Do I need PG?

Discussion in 'ProcessGuard' started by Jeremy2, Dec 10, 2004.

Thread Status:
Not open for further replies.
  1. Jeremy2

    Jeremy2 Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    72
    I'm thinking about including PG on my security suite, but I'm a bit confused how this can be handled, and if it will not conflict with my already installed software.

    I'm already running Prevx, and Outpost, with the component controle feature,.
    The first think that made me think about PG, is that I got my firewall, and my AV shotdown, while I was connected.

    Regards
     
    Last edited: Dec 10, 2004
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Jermey2 and welcome,

    Many users use ProcessGuard to protect their important processes, epecially AV, AT & firewalls.
    I am not sure if the latest PrevX has kernel mode protection but I do know that it much more of a resource hog than ProcessGuard.
    Notok may reply to this thread as he is a PrevX beta tester I believe and may be able to give you specific guidance.

    HTH and enjoy your weekend. Pilli
     
  3. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Although Prevx does run at a low level, it doesn't protect itself as well as PG can. I have not had any compatibility issues with PG and Prevx together, and enjoy running both. As far as resources, Prevx doesn't use a lot of memory or CPU, however I've recently discovered it's buffer overflow protection can slow things down because it checks things before they are allowed access to memory. It's up to you, of course, to decide whether the performance hit is worth the protection or not, but keep in mind that the only REAL buffer overflow protection requires SP2 and a processor that has the NX feature (which is only the AMD 64bit processors right now.) PG's Physical Memory protection is also far more comprehensive than Prevx', I've seen plenty of alerts from PG on that, but never with Prevx.

    I say go for both if you can, you won't be disappointed.. together they cover a LOT of ground :)
     
  4. Jeremy2

    Jeremy2 Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    72
    Thanks for the clarification between prevx and PG.
    What about the interaction between the component controle feature of outpost, and PG.
    Can I just disable the feature on outpost, and make PG take care of it?
     
  5. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Yep, many people have a firewall, an anti-virus, etc etc, but aren't aware that their security programs can be effectively rendered useless if a trojan chooses to terminate/destroy them (or subtly modify them so that changes aren't known to the user) - security software can only do its job when its running, and indeed there are many trojans with anti-AV/anti-AT capabilities. ProcessGuard is the security layer that secures other security layers (including firewalls, anti-virus etc), so ProcessGuard as one program is all you need to protect all of your other programs from such attacks (not to mention the various other attacks it helps prevent such as password stealing, rootkit infection, Windows File Protection attacks, and so on) :)
     
    Last edited: Dec 10, 2004
  6. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi Jeremy2,

    I run PG with OP and have had no problems with Component Control (normal level) and Open Process Control enabled.

    Nick
     
  7. Jeremy2

    Jeremy2 Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    72
    If I do disable both component Control, and Open Process Control in Outpost, as I think it's not his job, Will PG take care of this two functionnality?
     
  8. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Wayne,
    Could you provide a bit more information on the mechanisms that PG uses to protect against Windows File Protection attacks ?

    From the little research I have done so far, it seems like there is the "old" way of doing it that PG protects from, a newer (and fairly lame) way of doing it by duplicating filedescriptors from winlogon and by using API's to work in the same way as Windows Update. See this thread for more info

    I'd be really happy to hear that PG protects against all 3

    Thanks

    NB: I don't know of anything else that protects against Windows File Protection attacks either, so PG is ahead of the pack IMO....
     
  9. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Please see my replies to the questions you asked in the various threads. :)
     
  10. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Jason,
    I didn't see you make mention of the API in your answers...
    I'll go and check again


    [Edit: It looks like the use of the API's is still an outstanding question, see here where I'm asking specifically about the API method (to emulate what windows update does) ...]
     
Thread Status:
Not open for further replies.