Do I still need Process Guard if I have Prevx?

Discussion in 'ProcessGuard' started by Tone, May 22, 2005.

Thread Status:
Not open for further replies.
  1. Tone

    Tone Guest

    Hi,

    Do I still need Process Guard if I have Prevx?

    Do they do the same / similar things?

    I also run Counter Spy, Trojanhunter and NIS.

    Many thanks

    Tone
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
  3. Tone

    Tone Guest

    Many thanks for the prompt response.
     
  4. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Many people here use a combination of either PG/Reg Defend or PG/Prev X.

    The overlap isn't that great, and they protect your system in different ways.

    Some examples include :

    1. PG has execution protection, PrevX doesn't.
    2. PG Can protect specific executables from modification. PrevX doesn't quite work that way - it protects executables from modification in specific locations.
    3. PG protects executables (eg your AV) from termination, PrevX doesn't
    4. PrevX prevents the installation of executables in it's protected areas. PG doesn't do this, but it does stop the installation of rootkits/drivers/services
    5. PrevX protects the autostart registry (though not as good as RegDefend). PG doesn't.
    6. PG protects against Global Hooks (keyloggers), PrevX doesn't stop global hooks.
    7. PrevX (claims to) prevents buffer overflows, PG doesn't

    There's other differences, but as you can see...they have similar goals, but go about it differently. Their protection systems are very complimentary to each other.

    I'm personally using PG/PrevX Pro/Regdefend and find they run happily side by side, and while they have some overlap, the differing coverage and timing of their protection are fantastic together.

    edit : sorry, to answer your question, I'd definitely get PG with your PrevX
     
    Last edited: May 23, 2005
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Hi Vikorr

    Re Number 7, In once instance I was able to verify that Prevx, does indeed prevent buffer overflows. Had a program that when I did a particular thing with it, (don't remember details now), it bsoded with a buffer overflow. It was a confirmed bug. I forgot and tried it again after installing, and Prevx did indeed catch and block the buffer overflow. Amazingly it prevent the program with the bug from crashing. Not a good bug solution, but it did confirm Prevx working as advertised.

    Pete
     
  6. CLuessnewbie

    CLuessnewbie Guest

    Vikorr, good comparison

    Now please compare SSM and PG
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi CLuessnewbie, This thread is not a comparison thread, so please ask your question in another forum or as new new thread in the ProcessGuard forum.

    Thank you. Pilli :)
     
  8. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Thanks for the info Peter. When I said (<claims to> prevent buffer overflows)I meant that while I know it will prevent certain/some buffer overflows, I have read in a few places that it may be impossible to prevent all buffer overflows. Still, always good to know that it works as intended.

    Btw, I don't know anything about SSM, never used it. Quite happy with what I have at the moment. The only other current security product that has me curious is Anti-Malware, but that's in beta. Will see how that pans out.
     
  9. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Tone,

    Whether you need it or not, depends upon the top of layered security that you want. For me, I look at the stream of program execution on my system and this is how I attempt to stop unauthorized applications from embedding itself onto my system:

    1) Kaspersky AV almost always detects any piece of malware that may be seeking entry onto my system, whether it be a virus, trojan, spyware, etc. This would be considered my first line of defense and it is very formidable.

    2) Should a piece of malware get past Kaspersky's signature-based detection system, it would have to find some way to actually execute some logic on my system. To prevent this from happening, I have WormGuard from DiamondCS and ProcessGuard, also from DiamondCS. These two products provide a very formidable second line of defense, since they would stop any unauthorized programs (PG) and scripts (WormGuard) from executing. I feel that the further upstream that a piece of malware is detected, the better. (Less chance that it has a chance to do anything).

    3) In the event that I mistakenly allow a program to execute, then that program would most probably try to instantiate itself on my system by modifying my registry. To protect against this possible error on my part, I also run RegDefend, which guards against unauthorized entries into critical areas of my registry. This would be a third-line of defense.

    4) Should any of these defenses be penetrated, I do run at least one online anti-trojan (either BOClean or Ewido), though they have never been "tested" in my environment, given the layered defense that I have employed.

    With that said, there is the question whether you feel you need additional protection with Prevx. Prevx would give you additional protection that Vikorr has outlined. I briefly used Prevx and it indeed gave alerts "temporally downstream" from ProcessGuard and RegDefend as expected - especially when my program or system directory was being modified. A couple of points: 1) Prevx was more "talkative" than either ProcessGuard or RegDefend, due to the nature of the areas that it was attempting to protect. So, I would more often turn off Prevx, in order to cut down on the alert messages. 2) Prevx Free, monitors every alert on your machine, tracks these alerts, collects this information at their home location, and then sells the information to its subscribers. I was never comfortable with this. As a result I uninstalled Prevx Free. I do not feel any less secure because of this.

    Hope this is helpful for you in your decision making process.

    Rich
     
    Last edited: May 23, 2005
  10. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    heh, after previously reading the problems Rich had with PrevX Home, I now normally try to include the information he made me aware, and usually recommend using the Pro version.....as it's very quiet <quieter than PG now that I've finished all my custom rules>, doesn't dial home (I switched PAWS off), and offers more coverage than the home version.


    Of course, sometimes I forget to mention the differences between home and Pro versions - I really like the program :)
     
  11. NormanS

    NormanS Registered Member

    Joined:
    Feb 3, 2004
    Posts:
    84
    Rich,
    I notice that you have a high regard for Worm Guard, about the only program from DiamondCS I have not installed on the grounds that Zone Alarm Pro provides protection against scripts and NOD32 provides protection against worms.

    Am I mistaken?
     
  12. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi NormanS,

    WormGuard has some "intelligence" built into it, so it is not an "all or nothing" switch. For example, I use Yahoo mail, so it would be very annoying to have to turn javascript on and off constantly. WormGuard intelligently inspects the scripts (of many types - I have augmented it based upon recommendatations from various members of this forum), and determines whether or not I should be alerted. This is the primary advantage for me.

    Based upon my own experiences and my discussions with other experts on this forum, WormGuard is a very good overall solution to the script execution problem, but I do believe it needs updating. From Wayne's (DCS) postings, it appears that they are now working on some upgrades.

    I would recommend that you try out ZA's controls first, and if they work for you, that should be enough. I don't know if it will block all of the "file extensions" that I have installed in WormGuard, but my guess is that ZA is covering most, if not all, of the important ones.

    Hope this helps,
    Rich
     
  13. NormanS

    NormanS Registered Member

    Joined:
    Feb 3, 2004
    Posts:
    84
  14. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
Thread Status:
Not open for further replies.