New feature requests for next version.

Hi,

I too would like to see executable (and dll) checksums to ensure that the the privileges are given to the correct application. I am a registered PG user and protecting several of my security applications, some of which is not running continously. Those applications could easily (temporarily) be swapped to a troyan running with full privileges. And yes, I am aware that no troyan in the known history every did this. But soon leaktests will be coming to defeat PG through this hole - not good marketing.

Another issue: I have TDS3 protected with Close MSG handling. When I do a shutdown of the computer the Human Identification comes up for TDS3. Could someone please explain why is displayed for TDS3 during shutdown and not for procguard.exe?

During shutdown, while I am entering the code into the Human Identifiaction, Windows 2k gets impatient and displays a topmost dialog telling that it will really shut down the process. It is inconvenient that I have to move that topmost dialog away to continue entering the code. Remembers me of popup windows on the www. A better solution would be to provide a system shutdown feature in the PG software itself so I could enter the Human Identification code before PG starts the shutdown. Or is there really a need for codes when doing system shutdown?

Yet something else: Is it possible for a trojan to modify the authorized application list? Where is it stored? It is a non-encryted freely writable registry area? Also is it possible for a troyan to somehow generate fake mouse movement events/clicks and disable each layer separately? It can not disable protection completely without Human Identifaction but can it remove every applications from the protected list?

Can you restrict access to graphical screen contents? In this case Human Identification would not need the noisy picture.

I would like to see the possibility to reorder protected application list in PG. This way for example I can group system / non-system executables.

Also I suggest to include the suggested settings for a wide range of AT/AV/Firewall products in PG. This could be either in the help, or part of the auto-configure at install time.

regards,
hojtsy

 

Hi hojtsy,

Checksums of EXE's will most likely be in the next version.

No a trojan cannot modify/delete/rename the pguard.dat file, it has been locked and protected by the kernel, you can READ from it however.

No, you cannot lock the screen from applications reading it, and hence the background of the Human Interface Dialog does need to be noisy.

Thanks for your other suggestions.

-Jason-

 

Thank you Jason,

pgMsgProt.exe is configured by default to allow Read access by any process. Does this mean that a troyan could possibly read the Human Identifaction code from the memory space of pgMsgProt while the HID dialog is displayed?

There was a question still unanswered in may last post:

I have TDS3 protected with Close MSG handling. When I do a shutdown of the computer the Human Identification comes up for TDS3. Could someone please explain why is displayed for TDS3 during shutdown and not for procguard.exe?

regards,
hojtsy

 

Hi Hojtsy, I believe it is to do way TDS3 is written and the programming language used, TDS3 probably has hidden windows that procguard does not.
Shutdown uses End Session which is, of course allowable. Close Meassage Handling is still being refined and some of these anomalies are being addressed as I write.

Jason can explain in more detail

 

Hi, I'd like to see some mouse button 2 functionality. eg if I enable General Protection - option 3 - I get the message

[Driver/Sevice] c:\windows\system32\services.exe[700] Tried to install a driver/service named mapmem1.

Right clicking on this to either disable protection for this action alone and/or a message a la Event Viewer

 

On more feature req:

I would like to copy-paste from the PG log window. But everytime I select something it is immediately deselected once I release the mouse button.

 

Hotjsy, The action of highlighting the text automatically places it on the clipboard and does not show as selected. Go ahead and try it.