Is ProcessGuard really needed?

Discussion in 'ProcessGuard' started by jim28277, May 25, 2005.

Thread Status:
Not open for further replies.
  1. jim28277

    jim28277 Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    64
    Location:
    Charlotte, NC
    Hello everyone. I currently use NOD32, Adaware, Spybot S&D and I image my hard disk weekly with Acronis TrueImage. I also scan for trojans with Trojan Hunter from time to time although I do not load Trojan Hunter unless I am doing a scan. I guess I am what you would call a casual user as opposed to a power user or gamer. I use MS windows xp and update regularly. I use MS Outlook for email and IE for surfing the net. I am involved with several public forums.

    Here's my question. Until last week I had never heard of Processguard or any of the other sandbox software offerings and I am not sure that I need that level of protection. Is Processguard something that everyone needs or is it geared more to the power users and hard core gamers? I would appreciate any comments and suggestions. Thanks in advance,
     
  2. tlu

    tlu Guest

    A short answer to your question in the subject: Yes! For starters, you should read http://www.diamondcs.com.au/processguard/index.php?page=introduction and http://www.commontology.de/andreas/win_secure_pg3.html .

    P.S.: Replacing Outlook and IE with Thunderbird and Firefox would be a good idea, IMHO.
     
  3. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Jim,

    My approach is that an ounce of prevention is worth a pound of protection. ProcessGuard, and other pro-active software, allow users to stop malware from modify a system before it can actually do some harm. ProcessGuard provides a very powerful layer of protection when the AV's detection system should fail (and they all do at some time or another).

    If you have an excellent AV/AT combination as you do, the chances that something will seep through are very small. But I personally prefer my doors locked as opposed to slightly ajar. It is ultimately a matter of confort level.

    Rich
     
  4. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    It depends on your internet habits and your level of concern. I've known people to never get a virus etc in a couple of years of surfing...BUT...they never downloaded anything, and they only visited a limited number of known and trusted sites.

    If you are downloading many things, especially from a P2P network, if you like searching for info on the net, if you like IM's, if you receive email attachments etc etc etc, then security should concern you, and I would very highly recommend Process Guard, especially in combination with either Reg Defend or PrevX Pro :) <RD and PG are one off fees>

    Here's a couple of links re Process Guard (both links from this forum)

    http://www.commontology.de/andreas/win_secure_pg3.html
    https://www.wilderssecurity.com/showthread.php?t=81438

    I would also suggest you have a look at this link in relation to AV capabilities

    http://www.av-comparatives.org/seiten/ergebnisse_2005_02.php

    And a look at this test result in relation to AT's (there's a few other sites out there that say the same thing).

    http://www.anti-trojan-software-reviews.com/trojan-detection-test.htm

    Then you need to consider spyware, which no AV is particularly good at detecting / removing <most are downright pathetic at detecting spyware>....yet even the best of the AS's scored only 64% (as of the end of last year) detection rate of Spyware

    http://spywarewarrior.com/asw-test-guide.htm

    In relation to spyware, I use PG, PrevX Pro, and RegDefend, and no spyware gets on my system anymore (also disabled activeX on IE, use a HOSTS file, use IESPYAD to make use of restricted sites, disabled cookies execpt for trusted sites etc, use Sun Java etc)....many just use Firefox as a more secure browser.

    However, spyware aside, the PG/PrevX Pro/Reg Defend combo is also excellentagainst trojans and worms, and some part effective against virii. (many here just use either a combo of PG/PrevX or PG/RD).

    In the end though, whether all these security apps are for you, depends as I said previously on your internet use. It's always better to be well protected than have to clean up an infected computer.

    edit : typical long winded post, I bet I started before Richrf too. Quite agree with his opinion though :D
     
  5. jim28277

    jim28277 Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    64
    Location:
    Charlotte, NC
    Thank you all for your very prompt responses. They are all very good suggestions and I will certainly read the links you identified and make sure I take all appropriate steps to secure my PC.

    regards Jim
     
  6. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
  7. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi SpikeyB,

    The reason I do not give this type of advise to my friends, is because I do not like playing Russian Roulette with their security and privacy - especially when two of them were hit very hard over the last couple of weeks. In both cases I spent lots of time helping them clean their system and verifying that they did not lose important financial information.

    On the otherhand, I feel quite comfortable taking any risks that I want to for myself and I believe each person does the same. For example, some people parachute their whole lives and others do not. Some people die parachuting (we had a whole slew die here in a parachuting school in Illinois) and some don't. If someone asks me whether they should parachute for a hobby, I would say "It's up to you". I won't recommend it. :)


    Rich
     
  8. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Hmmm...just read that post 33. I'm sorry if I find that very very bad advice.

    At least, taking that post by itself, without looking at other things WorldCitizen has said to put it in perspective is bad advice...

    ie. :

    What if you do internet banking ? The very best free AV's are miss detecting 1 in 10 trojans/worms....is that a risk you should be advising anyone to take ? see link :

    http://www.av-comparatives.org/seiten/ergebnisse_2005_02.php

    [The worst trojans are get into OS (rootkits/kernel level trojans) and can be almost impossible to remove....sometimes only by reformatting <or maybe a backup image>. What if you don't know how to reformat your computer ? - and most average users would struggle to know where to start.

    What if one of those Trojans is a Remote Access Trojan, that uses your computer to store kiddy porn, spam computers, use as a Proxy for Hack attacks ?

    What if you keep financial/business/personal information on your computer...will it all be lost if you reformat <ie did you also store the info elsewhere>

    What if your AV gets infected with a virus ? <can happen to any of them, but seeing the best free AV misses 1 in 20, it's more likely for the free AV to become infected>

    Considering free <and some paid> AV's poor performance with trojans/worms....have a look at the latest 'virus' threats posted by any of the major AV vendors...month after month, 90% of new 'viruses' are trojans/worms

    Now saying 'but it'll never happen to me' ....there's a certain age group in us humans who also think this way...but we all know it's not true. It does and can happen :)

    To my way of thinking, the more risks associated with loss/theft/unauthorised use of your computer/comp-information, the more precautions you should take.

    It certainly isn't harmful having extra security, and learning about computer security, but issuing a blanket 'all you need is a firewall and free AV' can be very harmful indeed (most people with risky computer habits still consider themselves average users)
     
    Last edited: May 25, 2005
  9. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Hi Richrf

    I agree with you about people taking responsibility for the level of risk they are comfortable with.

    My reply was added to help jim28277 to determine his level of risk and paranoia.

    jim' states that he uses NOD32, Adaware, Spybot S&D, Trojan Hunter and images weekly. I think that is a pretty good setup for someone who clasifies themself as a casual user. Vikorr has already explained very well, which type of users need to be more concerned with security.

    To answer jim's question as to whether PG is needed by him, I would say no, based on his analysis of his setup and habits (you are correct, that is an opinion and not a definitive answer). jim' does not mention a FW and I would suggest that switching on ICF is more important immediately, than purchasing PG.

    If jim's question had been is PG a fantastic program and do you think it's worth buying, I would say yes. I've had a lot of fun with it and learned a lot about from this forum. However, PG does cost money and does use resources and for a casual user, might not even get into the action when you consider jim's existing setup.

    SpikeyB
     
  10. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    I think it was just adding a bit of balance and perspective to the arguments.

    jim's AV is NOD32 and isn't free. He's already got that so he may as well stick with it.


    I would say the riskiest computer habits come from people who have a penchant for downloading free screensavers and the latest superdooper searchbar plus. Even PG wont stop this type of infection.
     
  11. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    The danger here is that you can get so freaked out on security that you lose all enjoyment of the use of your computer and spend every moment in security sites and loading up your pc with security applications. Then to justify the cost end up proclaiming the need for every other user to do the same . Most users dont need most of their security products nor do they know how to use them wisely . If they did they more than likely would not need them all. It becomes more of a hobby for many or worse still an obscession.
     
  12. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    It would be my full expectation that someone recently compromised and not knowledgeable in the area would go completely overboard. In time, that tendency is often self-correcting. Do I think I see a lot of that? Sure, but for many it is a catharic experience which they simply must have.

    The more experienced users here should take some time to educate users they believe are walking down a bad path. Naturally, there is a significant diversity in what many of us feel are appropriate measures. Our personal approaches have been shaped by our personal experiences, in that sense we don't bring objective truth to the table, only practical experience as it has played out in our own hands.

    Blue
     
  13. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    The post of mine that you quoted was refering to Post 33 in the post titled Who has actually had PG save them from a malware attack? to which you refered.

    a quote from it :

    "With free AV and firewall the home user is more than adequately protected" This to me, is a rather risky piece of advice...risky for whomever takes it that is. <I realise that is only one part of the quote. Just trying to keep the explanation simple>

    People can certainly go overboard in security applications, although I certainly wouldn't consider a combination either PG/RD or PG/PrevX to be in that category. (along with an AV and firewall)

    Trojans/worms are now perhaps 90% of the newly created threats on the net. There is a growing trend in trojans/worms to use stealth technologies to bypass AV's. Personally I can only see the percentage of trojans/worms using stealth technologies rising.

    edit : edited this to make more sense. Blues quote below is correct of my orig post.
     
    Last edited: May 26, 2005
  14. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Vikorr,

    I believe that you are being too circumspect here. I would stay with your original sentiment. Without significant qualification, the advice that you are commenting on is more than risky, it is bad general advice. Sure, there are some circumstances where this may be appropriate, but they are few and far between. A simple metric - if one have to ask whether this advice applies to oneself, the answer is a decided no.

    Blue
     
  15. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    Personally I don't think anyone can make blanket statements about any security products and whether are they really necessary or not.

    Much like home security people take different approaches from dead bolts on doors, to bars on windows, to monitored alarm systems, up to security personnel with electric fencing and attack dogs. Others still leave their doors unlocked at night and live happily that way. It really is your personal choice based on many factors including past experiences.

    But I also do think a lot of people are starting to clue in on the notion that security companies in general thrive on security based "paranoia". How people respond to those threats (real and over-hyped) I think is a personal choice. Clearly staying patched with a good firewall, anitvirus/anti-malware product, using good "net smarts" and knowledge of how to use your OS safely fits the bill for many many people.

    I personally tried ProcessGuard at first to simply provide termination protection for my firewall and antivirus. But I quickly found it to be an invalueable tool in trouble shooting many problems by using it's log of executed processes complete with execution parameters and having the ability to control processes on my system that were doing things that I wasn't particularly fond of.

    Personally I see disturbing trends developing because of the mass adoption of broadband connections with applications, both purchased and uninvited, taking liberties with that "always on" connection. The new frontier to me appears to be "inside>out" and not necessarily "outside>in". For me, ProcessGuard hardens and re-enforces "the security basics" where it counts most and I find that necessary. Others may not. But that's based on my own personal experiences. Whatever keeps one secure I guess is the right answer.
     
  16. CN232

    CN232 Guest

    As rick says, whether it's overboard or not depends on the level of risk you are willing to take, the value of your computer info etc.

    What are 'stealth technologies' ? Rootkit like behaviour will not help malware to bypass AVs, unless they are already installed. And if they can get by without being installed they don't need such technologies at least to be installed.

    Well said. Or in the context of this forum, the superduper new security hackbuster tool!!!
    As good as PG is, people forget that it doesn't protect you at all from programs you *choose* to run. Or more accurately programs you choose to run after your AV okays it.
     
  17. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    stealth tech : to me any method used to avoid detection by AV's
    - programs that prevent other programs from reading them (once installed) -eg. you create a brand new trojan, program it so that once installed it can't be read....
    - Packing methods that prevent other programs from reading malware signatures (before installation)
    - specifically written malware so as to avoid coming to the attention of AV authors

    http://castlecops.com/t121601-Rootkit_Trojans.html
    http://news.zdnet.co.uk/internet/0,39020369,39199961,00.htm

    or this method

    http://www.webopedia.com/TERM/S/stealth_virus.html

    or this method

    http://www.theregister.co.uk/2004/07/14/atak_stealth_virus/

    I'm sure there's more ways to hide out there :(
     
  18. CN232

    CN232 Guest


    Yes, and if you decide to run and install them, PG or Regdefend won't protect you :(
     
  19. CN232

    CN232 Guest

    Let's see ,the very first post in the thread points out that rootkit abilities don't give the malware any magically ability to evade scanners before installation. It's very nice to talk about how good at hiding malware is once it's installed, but if it cant beat the scanner pre-install, it's useless .


    or this method
    Again, these capabilities don't help the malware evade scanners before installation. So in the context of your argument that signature based approach is useless, this doesn't supprot your argument.

    Hide after they are installed? Millions. Before they are installed? Hundreds. But your random links don't make the point I'm afraid.
     
  20. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    The random links were made as a whole, not as individual links, and made in the context of the statements above them, so that you could see I wasn't just pulling 'stealth technologies' out of thin air.

    It really isn't that hard to read what I said first, read the links, put two and two together and understand the post as a whole.

    Nor does it take a genius hacker to figure out new ways to use old methods.

    After politely replying to your question - from your response I see that you understood what I meant by stealth technologies, yet you just couldn't help baiting :)
     
    Last edited: May 28, 2005
  21. CN232

    CN232 Guest

    Baiting? The fact is the term 'stealth technologies' is something new to me., Beyond the term being applied liberally by the press to the hotest trends in malware, I don't really know what it means . I was wondering if you had some specific terminology in mind, but apparantly not.
     
  22. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    Baiting has nothing to do with you asking what stealth technology means, and everything to do with the nature of your posts, which seek reactions out of people.

    As to what it stealth tech is... you can see what I believe it means, as I stated it at the top of my post.

    You obviously also see that it's not a new terminology, as there were press articles about it.

    Obviously this doesn't satisfy you. However it seems pretty straight forward to me. I suppose you will have to find answers for yourself elsewhere.
     
  23. mcfox

    mcfox Registered Member

    Joined:
    May 26, 2005
    Posts:
    4
    um ... is that a 'yes' or a 'no', then? To the original question, I mean.

    I've read through this thread, the links, the other posts and I'm more confused now than ever. o_O
     
  24. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Hi Guys,

    Firstly, let me clarify my statements. I have purchased ALL DCS products and support as well as recommend all of them to anyone concerned about security.

    But I also recognise that as 1 user said here, blanket statements about security products are usually incorrect. Although I have bought and recommend all DCS products I have also been without them for ages and suffered no consequences. Does this say not to buy them? No, of course not. It's only saying that you can get along without them and most people do but by my very own example in having forked out the money to buy them I am making a statement that I consider them very worthwhile to both use and to have on standby.

    I've used only AVG Anti-Virus for months along with only Windows XP Firewall and got no infections but FELT safer with a commercial product so I bought Kaspersky. It all comes down to what makes each individual 'feel' comfortable with.

    A firewall and AV are 'must have's' but in my view layered security is not a 'must have' but 'optional' and depends on the individual and their needs and useage habits.

    Is Process Guard really needed - my answer - 'For some people yes and for some people no'. Strictly speaking it is not in the category of a monitor or a hard drive which you must have to boot into and view Windows. Not having Process Guard, depending on your situation, will or will not make any difference. It is very subjective. If you regularly surf and download and visit red light sites as well as P2P and do commercial transactions then you do need more protection above the usual but it all depends on what you do and where you go.

    Process Guard is one of the most pro-active security programs out there so by having it you know that it's working for you 24/7 and not just sitting on the shelf gathering dust but if you decide you don't want to buy it or don't need it then that's not considered a crime here and you won't be crucified by me at least.

    My personal advice would be to BUY IT because it will keep your PC protected continually and just in case some disaster strikes. I try to be impartial and fair because people are needing not sales talk but a real assessment of whether they can do without PG or not and I recommend buying it but if you decide not to your PC won't stop working tomorrow morning. You can do without PG but you're much, much safer and better off with it and for the price it's a steal.

    Regards

    Dave
     
    Last edited: Jun 5, 2005
  25. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi all,

    To give a couple of scenaios. I have two friends who I recently helped clean their machines after some pretty bad attacks (keyloggers, trojans, etc.).

    One uses her machine primarily for email. I told her to use online email (for scanning purposes) and of course to avoid, as much as possible, opening up attachments. She is now running Kaspersky with Firefox and is probably adequately protected.

    My other friend is frequently online doing highly sensitve financial transactions. For him, security is an utmost priority. Even the best heuristics nowadays (NOD32) can only detect 70% of the new trojans coming on board. Kaspersky is at about 50%. This is not nearly good enough for his requirements. So he opted to purchase ProcessGuard and RegDefend and is extremely happy with this level of defense.

    For me, PG along with ZoneAlarm, WormGuard, RegDefend are an insurance policy that lets me rest easier, knowing that there are "sentries' watching the gates into my system. I also run Kaspersky because it has extremely high detection rates (99%). Not everyone sees the value of insurance polices and many people do not feel they are needed or worth the cost. Insurance is for events that are unexpected and potentially catastrophic. It is up to each person to decide whether he/she needs this type of insurance policy.

    Rich
     
Thread Status:
Not open for further replies.