How can Process Guard become more user friendly

Discussion in 'ProcessGuard' started by worldcitizen, Sep 4, 2005.

Thread Status:
Not open for further replies.
  1. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Hi Everyone,

    I'm starting this thread because I believe it's one of the more important aspects of Process Guard next to security.

    I recently took up the offer from DCS re TDS 3 and got a copy of PG for my sister. But here's the catch. My sister has no time and absolutely no patience for going through step 5 of the set up so she won't install it. So unless I personally go out there and set it up for her she refuses to use it which leaves it just sitting in her PC untouched even though it was FREE. She also has kids using the PC and they wouldn't have a clue about the pop ups so this is definitely not user friendly for kids either unless it has been painstakingly set up first.

    An easier way has to be found if this program is not to suffer (or has not already) the same fate as TDS 4.

    I'm talking about step 5 in the set up instructions.

    5) Minimize the Process Guard interface and run all of your regular applications (your web browser, email client, and so on). Any application which is run while under learning mode is automatically added to ProcessGuard's list with default permissions.

    My sister, who is just an average mum who works won't install PG because of this. She says she just couldn't be bothered and the whole process is a nuisance. While the tech savvy person will spend hours tweaking and fine tuning their security settings, the average user just wants to install and get on with what they were doing and DCS has to realise that unless they can make PG user friendly for the 'set it and forget it mob' then it will not attract a large portion of average users like my sister who don't want to go through the step 5 procedure or visit forums to ask questions.

    The majority of people just want to install a program and then use it and not be bothered by pop ups and having to click on all their programs and reboot etc etc.

    My sister lives far away and I can't visit just anytime so PG remains uninstalled. Step 5 is a real turn off and put off for many people I believe - people who don't visit forums and come here. They just have a look, see it's too difficult and uninstall and walk away without DCS or us ever knowing - people like my sister.

    Maybe DCS were targeting companies and not individuals with PG because it's certainly not user friendly enough for novice PC users. I wish something could be done so that DCS could make it as easy as pie to install and set up(like any other program out there) and then sales might increase but I can't see many novice users going through step 5 so I suggest this be looked into.

    Dave
     
  2. dog

    dog Guest

    Hi Dave, ;)

    Well I disagree, I'd like to see even more minute control (child processes etc.), if DCS changed it's target users from advanced user and security freaks ... they'd have no target audience at all. General users aren't after these types of applications, they won't bother at all to use anything other than an AV and maybe a FW. Besides I don't think there's anything complicated about PG ... yes it takes maybe ten minutes to setup, but then it's easy sailing from there, changes only be need to made when installing new software. With PG locked I'm the only one with that control, there aren't any pop ups, either I approved it or I haven't - ie. It runs or it doesn't period. :). Including the allowed privileges for each application.

    I don't know how you can relate the environments of TDS and PG, they don't face the same issue - TDS' issue was the resources required to update the DB. PG isn't going anywhere, it doesn't have that issue ... regardless if development were to stop or the project reached completion - PG would still be in a complete state from where is stands now and completely useful. :)

    Steve
     
  3. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    That is why added PG along with RegDefend and WormGuard as a backup to my AV and firewall. I want protection and am willing to spend a little time to learn how to use the software. If it was signature or list based it would not be as effective.
     
  4. FirePost

    FirePost Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    212
    I fail to see how anything could be easier than "run all of your regular applications". You would be doing it even if you did not install the program.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    Dave

    You do raise an interesting question. You are right this is a problem area. I have friends like this myself. The alternative approach was that used by Abtrusion Protector. When you installed it, it ran thru your system and added all the exe's and dll's for you. Only issue was it took almost 30 minutes to do this. Do you think this would be better for your sister. The other downside though is AB only was picking up a list of exe's,dll's and there checksums. There is no way AB or PG for that fact could know what other kinds of permissions are needed short of having them execute.

    Again an education problem. Do you think your sister would change if her machine got infected. I know that did change one of my friends.

    Two other programs Online Armor, and Prevx1 are trying to solve this problem. Not sure they are close yet. Hopefully DCS can look at this issue.

    Pete
     
  6. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    maybe it should just scan the start menu and desktop. itll be faster and get the majority of apps u use. and about the permissions: even if pg knew what permissions to give, some people would rather not give permissions (like hooks) to an app as long as it still works. its a personal preference.
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,057
    Couple of things. Scanning desktop or start menu doesn't help. So you scan my desktop and find say my Quickbooks shortcut, and pick up the exe file it points to. But by the time you get to the work area, 2 other exe files have had to fire up. You either have to run it, to pick them up, or scan the drive to find all of them. As far as the permissions, remember the reason Dave started this thread is his sister didn't want to bother even running in learning mode, so she certainly isn't going to be tweaking permissions. It has to be automatic. Thats the trick to be solved.
     
  8. -=Stimpy=-

    -=Stimpy=- Guest

    I did not mind the setup guide, DiamondSupport told me it was very important to follow the guide all the way through. If they can make it easier then good, my games all crash first time I use them with Learning Mode, but they work the next time so ok, the rest of the setup was easy like any other program :D
     
  9. It's still better than nothing.

    To solve your problem have default child-parent control to always allow if launched from trusted parent. Not as secure, but increase ease of use.

    It still won't catch 100%, but much better than the current sit.

    On the other hand, I do appreciate it if PG allowed better control of child parent relationships.
     
  10. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Dave,
    I would also like to see some progress in ProcessGuard in this sort of area., there is a very long feature request list that has had no apparent progress for a while now. Hopefully PG will get some attention in the "promised" cycle of updates...

    For the moment you could always just turn Execution Protection off and get your sister to do a single reboot in learning mode to get most things that load a driver.

    That way you still get the core features of PG by stopping DLL injection, protecting Physical Memory and getting reasonable Anti-Termination protection as well.

    As was said by thingsthatmakeyo I think that finer grained control of execution protection would make a difference. If for example you wanted to have exection protection enabled you could simply deny everything starting from iexplore.exe and allow everything starting from explorer.exe (and everything else). That way there would still be no alerts and drive-by-installs couldn't simply just drop and run a file.

    [They would have to drop a file and write to the registry and wait for you to start a program in order to avoid the execution alert... but they can do this with execution protection the way it is now anyhow]

    If you havent already you could possibly look at setting up Proxomitron as a proxy on her computer and have it use a decent filter set (like Gryphen) that may help lessen the likelyhood of issues whilst browsing and shouldn't generate any alerts.

    If none of that sounds useful and you are in travelling distance, then you could just wait for a family birthday and do it for her while you are visiting

    Regards
     
  11. ----

    ---- Guest

    I saw this mention of sensitive guard and googled it. Here's a very interesting feature

    http://www.sensiveguard.com/

    Very cool. It makes a difference between actions carried out by the user and those that isn't.The same thing with its fileguard, you can set different policies depending on whether it is an action carried out by the user, or not.

    See screenshot here

    http://www.sensiveguard.com/screenshot.html

    Imagine if PG had this, it would be a godsend at least for a lot of execution protection requests.

    The cynic in me would probably point out that malware can learn to emulate what the software is looking for when it says something is user initated.....
     
  12. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    I really like the user initiated aspect. It would really help people who just don't feel confident enough or patient enough to go through running their applications. With PG's system you miss a few or forget a few in learning mode and then blocking starts and then it begins to get too arduous for the novice and they tend not to persevere with it.

    I wouldn't give in on a 'set it and forget it' system for PG because that might be the only way to get the masses to use it. The user initiated idea would be great for PG because the program then does the thinking for you. Emulation might be a problem but don't forget it's layered security so there's an AV as well as firewall. I don't think that layered security has to be all complicated as PG is as it's not the 1st line of defense so even something like an emulator would have to get through the AV and firewall first so user intiated intelligence might just be what PG needs to make it more marketable to the masses.

    Is that sensiveguard free?

    Dave
     
  13. ----

    ---- Guest

    Emulation is the wrong word , I apologise for using it. Simulate user action was what I should have said.

    I suspect, it can be pretty easy to do this depending on the implementation.

    Yes, apparantly. I haven't tried it though. Maybe it's not as smart as it seems.
     
  14. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I'm not the average user, especially not where security applications are concerned, but I am finding the full Process Guard to be MOST irritating and difficult. I find buggy KIS 2006's process guard to be easier to use (except for the tiny GUI) although not by much.

    The problem with Process Guard is that it doesn't learn well. And it doesn't always pop up and ask what you want to do either. It just silently blocks (global hooks for example) and that is not acceptable. I can't imagine an average user having the patience or understanding to use something like this.
     
  15. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    A program like Process Guard doesn't sell very well to the novice because it's just too complicated to install and look after. If something goes wrong like a silent block then your average and even experienced user will be left baffled for days. I think DCS should at least give it a try to see if they can't come up with something much more user friendly.

    The GUI was only one idea but user friendliness is even more important because things like a silent block can turn users right off PG. Average or novice PC users may never ever really flock to PG in even moderate numbers so it's days may be limited because it's only catering to a very small audience and can't be continually improved and updated when the income for it may not be enough to support the product. So I do see programs like PG being around for a while but really not having many improvements or updates anymore because they are not bringing in much money.

    Another case where DCS may be shooting themselves in the foot because their products are not attracting a large enough market to sustain the product leading to discontinuing of updates and upgrades which we saw with TDS 3.

    I think DCS have got to look at appealing to the masses otherwise all their software is not going to support itself and they will just have to forgo updates and upgrades and if it falls far enough behind and is not worth the effort to redo then it might suffer the same fate as other programs. So I strongly believe that DCS have got to start incorporating much more user friendliness and less technicality into their products for them to appeal to larger audiences.

    Dave
     
  16. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    I would have to agree with K9. :)

    I think a reasonable analogy would be a camera. Your average vacationer (or Soccer Mom) wants a point and click camera. While your professional photographer wants more minute control over every last detail of the shot. To make PG more acceptable to the Soccer Mom, a lot of functionality would have to be lost.
     
  17. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    I guess like someone suggested already, PG with with two types of user interface. Pro and soccer mom. :)
     
  18. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Hello, BJ69. :)

    That would be OK with me, but I would be surprised if anyone would buy it and use that feature.
     
  19. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    The next release will mostly concentrate on some good little features, and on help file and user guides. ProcessGuard is based around a few simple concepts and protections implemented in the right place at the lowest level. Guides will make things a lot better so anyone who is willing can have a better chance of being secure.

    Some more protection is always better, and if some of us can gain complete control then great! :)
     
  20. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    That sounds great! Just what I need. The current help file is execellent...as far it goes. It doesn't go far enough. I'm also encouraged to hear that there will be another version. I hope it is coming soon so as to help deflect the rumours rampant that PG is dying.
     
  21. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    I made a couple of guides recently and we are really paying attention to detail on those.. lots of useful info will be available. I'll do my best, still working on the guides and the new version will definitely please in a lot of ways. Dont expect miracles of course its only one program in the big picture but if we get the guides right people will definitely end up better off and less vulnerable :)
     
  22. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Hello Garvin..........any words on when..........soon or not sure ??
    BTW....I for one can do fine without TDS-3......i can not say the same about PG............long live PG :)
     
  23. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Not soon sorry, PG is hard work. Low level coding, debugging testing fixing more debugging etc etc etc! :)

    All the other stuff we are working on is far more advanced.. website is mostly done..

    PE has lots of stuff fixed and added, we went through the requests and got some stuff done already. Its a lot better already and more useful ! :)
     
  24. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    The sun was not supposed to shine here today..........now it is :)
     
  25. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Very true!!
     
Thread Status:
Not open for further replies.