AD versus PG - Which offers more protection at the moment ?

Discussion in 'Ghost Security Suite (GSS)' started by Defenestration, Jan 4, 2006.

Thread Status:
Not open for further replies.
  1. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    I am a registered owner of PG, but have since switched to AD beta due to it offering individual control over permissions for each app, rather than just either blocking or allowing as is the case with PG.

    However, since AD is still in beta, I was wondering which app actually offers greater protection with the current versions ?

    My guess would be PG currently (due to AD still being in beta), but would like an answer from Jason as to exactly what is currently missing from AD ?

    One thing is that PG is started as a service, whereas AD is not. Will AD be started as a service ?
     
  2. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    AD is better.

    One thing I hated PG for was that when you have the global protection options enabled, PG automatically blocks everything (Physical Memory, global hooks, driver/service, dll injection).

    So I whenever I installed some new application or used some software that required these particular things, the installation would fail, or the application would screw up and I would have to start over.

    With AD, I don't have this problem anymore. Because EVERYTHING is able to be allowed/denied in realtime via the prompt.

    With PG, I would install some app, PG would block some important thing and then I would have to go and disable PG and then install the app a second time to get it right. Not a problem for AD though.

    I also feel more secure with AD. And it looks like it covers a wide range of security issues better than PG.

    Also, AD can take care of outbound application network access which basically is all I need to replace my firewall as well.

    The only thing I dislike about AD is that you have to install RegDefend with it even if you don't use it... but oh well.
     
  3. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    AppDefend will most likely never be a service, I have found alternative and more efficient ways to replicate the functionality provided by being a service. They currently aren't in the beta builds of AppDefend however. Does anyone really like the idea of 3+ executable files each running for ProcessGuard/Your Firewall/Other multi user security applications on top of a kernel mode driver? I personally don't, and think it is wasteful, which is why some alternatives were sought for AppDefend/RegDefend.

    There are some core differences between AppDefend and ProcessGuard as SUAVE mentioned, which doesn't necessarily make AppDefend "have more protection" but which makes it easier to use in some ways. Some people might prefer the way ProcessGuard works by default, by blocking things without asking questions simply because there are less popups. AppDefend can also be made to work this way through the tweaking of the .DEFAULT rule, giving users whichever way they prefer. By default however AppDefend will ASK you for nearly every protected event.

    In terms of protection, AppDefend has some features which PG doesn't (network control, process creation restrictions, etc) and PG has some features which AppDefend doesn't (read memory, message handling), and there is a lot of overlap. I am sure to most people depending upon their views, they will say one or the other has more protection based on what the other doesn't offer.
     
  4. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    When can we expect a new GSS/AD beta containing some of the improvements you mention in this and other threads ?

    and do the alternative ways to replicate functionality provided by being a service mean that GSS will start sooner in the boot process than it currently does ?
     
  5. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Hi Defenestration,

    New beta will be out in 1-2 weeks with quite a few enhancements and improvements. And yes GSS will start sooner than it currently does (not necessarily in the next beta).
     
  6. f3x

    f3x Guest

    Nice to know that.
    In that case, am i wrong to think that this beta should be near the last one before RC ? It would be nice to release the final by febuary 18 ;)


    Happy new year :p
     
  7. octogen

    octogen Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    212
    If you are running in an account with administrator rights, then I would say that they are very comparable in protection because of the vast overlap as stated here:

    However, if you are running in a limited account, the edge goes to ProcessGuard since it supports limited user accounts whereas AppDefend does not. Once AppDefend supports limited user accounts, we will see some real competition between the two.:D Better for us all!;)

    Will limited user accounts be supported in this beta?
     
    Last edited: Jan 12, 2006
  8. tlu

    tlu Guest

    Octogen, it has become clear from various post here that AD doesn't support limited accounts for a lot of users while there are others without any problems as mentioned here.

    Jason, could you provide an explanation why AD works under limited accounts for some users and doesn't for others? Thanks in advance.
     
  9. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Hi tlu,

    It probably depends on your definition of "works" under limited accounts. If you run GSS in your admin account first, then fast user switch to a limited account, then RD/AD will not give you any prompts, but will work the same way it does when it cannot ask the user for an event (in RD's case it will block, AD is more configurable and can allow for some events).

    There is no "alert" in limited accounts due to the way RD/AD works at the moment, but it is being worked on to make GSS more multiple user friendly.
     
  10. tlu

    tlu Guest

    Jason, thanks for your answer. But I must admit that I'm still confused. First of all, I usually don't use FUS so I cannot comment on that. I always log into my user account (with restricted rights) and don't have any problems using GSS (well, a program update isn't possible, of course - this has to be done under my admin account). I get the usual alerts and I can ceate or modify rules in RD and AD and everything is saved. If I get you right, this should not be possible - and it doesn't work for other users quite obviously. But why does it work for me?
     
  11. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Hi Tlu,

    Has the user you have logged in as received any special permissions from the administrator account, or is this just a plain jane limited user (not power user) account?
     
  12. tlu

    tlu Guest

    Hi Jason,
    my account is just a normal user account with limited rights (not power user). I haven't modified any access rights for the registry. The GSS folder, however, is on a partition where this account has full read and write rights. Is thsi the reason?
     
  13. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hey,

    any news here, Jason? :D

    best regards,

    iNsuRRecTiON
     
  14. tlu

    tlu Guest

  15. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    There is some more news which you might have received from the alpha threads. AD now also does windows message protection and keylogging which certainly extends it's base protection features quite a lot.

    On the limited user front GSS (both AD and RD) work a lot better now. On the multi user front AppDefend even allows multiple users at the same time to edit rule sets and view other aspects.
     
  16. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    I'm currently using the beta version of GSS and didnt update it. It's an awesome program as is at least I think so, especially when it comes to rks. The filtering and alerts are so sensitive to the slightest activity. Just wanted to post and say so far I have had no sucess in having a root kit of any variant Install, however as soon as it happens I'll post back with the name of the rk and program it was associated with. So far I'm rather impressed on the stability of this beta program as it hasnt conflicted with any of my apps or programs. :thumb: :)
     
Thread Status:
Not open for further replies.