limits of ProcessGuard

Hello,

I'm a french user of Diamondcs's products (PG free, ATP) and first, i would like to apologise for my english.

I've tested many security softwares using an prevention "approach"G, SSM, AbtrusionProtector, Prevx and so on.

Actually, PG3 is one of the more efficientl soft that home users of Pc can have for a competitive price.

PG protects the system against all kinds of malwres and attacks (spywares, virus, trojan, injection of threads...).

But he can't do anything against somes apllications web attacks like:

***Cross Site Scripting,
***SQL injection,
***cookies poisonning,
***URL and DNS spoofing (used in phishing attacks),
***navigators vulnerabilities using mobiles codes (java script, activeX ...)

If our system is like our house, PG3 protects it against a lot of kinds' intrusions.
But if we take our car (navigator like Firefox) to go outside (web), PG will always protects our house but not our car.
And it's sometimes important when people use internet to buy a lot of things.
Their cookies could be stoled to get their visa number for example.

Big corporations protects their servers by using reverse proxy solutions (Kavado, Axilliance or Deny-all), but poors home users have nothing else than their carefully minds!

And it could be my whish (to the list) for the next version of PG:more protection during the surf and more protection against mobiles codes like java or java script.

But almost again, PG is a one of the most powerful prevention against malwares that a home pc users can get whith a little price.

And if someone pay attention to his security, he surely should have ProcessGuard installed on his system.
That's why i tell to my friends (p2p users) it's a great soft to test and to buy.
But like me, they're wating for a package PG3+TDS4 (maybe so soon?).

Congratulation for the Diamondcs team and all his production.

Best Regards

 

i use SurfinGuard to protect myself from the other things you mentioned, but it doesn't work with Firefox

yesterday for example a new ActiveX Control Cross-Site Scripting vulnerability was found in IE
http://secunia.com/advisories/13482/
but i checked and SurfinGuard already prevents that attack

 

Agreed

Browser vulnerabilities are completely outside the scope of what PG is meant to do, however. For those kinds of attacks I would suggest something like Proxomitron with Kye-U's Filters (it's a content filter, Kye-U's filters filter out known javascript exploits) and/or Qwik-Fix (system hardener/"pre-patcher", resolves all cross-zone vulnerabilities and much more)

Proxomitron (free): http://www.proxomitron.info/
Kye-U's Filters (free): http://www.kye-u.com/proxo/forums/index.php?showtopic=131&st=210

Qwik-Fix (not free, but cheaper if you buy before Dec 31st): http://www.pivx.com

ProcessGuard is not a catch all, it is meant to be a part of a good layered security setup. ProcessGuard will, however, armor plate those layers

 

Hi,

I know Finjan products (SurfinGuard) but the soft as Hmmm said works only with mister IE.

A local proxy like "the Proxo", Webwasher, Spyblocker or others proxys are really greats to filter hostiles scripts.

There is a free programm who works like a sandbox between the web and the system: Sandboxie:

http://www.sandboxie.com/

But it's more useful to surf with cautions:diasble java/javascrip, manage cookies as well as we could do, and for the e-payment, paranoiac users can crypt their cookies by AES 256!

A little regretG is not as well known as it should rather be in France.
Thanks for answers and best regards.

 

Thanks for the haus and car analogy kareldjag.

Actually I have never thought about it that way. So far, I was only safeguarding my haus leaving my car unlocked.