Do I still need Process Guard if I have Prevx?

Hi,

Do I still need Process Guard if I have Prevx?

Do they do the same / similar things?

I also run Counter Spy, Trojanhunter and NIS.

Many thanks

Tone

 

Hi Tone, This thread may interest you:
https://www.wilderssecurity.com/showthread.php?t=76401&highlight=prevx
Many users use both, there is some overlap but if you like a layered defence then there would be no problems running both.

HTH Pilli

 

Many thanks for the prompt response.

 

Many people here use a combination of either PG/Reg Defend or PG/Prev X.

The overlap isn't that great, and they protect your system in different ways.

Some examples include :

1. PG has execution protection, PrevX doesn't.
2. PG Can protect specific executables from modification. PrevX doesn't quite work that way - it protects executables from modification in specific locations.
3. PG protects executables (eg your AV) from termination, PrevX doesn't
4. PrevX prevents the installation of executables in it's protected areas. PG doesn't do this, but it does stop the installation of rootkits/drivers/services
5. PrevX protects the autostart registry (though not as good as RegDefend). PG doesn't.
6. PG protects against Global Hooks (keyloggers), PrevX doesn't stop global hooks.
7. PrevX (claims to) prevents buffer overflows, PG doesn't

There's other differences, but as you can see...they have similar goals, but go about it differently. Their protection systems are very complimentary to each other.

I'm personally using PG/PrevX Pro/Regdefend and find they run happily side by side, and while they have some overlap, the differing coverage and timing of their protection are fantastic together.

edit : sorry, to answer your question, I'd definitely get PG with your PrevX

 

Vikorr, good comparison

Now please compare SSM and PG

 

Hi CLuessnewbie, This thread is not a comparison thread, so please ask your question in another forum or as new new thread in the ProcessGuard forum.

Thank you. Pilli

 

Thanks for the info Peter. When I said (<claims to> prevent buffer overflows)I meant that while I know it will prevent certain/some buffer overflows, I have read in a few places that it may be impossible to prevent all buffer overflows. Still, always good to know that it works as intended.

Btw, I don't know anything about SSM, never used it. Quite happy with what I have at the moment. The only other current security product that has me curious is Anti-Malware, but that's in beta. Will see how that pans out.

 

Hi Tone,

Whether you need it or not, depends upon the top of layered security that you want. For me, I look at the stream of program execution on my system and this is how I attempt to stop unauthorized applications from embedding itself onto my system:

1) Kaspersky AV almost always detects any piece of malware that may be seeking entry onto my system, whether it be a virus, trojan, spyware, etc. This would be considered my first line of defense and it is very formidable.

2) Should a piece of malware get past Kaspersky's signature-based detection system, it would have to find some way to actually execute some logic on my system. To prevent this from happening, I have WormGuard from DiamondCS and ProcessGuard, also from DiamondCS. These two products provide a very formidable second line of defense, since they would stop any unauthorized programs (PG) and scripts (WormGuard) from executing. I feel that the further upstream that a piece of malware is detected, the better. (Less chance that it has a chance to do anything).

3) In the event that I mistakenly allow a program to execute, then that program would most probably try to instantiate itself on my system by modifying my registry. To protect against this possible error on my part, I also run RegDefend, which guards against unauthorized entries into critical areas of my registry. This would be a third-line of defense.

4) Should any of these defenses be penetrated, I do run at least one online anti-trojan (either BOClean or Ewido), though they have never been "tested" in my environment, given the layered defense that I have employed.

With that said, there is the question whether you feel you need additional protection with Prevx. Prevx would give you additional protection that Vikorr has outlined. I briefly used Prevx and it indeed gave alerts "temporally downstream" from ProcessGuard and RegDefend as expected - especially when my program or system directory was being modified. A couple of points: 1) Prevx was more "talkative" than either ProcessGuard or RegDefend, due to the nature of the areas that it was attempting to protect. So, I would more often turn off Prevx, in order to cut down on the alert messages. 2) Prevx Free, monitors every alert on your machine, tracks these alerts, collects this information at their home location, and then sells the information to its subscribers. I was never comfortable with this. As a result I uninstalled Prevx Free. I do not feel any less secure because of this.

Hope this is helpful for you in your decision making process.

Rich

 

heh, after previously reading the problems Rich had with PrevX Home, I now normally try to include the information he made me aware, and usually recommend using the Pro version.....as it's very quiet <quieter than PG now that I've finished all my custom rules>, doesn't dial home (I switched PAWS off), and offers more coverage than the home version.


Of course, sometimes I forget to mention the differences between home and Pro versions - I really like the program

 

Rich,
I notice that you have a high regard for Worm Guard, about the only program from DiamondCS I have not installed on the grounds that Zone Alarm Pro provides protection against scripts and NOD32 provides protection against worms.

Am I mistaken?

 

Hi NormanS,

WormGuard has some "intelligence" built into it, so it is not an "all or nothing" switch. For example, I use Yahoo mail, so it would be very annoying to have to turn javascript on and off constantly. WormGuard intelligently inspects the scripts (of many types - I have augmented it based upon recommendatations from various members of this forum), and determines whether or not I should be alerted. This is the primary advantage for me.

Based upon my own experiences and my discussions with other experts on this forum, WormGuard is a very good overall solution to the script execution problem, but I do believe it needs updating. From Wayne's (DCS) postings, it appears that they are now working on some upgrades.

I would recommend that you try out ZA's controls first, and if they work for you, that should be enough. I don't know if it will block all of the "file extensions" that I have installed in WormGuard, but my guess is that ZA is covering most, if not all, of the important ones.

Hope this helps,
Rich

 

Rich,
FYI, NOD32 also has script detection capability; see http://www.nod32-av.com/products/products.htm .

 

Hi NormanS,

Thanks for cluing me in to this capability.

Rich