ProcessGuard - Is the free version strong enough?

I realize that the free version of ProcessGuard lacks a lot of security features when compared to the full version, but in terms of security, is the free version strong enough to thwart most attacks?

For example, the free version can control application execution, but cannot control DLL injection and global hooks.

However, since the free version can already control application execution, wouldn't that stop a majority of attacks that use rogue installers from executing and installing new DLLs in the first place? Can DLLs and other files slip through the cracks without an executable installer?

In this case scenario, ProcessGuard would be installed and configured immediately after a system reformat, and installing/running trusted software.

Thanks!

 

Hi there Xeda,
yes there are some differences
Free Full Feature
v v Control Application execution
v v Protect applications from termination
v v Protect applications from modification
v v Protect applications from viewing
x v Block new and changed programs
x v Protect physical memory
x v Block Global Hooks
x v Block unwanted rootkit/driver/service installation
x v Block registry DLL injection (CoolWebSearch)
x v Secure Message Handling
x v Interface Lock
x v FREE Technical Support

If i remember well only one application at a time can be controlled, not your whole system. Maybe this could have been changed in the meantime.
Could not find any announcements on that. So worth trying it on your clean system. See also the ProcessGuard forum in the archives for settings, tips, etc.

 

Would you mind explaining this to me in more detail?

 

Xeda, are you really saying that you want full system protection, but are neither willing to pay for the software nor read the postings on its support forum?

 

Paid PG is a moot question. You can't buy the paid version anymore. So, Xeda can only use the free version. As for not reading postings, what does that have to do with asking about it in this forum?

Or did I misunderstand you?

 

Let me put it this way:
I really don't know about the current features and possibilities of the free version -- in the trial i remember postings about that trial only being able to control execution of only one application at the time. Maybe the free version now does allow controlling and protecting all applications, but has the limitations i copied from the site in my posting above.
I think trying it on your clean system is very well worth it in any way.
For settings and configuration if needed there are bunches of info in the ProcessGuard forum. I don't think these will differ much for the full and the free version.

Mele, it's a current situation, hoping for other news in future.

 

xeda, I think that this post will answer your question: https://www.wilderssecurity.com/showpost.php?p=536454&postcount=33

 

Very nice educative thread, thanks for that.

With that discussion in mind we might suppose there are no other limitations but the blocked functionalities.

Anybody running the free version? Xeda, once you are running it, please let us knowhow it goes.

 

Very helpful! Thanks!

Thank you, Jooske! I will test out the free version and post my results.

 

PG free is one solid application,maybe it dose not offer the great numbers of checkpoints when compared to its paid version or rival software but the end result is what it dose it dose 100%.

These are my findings based on using this tool as part of my malware hunting arsenal,yep i said hunting not defence folks.

No malware infection goes live on my stripped down greased up victim of a machine
( -IDS, -software firewall,XP service pack1& IE 6 unpatched and running Java JRE1.4.2).All attack surfaces are maximised to attrack malware,i visit known exploit URLS for drivebys,download dodgy activeX's and grab free pr0n codec's....

Guess what nothing is able to infect until i grant the first execution alert by PG free everytime

Also i can control an infections deployment as long as PG is active to stagger malware imported for collection/testing.

PG *Protect* is a life saver when it comes to worm damage/control as all important .exe's are on the protection list since it no good to me if RKU,ProcessExplorer and SAS gets spliced with Ludor A

ProcessGuard is the *Big iron* and remains the golden oldie of process firewall's

Look at it this way if your worried about drivers being dropped,Global hooks and DLL injection it should be remembered that everything begins with code needing to execute !

 

And most people just don't get this concept. They feel it is necessary to first allow the executable to run before passing judgement on the effectiveness of their HIPS. In other words, "first I must allow the thief into my home to see if he can steal my belongings."

Un****ing-believable!

 

I personally can say from experience in REAL LIFE scenarios of high risk surfing etc etc that the free version of Process Guard is Excellent. The ability to protect apps from being modified or being able to allow to read only is a major deal when talking about protection. I did a few tests like creating .exe files with exact names of the apps allowed to run in PG and all the .exe got flagged I was unable to run them. So name spoofing might be difficult. A properly configured computer with the free version of PG can be powerful protection provided that the apps and programs installed on your box can be trusted, but hence the ability to allow or deny reading and modifying of .....
WELL SAID fcukdat ! Heh PG has yet to fail me Honestly I dont think it will. The only thing that might is myself

 

yankinNcrankin. Do you think that PG Free offers better protection than Cyberhawk, or Spyware Terminator with all Guards and HIPS enabled? Or even ProSecurity Free?

 

Process guard is all but dieing. Their forum was removed from wilders, and the website seems to not be updated. Plus they did not add extra protections. i think PG freeware is good for basic things, but i would use Prosecurity or SSM freeware over Processguard

 

I can't agree with this last posting, TECHWG.
Like said before we don't know about the current situation over there and what's next to happen.
Archived forums can be reactivated if time calls.

Since you're mentioning other software, i would most certainly give the GhostSecurity software a serious try as well. A whole forum overhere.

 

I disagree with his post because the software is 100% solid and secure irrespective of what the authors are upto

Kerio2.1.5 is one of the most dependable software firewalls going,light on resources compared to the super-bloats nowadays and very versatile if you know your internet protocol's.
Its years old now,the vendor has gone the way of the dodo but that dose'nt equate to a product dying.It still dose what it says on tin and is as solid/dependable as the day it was released

 

I have yet to figure out why people have so much trouble accepting this, especially if the topic has anything to do with rootkits. I just don't see why a concept as simple as "If it can't run, it can't infect" is so hard.

Definitely! If only more security-ware vendors would take a lesson from it. Skip the bloat, toys, and eye candy. Make it reliable and able to do the job.
The free version of PG may not have the features and configurability of the paid version or of its competitors, but more often than not the biggest weakness in any of them is the users configuration, or lack of it. If a process can't run, it can't install drivers, set global hooks, write to the registry, add files, call home, etc. If it can't run, it can't do anything.
Rick

 

I read some user reviews that claim ProcessGuard free only allows 256 application rules? Is this true?

Are there any other limitations in the free version besides the features that Jooske mentioned earlier?

Also, does the free version have learning mode?

 

I can't remember what the current number is because I've never got near to 256 myself. Currently I've got 115 items in the 'Protection' list, but a lot of them could easily be removed - I mean, who wants to protect a helpfile? Yet it will be added to the list if you run it while in learning mode.

It is unlikely that you could have more than 256 progs that actually need protecting. Indeed it is unlikely you will exceed the limit even if you do protect rubbish files as well as system and security files etc.

The only limitations are that you do not get any of the 4 Global Protection Options shown in my screenshot. But none of these are relevant if malware doesn't run. Thus PG can stop a drive-by download attack by preventing execution.

There are however, other possible attack vectors, notably you could run the malware yourself; you could be tricked into running it or else it could be bundled up with some software you install. In this case you would wish to prevent it from installing Drivers/Services etc. The free version will not help you in these 'shoot in the foot' scenarios.

Process Guard is not dead, despite what was said above, the paid version even auto-blocks one of the three Anti-Keylogger Tests while the full version of SSM fails all three:-

http://www.firewallleaktester.com/aklt.htm

Not that that is a reason to install it, but its execution protection certainly is. Another reason is this comment:-

PG is very easy to configure and use and that puts its usefullness ahead of the complicated SSM for many (though not all) users.

Yes it has learning mode.

 

@topperid

do you mean that processguard (free) will intercept all executables and ask you if you want to allow them to run? does it work with scripts (like .js) too?

 

Xeda, did you install PG free and how do you like it thus far?

It is very advanced software, like agreed above.
If you still need more security, combine it with AppDefend and RegDefend and you must be about very tight blocked.

 

Not to start an argument or anything, but you speak only for yourself when you say the trust is totally gone. Need I remind you that none of us know what happened to cause DiamondCS to stop supporting their products? I pass no judgement until I have some facts and those are practically non-existent in this case.

 

Let me correct u.
Paid version of SSM blocks all three keyloggers.
Free SSM blocks third one( hooking).

This is after u allow AKLT.exe to run.

 

Let's keep on topic, which is the software itself.
In "General" on top of this forum is a thread about the DCS company.

ProcessGuard is to protect the deepest heart of the computer, from the kernel to other levels and specific kinds of threats.
The paid version would certainly add to that security with the other additions.
It all means look what is happening and learn to work together on your own system.

Since by the looks the paid version might not be available at the moment and in case you might like to add more security from that same level was my recommendation to have a look at AppDefend and RegDefend, made by Jason who was on the basis of ProcessGuard as well. Those two programs have a free version as well to try it out on your system.


What is blocked you can test with the free tools at the DCS site. APT