Discuss security setup with PG

Hi,

I have been wondering what is the best protection to compliment ProcessGuard?
I have currently installed ProcessGuard, NOD32, Outpost Pro and use Opera as my default browser. Is this setup enough for good protection?
It feels like my computer is very safe now.
But anyhow, do I need anything more?
I am very impressed by the abilities of ProcessGuard and it's the best security app I have right now. But does it really prevent any trojan or spyware from execution? Because I thought about installing Regdefend too, but if ProcessGuard can block malicious exe's I won't be getting malicious key's installed.

PS: tell me your setup's

Best regards,
RenAndStimpy

 

Hi RenAndStimpy,

I'm running PG, ZA Security Suite, WinPatrol (the real time monitoring is off), and RegDefend. I view running RD as another layer of security/protection, just in case I do not heed other warnings/alerts and do something stupid.

Like you I think between the firewall, AV, and PG things are locked down pretty tight. But with the way malware is today, I don't want to take the chance on the registry getting trashed by something.

My 2¢.

 

So you recommend me installing Regdefend for registry monitoring?
But if ProcessGuard prevent's everything from being executed that's malicious then I won't get any malicious key's installed, or am I wrong.

 

You're wrong. ProcessGuard won't block malicious programs from executing. It will just prompt you that "something" is executing and give YOU the option to block or allow it.

It's not like it says "hey this program you are trying to run is bad, I will block it for you." No, it doesn't work like that. ProcessGuard will give you the option to block or allow any execution, wether it's clean or infected. For example, it will prompt you after you try to execute notepad. That doesn't mean notepad is malicious, it is actually very safe right?

Now, lets say you are trying to run some file you got from somewhere, lets say it's some game you downloaded. process guard will tell you "hey, are you sure you want to run this file?" You will most likely say yes because why else would you have attempted to execute it in the first place?

Now if that game is really infected and it slips through your AV, here is where regdefend will step in. RegDefend will notify you of changes to your registry that this file is trying to commit, where you can block/allow them.

Don't think that ProcessGuard will protect you from everything. You need to know how to answer the prompts, and it's so easy to let something slip through. That's why it's always good to have a layered security and I recommend RegDefend to you. At least you know your registry will be safe just incase something does manage to slip through. It will block threats on a whole 'nother level for you and I think it will give you better security overall.

 

Thank you very much for your response Suave and your good advise.
I will install it soon.

By the way, I'm using Opera as my default browser and this makes my browsing already much more safer than browsing with IE as most do. Because IE has so many holes so that when you visit a spyware infected site, you get drive by downloads and things being installed. Some people say they happen through active-X or other functionalities (they do sometimes) but mostly they don't need anything from IE they are just installed through one of it's holes. I saw a few dudes here on the forum telling they still wanted to use IE, but thats just not smart cuz its one of the sources that causes most infections to your computer,
so I would say install Opera 8.5 (www.opera.com) and your quite safe.

Best regards,
RenAndStimpy

 

It will only do that if you have created rules to protect that particular Key/Value etc. Since it is impracticable to protect against all the changes to the Registry malware may wish to make, RegDefend is very much a last ditch defence. It can't even guarantee preventing malware from auto-starting because it is not viable to cover all these possibilities.

In reality, the best way to protect your Registry is by stopping malware executing in the first place, which is why I consider PG a better Registry guard than RD!

It's alright saying that RD gives you a second chance if you accidently let malware execute via PG, but in practice if you let it through PG you are just as likely to let it through RD as well - unless you have an expert understanding of the Registry and can appreciate why a prog needs to make, or be refused from making, a particular change.

PG, plus good browser settings, is far more important in my view.

PS - I use IE exclusively and have never been infected through it, despite going to sites where infection is said to be all but guaranteed, the important thing is how you configure it. However, it is possible to get infected while surfing and that is one area where RD does offer some worthwhile extra protection.

 

Thanks for your reaction TopperID. From your and mine point of view it's right that ProcessGuard Offers the most simple/efficient and the most effective protection. So I think I won't actually need RegDefend.

But you said it could be useful when you get infected while surfing. Does ProcessGuard also doesn't prevent this?

 

I don't know how to edit the previous message, so I ask another question: Can trojans and spyware actually execute themselves, and how do they do that? I have experienced several times that when I opened a .rar as soon as I unpacked and look in the unrarred folder i saw a .exe and then disappear directly. has this also been such an occasion that a trojan/spyware executes itself?

 

"HUUUUUGE. PECTORAL. MUUUSCLES!!"

 

There are circumstances in which you can get infected while surfing and PG will not protect from it - that is why I emphasised the need for using PG together with safe browser settings. That should be sufficient.

BTW - just because someone is using a browser other than IE does not make them automatically safe; here is a guy who couldn't stay clean despite using Firefox:-

https://www.wilderssecurity.com/showthread.php?t=99713

Sometimes an alternate browser can give a false sense of security!

Malwares will need to execute in order to install themselves - that is, make the changes necessary (usually within the Registry) to ensure they are started at every bootup. If malware is not 'running' as a process, service, .dll module within another process etc., then it is just a junk file on your system. Though it is possible for something to lie dormant and then be started by an exploit embedded in a web site you visit (or are forced to visit by a redirect!).

A .RAR file is an archive and malware within an archive is totally harmless - unless you attempt to extract it, in which case it immediately becomes a danger since it can then be run. I don't know all the different ways a file can be set in motion (apart from you trying to 'open' it!) but clearly a file needs to be executable (i.e. capable of being run) in order to be infectable in the first place.

 

Hello, and thanks TopperID for the response.
Actually you didn't answer the question if malware can execute themselve when opening a rar. It happend to me sometimes I opened a Rar, and saw an malicious .exe dissappear as soon I looked in the extracted folder. Does this means it has been executed automaticly? And when something like that would happen now when PG is enabled, would PG then automatically prompt me before it automatically executes?

Thanks in advance,
Ren

 

Concerning the message from you about someone getting spyware while having Firefox, I never experienced spyware being installed through OPERA.
Most people consider this browser even safer than Firefox.

 

You don't need to be infected through your browser to pick up spyware - you could invite it in, for example, bundled up with something you D/L. As I say, I use IE and have found it to be extremely safe, though if you rely on default settings it would be a different matter.

I don't know all the different ways a file can be activated (scripts, exploits, other files/processes/services,direct commands, etc), but I have always believed that merely opening an archive is sufficient to allow the file to be run; if that is incorrect hopefully someone else will put the record straight.

There are also such things as self-extracting archives, which I take to be similar to .exe files, but with an extra little program contained within to perform the extraction/decompression as soon as the file is run.

 

In my original response I said: "But with the way malware is today...". This weeks Spyware Weekly Newsletter, from Spywareinfo.net, lead article is "Stealth Mode Malware" http://www.spywareinfoforum.com/newsletter/archives/2005/oct1.php. Its a little on the long side, but definitely worth the time to read. While the author is primarily talking about the problems with detection and removal, I think the case can be made for having RD as another security layer to warn you something is going on.

This is also why I run RD, because today's malware instillation/execution methods are just the beginning. We can only guess, and probably not to well, as to the methods used in the future.

Most understand that the more popular (read that more used) a program is the more likely it is to be exploited. Which explains why Window/IE/OE exploits are in the headlines so often. Just last month Mozilla, Firefox and Mozilla Suite, acknowledged an IDN buffer overflow issue. So until the Microsoft's and program vendors take the time to produce a product that can be certified "hole" free, one should make use of all the security tools they feel necessary.

 

Hi,

I looked at some threads on the forum, and I found ProcessGuard is not the only program of its kind. Now there's also System Safety Monitor (SSM) and Safe'n'Sec. Firstly I thought ProcessGuard was the only program of it's kind, and that it was unique. But anyhow I think ProcessGuard was the first made, and the others came later. And maybe they looked the security system used in ProcessGuard of from PG.

And another thing, is Regrun, can anyone tell me if it's a useful security app?

 

don't forget antihook ---> http://www.infoprocess.com.au

it's free

i'd prefer processguard though, if you don't mind the money.

 

Tell me what Anti-hook can protect against.
I use Opera not IE, is it then still necessary?


And I want to say I see many people now using Look 'n' Stop Firewall.
Is it much better then others? and why?
Im now using Outpost pro which is app based.
L'n's is rule based.
pls tell me what provides more protection, rule-based or app-based.

thanks

 

Browser setup will be very important. Firefox works great, the worst I put up with are some harmless popups, annoy but no big deal ;-)

 

[quote/]In my original response I said: "But with the way malware is today...". This weeks Spyware Weekly Newsletter, from Spywareinfo.net, lead article is "Stealth Mode Malware" http://www.spywareinfoforum.com/newsletter/archives/2005/oct1.php. Its a little on the long side, but definitely worth the time to read. While the author is primarily talking about the problems with detection and removal, I think the case can be made for having RD as another security layer to warn you something is going on.[quote/]

where your talking about is probably rootkits. PG is the best rootkit protection program available so for that its not really necessary to run RD.
But for the future installation/execution techniques yes its handy to have RD also run. Actually it would be the only thing wher you should run it for.

 

Which firewall is better, Look 'n' Stop or Outpost Pro?

 

Hi,
Im getting all kinds of errors with ''explorer.exe''

how to repair them?

 

And what kind of app is Regrun Gold suite or something, and do i need it?