NEVER claimed 100% security for any of it's programs and neither would any other responsible company.

 

Hi all,

I've re-read the post many times, and it isn't clear to me what PC-expert is trying to say, since there are many spelling errors, grammar errors, and a certain issue with "clarity". However, if PC_expert would like to clarify the remarks, I would be interested in hearing how PC Power Informer has helped with security. I looked the product over briefly, and on the face of it, it doesn't seem like it provides any kind of protection. More like software that provides information about your machine.

Rich

 

Pilli,

You and I are on the same page. They way you understood it is what my line of thinking is as well. On both of your comments too.

As for PC Expert and the software, guess we will have to sit back and wait.

 

I actually use it mostly as a tool to show me what processes are doing. For example, if I suspect some file, I just execute it with no fear and see if it tries to launch any other files. Usually, I look for a new file trying to execute from windows/system32