Allowing Global Hooks and Physical Memory Access

Discussion in 'ProcessGuard' started by rickontheweb, Nov 14, 2004.

Thread Status:
Not open for further replies.
  1. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    I just installed ProcessGuard 3.05 Full and must say this is a really great program.

    I have a couple questions regarding allowing global hooks and access to memory settings. I'm using XP Home SP2 all patched. I let it learn for quite a while as I launched all my apps, turned learning mode off and then went back in and started scaling back rights on all apps but security programs, spyware tools, anti-virus and core windows components.

    Currently I have iexplore and outlook express set with only read authorization, but both continue to function normally or act like they do. I do get occasional flashes from ProcessGuard saying they are trying to install global mouse hooks or global MSGfilter hooks, but as I mentioned blocking those attempts seems to not break page or email functionality. Of course I would turn PG3 protection off if I was going to do somoething like Windows Update etc.

    Is it better to allow these apps to install global hooks? Logic seems to dictate to me that limiting IE and OE as much as possible with all the holes that come with them would prevent possible problems while surfing or reading email. But maybe I'm wrong and disallowing global hooks could create a security hole by not allowing the apps to do what they were intended to do.

    Is it better to limit these apps severely or set them up to do as they ask? Also why is it necessary to allow IE access to physical memory?
     
  2. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Welcome to Wilders, Rick. :) That's a great question. I also await an informed response.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,043
    Hi Rick

    You probably can turn off IE's access to physical memory. I have only come accross one place where it was needed. It was at the Microsoft sight, they have a place where you can test your computer to see if it is capable of running some of their games like the Flight Simulator. For some reason IE needs access to physical memory, and when it is blocked IE rudely crashes. So far that is the only place I've found that needed it. I have it turned off in PG.

    I just turned off Global Hooks also to see what happens. Usually I just leave that on if it set. Sometimes the only ill effect you might see is alert entries. If they don't bother you and there is no other ill effect turn it off. Just be careful as turning off some permissions can cause problems.

    Pete
     
  4. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Alternatively you could try using a non popular, less buggy web browser and mail client, and then give them the priviliges desired. :)
     
  5. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    Believe me Jason, I'm getting pretty close to switching my browser and email client. Particularly after MS's long delay and head in the sand position on download.ject.

    I tried Opera for a short while but didn't like the non-native "feel" and it wouldn't let me into certain sites I routinely use. I also tried the Thunderbird email client from mozilla and memories of huge bloated netscape code came flooding back once I installed it and started playing with it.

    I guess I should consider giving Opera and Firefox a real look sometime; since my HD partition is ghosted weekly I can always just make it all go poof if I don't like it.
     
  6. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    This is a great answer. I have been using Opera for quite awhile now, and love it. (That's saying something, since I despised the older, buggier versions.)

    But even Opera begs for memory access, global hooks, and driver installation ability. I have no idea why, but I guess it's better than letting Insecure Explorer do it.
     
  7. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i would use the default settings for ie and oe with pg3.. i am not aware of any current security holes in either ie or oe when you have all the patches, which you do.. if you want to tighten up the security in ie, just raise the security level for the internet zone.. i would also block third-party cookies in ie/tools/options/privacy and install "spywareblaster"..

    i have ie's security for the internet zone set to high, except that i allow downloads for the internet zone..

    i installed the firefox browser earlier today.. it is working fine for me..
     
  8. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I use Mozilla and get the same blocks to memory access. The thing I have noticed, however, is that it only seems to do this on sites using java. It may or may not do this elsewhere, but I'm beginning to think that it's actually a plugin that's looking for access.

    BTW, Rick, you might check out PocoMail :)
     
  9. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i don't see a problem with allowing legitimate programs to have whatever priviledges they need to be able to funtion properly..
     
  10. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    I have no problem allowing legitimate (trusted) apps whatever rights they need to function properly.

    But some apps I trust less than others, and if it appears that not allowing certain rights to semi-trusted applications doesn't change functionality, in appearance anyway, then I would prefer to err on the side of blocking unless doing so causes crashes or pages don't load or form buttons don't work, etc.

    I'm just a bit paranoid about online user names and passwords being stolen, so disallowing global hooks seems natural to me for IE, especially since it doesn't seem to break any functionality as far as I can tell...so far.
     
  11. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    I see this with standalone Java applications (running with Sun's Java Runtime Environment - I block Java applets in web pages). Blocking physical memory access for them does not appear to do any harm. However I find it surprising that programs run without Administrator privileges can gain access to physical memory at all - I guess that's the fun of Windows "security".
     
  12. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    OK, I finally found a drawback to not allowing global hooks in IE and OE. The menus do not function correctly. You have to click on each menu name to get the menu to drop down, you can't slide sideways and have menus open and display. Plus PG3 flashes each time you click a menu item and that becomes annoying.

    So I've enabled global hooks in these programs to eliminate that problem. But IE is not getting access to physical memory! :D
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,043
    That is the way I am using IE. Global Hooks Access and no physical memory access. Just remember that if you try to run some test something in IE and it crashes that it just may be it needs that access.

    Pete
     
  14. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    Well hopefully it'll flash that it needs physical memory in ProcessGuard before it crashes! ;)

    What would be nice and maybe a suggestion for a future feature is to fine tune global hooks with a sub-series of check boxes like:

    Allow global Mouse hook
    Allow global MSGFilter hook
    Allow global Low Level Keyboard hook
    Allow all other

    So far all I have encountered is the first two with some apps and IE and OE. The low level keyboard hook happens on running Remote Desktop - mstsc.exe.

    It would be nice to be able to limit global hooks on an app to let's say the first two only. Just a suggestion for the future.
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,043
    Sorry Rick. The IE crash when it needs access to Physical Memory is your first clue something is wrong. Fortunately if I remember right it didn't crash XP.

    Pete
     
Thread Status:
Not open for further replies.