Do we need more than free Process guard if we do not indulge in high risk behaviour?

Discussion in 'ProcessGuard' started by Palombaro, Aug 2, 2005.

Thread Status:
Not open for further replies.
  1. Palombaro

    Palombaro Registered Member

    Joined:
    May 13, 2005
    Posts:
    77
    Location:
    UK
    With regard to Process Guard , does a computer user who :- 1) Does not visit high risk sites 2) does not download from iffy sites 3)does not execute .exe attachments 4) does not use pirated software 5) has a good AV prog installed with up to date signatures - say Nod32 6) has a good firewall installed-say Sygate Personal Pro 7) regularly scans with Spybot and/or Adaware (free) for malware

    ..... need to have the paid for version or the free version to complete his/her security configuration?
     
  2. ---

    --- Guest

    Re: Do we need more than free Process guard if we do not indulge in high risk behavio

    Hi.

    You are asking this in a forum devoted to Process Guard. What do you think most people here will say?

    :)


    Okay okay, if you want to know my answer is probably not. But you never know.... There are worse things to sink your money into if you can spare the cash.

    Okay time to go, I'll let Richrf and others give you the sales pitch about 'executable portables' and 'catching strangers at the door' analogies.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042

    Hi Palombaro

    Assuming 1,4 are totally true you indeed might not need the paid version. Looking at my signature some might class me in the paranoid category. I also qualify on the 1,4 items plus the software, but the deciding factor for me is that my computer is online a good portion of the day, and my computer is mission critical for several business activities. The cost of this software is trivial compared to the cost to me of having a computer down to clean an infection.

    I would say what you need to measure is given a small risk, what is the cost of having something slip by, and weigh that against the cost the software. It's kind of like an insurance decision.

    Pete
     
  4. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Re: Do we need more than free Process guard if we do not indulge in high risk behavio

    The question is whether you visit only trusted sites, or do you surf at all. If you surf at all, there is always a possibility that you will get attacked. It happened to me by just linking to a site from Google after a totally innocuous inquiry (something related to dinosaurs or something like that). So, if you only visit trusted sites, then I don't see that you have any problem. If you visit sites that you do not know for sure are trusted - well all bets are off and ithen who can really say. For me, the few dollars it costs for PG licensed is more than worth it. Some people insure their car against collision and others don't. Everyone is different.

    Rich
     
  5. ---

    --- Guest

    Re: Do we need more than free Process guard if we do not indulge in high risk behavio

    Yeah kind of, except real insurance pays you monetary compensation. Security software gives you no guarntees.

    Otherwise a balanced commentary
     
  6. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Re: Do we need more than free Process guard if we do not indulge in high risk behavio

    Insurance: any means of guaranteeing against loss or harm; [Random House Unabridge dictionary]
     
  7. ---

    --- Guest

    Re: Do we need more than free Process guard if we do not indulge in high risk behavio

    Yes and I don't see one for using software.
     
  8. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Re: Do we need more than free Process guard if we do not indulge in high risk behavio

    Example sentence from the Random House Dictionary:

    "Taking Vitamin C is viewed as an insurance against catching colds".

    Another example:

    Using HIPS is viewed [by many] as an insurance againast catching viruses and other types of malware.
     
  9. Palombaro

    Palombaro Registered Member

    Joined:
    May 13, 2005
    Posts:
    77
    Location:
    UK
    I don't want at all to argue with the comments above but I just have this nagging doubt about the level of security software we actually need. The fact is in year of heavy net use, permanently connected to the net, and using only NOD 32, Spybot, Sygate firewall ( licensed) Adaware. ( two free , two licensed) I have had not one attack from a virus, trojan key logger etc. Tracking cookies , of course I remove with Sybot.
    Recently I have added the freeversion of Process Guard to complete a reasonably secure system - it was the missing element(insurance policy) -given my behaviour.

    Nobody takes out insurance against every mishap that might befall them. No , they measure the risk aginst their circumstances, against their behaviour and then take out an appropriate level of insurance. I would argue that is exactly what PC users should do and yes Process Guard should be part of that insurance but maybe the free version is enough for many of us.
    Surely my configuration is enough insurance for most users.
     
  10. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Re: Do we need more than free Process guard if we do not indulge in high risk behavio

    Depends. I installed a program from a site, that at the time seemed to be run by a very large and "trusted" company. Only, when I installed the software, PG alerted me that it was trying to install a "driver/service", which I thought was odd, so I disallowed it. It was only much later, did it become clear on a forum, why this company's software was trying to install a driver/service, and I am glad I had the opportunity to stop it.

    For me, "total control" on what is installed and runs on my computer is what it is all about. I don't trust the "trustworthy" companies. The latest red flag being how MS AS is now handling Claria. Where there is money to be made, companies just ignore or privacy and ethics issues and do what they can to get information from my machine. At least that is what my most recent experiences have been and why I no longer trust signature based systems that are maintained by commericial vendors. I am just going to keep my own watchful eye on things. But it is not for everyone, I know.

    Cya,
    Rich
     
  11. Hard_Warrior

    Hard_Warrior Registered Member

    Joined:
    Jan 24, 2004
    Posts:
    17
    It isn't always possible to predict whether you're indulging in high-risk surfing. It's entirely likely that a new site that gives every outward indication of being legit may in fact be dodgy. The same is true if you test-drive shareware or demos from time to time. Under these all-too-common circumstances, having a multi-layered security strategy becomes important.

    Whether you decide to move to the paid version of PG is ultimately up to the individual. However, I tend to think that it's only fair for developers to want\need compensation for their work. For me, this idea extends beyond just wanting added features. So far, PG has been a great app that I in no way regret purchasing.
     
  12. Palombaro

    Palombaro Registered Member

    Joined:
    May 13, 2005
    Posts:
    77
    Location:
    UK
    Points well-made Richrf and Hard Warrior, I am almost convinced. Dead right about the ethics of profit making concerns, also dead right about the need to reward those software developers with scruples. (Diamaond CS , for example)
     
  13. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I agree.. also, you may be able to trust the site itself, but what about their advertisers? You also never know if it's been hacked, there will always continue to be worms like Download.Ject. That said, however, whether PG free is enough for you is really up to you. Are you comfortable making decisions on all of PG's prompts? If you're not completely comfortable with it's execution prevention, it may be worth adding something else.
     
  14. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Palombaro, Hello. :D

    I'm in the same boat that you are regarding safe surfing. Every piece of malware I've come across came to me via email. I use Outlook Express' Preview Pane - which is probably not a smart thing to do. I don't click on attachements either. For me, PG has been a good friend and has helped me. So to answer your question, I would say yes to PG (IMO), right after a good firewall and AV.

    P.S. I would probably say no to an AT in your case. I just use one (among many other pieces of security software) because I like experimenting. It's a hobby! ;)
     
  15. Palombaro

    Palombaro Registered Member

    Joined:
    May 13, 2005
    Posts:
    77
    Location:
    UK
    Thanks Daisey. I have decided to go with the following config and see what happens.
    Nod 32 +Sygate PFPro + Spybot + Adaware + ProcessGuard(Free)
    For the moment I will stick to the free version of PG until I get used to some of its calls. Should I manage to get my head round PG I will certainly purchase the licence.
     
    Last edited: Aug 10, 2005
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Re: Do we need more than free Process guard if we do not indulge in high risk behavio

    You are right, no guarantee's. If my computers weren't online all day, and if they weren't mission critical, I wouldn't go nearly as far as I do. But all it took for me was the effort required to clean up an infected computer(not mine) and the risk to me just isn't worth it. The pay off for me cost wise it avoiding the cost of cleanup.

    to Palombaro

    I take the same approach with backup. I can't afford to be down, so I use 3 different backup programs to 2 different backup devices. Same reason. Cost of doing it vs cost of being down. Has never happened yet, therefore what I have spent so far could be considered a waste. But.......


    Pete
     
  17. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Understood. I think you'll find it easy to use, once you understand it better. If you ever have any questions, you know where to ask! ;)
     
  18. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Re: Do we need more than free Process guard if we do not indulge in high risk behavio

    Hi,
    Rich, so basically what you say, the abundance of security is to give you more control of what is happening in your machine rather than prevent acutal attacks against it, since even if probably only half your setup, you're still rather secure. If that's your angle, I like it. Comparing back to cars, I would like to be able to install in my car a particular type of brakes, or particular type of fuel injection etc.
    But for someone who just wants to be secure, it can be done with less.
    Seeing people around me and helping them get rid of spyware in their machines, I realize that it narrows down to what the user does at the end of the day. The rest is paranoia, cosmetics, fetishes and hobbies.
    Cheers,
    Mrk
     
  19. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Re: Do we need more than free Process guard if we do not indulge in high risk behavio

    Hi,

    1)ZoneAlarm: Firewall
    2) KAV 5.0: On-access anti-malware file protection
    3) ProcessGuard: anti-executable, driver/service, global hook, rootkit installation protection
    4) RegDefend: registry protection
    5) WormGuard: script protection

    Whether or not this is an "abundance" of security, I guess is in the eyes of the beholder. For me, it is just right.

    Yes, I would like to decide what goes on my computer, rather than leaving it up to some other vendor to decide - e.g Microsoft/Claria issue.

    Less? In what terms? Dollars, manhours learning, manhours installing, manhours maintaining? Maybe if you give me the absolute equivalent configuration (to the exact detail) that you believe can replace what I have, it might help. Generalities are difficult to discuss.

    I think it is just people doing the best they know how, with what they know and what they can achieve (time, money, experience, etc.)

    Cya,
    Rich
     
    Last edited: Aug 11, 2005
  20. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Re: Do we need more than free Process guard if we do not indulge in high risk behavio

    I wouldn't be so quick to judge, you never know what people's circumstances are.
     
  21. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    Perhaps the question could be expanded to "do we really need personal HIPS/proactive protection/behavioural blockers?"
    And this question can be related to this thread: https://www.wilderssecurity.com/showthread.php?t=91297

    Absolutely sure:a single host without Process Guard:
    - has more chance to be compromised/infected by a malware,
    -facilitates the job of the potential intruder.

    I don't have a risky surf, don't use P2P/Warez softs/ICQ/MSN/Outlook/Thunderbird/bank-shopping online, never store any sensitive information on my computer and i'm not paranoiac at all.
    Result: i never trust in scanners for my security.
    Many people can be infected with an AT/AV/AS: it's really common as it is often noticed on the "virus/backdoor/worm area

    AVs are limited by their database: they can only detect/block what they know.
    And AV publishers can't be aware in real time about all new threats and malwares:for instance Blaster, and recently Kelvir have not been detected/blocked (only after a few hours); but were blocked by some personal HIPS/behavioural blockers.

    In order to detect all malwares, AV vendors should place a guard behind each potential malwares coder in the world!
    Staying aware about 29A, HangUp or CWS groups is not sufficient.
    For instance, a new PAID version of the free Hacker Defender will be available at the end of this month:some AV publishers would perhaps pay to integrate it in their database...

    No need to have a risky surf to be infected by a Cool Web Search trojan: recently, the Sunbelt labs has discovered new variants which are not detected by any AT/AV: for this case, risks are real for the ones who use online banking/shopping: http://sunbeltblog.blogspot.com/ (august 8 and 4).



    Technically, AVs are bypassed like it's shown in this research paper:
    http://www.securityelf.org/html/software_misuse/index.html

    Solution like ProcessGuard increase the level defense, especially against unknown/new threats/malwares.
    For instance, worms typologies provide many possibilities for new variants:

    -SSH worm:
    http://www.schneier.com/blog/archives/2005/05/the_potential_f.html

    -Web application worm:
    http://www.imperva.com/application_defense_center/white_papers/application_worms.html

    Being infected by a malware is not a big problem, but it costs time and sometines datas...
    Finally, with or without ProcessGuard, it's a personal choice: each one his policy.
    Palombaro: on the next links, you'll find independent reviews about Process Guard which is well known to be an anti-rootkit/keylogger solution.

    http://www.morgud.com/go/open/Digital-Fort-Knox.pdf

    https://www.wilderssecurity.com/showthread.php?t=90583

    I'm not a PG user (it will be an over-protection on my system) but i can't contest (see the "Overall" link ) that it's an excellent product.

    Regards
     
    Last edited: Aug 11, 2005
  22. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Re: Do we need more than free Process guard if we do not indulge in high risk behavio

    Hi,

    Actually I was talking about myself ^^

    @rich, when I said less, I meant mainly the effort introduced into the processs of securing your system, by not just installing programs, but by learning them and eventually controlling them. For instance, hardening takes a lot more than clicking buttons in a GUI. It takes deep understanding of processes and how the OS wants its stuff done.

    Cheers people,
    Mrk
     
  23. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    The paid for version of PG gives extra protection compared to the free version.

    The extra protection is:

    Protect physical memory
    Block global hooks
    Block rootkit/driver/service installation
    Block registry dll injection

    Can a piece of malware do any of the above without executing? If not, the free version is as good as the paid for version.
     
  24. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Re: Do we need more than free Process guard if we do not indulge in high risk behavio

    There have been several occassions when I allowed a process to execute only to find that it was trying to install a driver/service or obtain a global hook, which I was then able to stop. So these added capabilitiews were very helpful to me. The block registry dll injection can occur without a user being aware of it. Here is a paper explaining this:

    http://www.commontology.de/andreas/win_secure_pg3.html

    Rich
     
  25. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Thanks richrf, I had a quick search through the paper. I'm still not convinced that the change to the registry for the dll protection can be accomplished without something executing first (perhaps I missed the relevant bit, could you copy and paste the relevant bit or PM me thanks).

    I can see your point on the install driver/service blocking. Why would a supposed note taking program need a driver/service, suspicious.

    The extra protection from the paid version may help if you deliberately execute unknown programs but for general surfing will they give you any added protection if you block unknowns from executing?
     
Thread Status:
Not open for further replies.